in

RHEL 8.5 delivers key container improvements

RHEL 8.5, the newest version of Red Hat Enterprise Linux (RHEL), is out. As Joe Brockmeier, Red Hat Blogs’ Editorial Director, said, “Whether you’re deploying RHEL on-prem, in the public cloud, at the edge — or all of the above — RHEL 8.5 has improvements that users will be eager to dig into.” 

He’s not wrong.

In particular, as we continue to move to a container and Kubernetes-based world, RHEL 8.5 comes with significant container improvements. These include: 

  • Containerized Podman: The RHEL 8 Podman container image is now generally available and can help unlock the usage of Podman in cloud continuous integration/delivery (CI/CD) systems, on Windows Subsystem for Linux (WSL) 2, under Docker Desktop on macOS, and (of course) on RHEL 6, 7 and 8. You can use the Podman container image to help develop and run other container images. 

  • Verify container image signatures by default: In RHEL 8.5, users can pull container images with confidence. Out of the box, RHEL 8.5 will check container image signatures to verify that they are, in fact, from Red Hat and haven’t been tampered with or manipulated. 

  • Native OverlayFS as a Rootless container user: RHEL 8.5 offers better performance when building and running rootless containers, with native support for OverlayFS.

Returning to RHEL basics, its web console, which is based on the open-source Cockpit project, now enables you to live patch the kernel from it. Previously, you could only keep your Linux running while updating the kernel in real-time by using the shell. 

The updated web console also includes an enhanced-performance metrics page. With this, you can more easily identify high CPU, memory, disk, and network resource usage spikes and their causes. In addition, you can also more easily export metrics to a Grafana server for a deeper look at what’s going on in your servers.

Red Hat is also continuing to integrate its Ansible DevOps program into RHEL. RHEL’s system roles now use Ansible roles and modules to configure, automate, and manage RHEL services. Its new or enhanced system roles include: 

  • RHEL system role for VPN: Reduces the time to configure VPN tunnels and reduces the risk of misconfiguration or use of non-recommended settings. Also supports host-to-host and mesh VPN configurations.

  • RHEL system role for Postfix: In tech preview for some time, the RHEL system role for Postfix is fully supported with RHEL 8.5. It enables administrators to skip the manual configuration of Postfix, automating how you install, configure, and start the server, as well as specify custom settings to better control how Postfix works in your environment.

  • RHEL system role for timesync: Uses a new Network Time Security (NTS) option as part of the existing timesync system role.

  • RHEL system role for Storage: Adds support for LVM (Logical Volume Manager) VDO (Virtual Data Optimizer) volumes and volume sizes that can be expressed as a percentage of the pool’s total size.

There are numerous other improvements as well. This includes OpenJDK 17, the latest open-source reference implementation of Java SE. And, for better network and system security, RHEL now includes network time security (NTS) for Network Time Protocol (NTP). 

In addition — showing how much things have changed since Microsoft and Red Hat were at each other’s throats — RHEL now comes with a system role for Microsoft SQL Server. This enables IT administrators and DBAs to automatically and quickly install, configure, and tune SQL Server. It also now includes Microsoft’s latest .NET 6 release. The new NET 6 is now available for Windows, Linux, and macOS. It provides a unified platform across cloud, desktop, IoT, and mobile apps.

In short, RHEL 8.5 is ready to run today on any platform you care to name. 

Want to know more? Check out the RHEL system roles overview to learn how to install and use RHEL system roles.

Related Stories:


Source: Information Technologies - zdnet.com

CISA warns of equipment vulnerabilities from multiple vendors

Security company faces backlash for waiting 12 months to disclose Palo Alto 0-day