Linux servers.

Upgrading Red Hat Enterprise Linux / CentOS / Oracle Linux

RHEL/CentOS/Oracle Linux Migration:
Kernel and Clusters

The kernel itself continues to evolve with added features, improved performance, and of course bug fixes. The kernel configuration has changed twice, with the appearance of the udev daemon and then udev's absorption into systemd. The details of building a high-availability load-balancing server have changed. Like Samba, a web-based tool has been dropped in favor of simply editing configuration files. The daemons that manage load balancing and router redundancy have been replaced with improved versions.

Previous: Network Services

The previous page described changes in network services, both Internet-facing services like HTTP/HTTPS and Intranet file and print services.

11 — Kernel

RHEL 5 configured some details in /etc/modprobe.conf during the installation, which modules to use with the Ethernet interfaces, the sound card, and so on. When you replace an Ethernet card, you must modify /etc/modprobe.conf or possibly /etc/modprobe.d/whatever.conf.

RHEL 6 used the Udev daemon to help with device detection and naming. When you replace an Ethernet card, you must modify /etc/udev/rules.d/70-persistent-net.rules.

Udev was absorbed into systemd in RHEL 7. With the new naming scheme, if you replace an Ethernet card even with a completely different type of card but plug it into the same slot, it will get the same interface name.

Red Hat generally does not build their kernel with the IKCONFIG=y configuration setting. If it were set, you could ask the kernel to tell you how it was built by reading the /proc/config.gz kernel data structure. Since it would be the kernel telling you, then you could believe it.

Unfortunately, all Red Hat gives us is the file /boot/config-RELEASE. My experience has shown that it is close to the truth but it may not be entirely correct.

See my page on building Linux kernels for further details on building the kernel. In particular, using the environment variable INSTALL_MOD_STRIP=1 during the build to strip out the symbol information and create a collection of modules and initrd file only about 10% the size of the unstripped alternative.

Base Kernel
RHEL 5: 2.6.18
RHEL 6: 2.6.32
RHEL 7: 3.10.0
RHEL 8: 4.18.0
RHEL 9: 5.14.0

Red Hat uses the same base version of the kernel throughout one major release. They make changes to patch kernel bugs, tune performance, and add functionality but build all of these from the same base version modified to build the *.0 kernel. The GNU GPL requires that the modified source code be freely distributed, but at times Red Hat have obfuscated their changes. Oracle's RedPatch project de-obfuscates these changes, providing the patch files that create Red Hat's variant kernels.

Automatic post-boot kernel tuning in RHEL 7 and later uses /etc/sysctl.conf first, followed by /usr/lib/sysctl.d/* and /etc/sysctl.d/*.

Load Balancing and High Availability

RHEL 6 built high-availability load-balancing clusters using Linux Virtual Server, using packages including ipvsadm to manage the kernel-based Linux Virtual Server code, Piranha for a web-based cluster configuration tool, and nanny for the monitoring.

RHEL 7 and later use Keepalived to manage the load balancing, with the Virtual Router Redundancy Protocol (VRRP) managing router redundancy. The newer kernels in later releases offer more load-balancing algorithm choices. There is no web-based configuration, but there doesn't really need to be. Copy-and-paste within vim makes it much faster to edit fairly simple configuration files. Compare that to having to very carefully click through the same series of small buttons and fill forms through a long series of cluster node definitions. The command line wins.

The last page in this series describes the changes in Security-Enhanced Linux.

Next ❯ Security-Enhanced Linux