Generally one RHEL/CentOS/Scientific Linux (aka EL) release isn’t radically different to another, however the introduction of EL 7 is a bit of a shake up, introducing systemd, which means new init system, new ways of reading logs plus dropping some older utilities you may rely on and introducing new defaults.
I’m going through and upgrading some of my machines currently so I’ve prepared a few tips for anyone familiar with EL 4/5/6 and getting started with the move to EL 7.
systemd
The big/scary change introduced by RHEL 7 is systemd – love it or hate it, either way it’s here to stay. The good news is that an existing RHEL admin can keep doing most of their old tricks and existing commands.
Red Hat’s “service” command still works and now hooks into either legacy init scripts or new systemd processes. And rather than forcing everyone to use the new binary logging format, RHEL 7 logs messages to both the traditional syslog plain text files, as well as the new binary log format that you can access via journalctl – so your existing scripts or grep recipes will work as expected.
Rather than write up a whole bunch about systemd, I recommend you check out this blog post by CertDepot which details some of the commands you’ll want to get familiar with. The Fedora wiki is also useful and details stuff like enabling/disabling services at startup time.
I found the transition pretty easy and some of the new tricks like better integration between output logs and init are nice changes that should make Linux easier to work with for new users longer term thanks to better visibility into what’s going on.
Packages to Install
The EL minimum install lacks a few packages that I’d consider key, you may also want to install them as part of your base installs:
- vim-enhanced – No idea why this doesn’t ship as part of minimum install so as a vim user, it’s very, very frustrating not having it.
- net-tools – this provides the traditional ifconfig/route/netstat family of network tools. Whilst EL has taken the path of trying to force people onto the newer iproute tools there are still times you may want the older tools, such as for running older shell scripts that haven’t been updated yet.
- bind-utils – Like tools like host or nslookup? You’ll want this package.
- mailx – Provides the handy mail command for when you’re debugging your outbound mail.
Networking
Firstly be aware that your devices might no longer be simple named ethX, as devices are now named based on their type and role. Generally this is an improvement, since the names should line up more with the hardware on big systems for easier identification, and you can still change the device names if you prefer something else.
Changing the hostname will cause some confusion for long time RHEL users, rather than a line in /etc/sysconfig/network, the hostname is now configured in /etc/hostname like other distributions.
The EL 7 minimum installation now includes NetworkManager as standard. Whilst I think NetworkManager is a fantastic application, it doesn’t really have any place on my servers where I tend to have statically configured addresses and sometimes a few static routes or other trickiness like bridges and tunnels.
You can disable network manager (and instead use the static “network” service) by running the following commands:
systemctl stop NetworkManager systemctl disable NetworkManager systemctl restart network
Red Hat have documentation on doing static network configuration, although it is unfortunately weak on the IPv6 front.
Most stuff is the same as older versions, but the approach of configuring static routes bit me. On EL 5 you configured a /etc/sysconfig/network-scripts/route-ethX file to define IPv4 and IPv6 routes that should be created when that interface comes up. With EL7 you now need to split the IPv4 and IPv6 routes apart, otherwise you just get a weird error when you bring the interface up.
For example, previously on an EL 5 system I would have had something like:
# cat /etc/sysconfig/network-scripts/route-eth1 10.8.0.0/16 via 10.8.5.2 dev eth1 2001:db8:1::/48 via 2001:db8:5::2 dev eth1 #
Whereas you now need something like this:
# cat /etc/sysconfig/network-scripts/route-eth1 10.8.0.0/16 via 10.8.5.2 dev eth1 # # cat /etc/sysconfig/network-scripts/route6-eth1 2001:db8:1::/48 via 2001:db8:5::2 dev eth1 #
Hopefully your environment is not creative enough to need static routes around the place, but hey, someone out there might always be as crazy as me.
Firewalls
EL 7 introduces FirewallD as the default firewall application – it offers some interesting sounding features for systems that frequently change networks such as mobile users, however I’m personally quite happy and familiar with iptables rulesets for my server systems which don’t ever change networks.
Fortunately the traditional raw iptables approach is still available, Red Hat dragged their existing iptables/ip6tables service scripts over into systemd, so you can still save your firewall rules into /etc/sysconfig/iptables and /etc/sysconfig/iptables respectively.
# Disable firewalld: systemctl disable firewalld systemctl stop firewalld # Install iptables yum install iptables-service systemctl enable iptables systemctl enable ip6tables systemctl start iptables systemctl start ip6tables
LAMP Stack
- Apache has been upgraded from 2.2 to 2.4. Generally things are mostly the same, but some modules have been removed which might break some of your configuration if you take a lift+shift approach.
- MySQL has been replaced by MariaDB (community developed fork) which means the package names and service have changed, however all the mysql command line tools still exist and work fine.
- PHP has been upgraded to 5.4.16 which a little bit dated already – over the lifespan of EL 7 it’s going to feel very dated very quickly, so I hope Red Hat puts out some php55 or php56 packages in future releases for those whom want to take advantage of the latest features.
Other Resources
- If you haven’t already, check out Red Hat’s release notes,they detail heaps of new features and additions to the platform.
- To learn more about the changes from previous releases, check out Red Hat’s Migration Guide as a starter.
- My guide to running EL 7 on EL 5 as a Xen guest for those of you running older Xen hypervisors.
NetworkManager is installed by default?? Good grief!
Guess any RHEL7 admin will need to tweak an installer to exclude that for their servers..
And no vim-enhanced by default? Aaargh..
Anyway, nice article.. :)
So far, probably the biggest thing I hate about RHEL7 is Anaconda.
You can’t use software RAID unless you define the partitioning in a kickstart file, which is kind of a pain if it’s just a single server.
This was the same in Fedora, but since I’ve never installed Fedora on a box that needed software RAID, I didn’t notice it.
I also hate Grub2, the config file is over-complicated now. :/
As for systemd, I’m starting to get used to it and seeing it’s benefits, though I can never remember the commands!
Thanks!
Just one note: on my CentOS 7 it looks like the traditional iptables interface package is called “iptables-services” rather than “iptables-service” as pointed out in the article.
Best regards,
Andrea