RHEL 7 vs RHEL 8

             

RHEL 7 vs RHEL 8:
----------------------------

Red Hat has become associated to a large extent with its enterprise operating system Red Hat Enterprise Linux . With the acquisition of open-source enterprise middleware vendor JBoss, Red Hat also offers Red Hat Virtualization (RHV), an enterprise virtualization product. Red Hat provides storage, operating system platforms, middleware, applications, management products, and support, training, and consulting services.Red hat includes many container tools in RHEL 8. It brings support for Buildah, Podman, and Skopeo.System management boost up with the composer features. This feature facilitates organizations to build and deploy customRHEL images.RHEL 8 brings support for the Stratis filesystem, file system snapshots, and LUKSv2 disk encryption with Network-BoundDisk Encryption (NBDE).The new Red Hat Enterprise Linux Web Console also enhances the management of RHEL. It enables administrators to deal with bare metal, virtual, local and remote Linux servers.

Default File System

RHEL 7	RHEL 8
XFS	XFS

Kernel Version

RHEL 7	RHEL 8
3.10.0-x	4.18.0-x

Max. RAM Supported

RHEL 7	RHEL 8
12 TB*	24 TB*(* on x86_64 architecture)

DefaultDatabase

RHEL 7	RHEL 8
Maria Db is the default implementation of MySQL in Red Hat Enterprise Linux 7	The following database servers are available in RHEL 8: MySQL 8.0 Maria Db 10.3 PostgreSQL 10 and PostgreSQL SQL 9.6 Redis 5.0

New version of Programming Languages

RHEL 7	RHEL 8
Python 2 ( 2.7.X) PHP 5.4 Ruby 2.0.0	Python PHP 7.2 Ruby 2.5 Node.js 10

General Availability Date of First Major Release

RHEL 7	RHEL 8
2014-06-09 (Kernel Version 3.10.0-123)	2019-05-07 (Kernel Version 4.18.0-80)

Standard/Default Repo Channels

RHEL 7	RHEL 8
Repo ID : rhel-7-server-rpms Repo Name: Red Hat Enterprise Linux 7 Server (RPMs)	Repo ID : rhel-8-for-x86_64- appstream-rpms Repo Name: Red Hat Enterprise Linux for x86_64 – AppStream (RPMs) Repo ID: rhel-8-for-x86_64-baseos- rpms Repo Name: Red Hat Enterprise Linux 8 for x86_64 – BaseOS (RPMs)

Network Time Synchronization

RHEL 7	RHEL 8
Using either ntp or Chronyd	Using only Chronyd The ntp implementation is not supported in RHEL 8

Maximum Supported File Size

RHEL 7	RHEL 8
Max. (individual) file size = 500TiB Max. filesystem size = 500TiB	The maximum supported size of an XFS file system has been increased from 500 TiB to 1024 TiB (This maximum file size is only on 64-bit machines. Red Hat Enterprise Linux does not support XFS on 32-bit machines)

Package/Software Management

RHEL 7	RHEL 8
Yum being used and it is based on version 3.0.x	Package management is done by DNF (YUMv4) Yum is based on DNF technology and yum command provides backward compatibility with YUM v3 beingused in earlier versions The yum command is just asymbolic link to dnf

Change in default network packet filtering

RHEL 7	RHEL 8
The firewalld daemon uses iptables as its default backend	The “nftables” is the default network packet filtering which has replaced earlier “iptables” framework The firewalld daemon now uses nftables as its default backend This would replace the earlier used ‘iptables’, ‘ip6tables’, ‘arptables’ & ‘ebtables’ tools. The ‘nftables’ does provide a single frame work for both IPv4 & IPv6 protocols

Default Display Server

RHEL 7	RHEL 8
X.Org server is the default display server in RHEL 7	The default display server is ‘Wayland’ used by Gnome Display Manager in RHEL 8

Different Version Control Systems available

RHEL 7	RHEL 8
Red Hat Enterprise Linux 7 is distributed with three of the most popular open source revision control systems: Git, SVN, and CVS	RHEL 8 provides the following version control systems:   Git 2.18   Mercurial 4.8   Subversion 1.10 Both Concurrent Versions System (CVS) and Revision Control System (RCS) are not available in RHEL 8

Changes in NFS

RHEL 7	RHEL 8
The default NFS configuration file is ‘/etc/sysconfig/nfs’	The NFS configuration file is “/etc/nfs.conf” Red Hat Enterprise Linux 8 attempts to automatically convert all options from “/etc/sysconfig/nfs” to “/ etc/nfs.conf” when upgrading from RHEL 7 NFS over UDP is no longer supported

How To Manage Sensitive Files with ansible-vault

• The ansible-vault command is the main interface for managing encrypted content within Ansible. This command is used to initially encrypt files and is subsequently used to view, edit, or decrypt the data.

  Creating New Encrypted Files

  To create a new file encrypted with Vault, use the ansible-vault create command. Pass in the name of the file you wish to create. For example, to create an encrypted YAML file called vault.yml to store sensitive variables, you could type:

  
  ansible-vault create vault.yml
  
  
  

  You will be prompted to enter and confirm a password:

  
  Output
  New Vault password: 
  Confirm New Vault password:
  

  When you have confirmed your password, Ansible will immediately open an editing window where you can enter your desired contents.
  To test the encryption function, enter some test text:
  vault.yml

  Secret information
  

  Ansible will encrypt the contents when you close the file. If you check the file, instead of seeing the words you typed, you will see an encrypted block:

  
  cat vault.yml
  
  
  

  
  Output
  $ANSIBLE_VAULT;1.1;AES256
  65316332393532313030636134643235316439336133363531303838376235376635373430336333
  3963353630373161356638376361646338353763363434360a363138376163666265336433633664
  30336233323664306434626363643731626536643833336638356661396364313666366231616261
  3764656365313263620a383666383233626665376364323062393462373266663066366536306163
  31643731343666353761633563633634326139396230313734333034653238303166
  

  We can see some header information that Ansible uses to know how to handle the file, followed by the encrypted contents, which display as numbers.

  Encrypting Existing Files

  If you already have a file that you wish to encrypt with Vault, use the ansible-vault encrypt command instead.
  For testing, we can create an example file by typing:

  
  echo 'unencrypted stuff' > encrypt_me.txt
  
  
  

  Now, you can encrypt the existing file by typing:

  
  ansible-vault encrypt encrypt_me.txt
  
  
  

  Again, you will be prompted to provide and confirm a password. Afterwards, a message will confirm the encryption:

  
  Output
  New Vault password: 
  Confirm New Vault password:
  Encryption successful
  

  Instead of opening an editing window, ansible-vault will encrypt the contents of the file and write it back to disk, replacing the unencrypted version.
  If we check the file, we should see a similar encrypted pattern:

  
  cat encrypt_me.txt
  
  
  

  
  Output
  $ANSIBLE_VAULT;1.1;AES256
  66633936653834616130346436353865303665396430383430353366616263323161393639393136
  3737316539353434666438373035653132383434303338640a396635313062386464306132313834
  34313336313338623537333332356231386438666565616537616538653465333431306638643961
  3636663633363562320a613661313966376361396336383864656632376134353039663662666437
  39393639343966363565636161316339643033393132626639303332373339376664
  

  As you can see, Ansible encrypts existing content in much the same way as it encrypts new files.

  Viewing Encrypted Files

  Sometimes, you may need to reference the contents of a vault-encrypted file without needing to edit it or write it to the filesystem unencrypted. The ansible-vault view command feeds the contents of a file to standard out. By default, this means that the contents are displayed in the terminal.
  Pass the vault encrypted file to the command:

  
  ansible-vault view vault.yml
  
  
  

  You will be asked for the file’s password. After entering it successfully, the contents will be displayed:

  
  Output
  Vault password:
  Secret information
  

  As you can see, the password prompt is mixed into the output of file contents. Keep this in mind when using ansible-vault view in automated processes.

  Editing Encrypted Files

  When you need to edit an encrypted file, use the ansible-vault edit command:

  
  ansible-vault edit vault.yml
  
  
  

  You will be prompted for the file’s password. After entering it, Ansible will open the file an editing window, where you can make any necessary changes.
  Upon saving, the new contents will be encrypted using the file’s encryption password again and written to disk.

  Manually Decrypting Encrypted Files

  To decrypt a vault encrypted file, use the ansible-vault decrypt command.
  Note: Because of the increased likelihood of accidentally committing sensitive data to your project repository, the ansible-vault decrypt command is only suggested for when you wish to remove encryption from a file permanently. If you need to view or edit a vault encrypted file, it is usually better to use the ansible-vault view or ansible-vault edit commands, respectively.
  Pass in the name of the encrypted file:

  
  ansible-vault decrypt vault.yml
  
  
  

  You will be prompted for the encryption password for the file. Once you enter the correct password, the file will be decrypted:

  
  Output
  Vault password:
  Decryption successful
  

  If you view the file again, instead of the vault encryption, you should see the actual contents of the file:

  
  cat vault.yml
  
  
  

  
  Output
  Secret information
  

  Your file is now unencrypted on disk. Be sure to remove any sensitive information or re-encrypt the file when you are finished.

Setup NFS Server and Client Using Ansible

SETUP NFS SERVER AND CLIENT USING ANSIBLE

***************************************************

If you have a centralized server and you want to share a disk from the server, the best way is to use NFS model.

You might have to create a server with enough disk space. Let’s say you have a disk with file system as /dev/xvdb and the size is 100 GB.

Now you want to share this volume with other machines. Below is the script to do it using ansible.

Read this blog before writing ansible script.

Any doubt on this blog click here --> answers for your questions

Ansible Play

inventory file entry:

1 2 3 4 5 6

[nfs_server] 10.0.0.1 [nfs_clients] 10.0.0.2 10.0.0.3

jinja2 template for nfs exports file : exports.j2 :

1 2 3 4 5 6 7 8 9 10 11

# /etc/exports: the access control list for filesystems which may be exported # to NFS clients. See exports(5). # # Example for NFSv2 and NFSv3: # /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check) # # Example for NFSv4: # /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check) # /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check) # /nfs 10.0.0.1/24(rw,sync,no_root_squash,no_subtree_check)

Sever side configuration Play book Creation:

===============================

nfs-server.yml

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26

--- - hosts: nfs_server remote_user: ubuntu sudo: yes tasks: - name: Create mountable dir file: path=/share state=directory mode=777 owner=root group=root - name: make sure the mount drive has a filesystem filesystem: fstype=ext4 dev={{ mountable_share_drive | default('/dev/xvdb') }} - name: set mountpoints mount: name=/share src={{ mountable_share_drive | default('/dev/xvdb') }} fstype=auto opts=defaults,nobootwait dump=0 passno=2 state=mounted - name: Ensure NFS utilities are installed. apt: name={{ item }} state=installed update_cache=yes with_items: - nfs-common - nfs-kernel-server - name: copy /etc/exports template: src=exports.j2 dest=/etc/exports owner=root group=root - name: restart nfs server service: name=nfs-kernel-server state=restarted

Client side configuration Play book Creation:

===============================

nfs_clients.yml

1 2 3 4 5 6 7 8 9 10 11 12 13

- hosts: nfs_clients remote_user: ubuntu sudo: yes tasks: - name: Ensure NFS common is installed. apt: name=nfs-common state=installed update_cache=yes - name: Create mountable dir file: path=/nfs state=directory mode=777 owner=root group=root - name: set mountpoints mount: name=/nfs src={{hostvars[groups['nfs_server'][0]]['ansible_eth0']['ipv4']['address']}}:/share fstype=nfs opts=defaults,nobootwait dump=0 passno=2 state=mounted