저작권 © 2008 Red Hat, Inc. 및 기타 다른 회사 [1]
이 릴리즈 노트에서 다루어질 사항은 다음과 같습니다:
설치-관련 노트
기능 업데이트
드라이버 업데이트
커널 관련 업데이트
Virtualization
기술 평가 버전
해결된 사항
알려진 사항
Some updates on Red Hat Enterprise Linux 5.2 may not appear in this version of the Release Notes. An updated version may also be available at the following URL:
This section includes information specific to Anaconda and the installation of Red Hat Enterprise Linux 5.2.
To upgrade an already-installed Red Hat Enterprise Linux 5, you can use Red Hat Network to update those packages that have changed. Alternatively, you can also use Anaconda to perform a fresh installation of Red Hat Enterprise Linux 5.2 or to upgrade an already-installed Red Hat Enterprise Linux 5.
Note that upgrading from beta releases to GA releases is not supported. Further, Red Hat does not support in-place upgrades between major versions of Red Hat Enterprise Linux. Although Anaconda provides an option that allows an upgrade from earlier major versions of Red Hat Enterprise Linux (such as Enterprise Linux 4 to Enterprise Linux 5), there is no guarantee that the upgrade will result in a fully functional configuration. In-place upgrades across major releases do not preserve all system settings, services, and custom configurations. For this reason, Red Hat strongly recommends that you perform a fresh installation rather than a system upgrade between major versions.
When installing from CD-ROM or DVD-ROM on a system with an iBFT-configured network device, Anaconda will not include any iBFT-configured storage devices unless networking is configured. To enable networking for the installation, use the command linux updates=http://[any]
at the installation boot prompt. Note that [any]
can be replaced with any URL.
If your system requires a static IP configuration, use the command linux updates=http://[any]
ip=[IP address]
netmask=[netmask]
dns=[dns]
.
If you are copying the contents of the Red Hat Enterprise Linux 5 CD-ROMs (in preparation for a network-based installation, for example) be sure to copy the CD-ROMs for the operating system only. Do not copy the Supplementary CD-ROM
, or any of the layered product CD-ROMs, as this will overwrite files necessary for Anaconda's proper operation.
The contents of the Supplementary CD-ROM
and other layered product CD-ROMs must be installed after Red Hat Enterprise Linux 5.2 is installed.
When installing Red Hat Enterprise Linux 5.2 on a fully virtualized guest, do not use the kernel-xen
kernel. Using this kernel on fully virtualized guests can cause your system to hang.
If you are using an Installation Number when installing Red Hat Enterprise Linux 5.2 on a fully virtualized guest, be sure to deselect the Virtualization
package group during the installation. The Virtualization
package group option installs the kernel-xen
kernel.
반 가상화 게스트는 이러한 사항에 영향을 받지 않습니다. 반 가상화 게스트는 항상 kernel-xen
커널을 사용합니다.
If you are using the Virtualized kernel when upgrading from Red Hat Enterprise Linux 5 to 5.2, you must reboot after completing the upgrade. You should then boot the system using the updated Virtualized kernel.
The hypervisors of Red Hat Enterprise Linux 5 and 5.2 are not ABI-compatible. If you do not boot the system after upgrading using the updated Virtualized kernel, the upgraded Virtualization RPMs will not match the running kernel.
When upgrading to Red Hat Enterprise Linux 5.1 or later from Red Hat Enterprise Linux 4.6, gcc4
may cause the upgrade to fail. As such, you should manually remove the gcc4
package before upgrading.
The firstboot language plugin has been removed, as this plugin does not properly and completely reconfigure the system when a new language is selected.
The use of Challenge Handshake Authentication Protocol (CHAP) during installation is not supported. As such, CHAP should only be enabled after installation.
If your system boots through an iFBT device, configure CHAP in the iFBT BIOS/firmware setup screen. Your CHAP settings will then be used in the next boot.
If your system boots through PXE iSCSI, configure CHAP through iscsiadm. After configuring, use mkinitrd to ensure that your CHAP settings are used in the next boot.
Systemtap은 자유 소프트웨어 (GPL) 기반을 제공하여 Linux 시스템의 운영에 대한 정보를 쉽게 수집할 수 있게 하며, 실행의 진단이나 기능적 문제 해결을 돕습니다. systemtap의 도움으로 인해, 개발자는 더이상 데이터를 수집하기 위해 장황하고 분열된 기계장치를 통해, 재컴파일, 설치, 재부팅 순서를 거치지 않아도 됩니다.
Systemtap is now fully supported. For more information about Systemtap, refer to http://sources.redhat.com/systemtap.
Internet storage name service for Linux (isns-utils) is now supported. This allows you to register iSCSI and iFCP storage devices on the network. isns-utils allows dynamic discovery of available storage targets through storage initiators.
isns-utils provides intelligent storage discovery and management services comparable to those found in fibre-channel networks. This allows an IP network to function in a similar capacity as a storage area network.
With its ability to emulate fibre-channel fabric services, isns-utils allows seamless integration of IP and fibre-channel networks. In addition, isns-utils also provides the utilities for managing both iSCSI and fibre-channel devices within the network.
For more information about the specifications of isns-utils in this release, refer to http://tools.ietf.org/html/rfc4171. For usage instructions, refer to /usr/share/docs/isns-utils-
and [version]
/README/usr/share/docs/isns-utils-
.[version]
/README.redhat.setup
rsyslog is an enhanced multi-threaded syslogd daemon that supports the following (among others):
MySQL
syslog/tcp
RFC 3195
permitted sender lists
filtering on any message part
more granular output format control
rsyslog is compatible with the stock sysklogd, and can be used as a replacement in most cases. Its advanced features make it suitable for enterprise-class, encrypted syslog relay chains; at the same time, its user-friendly interface is designed to make setup easy for the novice user.
For more information about rsyslog, refer to http://www.rsyslog.com/.
OpenSwan is a free implementation of Internet Protocol Security (IPSEC) and IKE for Linux. IPSEC uses strong cryptography to provide authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted network is encrypted by the IPSEC gateway machine and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network (VPN).
This release of OpenSwan also contains an IKE2 daemon that conforms to IETF RFCs. For more information about OpenSwan, refer to http://www.openswan.org/.
The Evolution update for this release now features the following enhancements (among others):
Bogofilter compatibility for filtering junk mail.
An option to receive pop-up notifications for new mail.
Improved performance for downloading messages from a Microsoft Exchange™ server.
A setup assistant to guide you through the process of backing up and restoring data/settings.
Password hashing using the SHA-256 and SHA-512 hash functions is now supported.
To switch to SHA-256 or SHA-512 on an installed system, run authconfig --passalgo=sha256 --update or authconfig --passalgo=sha512 --update. To configure the hashing method through a GUI, use authconfig-gtk. Existing user accounts will not be affected until their passwords are changed.
For newly installed systems, using SHA-256 or SHA-512 can be configured only for kickstart installations. To do so, use the --passalgo=sha256 or --passalgo=sha512 options of the kickstart command auth; also, remove the --enablemd5 option if present.
If your installation does not use kickstart, use authconfig as described above, then change all passwords (including root) created after installation.
Appropriate options were also added to libuser, pam, and shadow-utils to support these password hashing algorithms. authconfig configures necessary options automatically, so it is usually not necessary to modify them manually:
New values of the crypt_style option and new options for both hash_rounds_min and hash_rounds_max are now supported in the [defaults] section of /etc/libuser.conf
. For more information, refer to man libuser.conf.
New options sha256, sha512, and rounds are now supported by the pam_unix
PAM module. For more information, refer to /usr/share/doc/pam-
.[pam version]
/txts/README.pam_unix
The following new options in /etc/login.defs
are now supported by shadow-utils:
ENCRYPT_METHOD — Specifies the encryption methos to be used. Valid values are DES, MD5, SHA256, SHA512. If this option is defined, MD5_CRYPT_ENAB is ignored.
SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS — Specifies the number of hashing rounds to use if ENCRYPT_METHOD is set to SHA256 or SHA512. If neither option is set, a default value is chosen by glibc. If only one option is set, the encryption method specifies the number of rounds.
If both options are used, they specify an inclusive interval from which the number of rounds is chosen randomly. The selected number of rounds is limited to the inclusive interval [1000, 999999999].
nfsroot is fully supported in this update. This allows users to run Red Hat Enterprise Linux 5.2 with its root file system (/
) mounted via NFS.
nfsroot was originally introduced in Red Hat Enterprise Linux 5 as a subset of the Technology Preview feature Stateless Linux. The full implementation of Stateless Linux remains a Technology Preview.
현재 nfsroot는 다음과 같은 제한 사항이 있습니다:
Writable directories that hold system files (for example, /tmp
, /var
, and /etc
) must be replicated for each client and mounted independently with no sharing between clients. To do so, perform the following steps:
Configure the client's root file system to boot in read-only mode. To do so, replace READONLY with yes in /etc/sysconfig/readonly-root
.
Run cat /etc/rwtab to view a default list of directories and files mounted by each client in the format [type] [path]
.
[type]
can be either empty (an empty path), dirs (a directory tree that is copied, but is empty), or files (a file or directory tree copied intact).
If any other files or directories need to writable but are not in /etc/rwtab
, list them in the same format (i.e. [type] [path]
) in a file under /etc/rwtab.d/
.
NFS를 통해 SWAP이 지원되지 않음.
SELinux는 nfsroot 클라이언트에서 활성화될 수 없습니다. 일반적으로 Red Hat은 SELinux 비활성화를 권장하지 않습니다. 이러한 경우, 사용자는 이러한 실행에 대한 보안 관련 문제를 신중하게 고려해야 합니다.
The group OpenFabrics Enterprise Distribution is now included in comps.xml
. This group contains components used for high-performance networking and clustering (for example, InfiniBand and Remote Direct Memory Access).
Further, the Workstation group has been removed from comps.xml
in the Red Hat Enterprise Linux 5.2 Client version. This group only contained the openib
package, which is now part of the OpenFabrics Enterprise Distribution group.
The goal of the frysk project is to create an intelligent, distributed, always-on system monitoring and debugging tool that allows developers and system administrators to:
프로세스와 스레드 (작업의 생성 및 종료를 포함)를 실행하는 모니터
잠금 기본 요소의 사용을 모니터
교착 상태(deadlock)에 노출
데이터 수집
목록에서 프로세스를 선택하거나 또는 충돌하거나 잘못된 프로세스에서 소스 코드 (또는 다른) 윈도우를 오픈하기 위해 frysk를 허용하여 주어진 모든 프로세스를 디버그함
This updated version of frysk includes the following new utilities:
fauxv
fdebuginfo
fdebugrpm
ferror
fexe
fmaps
In addition to this, ftrace can now perform signal and function symbol tracing. In previous releases, ftrace could only perform system call tracing.
frysk was introduced in Red Hat Enterprise Linux 5, and is still included in this release as a Technology Preview. For more information about frysk, refer to http://sources.redhat.com/frysk/.
The driver that allows hot docking/undocking of laptops is now updated to eliminate specific panic situations (for example, when a laptop fails to initialize correctly). This update also adds new sysfs entries, most notably:
/sys/devices/platform/dock.0/docked
— read-only; indicates whether the laptop is docked on a docking station.
/sys/devices/platform/dock.0/undock
— write-only; writing to this file initiates an "undock" request to the firmware.
/sys/devices/platform/dock.0/uid
— displays the unique ID (UID) of the docking station.
Added the necessary PCI IDs to support the Intel E7221 Graphic Controller.
Added the necessary sub-device IDs to support the PCI-Express icom WAN adapter.
i2c-piix4
kernel module is now enabled to support the AMD SBX00 SMBus.
The following kernel configuration flags are now enabled to enhance kernel panic handling for Intelligent Platform Management Interface (IPMI):
CONFIG_IPMI_PANIC_EVENT — when a panic occurs, the IPMI message handler generates an IPMI event describing the panic to each interface registered with the message handler.
CONFIG_IPMI_PANIC_STRING — when a panic occurs, OEM events containing the panic string are generated.
In addition to this, IPMI now supports the IBM Bladecenter QS21 and QS22.
The tlclk
driver is now included to support the Intel MPCBL0050 systems.
All PCI-X configuration registers (up to 4096 bytes) are now accessible.
The maximum length of the kernel command line is now 2,048 bytes. To use this increased maximum length, upgrade the grub
package.
Dynamic acceleration is now supported. This allows a core to run at a higher-than-normal frequency when all CPUs (as a whole) are operating below maximum power.
High-Definition Multimedia Interface (HDMI) audio is now supported on AMD ATI integrated chipsets.
The Intel Xorg driver now provides enhanced support for i915 (and later) chips. This driver is also the default driver now for such chips.
Basic runtime multi-head support is provided by the intel
Xorg driver. Selecting a resolution with the tool (gnome-display-properties) will set that resolution on all connected outputs.
The Sony/Philips Digital Interconnect Format (S/PDIF) port on the Dell D/Dock Expansion Station is now supported by the Dell M4300 and M6300 Precision Workstations. This allows digital audio output through the S/PDIF port on the Dell D/Dock Expansion Station when either the M4300 or M6300 is docked.
bnx2x
: driver added to provide support for bcm5710 hardware.
tg3
: updated to version 3.86. This update enables support for BroadCom 5761 and 5784 devices.
lpfc
: updated to version 8.2.0.22. This update applies several devloss fixes, and enables support for the following:
1, 2, 4, and 8GB auto-rate negotiation.
FC-SP DH-CHAP Authentication.
The latest HBAnyware configuration utility, which is also part of the driver master kit. This enables GUI-based driver configuration (including fibre channel and TCP/IP remote storage area network management), diagnostics (loopback and diagnostics dump) and FC-SP/Authentication Diffie-Hellman CHAP (DH-CHAP).
LPe1250, LPe1252, LPe12000 and LPe12002 (2, 4, and 8Gb capable HBAs).
NPIV virtual ports.
megaraid_sas
: updated to version 3.15. This applies several upstream changes, most notably:
Added the following module parameters:
fast_load: enables the driver to load faster by skipping physical device check.
cmd_per_lun: sets the maximum number of commands per logical unit.
max_sectors: sets the maximum number of sectors per I/O command.
poll_mode_io: enables support for polling (i.e. reduced interrupt operations). When poll_mode_io is set, commands will also be completed from the I/O path.
Added support for hibernation.
SYNCHRONIZE_CACHE is now blocked by the driver.
aacraid
: updated to version 1.1.5-2453. This applies several upstream changes, most notably:
Fixed a bug that caused aacraid
to use an incorrect dma mapping mask during firmware assert recovery.
Added the capability to issue a hardware reset to the adapter via sysfs. In line with this, the following check features were also added:
check_interval — for checking adapter health
update_interval — for revising time intervals used by adapter
check_reset — for blocking adapter checks/resets
Added a SYNCHRONIZE_CACHE call to implement a more effective cache flushing schedule. This helps reduce application stalls resulting from multiple applications issuing I/O commands to the storage device.
Replaced all if/else packet formations with platform function calls.
VPD inquiry pages are now supported. This ensures that when an array is created, the metadata stored on the physical device is issued a unique serial number. This serial number remains constant throughout array morphing or migration to other controllers.
qla2xxx
: updated to version 8.02.00-k5. This update to qla2xxx
adds support for the following:
EHAFT, a QLogic host bus adapter mechanism that provides activity information about fibre channel devices.
N_Port ID Virtualization (NPIV), which allows multiple N_Port IDs to share a single physical N_Port. This allows you to tie virtualized guests to fibre-channel identifiers, allowing those guests to migrate between hosts while retaining their access in the storage area network.
8GB fibre-channel devices.
PCI EE error handling.
This update also applies several improvements provided from upstream.
mpt fusion
: updated to version 3.04.05. This update provides several changes, most notably:
On-the-fly logging (via the sysfs shost attribute) is now supported.
Added new sysfs shost attributes that provide the following:
board_name
board_assembly
board_tracer
unique_id
version_bios
version_fw
version_product
version_mpi
version_nvdata_default
version_nvdata_persistent
debug_level
io_delay
device_delay
task_abort calls are no longer sent to hidden RAID components and volumes.
Changes related to fibre channel:
Brocade, a rebranded FC949E fibre channel controller, is now supported.
Link speeds are now displayed when the driver is loaded and whenever the link speed changes.
High-priority request queueing is now used instead of the handshake/doorbell system when sending management requests for SAS or fibre channel.
Changes related to parallel SCSI:
ATTO UL4D, a rebranded SPI 1030 controller, is now supported.
mptspi_target_destroy is now declared as static.
This release applies following kernel bug fixes:
Executing binaries with more than 2GB of debug information no longer fails.
When shutting down a database, all allocated hugepages are now released upon shutdown.
invalidate_mapping_pages() calls no longer cause soft lockups.
A bug that delayed oomkill from launching in a timely fashion (on systems with large memory) is now fixed.
A bug that caused soft lockup warnings when allocating memory on a system with large memory is now fixed.
32-bit NFS clients can now correctly process 64-bit inode numbers.
The kernel now asserts Data Terminal Ready (DTR) signals before printing to serial ports during boot time. DTR assertion is required by some devices. Kernel boot messages are now printed to serial consoles on such devices.
The kernel parameter ide0=noprobe no longer causes a kernel panic.
This kernel update also features the following enhancements:
Added a new kernel parameter: /proc/sys/vm/flush_mmap_pages
. This parameter specifies whether or not memory-mapped file pages should be flushed to disk by kupdate while the memory map is active. Valid values for this parameter are 1 (enable memory mapping by kupdate) and 0 (disable memory mapping by kupdate). The default value for this parameter is 1.
To configure this parameter, use echo [1 or 0]
/proc/sys/vm/flush_mmap_pages. Setting this parameter to 0 does the following:
kupdate will not flush dirty memory-mapped file pages as long as the memory map is active.
All dirty file pages will be asynchronously flushed to disk only as soon as the memory map is deactivated.
If you set /proc/sys/vm/flush_mmap_pages
to 0, it is advisable that you use another application to manually sync memory-mapped pages to disk.
Added a new kernel parameter: /proc/sys/kernel/sched_interactivity
. This parameter allows you to tune the CPU scheduler's interactivity estimator. The interactivity estimator allows interactive processes to acquire more CPU time without causing CPU starvation in other processes.
To configure this parameter, use echo [interactivity_level]
> /proc/sys/kernel/sched_interactivity, where [interactivity_level]
can be any of the following:
2 — interactivity estimator is fully activated.
1 — provides a weaker affinity to interactive processes than 2, but avoids CPU starvation under certain scheduling patterns.
0 — any bias or affinity towards interactive processes is disabled.
kprobe now supports kretprobe_blacklist[].
Core dump masking is now supported. This allows a core dump process to skip the shared memory segments of a process when creating a core dump file. This feature also allows you to select whether or not to dump anonymous shared memory for each process.
When a process is dumped, all anonymous memory is written to a core file as long as the size of the core file isn't limited. In some cases, you may want to prevent some memory segments (such as huge shared memory) from being dumped. Conversely, you may also want to save file-backed memory segments into a core file, in addition to individual files.
For these purposes, you can use /proc/
to specify which memory segments of the [pid] process is dumped. [pid]
/coredump_filtercoredump_filter
is a bitmask of memory types. If a bitmask is set, memory segments of the corresponding memory type are dumped.
The following memory types are supported:
0x0 — anonymous private memory
0x1 — anonymous shared memory
0x2 — file-backed private memory
0x3 — file-backed shared memory
To set a bitmask for [pid], simply echo the corresponding bitmask to /proc/
. For example, to prevent a dump of all shared memory segments attached to process 1111, use:[pid]
/coredump_filter
echo 0x1 > /proc/1111/coredump_filter
The default value of coredump_filter
is 0x3, which specifies that all anonymous memory segments are dumped. Also, note that regardless of the bitmask status, MMIO pages (such as frame buffers) are never dumped and vDSO pages are always dumped
When a new process is created, the process inherits the bitmask status from its parent. As such, it is recommended that you set up coredump_filter
before the program runs. To do so, echo the desired bitmask to /proc/self/coredump_filter
before running the program.
audit can now trace and display per-session user activity.
REV UDF file sizes larger than 1GB are now supported.
Lock contention tracing and lockdep are now supported. These features provide in-depth information about spinlocks held in the kernel, which in turn help developers in driver debugging.
In addition to these, this release also features the following kernel updates:
The enumeration order of PCI devices has changed on several platforms to have NICs appear in the order they are labeled on the chassis and how the BIOS numbers them. The affected platforms are as follows:
Dell PowerEdge R900
HP ProLiant DL385 G2
HP ProLiant DL585 G2
HP Proliant DL580 G5
Note that this change affects new installations only. If you prefer the old enumeration order, use the kernel parameter pci=nobfsort.
You can now determine the resource limit (rlimit) of a process. To do so, run cat /proc/[pid]
/limits.
The maximum soft lockup timeout is now increased from 60 seconds to 300 seconds for systems that have a large number of CPUs. A soft lockup occurs when a CPU reports a memory starvation while it is unable to access a memory node accessed by other CPUs.
In this release, you can also adjust the trigger limit for soft lockup warnings. To do so, use the following command (as root):
echo [time]
> /proc/sys/kernel/softlockup_thresh
Replace [time]
with the desired number of seconds before a soft lockup warning should be triggered. By default, this value is set to 10 (seconds).
show_mem() output now includes the total number of pagecache pages.
MSI-X is no longer enabled by default. To enable MSI-X, use the kernel module parameter ql2xenablemsix.
This section contains information about updates made to Red Hat Enterprise Linux suite of Virtualization tools.
When entering the second stage of a Windows™ Server 2003 installation, you no longer need to manually edit /etc/xen/
to continue. The current user interface now allows you to change media on CD-ROMs attached to the guest.[name of guest machine]
The Virtual Machine Manager (virt-manager) included in this release now allows users to specify kernel boot parameters to the paravirtualized guest installer.
A wrong address translation (which can lead to a crashed guest) no longer occurs if a guest is running a PAE kernel with more than 3,840MB of RAM. As such, you no longer need to use the 64-bit kernel if you intend to run guests with more than 4GB of physical RAM under Rapid Virtualization Indexing (RVI).
During the lifetime of dom0, you can now create guests (i.e. xm create) more than 32,750 times.
When using virt-manager to add disks to an existing guest, duplicate entries are no longer created in the guest's /etc/xen/
configuration file.[domain name]
Migrating paravirtualized guests through xm migrate [domain]
[dom0 IP address]
does not work.
Repeated live migration of paravirtualized guests between two hosts may cause one host to panic. If a host is rebooted after migrating a guest out of the system and before migrating the same guest back, the panic will not occur.
AMD Rev F 프로세서를 사용하여 16 코어 이상을 실행할 경우 완전 가상화 게스트를 설치할 때 시스템이 재설정될 수 있습니다.
When installing Red Hat Enterprise Linux 5 on a fully virtualized SMP guest, the installation may freeze. This can occur when the host (dom0) is running Red Hat Enterprise Linux 5.2.
이를 방지하려면, 게스트가 설치에서 단일 프로세서를 사용하도록 설정합니다. 이는 virt-install에서 --vcpus=1을 사용하면 됩니다. 설치를 완료한 후, virt-manager에 할당된 vcpus를 수정하여 SMP에 게스트를 설정할 수 있습니다.
Technology Preview features are currently not supported under Red Hat Enterprise Linux subscription services, may not be functionally complete, and are generally not suitable for production use. However, these features are included as a customer convenience and to provide the feature with wider exposure.
사용자에게 이러한 기능은 일반적이지 않은 용도로 사용하기에 적합합니다. 사용자는 이러한 기능이 완전하게 지원되기 전에 기술 평가 사항으로서 자유롭게 피드백을 제출하거나 기능적 사항에 대해 제한할 수 있습니다. 심각한 수준의 보안 결함의 경우 에라타를 제공합니다.
이러한 개발과정을 거쳐, 기술 평가에 추가된 사항은 일반 테스트과정을 거치게 됩니다. 이는 앞으로 출시될 버전에서 기술 평가 부분의 완전한 지원을 위한 Red Hat의 노력입니다.
Explicit active-passive failover (ALUA) mode using dm-multipath on EMC Clariion storage is now available. This mode is provided as per T10 specifications, but is provided in this release only as a technology preview.
For more information about T10, refer to http://www.t10.org.
The radeon_tp
driver is now included in this release as a Technology Preview. This driver enables the ATI R500/R600 chipsets.
This driver also features the following capabilities:
Modesetting on R500/R600 chipsets
2D acceleration on R500 chipsets
Shadow framebuffer acceleration on R600 chipsets
FreeIPMI is now included in this update as a Technology Preview. FreeIPMI is a collection of Intelligent Platform Management IPMI system software. It provides in-band and out-of-band software, along with a development library conforming to the Intelligent Platform Management Interface (IPMI v1.5 and v2.0) standards.
For more information about FreeIPMI, refer to http://www.gnu.org/software/freeipmi/
TrouSerS and tpm-tools are included in this release to enable use of Trusted Platform Module (TPM) hardware.TPM hardware features include (among others):
Creation, storage, and use of RSA keys securely (without being exposed in memory)
Verification of a platform's software state using cryptographic hashes
TrouSerS is an implementation of the Trusted Computing Group's Software Stack (TSS) specification. You can use TrouSerS to write applications that make use of TPM hardware. tpm-tools is a suite of tools used to manage and utilize TPM hardware.
For more information about TrouSerS, refer to http://trousers.sourceforge.net/.
eCryptfs
is a stacked cryptographic file system for Linux. It mounts on individual directories in existing mounted lower file systems such as EXT3; there is no need to change existing partitions or file systems in order to start using eCryptfs
.
eCryptfs
stores cryptographic metadata in the header of each file written to the lower file system. This enables you to copy encrypted files between hosts or directly onto backup media. Files encrypted and copied in this manner can be decrypted with the proper key.
This release's version of eCryptfs
provides several key management options, including protection based on passphrases and public keys. Below is a list of other fully functional features:
Interactive and non-interactive mounting.
Compatibility with SELinux.
Cryptographic metadata storage in both xattrs and file headers.
At present, the following issues still exist with eCryptfs
:
direct_IO is not implemented.
Complex I/O patterns within the mmap implementation in eCryptfs
may cause data corruption in some cases.
eCryptfs
cannot be used for root file systems.
For more information about eCryptfs
, refer to http://ecryptfs.sf.net. You can also refer to http://ecryptfs.sourceforge.net/README and http://ecryptfs.sourceforge.net/ecryptfs-faq.html for basic setup information.
GFS2는 GFS에서 점진적으로 개선된 것입니다. 이러한 업데이트는 디스크 상의 파일 시스템 포멧 변경에 필요한 몇 가지 중요한 개선 사항에 적용되었습니다. GFS 파일 시스템은 gfs2_convert 유틸리티를 사용하여 GFS2로 변환할 수 있으며, 이로 인해 GFS 파일 시스템의 메타데이터를 업데이트합니다.
While much improved since its introduction in Red Hat Enterprise Linux 5, GFS2 remains a Technology Preview. Benchmark tests indicate faster performance on the following:
단일 디렉토리에서 대량 사용 및 빠른 디렉토리 스캔 (Postmark benchmark)
동기식 I/O 운영 (fstest 성능 시험에서 TIBCO와 같은 메세징 응용 프로그램의 성능이 개선되었음을 보여줌)
캐시 읽음, 오버헤드 잠금 기능이 없음
사전에 할당된 파일에 직접 I/O
NFS 파일 처리 잠금
df, 할당 정보가 캐시됨
이에 더하여 GFS2는 다음과 같은 기능이 변경되었습니다:
journals는 메타데이터를 대신하여 평문 파일 (숨겨진 파일)임. 파일 시스템을 마운트한 추가 서버로 Journals이 추가될 수 있음
quotas는 quota=<on|off|account>
마운트 옵션으로 활성화 및 비활성화됨
복구 실패의 경우 journals를 다시 실행하기 위해 클러스터에서 quiesce 명령이 더이상 필요하지 않음
나노 초로 시간을 입력할 수 있음
ext3에서와 유사하게 GFS2는 data=ordered 모드를 지원함
표준 ioctl()를 통해 속성 모음 (attribute settings) lsattr() 및 chattr()가 지원됨
현재 위의 16TB 파일 시스템 크기가 지원됨
GFS2는 일반 파일 시스템이며 비 클러스터링 설정에서 사용될 수 있음
Stateless Linux는 시스템 실행 및 관리 방법에 대한 새로운 방향을 제시하며 여러 시스템을 쉽게 대치하여 간단히 시스템을 프로비저닝하고 관리할 수 있도록 고안되었습니다. 이는 주로 읽기-전용 방식에서의 운영 시스템을 수행하는 서버와의 상태를 유지하지 않는 stateless 시스템을 통해 복사 및 관리된 시스템 이미지를 설정하여 실행됩니다. (보다 자세한 정보는 /etc/sysconfig/readonly-root
에서 참조하시기 바랍니다).
현재 개발 상태에서 Stateless 와 관련된 사항은 실행 계획 목표 중 일부분입니다. 그러므로, 기능은 기술 평가 상태로 분류되어 있습니다.
It is highly recommended that those interested in testing stateless code read the HOWTO at http://fedoraproject.org/wiki/StatelessLinux/HOWTO and join stateless-list@redhat.com.
The enabling infrastructure pieces for Stateless Linux were originally introduced in Red Hat Enterprise Linux 5.
AIGLX는 완전하게 지원되는 X 서버의 기술 평가 사항입니다. 이는 일반적인 데스크탑 상에서 GL-액셀리레이티드(GL-accelerated) 효과를 적용할 수 있습니다. 이러한 프로젝트는 다음과 같은 요소로 구성되어 있습니다:
A lightly modified X server.
An updated Mesa package that adds new protocol support.
이러한 구성 요소를 설치하여, 미세한 변경으로 데스크탑 상에서 GL-액셀리레이티드(GL-accelerated) 효과를 적용하실 수 있으며, X 서버를 대체하지 않고 이를 활성화 또는 비활성화시키실 수 있습니다. 또한 AIGLX는 하드웨어 GLX 가속에 이로운 원격 GLX 응용 프로그램을 활성화할 수 있습니다.
The mac80211 stack (formerly known as the devicescape/d80211 stack) enables the iwlwifi 4965GN
wireless driver for Intel Wifi Link 4965 hardware. This stack allows certain wireless devices to connect to any Wi-Fi network.
Although the stack is already accepted upstream, the stability of this stack is yet to be verified through testing. As such, this stack is included in this release as a Technology Preview.
FS-Cache is a local caching facility for remote file systems that allows users to cache NFS data on a locally mounted disk. To set up the FS-Cache facility, install the cachefilesd
RPM and refer to the instructions in /usr/share/doc/cachefilesd-
. [version]
/README
Replace [version]
with the corresponding version of the cachefilesd
package installed.
Linux target (tgt) 프레임워크에서는 시스템이 블록 레벨 (block-level) SCSI 저장 장치를 SCSI 개시 프로그램이 있는 다른 시스템에서 사용하게 합니다. 이러한 기능은 Linux iSCSI 대상으로서 저장 장치를 네트워크를 통해 iSCSI 개시 프로그램으로 사용하게 합니다.
iSCSI 대상을 설정하려면 scsi-target-utils
RPM을 설치하고 다음에 있는 지시 사항을 참조합니다:
/usr/share/doc/scsi-target-utils-
[version]
/README
/usr/share/doc/scsi-target-utils-
[version]
/README.iscsi
Replace
with the corresponding version of the package installed.[version]
보다 자세한 내용은 man tgtadm을 참조하시기 바랍니다.
The firewire-sbp2
module is still included in this update as a Technology Preview. This module enables connectivity with FireWire storage devices and scanners.
헌재 FireWire는 다음과 같은 사항을 지원하지 않습니다:
IPv4
pcilynx 호스트 제어기
multi-LUN 저장 장치
저장 장치로 비배타적 액세스
In addition, the following issues still exist in FireWire:
SBP2
드라이버에서의 메모리 부족으로 컴퓨터가 응답하지 않을 수 있음
이 버전에 있는 코드는 빅 엔디안 (big-endian) 컴퓨터에서 작동하지 않음. 이는 PowerPC에서 예상치 못한 결과를 초래할 수 있음
Netapp devices can now complete failback (after a previously-failed path is restored) within a reasonable time with the default dm-multipath configuration.
system-config-kickstart now supports package selection through the Red Hat Network plugin.
kudzu can now properly parse ifcfg-
files that contain quotes around the HWADDR or SUBCHANNELS parameters. In addition, kudzu no longer modifies network configurations on device change if the device's HWADDR is not specified.*
Running netstat with the -A inet or -A inet6 option (on a system where sctp
was not added to the kernel) no longer terminates abnormally. Note, however, that netstat will display the following warning message when invoked with the -s option:
netstat: no support for `AF INET (sctp)' on this system.
The nohide export option is no longer required on referral exports (i.e. exports that specify a referral server). For more information on bound mounts, refer to man 5 exports.
The priority callouts of dm-multipath are now statically compiled. This fixes a problem that occurs when running dm-multipath on devices containing the root file system, which caused such devices to freeze during fibre-channel path faults.
parted can now understand and correctly print out Xen Virtual Device (XVD) partition labels. This enables paravirtualized guests to now use the parted utility. As such, you no longer need to use parted within dom0 to configure disk partitions on paravirtualized guests.
When upgrading to Red Hat Enterprise Linux 5.2 via Red Hat Network, you no longer need to manually import the redhat-beta key prior to upgrading.
It is no longer necessary to use the kernel parameter pci=nommconf for systems that use the AMD 8132 or HT 1000 chipsets.
Note that the system will still restrict such bridges to using the PortIO CF8/CFC mechanism. However, bridges (including those on the same platform) that respond correctly to MMCONFIG cycles will use MMCONFIG, provided that the platform's BIOS correctly supports MMCONFIG.
Previous versions of Red Hat Enterprise Linux 5 on HP BL860c blade systems could hang during the IP information request stage of installation. When this occurred, you were required to reboot and perform the installation with Ethernet autonegotiation disabled.
This issue is now fixed in this update.
Gemalto 64K smart cards now use readers compliant with Chip/Smart Card Interface Devices (CCID). Previously, this smart card used the built-in e-gate reader, which essentially meant that the card and reader were being inserted at the same time. As a result, coolkey did not consistently recognize Gemalto 64K smart cards.
In this update, coolkey now works correctly with Gemalto 64k smart cards.
A bug in the updated /etc/udev/rules.d/50-udev.rules
file prevents the creation of persistent names for tape devices with numbers higher than 9 in their names. For example, a persistent name will not be created for a tape device with a name of nst12
.
To work around this, add an asterisk (*) after each occurrence of the string nst[0-9] in /etc/udev/rules.d/50-udev.rules
.
Nested paging can only translate 32-bit guest virtual addresses. This is because of a hardware feature that exists only in 32-bit physical address extensions (PAE).
Also, note that on an AMD NPT system used as a PAE host, guests cannot have more than 4GB of memory.
The smartctl tool cannot properly read SMART parameters from SATA devices.
When using dm-multipath, if features "1 queue_if_no_path" is specified in /etc/multipath.conf
then any process that issues I/O will hang until one or more paths are restored.
To avoid this, set no_path_retry [N]
in /etc/multipath.conf
(where [N]
is the number of times the system should retry a path). When you do, remove the features "1 queue_if_no_path" option from /etc/multipath.conf
as well.
Enabling multiple installed versions of the same kernel module is not supported. In addition to this, a bug in the way kernel module versions are parsed can sometimes result in enabling an older version of the same kernel module.
It is recommended that when you install a newer version of an installed kernel module, you should delete the older one first.
Executing kdump on an IBM Bladecenter QS21 or QS22 configured with NFS root will fail. To avoid this, specify an NFS dump target in /etc/kdump.conf
.
IBM T60 laptops will power off completely when suspended and plugged into a docking station. To avoid this, boot the system with the argument acpi_sleep=s3_bios.
IBM Bladecenter 용 QLogic iSCSI 확장 카드는 이더넷 및 iSCSI 기능을 제공합니다. 카드의 일부분에서는 두 가지 기능이 공유됩니다. 하지만, 현재 qla3xxx
및 qla4xxx
드라이버는 개별적으로 이더넷 및 iSCSI 기능을 지원합니다. 두 드라이버 모두 동시에 이더넷 및 iSCSI 기능 사용을 지원하지 않습니다.
Because of this limitation, successive resets (via consecutive ifdown/ifup commands) may hang the device. To avoid this, allow a 10-second interval after an ifup before issuing an ifdown. Also, allow the same 10-second interval after an ifdown before issuing an ifup. This interval allows ample time to stabilize and re-initialize all functions when an ifup is issued.
Cisco Aironet MPI-350 무선 카드가 장착된 랩탑은 유선 이더넷 포트를 사용하여 네트워크 기반 설치를 하는 동안 DHCP 주소 받기가 중단될 수 도 있습니다.
이를 해결하기 위해, 설치를 위한 로컬 매체를 사용합니다. 다른 방법으로, 설치를 시작하기 전에 랩탑 BIOS에서 무선 카드를 비활성화 시키실 수 있습니다. (설치를 완료하신 후, 무선 카드를 재활성화 시키실 수 있습니다.)
Boot-time logging to /var/log/boot.log
is not available in Red Hat Enterprise Linux 5.2.
X가 실행되고 vesa 외의 드라이버를 사용하는 경우 시스템은 kexec/kdump 커널로 재부팅하지 못할 수 도 있습니다. 이러한 문제는 ATI Rage XL 그래픽 칩셋과 함께 존재합니다.
ATI Rage XL이 장착된 시스템에서 X가 실행되는 경우, kexec/kdump 커널로 부팅하기 위해 vesa 드라이버를 사용하고 있는 지를 확인합니다.
When using Red Hat Enterprise Linux 5.2 on a machine with an nVidia CK804 chipset installed, the following kernel messages may appear:
kernel: assign_interrupt_mode Found MSI capability kernel: pcie_portdrv_probe->Dev[005d:10de] has invalid IRQ. Check vendor BIOS
이러한 메세지는 특정한 PCI-E 포트가 IRQ를 요청하지 않음을 알려줍니다. 이에 더하여, 이 메세지는 어떠한 방식으로든 기계의 운영에 영향을 미치지 않습니다.
삭제할 수 있는 저장 장치 (예: CD 및 DVD)는 root로 로그인했을 때 자동으로 마운트되지 않습니다. 이러한 경우, 그래픽 파일 관리자를 사용하여 수동으로 마운트하셔야 합니다.
다른 방법으로 다음의 명령을 실행하여 /media
로 장치를 마운트할 수 있습니다:
mount /dev/[device name]
/media
The IBM System z does not provide a traditional Unix-style physical console. As such, Red Hat Enterprise Linux 5.2 for the IBM System z does not support the firstboot functionality during initial program load.
To properly initialize setup for Red Hat Enterprise Linux 5.2 on the IBM System z, run the following commands after installation:
/usr/bin/setup — setuptool
패키지에 의해 제공됨.
/usr/bin/rhn_register — rhn-setup
패키지에 의해 제공됨.
When a LUN is deleted on a configured storage system, the change is not reflected on the host. In such cases, lvm commands will hang indefinitely when dm-multipath is used, as the LUN has now become stale.
이 문제를 해결하기 위해 모든 장치와 stale LUN에 지정된 /etc/lvm/.cache
에 있는 mpath 링크 항목을 삭제합니다.
다음의 명령을 실행하여 항목 내용을 확인합니다:
ls -l /dev/mpath | grep [stale LUN]
For example, if [stale LUN]
is 3600d0230003414f30000203a7bc41a00, the following results may appear:
lrwxrwxrwx 1 root root 7 Aug 2 10:33 /3600d0230003414f30000203a7bc41a00 -> ../dm-4 lrwxrwxrwx 1 root root 7 Aug 2 10:33 /3600d0230003414f30000203a7bc41a00p1 -> ../dm-5
이는 3600d0230003414f30000203a7bc41a00이 dm-4 및 dm-5라는 두개의 mpath링크로 되었음을 의미합니다.
이러한 경우, /etc/lvm/.cache
에서 다음과 같은 행을 삭제해야 합니다:
/dev/dm-4 /dev/dm-5 /dev/mapper/3600d0230003414f30000203a7bc41a00 /dev/mapper/3600d0230003414f30000203a7bc41a00p1 /dev/mpath/3600d0230003414f30000203a7bc41a00 /dev/mpath/3600d0230003414f30000203a7bc41a00p1
Running the multipath command with the -ll option can cause the command to hang if one of the paths is on a blocking device. Note that the driver does not fail a request after some time if the device does not respond.
This is caused by the cleanup code, which waits until the path checker request either completes or fails. To display the current multipath state without hanging the command, use multipath -l instead.
X가 실행되고 vesa 외의 드라이버를 사용하는 경우 시스템은 kexec/kdump 커널로 재부팅하지 못할 수 도 있습니다. 이러한 문제는 ATI Rage XL 그래픽 칩셋과 함께 존재합니다.
ATI Rage XL이 장착된 시스템에서 X가 실행되는 경우, kexec/kdump 커널로 부팅하기 위해 vesa 드라이버를 사용하고 있는 지를 확인합니다.
베어 메탈 (비 가상화) 커널을 실행할 때, X 서버는 모니터에서 EDID 정보를 검색할 수 없게 됩니다. 이러한 문제가 발생할 경우, 그래픽 드라이버에서는 800x600 이상의 화면 해상도를 설정할 수 없게 됩니다.
이 문제를 해결하기 위해 /etc/X11/xorg.conf
파일의 ServerLayout 부분에 다음과 같은 행을 추가합니다:
Option "Int10Backend" "x86emu"
Upgrading pm-utils
from a Red Hat Enterprise Linux 5.2 Beta version of pm-utils
will fail, resulting in the following error:
error: unpacking of archive failed on file /etc/pm/sleep.d: cpio: rename
To prevent this from occurring, delete the /etc/pm/sleep.d/
directory prior to upgrading. If /etc/pm/sleep.d
contains any files, move those files to /etc/pm/hooks/
.
Mellanox MT25204에 대한 하드웨어 테스팅에서 특정 고부하 상태에서 내부 오류가 발생함이 발견되었습니다. ib_mthca
드라이버가 이러한 하드웨어에서 돌발적 오류가 발생함을 보고할 경우, 이는 주로 사용자 어플리케이션에 의해 생성된 미처리 작업 요청 수와 관련된 부적절한 완료 대기열과 관련되어 있습니다.
Although the driver will reset the hardware and recover from such an event, all existing connections at the time of the error will be lost. This generally results in a segmentation fault in the user application. Further, if opensm is running at the time the error occurs, then you need to manually restart it in order to resume proper operation.
When upgrading from Red Hat Enterprise Linux 4.6 to Red Hat Enterprise Linux 5.1 (or later), a warning error will appear stating that the kernel module mptscsi
was not found. To prevent this, edit /etc/modprobe.conf
by changing mptscsi to mptscsih before upgrading.
( x86 )
[1] 이 릴리즈 노트는 http://www.opencontent.org/openpub/의 Open Publication License, v1.0에 있는 이용 약관 설명에 따라 배포되어 집니다.