Red Hat Enterprise Linux 8's release will affect your future. Are you ready?

Whether you're aware or not, RHEL supports you every day. Even if you're not into tech, Linux is busy running the bulk of information services and apps you use including telecom, media, transportation, banking, and industry. An insecure or unpatched system at your airline or bank can make or break your day pretty quickly. Most cloud hypervisors are running on its KVM virtualization as well. There are thousands of distributions and releases available, and you may dismiss this as you use different sources, but don't dismiss the reach of this RHEL lifecycle. Fedora 28 was released on 1-MAY-2018 (Happy Birthday Fedora 28). As it forms the basis for upcoming RHEL 8 I'll cover what technical changes to look for, how your Hashicorp usage might be affected, and how Enterprise Linux goes from a baby Fedora release, earns its right of passage, and gets crowned to be an industry standard release that becomes RHEL, CentOS, Oracle Enterprise Linux, Amazon Linux, and more distributions used around the world and in the cloud.

RHEL's reach far exceeds servers. Did you realize it forms the basis of VMWare virtualization, Cisco networking, and firewall and network intrusion detection appliances? Given Fedora is the upstream of this, we've actually been able to use the core of RHEL 8 for a year. Fedora 28 was released on 1-MAY-2018, exactly one year before I'm typing this. As a big fan, I've been using it daily ever since. With Fedora major releases are on a 6 month cycle, I even threw gas into a flame war back in 2017: https://centosfaq.org/centos/rhel-8-speculation/#comment-120615. When Fedora releases get selected for RHEL It's a bit like selecting a Pope to me. The great news is a lot of great community software that may not all be very stable suddenly gets hardened and closely maintained by the Red Hat team which means at least my experience that Fedora 28 is about as stable as you would expect a rock-hard enterprise OS to be. What am I looking for in RHEL 8?

For starters, the RHEL Linux kernel finally catches up to major releases from 3.10.x to 4.18. Unfortunately this timing came just as Linus Torvalds pulled the trigger on 5.0, which you can still run with Fedora 28 but will probably need to wait for RHEL users. Aside from the kernel, patching is much simpler as YUM is now backed by DNF, meaning installing and patching is quicker and easier to maintain. Cockpit management comes out of the box and it's matured nicely. Some people consider it bloat, but I think this support will go down well. While these are my favourite changes there are in fact some more intrusive changes:

Gnome GDM and Wayland. While it's not common to use graphics on a server, don't forget that RHEL Workstation is available, and it could always be the year of the Linux Desktop. While you can order machines from Dell and HP with RHEL pre-installed, you may not notice the difference here. Replacing all of Xorg with Wayland to drive graphics is a tricky and somewhat inconsequential move if you ask me, but this was contributed by the community. Gnome 3.28 is default with Wayland now, and we'll see if support exists for anything else.

Deprecation of KDE. If replacing an entire display manager with Wayland was a zero-sum change, deprecating a fully functional desktop manager is a major loss. I still happily run Xorg and KDE Plasma 5 on its F28 spin and would happily consider RHEL 8 Workstation if it were an option. If you're unfamiliar with KDE vs Gnome, Gnome is the classic window manager built on the GTK framework that has a feel like a tablet interface on a PC. KDE/KDM is a more Windows/OSX-like alternative based on the QT framework. Both may be used side-by-side. If Fedora moves to deprecate KDE as well I think there will be an exodus from Fedora user base towards Canonical offerings even after Canonical. I'm sorry and I'm biased but why would one use anything besides KDE on any laptop or workstation? It really could be the year of the Linux Desktop, but replacing and restricting user options is not the way to do it.

What about containers? With application trends largely going to containers what on-prem and cloud container options does RHEL support? It's interesting to see RH trying to push out Docker on this one. As Docker has donated a lot of its bits to Open Container Initiative, there's a lot of industry infighting taking place. You won't find Docker CE in RHEL 8. At first this feels like a jab at Docker, but maybe they're holding back the free bits so you go buy Docker EE, which is a nice helping hand to Docker? Nope, instead you will find podman and buildah as alternatives. To a good point, Docker must be run as root which is a high security risk. Instead they propose you use podman to run containers as non-root users. The great news is we've had this on Fedora for quite a while, so we can just:

$ podman run -p 8000:80 boeroboy/hashiconf:2018
port bindings are not yet supported by rootless containers

Oh ok then. It sounds like a fix here isn't far off though. As much as I want Docker to succeed, I think it's important to keep an eye on podman as it will probably gain a lot of traction in the next year. The good news is that I've tested all the Hashicorp bits and they run happily inside podman containers as restricted users. Note that Terraform Enterprise may require Docker EE. That will be a big win for security conscious users. Nomad will hopefully have Podman support shortly. Others will need to manually install an unsupported Docker CE configuration.

What about virtualization? If you follow my older posts https://www.dhirubhai.net/pulse/cloud-trends-2018-year-tin-man-john-boero/ you know I've been a big fan of oVirt for years. This is the upstream basis for RHV, and is pretty much a feature match for VSphere. The good news is as soon as F28 was selected for EL8, supported yum repos for oVirt 4.3 were immediately released https://resources.ovirt.org/pub/yum-repo/. The greatest bit of 4.3 is it incorporates the networking bits from OpenStack (dare I say the best bits of OpenStack) which allow flexible openvswitch software networking in a more cloud-friendly way. This means that now I can update the edge cluster I wrote about earlier to run the entire VM lab transparently on the latest Fedora Workstation bits. A perfect modern workstation to a user, an edge hypervisor and Hashicorp lab for me. I think this will be a great tool for on-premmers and for labs. Note I'm a regular user of the Terraform module and a Gitlab runner builds my QCOW images with Packer. Vagrant can also be used if needed.

What about drivers? One of the main reasons for wide Linux adoption has always been driver hell. Personally I've seen varying degrees of support from hardware vendors. The cryptocurrency rush has squeezed AMDGPU drivers, which have sprawled into a jumbled mess and have fallen behind in kernel support. Intel and nVidia have kept up swimmingly and Intel is planning some major announcements later this year that already have full kernel support. EL kernels often fall behind which makes this new release all the more important. Vendors will be catching up with new releases which helps the whole industry.

We only care about cloud. Maybe you use only Debian-based images RHEL Atomic will follow with a cloud-targeted stateless image. If you've never used Atomic before, it's a super lightweight stateless image similar to CoreOS intended to run container workloads. Both Atomic and CoreOS rely on image customization before you use it, so Packer is your friend. You can even deploy Nomad onto RHEL Atomic to help it run additional workloads, and you'll definitely want Consul agent to keep track of stateless services across multiple clouds.

Security? EL 8 still has all your favourite security bits such as SELinux, CGroups, and OpenSCAP profiles. The good news is EL 7 will be maintained for quite a while giving time to upgrade. The bad news is quite a bit of critical infrastructure still runs on EL 6 which is retired November 30, 2020. That's just over a year away and will require extended support agreements if you intend to stick with EL6. I truly wouldn't wait to upgrade from 6 though. If you have Hashicorp products running on an unsupported OS release, it is subject to all of the risks associated with the OS so please patch often! This includes all the thousands of public bugs filed with status CLOSED WONTFIX. If you've never searched bugzilla for that I suggest you try. Most of them are minor and serious vulnerabilities are definitely handled, but some make you think.

Conclusion. I look forward to EL8 and the progress it means for a booming cloud industry. The community and enterprise contributions are nothing short of amazing. I recommend everyone get active in the Fedora community as well as Hashicorp's open source community. If you disagree with some of my commentary I mean no offense and welcome your comments or corrections. If you're an enterprise customer and you have questions about Hashicorp products on RHEL 8 or derivatives, please ask!