Although Ansible provides support for managing firewall rules via module, I still find initial setup is best done with a tested batch of firewall rules instead of adding them one-by-one. Since I’m migrating CentOS 7 servers to CentOS 8 now, I decided to convert iptables into nftables.
Will probably post a Unix Tutorial Project about this, but today I’m just capturing notes.
What is nftables?
nftables is the next (current) generation of NetFilter based firewall solutions, replacing iptables and providing backward compatible tools with iptables syntax.
If all you used before is iptables, you can continue using familiar commands – but in CentOS 8 this means that on the firewall level there’s no longer iptables running, all the functionality is provided by NFT.
IMPORTANT: make sure you put this into some nft-rules.txt file outside of the /etc/sysconfig location – if things go wrong, you’ll just reboot server via hosting console and regain access.
Try/Check NFT Ruleset
Now comes the moment to disable iptables and try NFT tables in their place.
I did the following: flushed IPtables (removed any rules) and then applied NFT rules.
Flush iptables
# iptables -F
Apply NFT rules from nft-rules.txt file
# nft -f nft-rules.txt
We can now have a look at the list of active NFT rules:
# nft list ruleset
Configure nftables Rules to Apply upon Reboot
Assuming everything works as expected, we can now move the nfs-rules.txt file into default location that will be used by NFT upon reboot:
# mv nft-rules.txt /etc/sysconfig/nftables.conf
Make sure it belongs to root and has correct permissions (it’s not a script so needs no execution bits):
root@s1:~ # ls -lad /etc/sysconfig/nftables.conf -rw-------. 1 root root 5227 Mar 12 01:48 /etc/sysconfig/nftables.conf
RHEL 8 has more software repositories available via various subscriptions than ever. Each subscription maps your operating system to a number of related repos, providing utmost granularity to installing and updating software.
I had to learn how to list repos because I wanted to install Ansible packages, turning one of my servers into an Ansible deployment server. Although Ansible is an open-source project, it’s not a core element of Red Hat Enterprise Linux, and that means it’s not available via core RHEL 8 repositories.
Instead, you need to find and enable Ansible repo in RHEL 8 (I’ll show how it’s done in the next few days).
How To List Software Repositories in RHEL 8
Simply run subscription-manager command with repos parameter, you’ll get quite a number of repositories reported back (I’m only showing you the first few):
root@rhel8:~ # subscription-manager repos
+----------------------------------------------------------+
Available Repositories in /etc/yum.repos.d/redhat.repo
+----------------------------------------------------------+
Repo ID: rhel-atomic-7-cdk-2.4-rpms
Repo Name: Red Hat Container Development Kit 2.4 /(RPMs)
Repo URL: https://cdn.redhat.com/content/dist/rhel/atomic/7/7Server/$basearch/cdk/2.4/os
Enabled: 0
Repo ID: satellite-tools-6.6-for-rhel-8-x86_64-eus-rpms
Repo Name: Red Hat Satellite Tools 6.6 for RHEL 8 x86_64 - Extended Update Support (RPMs)
Repo URL: https://cdn.redhat.com/content/eus/rhel8/$releasever/x86_64/sat-tools/6.6/os
Enabled: 0
Repo ID: codeready-builder-for-rhel-8-x86_64-rpms
Repo Name: Red Hat CodeReady Linux Builder for RHEL 8 x86_64 (RPMs)
Repo URL: https://cdn.redhat.com/content/dist/rhel8/$releasever/x86_64/codeready-builder/os
Enabled: 0
Repo ID: satellite-tools-6.7-for-rhel-8-x86_64-rpms
Repo Name: Red Hat Satellite Tools 6.7 for RHEL 8 x86_64 (RPMs)
Repo URL: https://cdn.redhat.com/content/dist/layered/rhel8/x86_64/sat-tools/6.7/os
When I say “quite a number“, I mean a lot of subscriptions are available:
Needed to reboot my Red Hat Enterprise Linux 8 desktop anyway, so decided to upgrade it to RHEL 8.1.
Check That Your Software Subscription is Active
For example, I realised that I have still been using the RHEL 8 beta subscription instead of the Developers License. After completing Red Hat subscription registration, I got the following:
greys@redhat:~ $ sudo subscription-manager list +-------------------------------------------+ Installed Product Status +-------------------------------------------+ Product Name: Red Hat Enterprise Linux for x86_64 Product ID: 479 Version: 8.1 Arch: x86_64 Status: Subscribed Status Details: Starts: 14/11/19 Ends: 13/11/20
Upgrade Red Hat OS with yum-update
yum tools are more integrated that many people though! So I’m still using yum update instead of dnf:
root@redhat:~ # yum update
Updating Subscription Management repositories.
Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs) 2.6 kB/s | 4.5 kB 00:01
Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs) 3.0 MB/s | 13 MB 00:04
Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs) 2.4 kB/s | 4.1 kB 00:01
Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs) 2.4 MB/s | 12 MB 00:04
Last metadata expiration check: 0:00:01 ago on Thu 14 Nov 2019 21:28:59 GMT.
Dependencies resolved.
Package Arch Version Repository Size
Installing:
yum-utils noarch 4.0.8-3.el8 rhel-8-for-x86_64-baseos-rpms 64 k
replacing dnf-utils.noarch 4.0.2.2-3.el8
kernel-debug-devel x86_64 4.18.0-147.0.3.el8_1 rhel-8-for-x86_64-baseos-rpms 14 M
kernel-devel x86_64 4.18.0-147.0.3.el8_1 rhel-8-for-x86_64-baseos-rpms 13 M
kernel-core x86_64 4.18.0-147.0.3.el8_1 rhel-8-for-x86_64-baseos-rpms 25 M
kernel x86_64 4.18.0-147.0.3.el8_1 rhel-8-for-x86_64-baseos-rpms 1.5 M
kernel-modules x86_64 4.18.0-147.0.3.el8_1 rhel-8-for-x86_64-baseos-rpms 22 M
Upgrading:
netcf-libs x86_64 0.2.8-12.module+el8.1.0+4066+0f1aadab rhel-8-for-x86_64-appstream-rpms 77 k
libXt x86_64 1.1.5-12.el8 rhel-8-for-x86_64-appstream-rpms 185 k
alsa-utils x86_64 1.1.9-1.el8 rhel-8-for-x86_64-appstream-rpms 1.1 M
...
podman-manpages noarch 1.4.2-5.module+el8.1.0+4240+893c1ab8 rhel-8-for-x86_64-appstream-rpms 180 k
python3-pip-wheel noarch 9.0.3-15.el8 rhel-8-for-x86_64-baseos-rpms 1.2 M
mozjs60 x86_64 60.9.0-3.el8 rhel-8-for-x86_64-baseos-rpms 6.7 M
libssh-config noarch 0.9.0-4.el8 rhel-8-for-x86_64-baseos-rpms 18 k
python3-setuptools-wheel noarch 39.2.0-5.el8 rhel-8-for-x86_64-baseos-rpms 289 k
Installing weak dependencies:
oddjob-mkhomedir x86_64 0.34.4-7.el8 rhel-8-for-x86_64-appstream-rpms 52 k
libvarlink x86_64 18-3.el8 rhel-8-for-x86_64-baseos-rpms 44 k
Transaction Summary
Install 17 Packages
Upgrade 646 Packages
Total download size: 1.2 G
Is this ok [y/N]:
Some 15min later I had my desktop in a much better shape:
And that’s it! I rebooted the server and my OS is RHEL 8.1 now:
greys@redhat:~ $ more /etc/redhat-release
Red Hat Enterprise Linux release 8.1 (Ootpa)
greys@redhat:~ $ uname -a
Linux redhat 4.18.0-147.0.3.el8_1.x86_64 #1 SMP Mon Nov 11 12:58:36 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
As I mentioned, I’m building a new Linux based desktop PC – currently running RHEL 8. Since I’m planning it as a primary desktop system for my home lab, I want to eventually migrate workflows from MacBook Pro to the new PC – and this means I want to use my existging LG 5K UltraFine 27″ display. This seemed like an interesting Unix Tutorial Project from the very start!
Work In Progress
WARNING: this is a work in progress article, I plan to revisit and update it in the next few weeks/months.
LG 5K UltraFine Display
This is a great 5K display that’s still one of the only few options available for getting 5K resolution display in macOS without buying an iMac or iMac Pro from Apple.
It’s great for photography and excellent for day-to-day use cause all the browser, documents and terminal windows are super crisp. You’ll get similar results on 4K displays available for PCs but LG 5K UltraFine has better colour gamut and screen brightness than most.
Here’s how it looks:
… on the back, as you can see, there are only USB-C format ports: 1 for input and 3 for additional devices:
Why Using LG 5K on a PC is Tricky
LG 5K is a stunning monitor, created by LG in collaboration with Apple, specifically for use with Apple laptops. This poses four complications for anyone planning to use LG 5K with non-Apple hardware:
You need Thunderbolt over USB-C Connectivity
You need drivers for supporting camera, microphone and ambient light sensor that are installed in the LG 5K display
You need software support for LG 5K brightness controls (there are no control buttons on this display – I kid you not!)
You need software/drivers support for the 5K display – it’s called display tiling support
LG 5K display in Linux
So far, I figured out Issue 1, kind of started looking into Issue 2, ignored Issue 3 altogether and spent considerable amount of time with no result on Issue 4.
WARNING: I haven’t completed this project yet, meaning I get output via USB-C connector into LG 5K Display, but it’s not 5K resolution yet.
Display Tiling for 5K+ resolutions
Because many interfaces simply don’t have the bandwidth to push all these 5K+ pixels at acceptable (30Hz or 60Hz) rates, there’s a commmon workaround in hi-res displays, called display tiling. Resolution of 5120×2880 pixels is very bandwidth hungry when it comes to video cable connection.
Display tiling means you connect your hi-res display over multiple ports. Each port appears to be a separate display of typically half the resolution of your screen. Each of these virtual displays is called a tile, and your graphics adapter, its driver and possibly OS software should all support this tiling concept for a seamless experience – meaning your display appears to have 5K resolution, with software cleverly stitching tiles together into a single image you see.
In LG 5K case, half the display is driven by one tile of 2560×2880 pixels and another half is driven by 2nd cable and 2nd tile over it. Combined together, they give you the 5K resolution: 5120×2880 pixesl. But if you have old software or driver, you may see just half the screen image or sub-5K resolution.
Connecting LG 5K to PC over Thunderbolt 3
In short, Issue 1 is: this monitor has only one input: USB-C cable that actually acts as a Thuderbolt 3 cable. The idea behind it is great: you plug this cable into a MacBook, and magic happens:
MacBook shows output onto beautiful 5K display, with HiDPI support etc
Display devices like camera start working for video calls, etc.
Any devices you have plugged via USB-C ports on the back of the LG 5K display are presented to MacBook – so 5K display becomes a USB-C hub
Best of all: MacBook is getting charged over the same cable
In practice, this is super useful: no messy cables, all the stationery devices like USB drives and printers are plugged neatly into the back ports of the display and don’t even have to be touched. I plug a single cable from monitor into laptop and it all just works together!
But if I want the same functionality from a non-Apple PC, there’s immediately quite a few issues:
USB-C ports your PC has are not going to work – they’re most likely USB 3.1 ports for connecting storage devices, meaning they don’t have DisplayPort functionality – so you have the correct port but it doesn’t have the correct functionality – no picture will be shown on the display
There are not that many graphics cards that have USB-C form-factor output that will work with such displays
There are even fewer graphics cards that can drive 5K over a single port
Thunderbolt 3 Add-In Cards
So what is the solution? You need to get one of them Thunderbolt 3 Add-In Cards (AIC). This here is the one I got, Gigabyte GC-TITAN RIDGE AIC:
Gigabyte GC-TITAN RIDGE rev1.0 AIC
Specifically, there are ASUS, ASrock and Gigabyte ones that I could find:
Asus
Gigabyte
ASrock
What Does Titan Ridge TB3 AIC Card Do?
AIC card provides full Thunderbolt 3 functionality – multiple 40Gbit/sec connectivity channels via USB-C ports. It’s mostly meant to be a storage adapter (similar to SCSI or RAID expansion cards), in a sense that you can connect high-speed directly-attached storage (DAS) units to it like small or large disk arrays.
BUT as it turns out, most of Thunderbolt 3 Add-In Cards also help with graphics output via USB-C interface. So you have two USB-C outputs and even a DisplayPort on my model:
DisplayPort output on the left, 2 USB-C outputs, 2 minDisplayPort inputs
The way Titan Ridge TB3 card works for graphics output is that it takes one or two miniDisplayPort inputs, converts the signal (up to 8K resolution is supported, apparently!) and outputs it via USB-C cable to a compatible display.
What this approach means is you still need a proper graphics card (GPU) installed in your desktop, but instead of plugging display into it (which you can’t do for USB-C), you do the next best thing:
you plug TB3 adapter into graphics card (most likely over 2 cables)
you plug your fancy USB-C connected monitor into the Titan Ridge TB3 card
Here’s how connectors work (showing just 1 DisplayPort input for now):
On the left is the USB-C Thunderbolt cable going to LG 5K Display
For LG 5K, you need to be sure to get Thunderbolt 3 card and not Thunderbolt 2 card – again, older card would have correct ports but incorrect functionality for 5K display. So it must be Thunderbold 3 card. And you definitely need 2 DisplayPort connectors going from graphics card into the Thunderbolt 3 AIC card, otherwise you’ll be limited to 4K resolution.
If you’re shopping, look by the technology name, introduced by Intel. Alpine Ridge is the older model (not suitable for 5K), Titan Ridge is the one you need.
I got myself the Gigabyte GC-Titan Ridge TB3 card, because my new desktop PC has a Gigabyte motherboard.
Installing Titan Ridge AIC for LG 5K
Here are the steps I took to configure this TB3 AIC card in my desktop:
Inspect external ports on the card to confirm their order – where 1st miniDisplayPort goes, where 1st USB-C/Thunderbolt output is, etc:
IMPORTANT: for 5K signal you need 2 DisplayPort connectors, so it’s important that you get 1st DP output on GPU into 1st DP input on the TB3 AIC card, and 2nd DP output into 2nd DP input.
On the AIC card itself, you have a bunch of ports.:
From left to right on this photo:
Thunderbold USB-C header (goes to your motherboard)
USB 3 header (goes to another port on your motherboard)
2 PCIe type Power connectors
I suggest you connect all of them if your motherboard and power supply allow, but in my case I ended up disabling Thunderbolt support in BIOS and letting the AIC card figure things out.
Put TB3 AIC Card into PCIx4 Port
Don’t know why, but most motherboards as super picky about where you should put your Thunderbolt 3 Add-In Card: it may work anywhere, but best is to check which port is recommended.
For my Gigabyte Titan Ridge TB3 AIC, there’s this reference suggesting PCIe slot for each Gigabyte motherboard supporting it:
Motherboards with GC-TITAN RIDGE support
Based on the above, I actually realised my GPU was installed in the PCIe x4 slot so I moved it closer to CPU, into the fasted x16 slot available. TB3 AIC card took the place in the leftmost slot, PCIe x4:
GC-Titan Ridge card in the left PCIe x4 slot, Radeon RX580 in the PCIe x16 slot on the right
I ended up disabling Thunderbolt support (it’s called Discrete Thunderbolt) in my BIOS altogether. With it enabled I could get DisplayPort output from the TB3 AIC, but not over USB-C. So after disabling support in BIOS, things started working.
Current Results of LG 5K to Desktop Project
Video output works and image shows on the LG 5K display
Windows 10 fully supports 5K resolution
RHEL 8 still only shows 3K resolution – work in progress
That’s it for now! Hope you learned something new – I know I did! This whole buisiness of connecting my 2 year old 5K display to a brand new PC turned out to be way more involving and educational than I expected.
One of the first things I had to do on my recently built RHEL 8 PC was to move the primary network interface from public (default) zone to home zone – to make sure any firewall ports I open stay private enough.
How To List Which Zones and Interfaces are Active
Using the get-active-zones option of the firewall-cmd command, it’s possible to confirm where eno1 interface is at the moment. It’s already in the home zone cause I made the update earlier:
Don’t forget that after confirming a working firewall configuration, you need to re-run the same command with permanent option – this will update necessary files to make sure your firewall changes can survive a reboot:
root@redhat:~ # firewall-cmd --zone=home --change-interface=eno1 --permanent
The interface is under control of NetworkManager, setting zone to 'home'.
success
That’s it for today. Am really enjoying RHEL 8 configuration and still have this feeling I barely scratch the surface with all the new improvements this Red Hat Enterprise Linux brings.
Turns out it’s not that easy to install Docker CE in RHEL 8 just yet. Well, maybe there’s no immediate need since RHEL 8 comes with its own containerization stack based on podman?
Hello, World in podman
podman provides comprehensive compatibility with docker command, most non-Docker specific options are supported.
If you are familiar with docker command syntax, give it a try by just replacing docker with podman command.
Let’s do the hello world exercise:
greys@redhat:~ $ podman run hello-world
Trying to pull registry.redhat.io/hello-world:latest…Failed
Trying to pull quay.io/hello-world:latest…Failed
Trying to pull docker.io/hello-world:latest…Getting image source signatures
Copying blob 1b930d010525: 977 B / 977 B [==================================] 0s
Copying config fce289e99eb9: 1.47 KiB / 1.47 KiB [==========================] 0s
Writing manifest to image destination
Storing signatures
Hello from Docker!
This message shows that your installation appears to be working correctly.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
As you can see, podman searches in Red Hat and Quay image repositories before moving on to Docker registry, but finally gets the hello-world image there.
Run Ubuntu image in podman
And if we want to follow Docker’s advice and try running the Ubuntu Docker image, we’ll replace
docker run -it ubuntu bash
with
podman run -it ubuntu bash
… It just works:
greys@redhat:~ $ podman run -it ubuntu bash
Trying to pull registry.redhat.io/ubuntu:latest…Failed
Trying to pull quay.io/ubuntu:latest…Failed
Trying to pull docker.io/ubuntu:latest…Getting image source signatures
Copying blob 5667fdb72017: 25.45 MiB / 25.45 MiB [==========================] 3s
Copying blob d83811f270d5: 34.53 KiB / 34.53 KiB [==========================] 3s
Copying blob ee671aafb583: 850 B / 850 B [==================================] 3s
Copying blob 7fc152dfb3a6: 163 B / 163 B [==================================] 3s
Copying config 2ca708c1c9cc: 3.33 KiB / 3.33 KiB [==========================] 0s
Writing manifest to image destination
Storing signatures
root@686f0d85b4ad:/# uname -a
Linux 686f0d85b4ad 4.18.0-80.el8.x86_64 #1 SMP Wed Mar 13 12:02:46 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
root@686f0d85b4ad:/# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=18.04
DISTRIB_CODENAME=bionic
DISTRIB_DESCRIPTION="Ubuntu 18.04.3 LTS"
I think it’s pretty cool. Will definitely read up and post more about podman and containerization in Red Hat in the following weeks.
Setting Alternatives Path for Python Command in RHEL 8
alternatives: python to /usr/bin/python3
Red Hat Enterprise Linux 8 comes with support for both Python 2 and Python 3. But neither of them is invoked via running python command – you get “command not found” error.
Default Python Version in RHEL 8
Python 3.6 is the default and primary version of Python in RHEL 8. It may need to be istalled, but in my VirtualBoxVM installation of RHEL 8 beta it came preinstalled.
Check Python 3 version
Just type python3 to see which version you have:
[greys@rhel8 ~]$ python3
Python 3.6.6 (default, Oct 16 2018, 01:53:53)
[GCC 8.2.1 20180905 (Red Hat 8.2.1-3)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>>
Python Command Not Found
If we type python instead of python3, we’ll get the following error:
[greys@rhel8 ~]$ python
bash: python: command not found…
Set Alternatives Path For Python to Python3
There’s a special alternatives method in Red Hat Linux and CentOS, it allows you to select the primary version of a tool when multiple versions are available. Among other things, alternatives command (must be run as root) can create default paths.
This command configures RHEL to invoke /usr/bin/python3 whenever you run python:
That’s it! If you type python again, you’ll see python3 executed instead of getting an error:
[greys@rhel8 ~]$ python
Python 3.6.6 (default, Oct 16 2018, 01:53:53)
[GCC 8.2.1 20180905 (Red Hat 8.2.1-3)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>>
Have fun!
Web Console in RHEL8
I’m not a fan of web interfaces for managing Linux systems and usually don’t see them unless a hosting provider preinstalled something. But it seems my default Red Hat Enterprise Linux 8 in a VirtualBox VM got the web console enabled by default.
Accessing Web Console in RHEL8
I see reminder of the web console upon every SSH login into the VM:
Web console: https://rhel8:9090/ or https://192.168.X.Y:9090/
So, connection to the virtual machine’s IP address on port 9090 will open the RHEL8 web console:
Web console in RHEL8
Screenshots of Web Console in RHEL8
Here are just the screenshots of the web panel, it seems most of the common tasks can now be accomplished using the panel – from joining AD domain to managing users, updates, disk storage and subscriptions. Pretty cool!
What do you like most in Red Hat Enterprise Linux 8? Let me know!
For dedicated servers and virtual machines that you keep upgrading in-place, you will eventually reach the situation where there’s a number of old kernel packages installed. That’s because when you’re updating OS packages and get new kernel installed, the old ones are not auto-removed – allowing you to fall back if there are issues with the latest kernel.
How To List Old Kernels in CentOS/Red Hat Linux
rpm -q command comes to the resque! just run it for the kernel packages:
You can use the uname command to verify the current kernel you’re running:
root@centos:~ # uname -a
Linux centos.ts.fm 3.10.0-957.5.1.el7.x86_64 #1 SMP Fri Feb 1 14:54:57 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
How To Remove Old Linux Kernels in CentOS
There’s actually a special command for doing this, but it’s probably not installed by default. It’s part of the yum-utils package that you may have to install like this first:
root@centos:~ # yum install yum-utils
Now that it’s installed, we’ll use the package-cleanup command. It takes the number of most recent kernels that you want to keep. So if you want to keep just the currently used kernel, the number should be 1. I recommend you keep 2 kernels – current and the one before it, so the count should be 2.
Just to be super sure, the package-cleanup -oldkernels command will ask you if you’re positive about removing the listed kernel packages before progressing:
root@centos:~ # package-cleanup --oldkernels --count=2
Loaded plugins: fastestmirror, langpacks
--> Running transaction check
---> Package kernel.x86_64 0:3.10.0-327.28.3.el7 will be erased
---> Package kernel.x86_64 0:3.10.0-327.36.3.el7 will be erased
--> Finished Dependency Resolution
epel/x86_64/metalink | 22 kB 00:00:00
Dependencies Resolved
===============================================================
Package Arch Version Repository Size
===============================================================
Removing:
kernel x86_64 3.10.0-327.28.3.el7 @centos-updates 136 M
kernel x86_64 3.10.0-327.36.3.el7 @updates 136 M
Transaction Summary
===============================================================
Remove 2 Packages
Installed size: 272 M
Is this ok [y/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Erasing : kernel.x86_64 1/2
Erasing : kernel.x86_64 2/2
Verifying : kernel-3.10.0-327.36.3.el7.x86_64 1/2
Verifying : kernel-3.10.0-327.28.3.el7.x86_64 2/2
Removed:
kernel.x86_64 0:3.10.0-327.28.3.el7 kernel.x86_64 0:3.10.0-327.36.3.el7
Complete!
… and yes, don’t worry to be left without any Linux kernels! I checked, and specifying count=0 will not result in the package-cleanup killing your operating system:
root@centos:~ # package-cleanup --oldkernels --count=0
Loaded plugins: fastestmirror, langpacks
Error should keep at least 1 kernel!
That’s it for today. Hope you enjoyed the article!
yum package manager, and dnf package manager in later Red Hat Linux versions, is quite a capable tool. In addition to expertly resolving dependencies when installing and removing individual software packages (RPMs), yum can also be used to manage whole package groups.
List software groups with yum
Here’s how to get a list of available software groups and also get an indication of which groups you already have installed in your RHEL:
[root@rhel8 ~]# yum group list
Updating Subscription Management repositories.
Updating Subscription Management repositories.
Last metadata expiration check: 0:02:40 ago on Tue 29 Jan 2019 18:38:39 EST.
Available Environment Groups:
Custom Operating System
Server
Installed Environment Groups:
Minimal Install
Workstation
Available Groups:
.NET Core Development
RPM Development Tools
Container Management
Smart Card Support
Scientific Support
Security Tools
Development Tools
System Tools
Headless Management
Network Servers
Legacy UNIX Compatibility
Graphical Administration Tools
Install a software group with yum
Simply using the entries from the list in previous section, you can install software groups like shown below.
IMPORTANT: because these are descriptive names and they have multiple words in mostt group’s names, you must use quotes:
[root@rhel8 ~]# yum group install "Development Tools"
Updating Subscription Management repositories.
Updating Subscription Management repositories.
Last metadata expiration check: 0:02:59 ago on Tue 29 Jan 2019 18:38:39 EST.
Dependencies resolved
===========================================================
Package Arch Version Repository Size
===========================================================
Installing group/module packages:
source-highlight x86_64 3.1.8-16.el8 rhel-8-for-x86_64-appstream-beta-rpms 657 k
autoconf noarch 2.69-27.el8 rhel-8-for-x86_64-appstream-beta-rpms 710 k
perl-Fedora-VSP noarch 0.001-9.el8 rhel-8-for-x86_64-appstream-beta-rpms 25 k
patchutils x86_64 0.3.4-10.el8 rhel-8-for-x86_64-appstream-beta-rpms 115 k
libtool x86_64 2.4.6-25.el8 rhel-8-for-x86_64-appstream-beta-rpms 709 k
bison x86_64 3.0.4-10.el8 rhel-8-for-x86_64-appstream-beta-rpms 688 k
flex x86_64 2.6.1-9.el8 rhel-8-for-x86_64-appstream-beta-rpms 320 k
valgrind x86_64 1:3.14.0-1.el8 rhel-8-for-x86_64-appstream-beta-rpms 11 M
pesign x86_64 0.112-25.el8 rhel-8-for-x86_64-appstream-beta-rpms 181 k
gdb x86_64 8.2-3.el8 rhel-8-for-x86_64-appstream-beta-rpms 296 k
ctags x86_64 5.8-22.el8 rhel-8-for-x86_64-appstream-beta-rpms 170 k
ltrace x86_64 0.7.91-27.el8 rhel-8-for-x86_64-appstream-beta-rpms 160 k
systemtap x86_64 4.0-0.20180830git.el8 rhel-8-for-x86_64-appstream-beta-rpms 17 k
perl-generators noarch 1.10-7.el8 rhel-8-for-x86_64-appstream-beta-rpms 18 k
byacc x86_64 1.9.20170709-4.el8 rhel-8-for-x86_64-appstream-beta-rpms 91 k
rpm-build x86_64 4.14.2-4.el8 rhel-8-for-x86_64-appstream-beta-rpms 166 k
asciidoc noarch 8.6.10-0.5.20180627gitf7c2274.el8 rhel-8-for-x86_64-appstream-beta-rpms 216 k
automake noarch 1.16.1-6.el8 rhel-8-for-x86_64-appstream-beta-rpms 713 k
intltool noarch 0.51.0-11.el8 rhel-8-for-x86_64-appstream-beta-rpms 66 k
diffstat x86_64 1.61-7.el8 rhel-8-for-x86_64-appstream-beta-rpms 44 k
make x86_64 1:4.2.1-9.el8 rhel-8-for-x86_64-baseos-beta-rpms 498 k
rpm-sign x86_64 4.14.2-4.el8 rhel-8-for-x86_64-baseos-beta-rpms 74 k
Installing dependencies:
perl-Thread-Queue noarch 3.13-1.el8 rhel-8-for-x86_64-appstream-beta-rpms 24 k
docbook-style-xsl noarch 1.79.2-7.el8 rhel-8-for-x86_64-appstream-beta-rpms 1.6 M
libXaw x86_64 1.0.13-10.el8 rhel-8-for-x86_64-appstream-beta-rpms 194 k
dyninst x86_64 9.3.2-12.el8 rhel-8-for-x86_64-appstream-beta-rpms 3.7 M
gdb-headless x86_64 8.2-3.el8 rhel-8-for-x86_64-appstream-beta-rpms 3.7 M
guile x86_64 5:2.0.14-7.el8 rhel-8-for-x86_64-appstream-beta-rpms 3.5 M
graphviz x86_64 2.40.1-37.el8 rhel-8-for-x86_64-appstream-beta-rpms 1.7 M
systemtap-runtime x86_64 4.0-0.20180830git.el8 rhel-8-for-x86_64-appstream-beta-rpms 461 k
libipt x86_64 1.6.1-8.el8 rhel-8-for-x86_64-appstream-beta-rpms 50 k
perl-XML-Parser x86_64 2.44-10.el8 rhel-8-for-x86_64-appstream-beta-rpms 226 k
libdwarf x86_64 20180129-4.el8 rhel-8-for-x86_64-appstream-beta-rpms 172 k
systemtap-devel x86_64 4.0-0.20180830git.el8 rhel-8-for-x86_64-appstream-beta-rpms 2.1 M
systemtap-client x86_64 4.0-0.20180830git.el8 rhel-8-for-x86_64-appstream-beta-rpms 3.5 M
libatomic_ops x86_64 7.6.2-3.el8 rhel-8-for-x86_64-appstream-beta-rpms 38 k
docbook-dtds noarch 1.0-69.el8 rhel-8-for-x86_64-appstream-beta-rpms 377 k
nss-tools x86_64 3.39.0-1.0.el8 rhel-8-for-x86_64-appstream-beta-rpms 558 k
libbabeltrace x86_64 1.5.4-2.el8 rhel-8-for-x86_64-appstream-beta-rpms 201 k
gc x86_64 7.6.4-3.el8 rhel-8-for-x86_64-appstream-beta-rpms 109 k
xorg-x11-fonts-ISO8859-1-100dpi noarch 7.5-19.el8 rhel-8-for-x86_64-appstream-beta-rpms 1.1 M
elfutils x86_64 0.174-1.el8 rhel-8-for-x86_64-baseos-beta-rpms 340 k
patch x86_64 2.7.6-7.el8 rhel-8-for-x86_64-baseos-beta-rpms 138 k
m4 x86_64 1.4.18-7.el8 rhel-8-for-x86_64-baseos-beta-rpms 223 k
sgml-common noarch 0.6.3-50.el8 rhel-8-for-x86_64-baseos-beta-rpms 62 k
kernel-debug-devel x86_64 4.18.0-32.el8 rhel-8-for-x86_64-baseos-beta-rpms 12 M
gettext-devel x86_64 0.19.8.1-14.el8 rhel-8-for-x86_64-baseos-beta-rpms 331 k
gettext-common-devel noarch 0.19.8.1-14.el8 rhel-8-for-x86_64-baseos-beta-rpms 419 k
mokutil x86_64 1:0.3.0-9.el8 rhel-8-for-x86_64-baseos-beta-rpms 44 k
Installing weak dependencies:
gcc-gdb-plugin x86_64 8.2.1-3.3.el8 rhel-8-for-x86_64-appstream-beta-rpms 115 k
Transaction Summary
===========================================================
Install 50 Packages
Total download size: 53 M
Installed size: 193 M
Is this ok [y/N]:
That’s it for today! Will show you a few more really cool tricks with yum some other time.
For dedicated servers and virtual machines that you keep upgrading in-place, you will eventually reach the situation where there’s a number of old kernel packages installed. That’s because when you’re updating OS packages and get new kernel installed, the old ones are not auto-removed – allowing you to fall back if there are issues with the latest kernel.