Each release of Red Hat Enterprise Linux (RHEL) is an exciting time and establishes a ten-plus year foundation for the industry to build upon. RHEL 9 marks the next milestone and offers improvements across the board in areas of stability, performance, upgrades and security capabilities. With edge computing being a strategic target for many of our customers, this post takes an in-depth look at the most significant features targeted to remote deployments.
The single largest feature of this release lives alongside the operating system at console.redhat.com. Users familiar with Red Hat Insights will notice a new edge management application in the console. Previously, building edge images required an on-prem version of Image Builder and then the user's choice of any "day 2" management technology.
Now with edge management, users can do "day 0 -> day N" without any additional on-prem infrastructure. This is the shortest path for organizations looking to manage and scale deployments at the edge without sacrificing their security posture. Edge management provides the ability to create and manage edge images, zero-touch provisioning, system health visibility and security remediations. Edge management is now live and available to customers with active subscriptions.
Support for major release upgrades
RHEL for edge systems using rpm-ostree can now more easily be upgraded, also called "rebase," from RHEL 8 to 9. The system upgrade is staged in the background like regular operating system (OS) updates and applied after the next reboot. This eliminates the traditional downtime associated with package transactions and is critical for extending the life of hardware beyond the life cycle of a single RHEL release.
This process does come with a few caveats and we recommend testing third-party applications before upgrading a large number of systems. And yes, rollbacks make it simple to revert back to the RHEL 8 install, just in case. RHEL 8 systems that are not deployed with rpm-ostree can continue to use the LEAPP tool to assist with upgrades to RHEL 9.
Automatic container updates and rollbacks
Last year, Podman gained the ability to automatically update containers. This has been a game changer for administrators using containers across a large number of devices, but it didn’t address what could happen if a bad container build was pushed to the registry. Podman is now able to detect if an updated container fails to start and automatically rollback to the last working version. Of course, Podman cannot detect all failure scenarios, but now it has the smarts to detect catastrophic ones. Together, with existing OS-level rollbacks, this provides new levels of reliability for applications.
For users looking for the shortest path to write an image to disk, this is the installation path for you. The installer requires a destination disk for installation as an input and takes care of everything without the need for tweaking or embedding a kickstart file. For users who need more advanced deployments and options, like RAID, partition schemes, etc., Anaconda and kickstart continue to be the recommended path. We’re excited for you to try the new installer and see how it can ease the administrative burden and help with more consistent deployments in the field or from a centralized location.
RHEL 9 introduces FIDO Device Onboard (FDO) as a technology preview that integrates with the simplified installer. One of the most time-consuming and costly areas of edge computing is to automate post-provisioning steps and have systems "just work" as they are powered on in the field. FDO uses a secure chain of trust to verify the identity and owner of the system and creates a channel with a greater security footprint to take instructions and/or onboard to a management platform.
Default health checks
Greenboot, the intelligent rollback framework, now provides health checks to test network functionality with every OS update and rollback in the event of a failure. Also, watchdog support has been implemented as well, in case it’s desirable to rollback an update if there is a watchdog event.
So much more
We encourage everyone to explore beyond what is mentioned in this post. RHEL 9 has many other compelling features like defaulting to cgroup2, Podman’s new network stack, improved System Role support and many others that combine into making this our best release yet. We’re also seeing major performance improvements which will be explored in future blog posts.