Product SiteDocumentation Site

2. Changes in Fedora for System Administrators

2.1. Kernel

Fedora 19 features the 3.9.0 kernel.

2.2. Installation

2.2.1. Minimum Screen Resolution

Graphical Installation requires 800x600 resolution or higher

Graphical installation of Fedora 19 requires a minimum screen resolution of 800x600. Owners of devices with lower resolution, such as some netbooks, should use text or VNC installation.
Once installed, Fedora will support these lower resolution devices. The minimum resolution requirement applies only to graphical installation.

2.2.2. Syslinux

Fedora 19 includes an option for using the Extlinux bootloader, part of the Syslinux family of bootloaders. This bootloader is not as advanced as the default Grub2 bootloader and will not work in all circumstances. The target use-case for F19 is lightweight cloud images, but you may find Extlinux useful in other situations as well.
Currently, Extlinux does not support LVM, and while it does support btrfs, that support is limited. An ext2, ext3, or ext4 boot filesystem is required, as either the root filesystem or a small standalone /boot partition. Additionally, currently only X86 architectures are supported.
To enable Extlinux, either use the extlinux keyword on the Anaconda command line, or use the "--extlinux" flag for the bootloader command in kickstart. This feature is not made visible in the installer's graphical or text-mode user interfaces.

Syslinux is not preferable to grub for most end users!

This support is currently targeted at a narrow use case, primarily virtual machines, and Extlinux will not work for all situations in Fedora 19.

2.2.3. Firstboot configuration

Initial setup screens have been revamped for Fedora 19. GNOME now offers user creation and configuration at first boot. Other environments will instead use the new functionality from the installer.

2.2.4. Remote Authentication support is limited

The Fedora 19 installer does not currently support configuration of remote authentication during installation. However, if GNOME is being installed and no users are created by the installer, the first boot of GNOME will provide a user creation dialog that supports FreeIPA and AD.
Users requiring remote authentication under other use cases should configure it in a kickstart file or after the installation is complete.

2.2.5. Advanced Storage

The rewrite of the anaconda installer begun in Fedora 18 continues. Fedora 19 provides support during installation for advanced storage, such as fcoe, iscsi, and multipath. The text mode of the installer has also been improved.

2.2.6. AD domain integration

Fedora can now join a domain from a kickstart file or from the anaconda, using one time passwords and a simple syntax.
        # example kickstart lines to join realm:
        realm join --one-time-password=MyPassword

2.3. Boot

2.3.1. Faster Boot with host only initramfs.

Rescue and Rebuild for major changes

Boot speed is improved by removing unused features from the initramfs. If new hardware is added, boot into the rescue initramfs and use the command dracut --regenerate-all --force to rebuild and replace the old initramfs.
This Fedora release builds an initramfs tailored especially for your computer hardware, allowing faster boot. If you change your machine or significant hardware, you might have to boot with the Rescue boot entry and execute dracut --regenerate-all. If you want your initramfs to be hardware independent, install the dracut-nohostonly rpm package. If you don't want rescue images at all (like in virtual machines), install the dracut-norescue rpm package.

2.3.2. Visual Changes to GRUB

The appearance of GRUB and GRUB menus have been changed to present a more seamless, appealing look.

2.4. Security

2.4.1. Hardlink and symlink restrictions

A long-standing class of security issues is the link based time-of-check-time-of-use race, most commonly seen in world writable directories like /tmp. The common method of exploitation of this flaw is to cross privilege boundaries when following a given link, such as when a root process follows a link belonging to another user. In Fedora 19, we permit links to only be followed when outside a sticky world-writable directory, or when the uid of the link and follower match, or when the directory owner matches the link's owner. In previous releases, this was enforced by SELinux policy and in this release, the restrictions are enabled by sysctl settings in /usr/lib/sysctl.d/00-system.conf as an additional layer of protection:
        fs.protected_hardlinks = 1
        fs.protected_symlinks = 1

2.4.2. Shared System Certificates

Root anchored certificate authorities are consumed from single location and shared by most applications, unless those applications are explicitly configured with other certificates.
A system administrator can now place a non-standard certificate authority to be a trusted root as a file in a directory location. After running a tool, it will be used by most applications as expected, except those otherwise configured.

2.4.3. FreeIPA FreeIPA realmd support
It is now possible to simply configure a client to use a FreeIPA domain for authentication by using the GNOME Control Center, kickstart or command line:
          realm join FreeIPA Trust Improvements
When using FreeIPA to trust Active Directory domain, it is now possible to designate multiple domain controllers in FreeIPA to server Windows clients.
FreeIPA has added management of additional domain suffixes visible to the trusted Active Directory domain's clients.
FreeIPA now implements Global Catalog service to allow Active Directory domain administrators to FreeIPA users.

2.4.4. SSSD improves AD integration

With the latest major release to SSSD the integration into Active Directory domains has been improved. AD sites are respected and SSSD tries to access the nearest domain controller. Users and groups from trusted domains are available.

2.4.5. More resilient Kerberos

Kerberos in Fedora 19 has been improved. It is now possible to authenticate using kerberos regardless of the local system time being in sync with that of the kerberos server.
Various kerberos bugs, including handling of reverse DNS records, have been fixed in order to make a more seamless kerberos experience.

2.4.6. gssproxy

Fedora 19 features gssproxy, an opensource project that aims to improve GSSAPI usage from both the kernel for authenticating remote file system access as well as user-space applications. It does provide fine-grained access control on Kerberos keytab access and it overcomes various limitations the kernel had when dealing with Kerberos tickets.

2.5. Virtualization

2.5.1. open-vm-tools

open-vm-tools, the open source implementation of VMware Tools, is now available from Fedora.

2.5.2. High Availability container resources

Pacemaker now supports the ability to manage resources remotely on non-cluster nodes through the use of the pacemaker_remote service. This feature allows pacemaker to manage both virtual guests and the resources that live within the guests all from the host cluster node without requiring the guest nodes to run the cluster stack.

2.5.3. Virt Storage Migration

KVM and libvirt now support a performant way to live migrate virtual machines with no shared storage between the hosts. A running VM and its disk images are relocated to a new machine with no downtime.

2.6. Web Servers

2.7. Cloud

2.7.1. Ready-to-run cloud images

Ready-to-run cloud images are provided as part of Fedora 19. These are available in Amazon EC2 or for direct download. The downloadable images are available in compressed raw image format and in qcow2 for immediate use with EC2, OpenStack, CloudStack, or Eucalyptus. The images are configured with cloud-init, and so will take advantage of ec2-compatible metadata services for provisioning SSH keys.

2.7.2. OpenShift Origin

OpenShift Origin, the community-supported version of Red Hat's OpenShift, is available for the first time in Fedora 19.

2.7.3. OpenStack Grizzly

OpenStack is upgraded to the latest stable release, code named "Grizzly". OpenStack Grizzly includes the Incubation projects Heat and Ceilometer, as well as numerous other upgrades and improvements. A detailed list of changes is available at
Several subprojects are also available, as noted below. Ceilometer
This OpenStack incubation project is new in this release. Please refer to Ceilometer preliminary setup notes. Heat
This OpenStack incubation project is new in this release. Please visit Heat preliminary setup notes Nova
Nova volumes removed in favor of cinder, refer to
Compute nodes no longer access the database to support greater scalability and security, refer to
Snapshots can be done to block devices as well as qcow2 files, refer to
compute cells was merged to support greater scalability, refer to
libvirt now supports SPICE as well as VNC, refer to Quantum
Security groups are now supported, details may be found at Cinder
Volume backup to swift is now available, visit Keystone
A new V3 API has been implemented, details at
A new LDAP backend has been introduced, learn more at Horizon
File uploads have been improved, refer to
Unified config has been implemented to simplify administration, visit

2.8. Database Servers

2.8.1. MariaDB

Fedora 19 features MariaDB, an improved and more open fork of MySQL with a thriving community. MariaDB is used as the default mysql compatible database, and the change should be transparent to almost all MySQL users. If required, the original MySQL packages are still available as community-mysql.

2.8.2. Derby

Apache Derby, an open source relational database implemented entirely in Java, has been updated to version For detailed information on the changes to Derby, consult the project's website at

2.8.3. sqlite

The functionality of sqlite has been expanded and improved with the update to version 3.7.15. The project provides a release history at

2.9. File Servers

2.9.1. NFSTest

Fedora 19 offers NFSTest, a suite of tools for testing NFS clients and services. Detailed information is available at

2.10. System Daemons

2.10.1. Private Temporary Directories available

Services with a PrivateTmp= directory defined in their configuration make use of a private temporary directory that is shared by all processes of the service. These temporary files are deleted when the service is stopped.

2.10.2. systemd Modular service configuration with drop-in files
systemd will now look for configuration directives for a service as /etc/systemd/system/foo.service.d/bar.conf, making site-specific changes easier to organize and deploy. systemd lightweight containers
nspawn containers have been improved in order to allow installation an unmodified Fedora distribution for testing, debugging, and development. systemd Message Catalog
The systemd Message Catalog uses globally-unique message identifiers to tie specific error messages to additional information such as comprehensive explanations and links to further information. systemd Resource Control
In Fedora 19, systemd adds the ability to dynamically modify cgroups-based resource control for services. systemd timers
systemd adds support for calendar time events, in addition to existing support for monotonic time events. systemd-analyze
systemd-analyze can now use the GraphViz dot tool to generate graphs of the boot process. GraphViz can be installed with yum install graphviz and will create a representation of the full boot process with systemd-analyze dot | dot -Tsvg > systemd.svg More refined plots can be generated with the optional arguments --order, --require, --from-pattern=, and --to-pattern=
For more details and examples, refer to man 1 systemd-analyze. Socket tools
systemd now provides some tools for working with socket units:
systemctl list-sockets to show the sockets systemd is listening on, the socket units they belong to, and the units they activate.
systemd-activate to test socket activation. Changes in the journal
Journal files are now owned by the dedicated "systemd-journal" group instead of the 'adm' group.
Changes to journalctl usage include:
journalctl -r to see newest entries first.
journalctl -e to skip to the end of the list.
journalctl --user-unit="foo" to filter by user units
A new module in the systemd python API for reading the journal
journalctl now persistently stores journal log data in /var/log/journal. In previous releases, journal data was stored in /var/run/journal, which is volatile and cleared on reboot. Starting with Fedora 19, journal data persists between reboots.

2.11. Server Configuration Tools

2.11.1. yum-presto merged into yum

The yum-presto plugin, used for handling delta RPM files, has been merged into yum. To disable use of delta RPM packages, set deltarpm=0 in /etc/yum.conf. Refer to man yum.conf for more details.

2.11.2. Yum-enabled LVM snapshots

By using the yum-plugin-fs-snapshot package, thinly provisioned LVM filesystems can be automatically snapshot on package updates.
Existing thinly provisioned volumes are required. Snapshotting is enabled in the plugin's configuration file at /etc/yum/pluginconf.d/fs-snapshot.conf:
Set enabled=1 in the [lvm] section to enable.
set create_snapshots_in_post=1 in the [main] section to create a snapshot after the yum transaction.

2.11.3. Yum groups as objects

By handling package groups as objects rather than static lists, package managers like yum will now store the information and use it for later group related commands, and updates will automatically bring in new packages added to the group.

2.11.4. Easier Administration with OpenLMI

The OpenLMI infrastructure has been greatly improved. A new storage API and providers for monitoring, hardware information, realmd, and firewall have been added. Improvements have also been made in in the existing providers. Packaged documentation has been updated to reflect the new features.

2.12. Monitoring and Management Solutions

2.12.1. Performance Co-Pilot

Performance Co-Pilot, a framework and suite of servers for system-level performance monitoring and management, has been updated to version 3.7. Consult the project's release notes at and their documentation at

2.12.2. Puppet

Fedora 19 ships the 3.x series of the popular puppet toolkit. For details on puppet 3, consult the project's documentation at