October 08, 2018

Upcoming changes to downloading AltArch .iso images

October 08, 2018 10:00 PM

Greetings from the mirror-management department! This notice is for those who employ some sort of an automation to download AltArch (ie. aarch64, armhfp, i386, power9, ppc64, ppc64le) CentOS 7 .iso/.raw.xz images from mirror.centos.org. Those using a regular browser to download these images are not particularly affected, and you can continue to the next post on this blog.

Previously, only main architecture .iso image downloads from mirror.centos.org were redirected to isoredirect.centos.org, which then displayed the user a list of nearby external mirrors. We will shortly extend this configuration to cover AltArch image downloads as well, ie. direct AltArch image downloads from mirror.centos.org will no longer be possible. mirror.centos.org will still serve .rpm downloads for all architectures as before.

There are three reasons for the change. First, to save bandwidth from mirror.centos.org nodes directly managed by the CentOS Project. Most of these mirror.centos.org hosts are also used for seeding the 600+ external mirrors we have. By directing some of that .iso download traffic to external mirrors we can offer faster sync speeds for those external mirrors, and for people downloading individual rpms from mirror.centos.org. Second, most of those external mirrors offer faster download speeds to end users than what could be achieved by downloading from mirror.centos.org, so the users will benefit from this change as well. Finally, because there are much more external mirrors than mirror.centos.org  nodes, it is likely that your bits will need to travel a shorter path, conserving bandwidth globally.

The above change will be implemented some time between the releases of RHEL 7.6 and CentOS 7.6.18xx, so that external mirrors syncing CentOS 7.6.18xx content would not need to fight for bandwidth between AltArch .iso downloaders.

The other change, which has already been implemented, is related to how isoredirect.centos.org behaves when accessed with curl or wget. If you now do a wget http://isoredirect.centos.org/altarch/7/isos/i386/CentOS-7-i386-Everything-1804.iso, isoredirect will notice that you are trying to download the file and will redirect the request to the nearest external mirror. If you access the same URL with a regular browser, you will see a list of nearby mirrors from which you can pick your favourite mirror. wget will follow redirects by default, but curl needs a --location switch to follow redirects. If a filename is not specified, you will get a list of mirrors regardless of the browser used.

So, combining the effects of the above two changes: If you currently use some sort of a script that downloads AltArch .iso images from mirror.centos.org, those requests will soon be served by external mirrors instead of mirror.centos.org. In the case of wget you will only see one additional request and you probably don't need to change anything. If you use curl, you must add the --location switch to curl to follow the redirect issued by isoredirect.centos.org. If you want to eliminate one redirect, you can change mirror.centos.org to isoredirect.centos.org in your script. The rest of the URL is the same, ie. /altarch/<release>/isos/<arch>/<filename.iso or .raw.xz>

As an aside, even though mirror.centos.org nodes are managed by the CentOS Project, those servers and their hosting are donations from various organizations. If you think your organization could donate an additional server to share the load and to give us better geographical coverage, please see https://wiki.centos.org/Donate

If you have questions or concerns regarding this change, please let me know. Thanks!

Revamp CentOS Community Container Pipeline to run on OpenShift

October 08, 2018 08:19 PM

It's been over a year since we published anything about the CentOS Community Container Pipeline. Many interesting things have happened during the past year, many things have changed and there's a complete shift in the architecture of the service that's was rolled out over the last weekend.

Wait, I've never heard of this project

If this is the first time you're hearing about CentOS Community Container Pipeline project, it would be best to refer this blog post, or the GitHub repo of the project, or the wiki page. But to put it in short, the service does below things:

  • Pre-build the artifacts/binaries to be added to the container image
  • Lint the Dockerfile for adherence to best practices
  • Build the container image
  • Scan the image for:
    • available RPM updates
    • updates for packages installed via other package managers:
      • npm
      • pip
      • gem
    • Verify RPM installed files and binaries for integrity
    • point out capabilities of container created from the resulting image by examining RUN label in its Dockerfile
  • Weekly scanning of the container images using above scanners
  • Automatic rebuild of container image when the git repo is modified
  • Parent-child relationship between images to automatically trigger rebuild of child image when parent image gets updated
  • Repo tracking to automatically rebuild the container image in event of an RPM getting updated in any of its configured repos (not available yet in new architecture)
  • A UI that lists all the container images built with the service at registry.centos.org.

How did the old system work?

When we talked about the project at DevConf.cz '18, we received a positive response from the audience. However, at that time, we knew that our service couldn't handle more build requests and on-boarding more community projects would be counter-productive when our backend didn't have the ability to serve those requests.

Old implementation of the service had a lot of plumbing. There are workers written for most of the features mentioned above.

  • Pre-build happened on CentOS CI (ci.c.o) infrastructure.
  • Lint worker ran as a systemd service.
  • Build worker ran as a standalone container and triggered a build in an OpenShift cluster.
  • Scan worker ran as a systemd service and used atomic scan to scan the containers. This in turn spun up a few containers which we needed to delete along with their volumes to make sure that host system disk doesn’t get filled up.
  • Weekly scanning was a Jenkins job that checked against container index, registry.centos.org and underlying database of the service before triggering a weekly scan
  • Repo tracking was a Django project and heavily relied on database which we almost always failed to successfully migrate whenever the schema was changed. That's our shortcoming, not Django's. All these heterogeneous pieces talked through beanstalkd.

Everything was spread across different hosts and we were using really huge Ansible playbooks to bring up the service. A fresh deployment took 30 minutes on an average. Testing any change in dev environment would require us to do a redeployment of the service which took another 15 minutes on an average. Deploying and maintaining this service was quite a pain!

What did we do about these problems?

Since long time we were discussing about developing our service on top of OpenShift. Then, at some point, we read about OpenShift Pipeline and found it interesting. We took the plunge and came up with a proof of concept implementation of CentOS Community Container Pipeline on top of OpenShift OKD using Minishift. Results were exciting! We were able to do parallel builds of container image, Jenkins Pipelines orchestrated the flow really well, build times were faster, we didn't need to use beanstalkd at all and, most importantly, there was very less code written to get things done!

With the POC in place, we went ahead with developing more tangible service on top of a real OpenShift cluster instead of developing on top of Minishift. What used to be individual workers doing their thing in old system is now pretty much all inside OpenShift Pipeline.

We now have an OpenShift Pipeline for every project on CentOS Container Index that does Pre-build, Dockerfile lint, container image build, scan the container image and push it to external registry; all from a single container! We have another OpenShift Pipeline for every project to do their weekly scans. So instead of having five workers to do these tasks and communicate with each other via beanstalkd, we have orchestrated things through OpenShift Pipelines.

What are we working on now?

We don't have Repo tracking implemented in the new architecture yet. We don't have a UI for the users to take a look at their build logs or weekly scan logs either. We're initially focusing on getting the UI for logs up and then we will start working on Repo tracking.  We are also working on setting up a CI job that tests core parts of the service on Minishift so that anyone willing to take the service for a spin should literally be able to do it on a Minishift VM!

Let us know your thoughts!

This project is solely focused on making things easier for open-source projects and its developers. If you are working on an open-source project that's building on top of CentOS, we would like to know your thoughts. If you need help getting started, you can contact us on IRC (#centos-devel on Freenode) or take a look at project documentation.

Dharmit Shah (dharmit on #centos-devel IRC)

October 04, 2018

Updated CentOS Vagrant Images Available (v1809.01)

October 04, 2018 09:26 AM

We are pleased to announce new official Vagrant images of CentOS Linux 6.9 and CentOS Linux 7.5.1804 for x86_64 (based on the sources of RHEL 7.5). All included packages have been updated to September 30th, 2018.

Notable Changes

  1. The images now use the ext4 filesystem, instead of XFS. We have been getting unbootable images due to XFS corruption over the last few months (the journal appears to be zeroed out, for reasons we do not yet understand). This is why we haven't had any monthly releases since May - I'm still looking into what happens.
  2. The images now use a single partition, swapping into a preallocated 2GB file. This makes resizing the partition and/or swap easier than it was before, with separate partitions inside LVM.
  3. The CentOS Linux 7 image comes with open-vm-tools preinstalled, enabling it to work with VMware ESXi.

Known Issues

  1. The VirtualBox Guest Additions are not preinstalled; if you need them for shared folders, please install the vagrant-vbguest plugin and add the following line to your Vagrantfile:
    config.vm.synced_folder ".", "/vagrant", type: "virtualbox"

    We recommend using NFS instead of VirtualBox shared folders if possible; you can also use the vagrant-sshfs plugin, which, unlike NFS, works on all operating systems.

  2. Since the Guest Additions are missing, our images are preconfigured to use rsync for synced folders. Windows users can either use SMB for synced folders, or disable the sync directory by adding the line
    config.vm.synced_folder ".", "/vagrant", disabled: true

    to their Vagrantfile, to prevent errors on "vagrant up".

  3. Installing open-vm-tools is not enough for enabling shared folders with Vagrant’s VMware provider. Please follow the detailed instructions in https://github.com/mvermaes/centos-vmware-tools
  4. Some people reported "could not resolve host" errors when running the centos/7 image for VirtualBox on Windows hosts. We don't have access to any Windows computer, but some people reported that adding the following line to the Vagrantfile fixed the problem:
    vb.customize ["modifyvm", :id, "--natdnshostresolver1", "off"]

Recommended Setup on the Host

Our automatic testing is running on a CentOS Linux 7 host, using Vagrant 1.9.4 with vagrant-libvirt and VirtualBox 5.1.20 (without the Guest Additions) as providers. We strongly recommend using the libvirt provider when stability is required.

Downloads

The official images can be downloaded from Vagrant Cloud. We provide images for HyperV, libvirt-kvm, VirtualBox and VMware.

If you never used our images before:

vagrant box add centos/6 # for CentOS Linux 6, or...
vagrant box add centos/7 # for CentOS Linux 7

Existing users can upgrade their images:

vagrant box update --box centos/6
vagrant box update --box centos/7

Verifying the integrity of the images

The SHA256 checksums of the images are signed with the CentOS 7 Official Signing Key. First, download and verify the checksum file:

$ curl http://cloud.centos.org/centos/7/vagrant/x86_64/images/sha256sum.txt.asc -o sha256sum.txt.asc
$ gpg --verify sha256sum.txt.asc

Once you are sure that the checksums are properly signed by the CentOS Project, you have to include them in your Vagrantfile (Vagrant unfortunately ignores the checksum provided from the command line). Here's the relevant snippet from my own Vagrantfile, using v1803.01 and VirtualBox:

Vagrant.configure(2) do |config|
  config.vm.box = "centos/7"

  config.vm.provider :virtualbox do |virtualbox, override|
    virtualbox.memory = 1024
    override.vm.box_download_checksum_type = "sha256"
    override.vm.box_download_checksum = "b24c912b136d2aa9b7b94fc2689b2001c8d04280cf25983123e45b6a52693fb3"
    override.vm.box_url = "https://cloud.centos.org/centos/7/vagrant/x86_64/images/CentOS-7-x86_64-Vagrant-1803_01.VirtualBox.box"
  end
end

Feedback

If you encounter any unexpected issues with the Vagrant images, feel free to ask on the centos-devel mailing list, or in #centos on Freenode IRC.

Ackowledgements

I would like to warmly thank Brian Stinson, Fabian Arrotin and Thomas Oulevey for their work on the build infrastructure, as well as Patrick Lang from Microsoft for testing and feedback on the Hyper-V images. I would also like to thank the CentOS Project Lead, Karanbir Singh, without whose years of continuous support we wouldn't have had the Vagrant images in their present form.

I would also like to thank the following people (in alphabetical order):

  • Graham Mainwaring, for helping with tests and validations;
  • Michael Vermaes, for testing our official images, as well as for writing the detailed guide to using them with VMware Fusion Pro and VMware Workstation Pro;
  • Kirill Kalachev, for reporting and debugging the host name errors with VirtualBox on Windows hosts.

October 02, 2018

CentOS Pulse Newsletter, October 2018 (#1805)

October 02, 2018 07:37 AM

Dear CentOS enthusiast,

Here's what's been happening in the past month at CentOS

Releases and Updates

The following releases and updates happened in Setember. For each update, the given URL provides the notes about the change.

Errata and Enhancements Advisories

We issued the following CEEA (CentOS Errata and Enhancements Advisories) during September:

Errata and Security Advisories

We issued the following CESA (CentOS Errata and Security Advisories) during September:

Errata and Bugfix Advisories

We issued the following CEBA (CentOS Errata and Bugfix Advisories) during September:

Blog posts and news

If you're not watching the CentOS blog, you may be missing our periodic updates there. I'd like to particularly draw attention to two recent posts:

EPEL for armhfp - Pablo Greco posted about the work on armhfp in the EPEL repository.

New CentOS Pastebin Instance - John R. Dennison posted about the new CentOS pastebin, and the more modern functionality that comes with it.

If you'd like to post on the CentOS blog about work you're doing around the CentOS community, please don't hesitate to contact me directly, at rbowen@centosproject.org

SIG Updates

SIGs - Special Interest Groups - are where people work on the stuff that runs on top of CentOS. Here's some of the highlights from a few of our SIGs from the past month

Cloud SIG

The RDO project and the Cloud SIG participated in the OpenStack PTG (Project Teams Gathering) last month in Denver, and we anticipate seeing the interviews from that event start coming to the RDO YouTube channel in the coming weeks. They'll also be participating in the upcoming SIG day ahead of the CERN Dojo in October.

Events

In September, we had a table at ApacheCon in Montreal, Canada. CentOS is a platform which many open source projects use for development and testing, and the Apache community of projects is no exception. We had visits from representatives from several Apache projects, and talked about the CentOS CI infrastructure, and our SIGs.

October 12-13: In 2 weeks, CentOS will be sponsoring Ohio LinuxFest in Columbus, Ohio. OLF is an annual gathering of Linux and Open Source enthusiasts from Ohio and the greater Ohio Valley area. We are looking forward to conversations with attendees. If you'd like to volunteer some time to work the CentOS table, please contact me - rbowen@centosproject.org - to volunteer. Ohio LinuxFest will be held October 12-13 at the Hyatt Regency Columbus.

October 19th: In the third week of October, we'll be gathering at CERN for the annual CERN CentOS Dojo. Details and the event schedule are available on the event website. The event is free to attend, but you must register, in order to get through security at the front desk. That's October 19th at CERN!

October 22-24: CentOS will also have a presence at the Open Source Summit, in Edinburgh, Scotland. Drop by the Red Hat booth for all your CentOS sticker needs.

October 29-31: Finally, we'll also be at LISA/Usenix in Nashville, in the last week of October.

We look forward to meeting you at any or all of these venues!

Contributing to CentOS Pulse

We are always on the look-out for people who are interested in helping to:

  • report on CentOS community activity
  • provide a report from the SIG on which you participate
  • maintain a (sub-)section of the newsletter
  • write an article on an interesting person or topic
  • provide the hint, tip or trick of the month

Please see the page with further information about contributing. You can also contact the Promotion SIG, or just email Rich directly (rbowen@centosproject.org) with ideas or articles that you'd like to see in the next newsletter.

September 23, 2018

Updated mirrorlist code in the CentOS Infra

September 23, 2018 10:00 PM

Recently I had to update the existing code running behind mirrorlist.centos.org (the service that returns you a list of validated mirrors for yum, see the /etc/yum.repos.d/CentOS*.repo file) as it was still using the Maxmind GeoIP Legacy country database. As you can probably know, Maxmind announced that they're discontinuing the Legacy DB, so that was one reason to update the code. Switching to GeoLite2 , with python2-geoip2 package was really easy to do and so was done already and pushed last month.

But that's when I discussed with Anssi (if you don't know him, he's maintaining the CentOS external mirrors DB up2date, including through the centos-mirror list ) that we thought about not only doing that change there, but in the whole chain (so on our "mirror crawler" node, and also for the isoredirect.centos.org service), and random chat like these are good because suddenly we don't only want to "fix" one thing, but also take time on enhancing it and so adding more new features.

The previous code was already supporting both IPv4 and IPv6, but it was consuming different data sources (as external mirrors were validated differently for ipv4 vs ipv6 connnectivity). So the first thing was to rewrite/combine the new code on the "mirror crawler" process for dual-stack tests, and also reflect that change o nthe frontend (aka mirrorlist.centos.org) nodes.

While we were working on this, Anssi proposed to also not adapt the isoredirect.centos.org code, but convert it in the same python format as the mirrorlist.centos.org, which he did.

Last big change also that was added is the following : only some repositories/architectures were checked/validated in the past but not all the other ones (so nothing from the SIGs and nothing from AltArch, so no mirrorlist support for i386/armhfp/aarch64/ppc64/ppc64le).

While it wasn't a real problem in the past when we launched the SIGs concept, and that we added after that the other architectures (AltArch), we suddenly started suffering from some side-effects :

  • More and more users "using" RPM content from mirror.centos.org (mainly through SIGs - which is a good indicator that those are successful, which is a good "problem to solve")
  • We are currently losing some nodes in that mirror.centos.org network (it's still entirely based on free dedicated servers donated to the project)

To address first point, offloading more content to the 600+ external mirrors we have right now would be really good, as those nodes have better connectivity than we do, and with more presence around the globe too, so slowly pointing SIGs and AltArch to those external mirrors will help.

The other good point is that , as we switched to the GeoLite2 City DB, it gives us more granularity and also for example, instead of "just" returning you a list of 10 validated mirrors for USA (if your request was identified as coming from that country of course), you now get a list of validated mirrors in your state/region instead. That means that then for such big countries having a lot of mirrors, we also better distribute the load amongst all of those, which is a big win for everybody - users and mirrors admins - )

For people interested in the code, you'll see that we just run several instances of the python code, behind Apache running with mod_proxy_balancer. That means that if we just need to increase the number of "instances", it's easy to do but so far it's running great with 5 running instances per node (and we have 4 nodes behind mirrorlist.centos.org). Worth noting that on average, each of those nodes gets 36+ millions requests per week for the mirrorlist service (so 144+ millions in total per week)

So in (very) short summary :

  • mirrorlist.centos.org code now supports SIGs/AltArch repositories (we'll sync with SIGs to update their .repo file to use mirrorlist= instead of baseurl= soon)
  • we have better accuracy for large countries, so we redirect you to a 'closer' validated mirror

One reminder btw : you know that you can verify which nodes are returned to you with some simple requests :

# to force ipv4
curl 'http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=updates' -4
# to force ipv6
curl 'http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=updates' -6

Last thing I wanted to mention was a potential way to fix point #2 from the list : when I checked in our "donated nodes" inventory, we still are running CentOS on nodes from ~2003 (yes, you read that correctly), so if you want to help/sponsor the CentOS Project, feel free to reach out !

September 21, 2018

New CentOS Pastebin Instance

September 21, 2018 01:42 AM

After many years of excellent service by the Oregon State University Open Source Lab the CentOS Project has decided to migrate our web-based pastebin instance to a self-hosted platform running on our infrastructure.  This has provided us the opportunity to move to a different solution based on the Stikked pastebin server which is a more modern solution with a number of features we felt would best benefit our user communities:

  • Encrypted pastes
  • Direct paste replies along with a 'diff' feature which we believe useful for developer collaboration
  • Burn on reading / immediate expiry on view
  • Anti-spam features
  • And a number of behind-the-scenes improvements

The web interface is available at https://paste.centos.org and from there you can paste content directly into the provided web form and optionally add your name or a paste title and even select the language of the paste if you wish the contents to be syntactically colored when displayed.  You are able to select a number of time periods for the paste's lifetime from the dropdown selection and may opt to have the paste delete itself on view, so called "burn on view".  The option also exists to encrypt your paste if you wish.  After you submit the form you can share the resulting URL with others.

Additionally we've made a command line client, cpaste, available to enable pasting directly from your servers / desktops to our pastebin instance.  This client is based on the Stikkit client by Petr Bena.  This package is in our "extras" repository and can be installed with:

yum --enablerepo=extras install cpaste

Usage information can be retrieved with:

cpaste --help

Examples illustrating how to how the command line client:

Paste a file directly to our server:

cpaste ~/problem.txt

Paste a python code snippet with a title of "code snippet" and an author name of "John Q. Public"

cpaste -l python -t "code snippet" -a "John Q. Public" -i ~/src/project/code.py

Paste the standard output of a process and return only the paste's url:

~/bin/process | cpaste -s

One notable difference between the new and old instances is that the new instance supports paste lifetimes of up to one day only.

We hope you find the new service useful.

We would also like to thank OSUOSL for providing the old pastebin instance for the past many years.

September 20, 2018

September 15, 2018

EPEL for armhfp

September 15, 2018 04:53 PM

A few weeks ago, Fabian passed me the torch in our quest for a fully working EPEL rebuild for armhfp, that included access to the builders, the build system manager and a blind, unfunded trust that I wasn't going to break anything.

The plan up to that point was, "if it builds, great, if it doesn't, someone will have to fix it". Enter someone (me) completely clueless of what needed to be done and what I needed to know to actually do it.

Having absolutely no idea where to start, I decided to use repodiff against x86_64, to see if something really jumped at me and said "START HERE!!!!", but all it did was inform me of the hard truth, there were approximately 600 packages that were failing. I needed a quick win and an ego boost, and seeing that cinnamon was only missing a few rpms, I decided to start there.

A few days go by, the list keeps shrinking, I get a brutal fight to the death trying to bootstrap ghc, and finally I see the light at the end of the tunnel. With about 100 packages remaining, I start thinking that our plan wasn't that crazy after all.

Now, the list is 10 rpms long, and it is time to start testing everything. Since I have absolutely no idea what most of the packages that were built actually do, I have no way of testing, so please, install, test, break, fix and, most of all, report back.

If you already installed CentOS (and activated EPEL) using the instructions here, you should have everything you need to start hacking!!

Thanks for testing!
Pablo.

September 14, 2018

CentOS Dojo at FOSDEM (Feb 1, 2019) Call for Presentations

September 14, 2018 06:36 PM

On February 1, 2019, we'll be holding our annual CentOS Dojo in Brussels, on the day before FOSDEM starts.

FOSDEM, as you probably know, is the annual Free and Open Source Developers European Meeting in Brussels - two days of presentations, projects, and hallway meetings with new and old friends.

For the last several years, CentOS has held a small meetup on the Friday before FOSDEM, and this year we'll once again be at the Marriott Grand Place, just a 3 minute walk from Grand Place in central Brussels. We'll have two tracks of CentOS-related content, and lots of space and time to meet other people in the CentOS community.

If you'd like to be on stage at this event, consider submitting a presentation here: https://goo.gl/forms/XkXbC2AZBgKvfDNF2

The call for presentations closes October 15th, 9am Eastern US time.

Hurricane Florence and the CentOS Community Build System

September 14, 2018 12:49 PM

(A note from Brian Stinson, from the CI team.)

Some of you may know that the CentOS Community Build System, and CentOS CI Infrastructures are hosted in Raleigh, North Carolina.

I wanted to take this opportunity to let all of you know that outages are possible (but not expected) in the coming days as Hurricane Florence makes its way toward the US East coast. We are confident in the precautions taken by our datacenter vendor, and in the preparedness plans by our DC operations team.

If there happen to be outages, we will work to get things back as soon as we can.

Cheers!

September 07, 2018

CentOS Pulse Newsletter, September 2018 (#1804)

September 07, 2018 07:05 PM

Dear CentOS enthusiast,

Here's what's been happening in the past month at CentOS

Releases and Updates

The following releases and updates happened in August. For each update, the given URL provides the upstream notes about the change.

Releases

We're pleased to announce the following releases in August:

Errata and Enhancements Advisories

We issued the following CEEAs (CentOS Errata and Enhancement Advisory) during August:

Errata and Security Advisories

We issued the following CESAs (CentOS Errata and Security Advisory) during August:

Errata and Bugfix Advisories

We issued the following CEBAs (CentOS Errata and Bugfix Advisory) during August:

SIG Updates

SIGs - Special Interest Groups - are where people work on the stuff that runs on top of CentOS. Here's some of the highlights from a few of our SIGs from the past month

Platform as a Service (PaaS) SIG

  • Origin 3.10 released, work on 3.11 is in progress
  • Introducing fkluknav as new SIG member
  • Discussing consuming Ansible RPMs from the Config Management SIG
  • Ricardo Martinelli presented at the CentOS Dojo at DevConf.us (video, slides)

NFV SIG

  • dpdk 17.11 is in buildlogs
  • vpp 17.10 is in buildlogs
  • OpenVswitch 2.9.2 is in buildlogs

Virtualization SIG

  • Switching to Xen 4.8
  • Xen 4.10 is available in testing

SIG Reporting

If your SIG wants a report to appear in the newsletter, send your report to the centos-devel mailing list with a subject line containing "XYZ SIG Report" (where "XYZ" is the name of your SIG), and we'll include it in upcoming newsletters.

SIG meeting minutes may be read in full in the MeetBot IRC archive.

Events

CentOS participates in many events, in various capacities, in order to build our local communities all over the world.

Recent

In August, we were at three large events:

On August 4th through 5th, DevConf.in was held in Bengaluru, India, and CentOS was there, sharing space with Fedora. DevConf is an annual developers conference which is held in three different locations around the world.

Speaking of which, later in the month we also were at DevConf.US in Boston. This was the first DevConf in North America, and we were delighted to be there.

In addition to the main event, we ran a Dojo on the day before, with presentations covering a wide range of topics. The videos from all of the presentations at the event are now on our YouTube channel.

And, in the last week of August, we were at Open Source Summit North America in Vancouver. OSSummit is a great event in that we get a lot of people that may be either new to Linux, or at least to CentOS, and so we have the chance to teach them. But there's also representation from a huge range of industries, and so we get to learn about how CentOS is being used in many different applications.

(If you have photos from any of these events, please consider adding them to the CentOS group on Flickr.)

Upcoming

September looks pretty quiet on the events front (please tell me if you know of any relevant events!), but in October we have two great events.

First, we have the CentOS Dojo at CERN, on October 19th. This is a full day of CentOS technical talks at the legendary CERN facility in Meyrin, Switzerland. Like last year, there's an emphasis on cloud computing, but other topics are also covered. The schedule is published, and registration is open!

The following week, we'll be in Edinburgh for the Open Source Summit Europe. That's a week-long event covering a wide range of technical content around Linux and open source.

We hope to see you there!

Contributing to CentOS Pulse

We are always on the look-out for people who are interested in helping to:

  • report on CentOS community activity
  • provide a report from the SIG on which you participate
  • maintain a (sub-)section of the newsletter
  • write an article on an interesting person or topic
  • provide the hint, tip or trick of the month

Please see the page with further information about contributing. You can also contact the Promotion SIG, or just email Rich directly (rbowen@centosproject.org) with ideas or articles that you'd like to see in the next newsletter.

 

August 30, 2018

SecureBoot : rolling out new shim pkgs for CentOS 7.5.1804 in CR repository – asking for testers/feedback

August 30, 2018 06:14 AM

When we consolidated all CentOS Distro builders in a new centralized setup, covering all arches (so basically x86_64, i386, ppc64le, ppc64, aarch64 and armhfp those days), we wanted also to add redundancy where it was possible to.

The interesting "SecureBoot" corner case came on the table and we had to find a different way to build the following packages:

  •  shim (both signed and unsigned
  • grub2
  • fwupdate
  • kernel

The other reason why we considered rebuilding it is that the cert we were using has expired :

curl --location --silent https://github.com/CentOS/sig-core-SecureBoot/raw/master/CentOS_7/kernel/SOURCES/centos.cer | openssl x509 -inform der -text -noout|grep -A2 Validity

While technically it doesn't really matter for Secureboot itself, it was better to get a new key/cert rolled-in and use the new one for new builds.

That's where it's interesting as because shim embeds the certs in the Machine Owner Key (MOK), and that each other component used in the boot chain is validated against that (so grub2 first, then kernel and kernel modules) that means that once deployed , the new shim would not be able to boot previous grub2/kernel.

But there is a solution for that : instead of "embedding" only the new cert, we can have both the old one and new one, permitting us to still boot older kernels but also the new ones we'll build/push soon (built on the new build system), and that's what we used for that new shim package.

That's where we'd like you (SecureBoot users) to give us feedback about that new shim pkg. It was already validated on some hardware nodes, passed some QA tests, but we'd prefer to have more feedback.

Worth noting that such rebuild has also a patch that should fix an issue we had with shim not allowing to import key in MOK through mokutil (see https://bugs.centos.org/view.php?id=14050)

How can you test ?

If you're using UEFI with SecureBoot enabled , we have signed/pushed those pkgs to the CR repository (see https://wiki.centos.org/AdditionalResources/Repositories/CR)

That repo is by default disabled, but following command would let you update shim :

yum update shim --enablerepo=cr

Then reboot and it should work like before, so validating the boot chain (while still using grub2/kernel packages signed with previous key)

We'd appreciate feedback on this list, or #centos-devel on irc.freenode.net

I'd like to thank Patrick Uiterwijk and Peter Jones for their help for
the patch and validation for that shim

August 21, 2018

Dojo at DevConf.us

August 21, 2018 09:18 AM

This Thursday we held our first Dojo at DevConf.us in Boston. We had about 40 people in attendance, and had 9 presenters on a variety of topics.

I want to particularly draw attention to our keynote, by Brendan Conoboy, who discussed the relationship - past and future - between Fedora, CentOS, and RHEL, which is more complicated than many people understand. But we're working on simplifying those relationships, and Brendan does a great job of explaining where we're headed, and why.

The details of this event are in the CentOS Wiki and are being updated with slides and videos as they become available. All of the videos are in the event playlist on Youtube - check back over the coming week as we upload the remainder of the talks.

Our next event will be held at CERN in Meyrin, Switzerland, in October. Details are available at cern.ch/centos and we expect to post the schedule in the coming week.

CentOS Atomic Host 7.1807 Available for Download

August 21, 2018 01:07 AM

The CentOS Atomic SIG has released an updated version of CentOS Atomic Host (7.1807), an operating system designed to run Linux containers, built from standard CentOS 7 RPMs, and tracking the component versions included in Red Hat Enterprise Linux Atomic Host.

CentOS Atomic Host includes these core component versions:

  • atomic-1.22.1-22.git5a342e3.el7.x86_64
  • cloud-init-0.7.9-24.el7.centos.1.x86_64
  • docker-1.13.1-68.gitdded712.el7.centos.x86_64
  • etcd-3.2.22-1.el7.x86_64
  • flannel-0.7.1-4.el7.x86_64
  • kernel-3.10.0-862.11.6.el7.x86_64
  • ostree-2018.5-1.el7.x86_64
  • rpm-ostree-client-2018.5-1.atomic.el7.x86_64

Download CentOS Atomic Host

CentOS Atomic Host is available as a VirtualBox or libvirt-formatted Vagrant box, or as an installable ISO, qcow2 or Amazon Machine image. For links to media, see the CentOS wiki.

Upgrading

If you’re running a previous version of CentOS Atomic Host, you can upgrade to the current image by running the following command:

# atomic host upgrade

Release Cycle

The CentOS Atomic Host image follows the upstream Red Hat Enterprise Linux Atomic Host cadence. After sources are released, they’re rebuilt and included in new images. After the images are tested by the SIG and deemed ready, we announce them.

Getting Involved

CentOS Atomic Host is produced by the CentOS Atomic SIG, based on upstream work from Project Atomic. If you’d like to work on testing images, help with packaging, documentation – join us!

You’ll often find us in #atomic and/or #centos-devel if you have questions. You can also join the atomic-devel mailing list if you’d like to discuss the direction of Project Atomic, its components, or have other questions.

Getting Help

If you run into any problems with the images or components, feel free to ask on the centos-devel mailing list.

Have questions about using Atomic? See the atomic mailing list or find us in the #atomic channel on Freenode.

August 08, 2018

CentOS Dojo in Brussels, February 1, 2019 (CFP now open)

August 08, 2018 07:10 PM

Save the date! February 1 in Brussels!

As we do each year, we are once again planning to host a CentOS Dojo in Brussels on Friday, February 1st, the day before FOSDEM 2019. Details about this event are on the CentOS wiki, and more details are being added all the time.

The Call for Presentations for this event is now open, and will be open until October 15th, 2018.

CentOS Dojos are one-day (or, occasionally, two-day) events that bring together people from the CentOS community to talk about systems administration, best practices, and emerging technologies, and bring the community closer together.

August 07, 2018

CentOS Pulse Newsletter, August 2018

August 07, 2018 03:27 PM

It's time for another community newsletter. As always, we have lots of
information about upcoming events, recent releases, and what our SIGs
(Special Interest Groups) are working on.

You can read the newsletter at https://wiki.centos.org/Newsletter/1803

Past editions of the newsletter, as well as information about how you
can contribute, is available at http://wiki.centos.org/Newsletter

In the coming months, we'd like to feature articles from you, the users
of CentOS, about what you're doing on top of this great platform.

Talk to you next month!

Rich, for the CentOS Newsletter team

July 31, 2018

DevConf.IN this weekend!

July 31, 2018 04:16 PM

Join us this weekend (August 4th - 5th) in Bengaluru for DevConf.in, the second annual Developers' Conference.

We want to draw particular attention to two talks.

Bama charan Kundu will be talking about the CentOS Container Pipeline project:

Various container build services offer developers to build their image with a git push and scan the container for known CVEs (as a paid service). What they don't provide is Dockerfile linting; scanners that would scan for available package updates (rpm, pip, npm, gem); a build process that rebuilds an image not only on git push but also when there's RPM update in its enabled repo or when its base image is updated.

Welcome to CentOS Container Pipeline project. It provides all these and more, out of the box, free of cost, on CentOS infra, and with a focus on open source developers. All it needs is the link to git repo containing the Dockerfile.

And Karanbir Singh will be delivering the closing keynote:

Open Source won! In this session, I would like to explore the effects this has on culture and impact beyond just the software development process; focusing on how we run and operate software today and into the future. As an existing or potential contributor to future services, as either a developer, an operator or manager, I will aim to give you the focus points helping you make good choices in the right directions. And most importantly, asking the right questions.

Additionally, CentOS will have a booth in the expo hall, so drop by for your CentOS stickers and swag! See you in Bengaluru!

July 27, 2018

CentOS Dojo at DevConf.us, August 16th

July 27, 2018 07:27 PM

We're just three weeks away from our upcoming Dojo at DevConf.us. We've recently added a new keynote to kick the day off, and an awesome evening event. Further event details are available on the CentOS Events Wiki, but here's the highlights:

The day starts at 9am with a keynote from Brendan Conoboy, who will be discussing the relationship between Fedora, CentOS, and Red Hat Enterprise Linux (RHEL) in his talk "RHEL, Fedora and CentOS: Solving The Penrose Triangle".

The day continues with technical presentations about Kubernetes, various CentOS SIGs, HPC, Ceph, and other topics.

And we'll wrap up the day by walking over to Cheeky Monkey Brewing for light refreshments.

So, join us at 9am, Thursday August 16th, at the George Sherman Union building at Boston University. Register by clicking the link on the event page, so that we know you're coming and can plan accordingly. (Registration is free, but we need to know how many people are coming.)

July 09, 2018

Improving CentOS package delivery security with signed repository metadata

July 09, 2018 03:31 PM

With the release of CentOS 7.5.1804, the CentOS Project has taken the next big step in improving software delivery security by signing all repository metadata for CentOS 6 and CentOS 7 for all architectures, including the repositories for CentOS Special Interest Groups (SIGs) produced by the CentOS Community Build System (CBS).

Wait, what do you mean signed repository metadata?

As most users of Linux distributions know, software is delivered in the form of “packages” to users through repositories. Packages are installed by their package manager (such as YUM or DNF) by fetching information about the repository to identify what it can get to do a particular user action (install new package, upgrade existing ones, and so on).

But how do you validate that the software you are getting is the software you are supposed to get? Most Linux distributions do this by digitally signing the packages using a signature that uniquely identifies the distributor via GPG. The advantage of this is that no matter what mechanism you receive the package (via repository, direct download, or on a flash drive), you can validate the signature and be assured it is a package from the distribution.

But there is a gap here: how are you assured that the repository hasn’t been tampered with? This is a specific type of vulnerability that applies only to package repositories, because they provide files that contain an index of the software in the repository, and how to fetch them. The way to close this hole is to provide a means of verifying the repository metadata is good, too. This allows the package manager to verify that the metadata is what it should be and is from the distribution before starting to process the metadata. This can help with avoiding certain types of attacks due to malformed metadata files.

We started doing this in 2015 for the main CentOS core repositories, and now we’re offering this for all repositories published by the CentOS Project.

Sounds great! How do I use it?

At the time of this writing, we do not automatically validate the repository metadata. If you want to do this, simply add the following line to the YUM repository configuration file (They are *.repo files in /etc/yum.repos.d):

repo_gpgcheck=1

If you want to enforce this globally, you can set this in /etc/yum.conf instead, though be warned that repositories like Fedora EPEL will not work since Fedora Infrastructure is currently working on signing repository metadata.

I’m a SIG maintainer and I’d like to have this by default, what do I do?

Great question! If you’re a SIG maintainer and manage the repository configuration package (i.e. centos-release-* packages), then you can choose to make this the new default for repository configuration.

To do so, just simply add “repo_gpgcheck=1” to the .repo files in your package, and it will enable it. On next update, if the user hasn’t touched/modified the *.repo files, it’ll switch on. New installations will get it as well, too.

Again, though, if you use Fedora EPEL in your repo configuration, you must not add the setting to the EPEL section in your configuration.

July 03, 2018

Release for CentOS Linux 6.10 i386 and x86_64

July 03, 2018 06:58 PM

We are pleased to announce the immediate availability of CentOS Linux
6.10 and install media for i386 and x86_64 Architectures. Release Notes
for 6.10 are available at:

http://wiki.centos.org/Manuals/ReleaseNotes/CentOS6.10

CentOS Linux 6.10 is derived from source code released by Red Hat, Inc.
for Red Hat Enterprise Linux 6.10. All upstream variants have been placed
into one combined repository to make it easier for end users.
Workstation, server, and minimal installs can all be done from our
combined repository. All of our testing is only done against this
combined distribution.

There are various changes in this release, compared with the
past CentOS Linux 6 releases, and we highly recommend everyone study the
upstream Release Notes as well as the upstream Technical Notes about the
changes and how they might impact your installation. (See the 'Further
Reading' section if the CentOS release notes link above).

All updates since the upstream 6.10 release are also on the CentOS
mirrors as zero day updates. When installing CentOS-6.10 (or any other
version) from any of our media, you should always run 'yum update' after
the install to apply these.

Users consuming our CentOS-CR repositories will already be running most
of the packages that make up CentOS-6.10, and all updates released since.
They will notice only the a few updates today when moving to CentOS
Linux 6.10. For more
information on the CR repository for future updates, see this link:
http://wiki.centos.org/AdditionalResources/Repositories/CR

Release Announcements for all updated packages are available here:
https://lists.centos.org/pipermail/centos-cr-announce/2018-June/thread.html

+++++++++++++++++++++++
Upgrading From Prior Major CentOS Versions:

We recommend everyone perform a fresh reinstall rather than attempt an
in-place upgrade from other major CentOS versions (CentOS-2.1,
CentOS-3.x, CentOS-4.x, CentOS-5.x).

+++++++++++++++++++++++
Upgrading from CentOS-6.0 / 6.1 / 6.2 / 6.3 / 6.4 / 6.5 / 6.6 / 6.7 /
6.8 / 6.9

CentOS Linux is designed to automatically upgrade between releases
within a major version (in this case, CentOS-6). Unless you have edited
your yum default configuration, a 'yum update' should move your machines
seamlessly from any previous CentOS Linux 6.x release to 6.10. We also
test this in our QA cycles and have noticed no problems, any issues
would be mentioned in the Release Notes.

+++++++++++++++++++++++
Downloading CentOS Linux 6.10 for new installs:

When possible, consider using torrents to obtain our ISOs. Usually it is
also the fastest means to download the distro.

The install media is split into various formats. We have made efforts to
ensure that most install types and roles can be done from DVD-1 itself,
and the minimal install ISO is only tested to deliver a minimal install
set, when used as an ISO format ( either on cd or usb ). While other
forms of installs ( eg. pxe delivered ) might work from the minimal ISO,
they are neither tested not supported. The only format where we support
the entire set of install options and delivery mechanisms is via the
complete CentOS Linux 6.10 tree, which can also be created by
consolidating all content from DVD1 and DVD2.

We no longer produce CD size images for the entire CentOS Linux 6
distribution, however the minimal install and netinstall iso images are
small enough to fit on all CD grade media.

Torrent files for the DVD's are available at :

i386:
http://mirror.centos.org/centos/6.10/isos/i386/CentOS-6.10-i386-bin-DVD1to2.torrent

x86_64:
http://mirror.centos.org/centos/6.10/isos/x86_64/CentOS-6.10-x86_64-bin-DVD1to2.torrent

If you download an ISO via torrent, leave it up for a couple hours to
share with other users who are downloading.

You can also use a mirror close to you to get any of our ISOs:
http://mirror.centos.org/centos/6.10/isos/

If you need to update a local mirror, you can choose from our mirror
network ( http://www.centos.org/download/mirrors/ ). Most mirrors will
allow downloads over http, ftp and rsync.

Note: The x86_64 ISOs (minimal, netinstall, DVD1) should install on UEFI
machines. Secure Boot must be disabled to install CentOS 6. The Live
ISOs and i386 ISOs will not boot with UEFI.

+++++++++++++++++++++++
sha256sum for the CentOS-6.10 ISOS:

CentOS-6.10-i386-bin-DVD1.iso:
25d95b3f178e59bd672fa97e043a9191cbf73bb6cd12f5df9b540fa88076cae8

CentOS-6.10-i386-bin-DVD2.iso:
64967808de00d8d6426a24c98c7239d30bcb99fa177736b72bacf9e22c85aeab

CentOS-6.10-i386-LiveDVD.iso:
d94892863c113acd633f169e84870dae8bbb9b57b873e06d38e99c7b73c52ce7

CentOS-6.10-i386-minimal.iso:
cfa7d1808ab1ef4821276b18e05f4a4a7d15560a6a2d8e31caf2fa07fd4cd252

CentOS-6.10-i386-netinstall.iso:
54cb419451db9cb97ea1128739156803e9b3fef10a61248eac6a31708e3355e0

CentOS-6.10-x86_64-bin-DVD1.iso:
a68e46970678d4d297d46086ae2efdd3e994322d6d862ff51dcce25a0759e41c

CentOS-6.10-x86_64-bin-DVD2.iso:
723ca530171faf29728b8fe7bb6d05ca2ceb6ba9e09d73ed89f2c0ff693e77a5

CentOS-6.10-x86_64-LiveDVD.iso:
1375342d72579d0816ad60a8a27c1acfa81d18fbe7cef20cbd08c8fedd2fa475

CentOS-6.10-x86_64-minimal.iso:
7c0dee2a0494dabd84809b72ddb4b761f9ef92b78a506aef709b531c54d30770

CentOS-6.10-x86_64-netinstall.iso:
56f7b078a3b443095ba006cdc85319c691251cda98c5d73d12ef6db7aff6b4c1

+++++++++++++++++++++++
Cloud Images:

Images for various on-premise and off-premise Cloud environments are
currently under development for CentOS Linux 6.10 and will be released in
the coming days. Everyone looking to join and help with the CentOS Cloud
efforts is encouraged to join the CentOS-devel list where such issues
are discussed ( http://lists.centos.org/mailman/listinfo/centos-devel ).

+++++++++++++++++++++++
Getting Help:

The best place to start when looking for help with CentOS is at the wiki
( http://wiki.centos.org/GettingHelp ) which lists various options and
communities who might be able to help. If you think there is a bug in
the system, do report it at http://bugs.centos.org/ - but keep in mind
that the bugs system is *not* a support mechanism. If you need supported
software with Support Level Agreements, people to call and response
times then we recommend Red Hat Enterprise Linux.

If you have questions you would like to field at us in real time, come
join the office hours on Wed or Thu of every week. You can find details
on these at http://wiki.centos.org/OfficeHours

+++++++++++++++++++++++
Meet-ups and Events:

If you would like to get involved in helping organize, run, present or
sponsor a CentOS Dojo or even just want more details then join the
CentOS Promo list:
http://lists.centos.org/mailman/listinfo/centos-promo and drop an email
introducing yourself. We are very keen to find help to run events around
the world, and also to find people who can represent CentOS at various
community events around the world. (Current Events List:
https://wiki.centos.org/Events )

+++++++++++++++++++++++
Contributing and joining the project:

We are always looking for people to join and help with various things in
the project. If you are keen to help out a good place to start is the
wiki page at http://wiki.centos.org/Contribute . If you have questions
or a specific area you would like to contribute towards that is not
covered on that page, feel free to drop in on #centos-devel at
irc.freenode.net for a chat or email the centos-devel list
(http://lists.centos.org).

+++++++++++++++++++++++
Thanks to everyone who contributed towards making CentOS Linux 6.10,
especially the effort put in, as always, by the QA
(http://wiki.centos.org/QaGroup) and Build teams.

A special shout out to all the donors who have contributed hardware,
network connectivity, hosting and resources over the years. The CentOS
project now has a fairly well setup resource pool, solely thanks to the
donors.

Enjoy!

Student Supercomputing is #PoweredByCentOS

July 03, 2018 06:28 PM

Last week at the ISC-HPC event in Frankfurt, I had the opportunity to speak briefly with the amazing student teams in the SCC - Student Cluster Competition. These students use commodity hardware to build supercomputers, with a limit of 3KW power consumption, and compete on a variety of benchmarks.

These teams are overwhelmingly powered by CentOS, which has the latest HPC tools and libraries, and is the defacto standard when it comes to spinning up a new supercomputing cluster.

12 teams competed, and I got to speak with four of them this year.

University of Parana, Brazil

University of Warsaw, Poland

University of Heidelberg, Germany

University of Kesetsart, Thailand

 

CentOS Pulse Newsletter, July 2018

July 03, 2018 12:54 PM

We're pleased to publish another edition of the CentOS Newsletter. Once again, we cover latest releases, security updates, events, and reports from our SIGs (Special Interest Groups).

You can read the newsletter at https://wiki.centos.org/Newsletter/1802

More information about the newsletter, and how you can contribute to
future editions, is available at http://wiki.centos.org/Newsletter

We always welcome comments and suggestions

Enjoy the read.

The Newsletter Team

June 15, 2018

CentOS Atomic Host 7.1805 Available for Download

June 15, 2018 08:54 PM

The CentOS Atomic SIG has released an updated version of CentOS Atomic Host (7.1805), a lean operating system designed to run Linux containers, built from standard CentOS 7 RPMs, and tracking the component versions included in Red Hat Enterprise Linux Atomic Host.

CentOS Atomic Host includes these core component versions:

  • atomic-1.22.1-3.git2fd0860.el7.x86_64
  • cloud-init-0.7.9-24.el7.centos.x86_64
  • docker-1.13.1-63.git94f4240.el7.centos.x86_64
  • etcd-3.2.18-1.el7.x86_64
  • flannel-0.7.1-3.el7.x86_64
  • kernel-3.10.0-862.3.2.el7.x86_64
  • ostree-2018.1-4.el7.x86_64
  • rpm-ostree-client-2018.1-1.atomic.el7.x86_64

Download CentOS Atomic Host

CentOS Atomic Host is available as a VirtualBox or libvirt-formatted Vagrant box, or as an installable ISO, qcow2 or Amazon Machine image. For links to media, see the CentOS wiki.

Upgrading

If you’re running a previous version of CentOS Atomic Host, you can upgrade to the current image by running the following command:

# atomic host upgrade

Release Cycle

The CentOS Atomic Host image follows the upstream Red Hat Enterprise Linux Atomic Host cadence. After sources are released, they’re rebuilt and included in new images. After the images are tested by the SIG and deemed ready, we announce them.

Getting Involved

CentOS Atomic Host is produced by the CentOS Atomic SIG, based on upstream work from Project Atomic. If you’d like to work on testing images, help with packaging, documentation – join us!

You’ll often find us in #atomic and/or #centos-devel if you have questions. You can also join the atomic-devel mailing list if you’d like to discuss the direction of Project Atomic, its components, or have other questions.

Getting Help

If you run into any problems with the images or components, feel free to ask on the centos-devel mailing list.

Have questions about using Atomic? See the atomic mailing list or find us in the #atomic channel on Freenode.

June 05, 2018

CentOS Pulse Newsletter Rebooted

June 05, 2018 03:02 PM

After an 8 year silence, we're pleased to announce that the CentOS Pulse Newsletter is coming back to life.

This release is packed with information from the CentOS Community, including events, reports from our SIGs (Special Interest Groups) and information about the release of CentOS 7.5.1804

You can read the newsletter at https://wiki.centos.org/Newsletter/1801

More information about the newsletter, and how you can contribute to future editions, is available at http://wiki.centos.org/Newsletter   Subscribe to the newsletter mailing list, at https://lists.centos.org/mailman/listinfo/centos-newsletter, or by sending an empty message to centos-newsletter-subscribe@centos.org, to ensure you never miss an edition.

We always welcome comments and suggestions.

Enjoy the read.

The Newsletter Team

 

May 23, 2018

CentOS Atomic Host 7.1804 Available for Download

May 23, 2018 04:17 PM

The CentOS Atomic SIG has released an updated version of CentOS Atomic Host (7.1804), a lean operating system designed to run Linux containers, built from standard CentOS 7 RPMs, and tracking the component versions included in Red Hat Enterprise Linux Atomic Host.

This release, which is based on the RHEL 7.5 source code, now ships without any baked-in Kubernetes rpms, which makes it simpler for users to layer their preferred Kubernetes or OpenShift packages onto the host.

CentOS Atomic Host includes these core component versions:

  • atomic-1.22.1-3.git2fd0860.el7.x86_64
  • cloud-init-0.7.9-24.el7.centos.x86_64
  • docker-1.13.1-63.git94f4240.el7.centos.x86_64
  • etcd-3.2.18-1.el7.x86_64
  • flannel-0.7.1-3.el7.x86_64
  • kernel-3.10.0-862.2.3.el7.x86_64
  • ostree-2018.1-4.el7.x86_64
  • rpm-ostree-client-2018.1-1.atomic.el7.x86_64

Download CentOS Atomic Host

CentOS Atomic Host is available as a VirtualBox or libvirt-formatted Vagrant box, or as an installable ISO, qcow2 or Amazon Machine image. For links to media, see the CentOS wiki.

Upgrading

If you’re running a previous version of CentOS Atomic Host, you can upgrade to the current image by running the following command:

# atomic host upgrade

Release Cycle

The CentOS Atomic Host image follows the upstream Red Hat Enterprise Linux Atomic Host cadence. After sources are released, they’re rebuilt and included in new images. After the images are tested by the SIG and deemed ready, we announce them.

Getting Involved

CentOS Atomic Host is produced by the CentOS Atomic SIG, based on upstream work from Project Atomic. If you’d like to work on testing images, help with packaging, documentation – join us!

You’ll often find us in #atomic and/or #centos-devel if you have questions. You can also join the atomic-devel mailing list if you’d like to discuss the direction of Project Atomic, its components, or have other questions.

Getting Help

If you run into any problems with the images or components, feel free to ask on the centos-devel mailing list.

Have questions about using Atomic? See the atomic mailing list or find us in the #atomic channel on Freenode.

May 19, 2018

Updated CentOS Vagrant Images Available (v1804.02)

May 19, 2018 07:45 AM

We are pleased to announce new official Vagrant images of CentOS Linux 6.9 and CentOS Linux 7.5.1804 for x86_64 (based on the sources of RHEL 7.5). All included packages have been updated to 12th May 2018.

Notable Changes

The IO scheduler is now set to noop, according to Red Hat recommendations.

Known Issues

  1. The VirtualBox Guest Additions are not preinstalled; if you need them for shared folders, please install the vagrant-vbguest plugin and add the following line to your Vagrantfile:
    config.vm.synced_folder ".", "/vagrant", type: "virtualbox"

    We recommend using NFS instead of VirtualBox shared folders if possible; you can also use the vagrant-sshfs plugin, which, unlike NFS, works on all operating systems.

  2. Since the Guest Additions are missing, our images are preconfigured to use rsync for synced folders. Windows users can either use SMB for synced folders, or disable the sync directory by adding the line
    config.vm.synced_folder ".", "/vagrant", disabled: true

    to their Vagrantfile, to prevent errors on "vagrant up".

  3. Vagrant 1.8.5 is unable to create new CentOS Linux boxes due to Vagrant bug #7610
  4. Vagrant 1.8.7 is unable to download or update boxes due to Vagrant bug #7969.
  5. Vagrant 1.9.1 broke private networking, see Vagrant bug #8166
  6. Vagrant 1.9.3 doesn't work with SMB sync due to Vagrant bug #8404
  7. The vagrant-libvirt plugin is only compatible with Vagrant 1.5 to 1.8
  8. Installing open-vm-tools is not enough for enabling shared folders with Vagrant’s VMware provider. Please follow the detailed instructions in https://github.com/mvermaes/centos-vmware-tools (updated for this release).
  9. Some people reported "could not resolve host" errors when running the centos/7 image for VirtualBox on Windows hosts. Try adding the following line to your Vagrantfile:
    vb.customize ["modifyvm", :id, "--natdnshostresolver1", "off"]

Recommended Setup on the Host

Our automatic testing is running on a CentOS Linux 7 host, using Vagrant 1.9.4 with vagrant-libvirt and VirtualBox 5.1.20 (without the Guest Additions) as providers. We strongly recommend using the libvirt provider when stability is required.

Downloads

The official images can be downloaded from Vagrant Cloud. We provide images for HyperV, libvirt-kvm, VirtualBox and VMware.

If you never used our images before:

vagrant box add centos/6 # for CentOS Linux 6, or...
vagrant box add centos/7 # for CentOS Linux 7

Existing users can upgrade their images:

vagrant box update --box centos/6
vagrant box update --box centos/7

Verifying the integrity of the images

The SHA256 checksums of the images are signed with the CentOS 7 Official Signing Key. First, download and verify the checksum file:

$ curl http://cloud.centos.org/centos/7/vagrant/x86_64/images/sha256sum.txt.asc -o sha256sum.txt.asc
$ gpg --verify sha256sum.txt.asc

Once you are sure that the checksums are properly signed by the CentOS Project, you have to include them in your Vagrantfile (Vagrant unfortunately ignores checksum provided from the command line). Here's the relevant snippet from my own Vagrantfile, using v1803.01 and VirtualBox:

Vagrant.configure(2) do |config|
  config.vm.box = "centos/7"

  config.vm.provider :virtualbox do |virtualbox, override|
    virtualbox.memory = 1024
    override.vm.box_download_checksum_type = "sha256"
    override.vm.box_download_checksum = "b24c912b136d2aa9b7b94fc2689b2001c8d04280cf25983123e45b6a52693fb3"
    override.vm.box_url = "https://cloud.centos.org/centos/7/vagrant/x86_64/images/CentOS-7-x86_64-Vagrant-1803_01.VirtualBox.box"
  end
end

Feedback

If you encounter any unexpected issues with the Vagrant images, feel free to ask on the centos-devel mailing list, or via IRC, in #centos on Freenode.

Ackowledgements

We would like to warmly thank Fabian Arrotin and Thomas Oulevey for their work on the build infrastructure, as well as Patrick Lang from Microsoft for testing and feedback on the Hyper-V images.

We would also like to thank the following people (listed alphabetically):

  • Graham Mainwaring, for helping with tests and validations;
  • Michael Vermaes, for testing our official images, as well as for writing the detailed guide to using them with VMware Fusion Pro and VMware Workstation Pro;
  • Kirill Kalachev, for reporting and debugging the host name errors with VirtualBox on Windows hosts.

May 17, 2018

CentOS Dojo at DevConf.us, August 16th in Boston

May 17, 2018 04:46 PM

This year, DevConf.us will be held at Boston University, August 17th through 19th.

We've secured some space on the day before - Thursday, August 16th - and will be holding a CentOS Dojo. Further details will appear on the event website as they are available.

The call for papers is now open, and will close on June 17th, so that we have plenty of time to promote the schedule. We're particularly interested in presentations about the use of CentOS (or RHEL, or Fedora) in education and research, but we welcome all of your submissions related to CentOS.

CentOS Dojos are gatherings of CentOS (and Linux in general) enthusiasts, to share stories and techniques, and learn about the many technologies that are developed on this platform.

May 15, 2018

Testing armhfp devices

May 15, 2018 04:35 PM

7.5.1804 is a big one. For the first time, we have a release for armhfp completely lined up with x86_64, but that also means a lot of changes.
To make things a bit more complicated, the arm world is not exactly uniform, there are many vendors, chip manufacturers, chip versions and that makes testing an absolute mess.
This post is a call to share your experiences, tests and mainly, problems (it would be great if you also had the solutions, but that is rather optimistic). What we'd like is to know what device you use, which components work, which don't and what you've done so far.
Here's an example of what we'd like:

BananaPi M1: boots ok, with uboot from the rpm, ethernet works, SATA works.
BananaPi M3: has problems with the provided uboot, although it works ok with uboot version 2018.05 (this is actually true, and will be fixed shortly), ethernet not working (needs kernel 4.16+), multicore not working (needs kernel 4.18+), SATA untested.
BananaPi M2U: uboot works, but needs kernel 4.15+ to work

You can find us here, at the mailing list https://lists.centos.org/mailman/listinfo/arm-dev, at #centos-arm on irc, or if you want to read a bit before asking, check https://wiki.centos.org/SpecialInterestGroup/AltArch/armhfp.
Thank you for helping us make CentOS Linux the best distribution we can.

 

Pablo

May 14, 2018

CERN Dojo, October 19th, 2018

May 14, 2018 06:27 PM

On October 19th, 2018, we will once again be hosting a CentOS Dojo at CERN, in Meyrin, Switzerland. This will be a full day of CentOS presentations, drawn both from CERN and from the broader CentOS community.

The call for papers is now open. We're looking for talks about anything CentOS related, but we're particularly interested in:

  • OpenStack, and other cloud platforms
  • Ceph, and other software defined storage solutions
  • Configuration management tools
  • HPC, and other aspects of research computing

CERN is one of the best-known research facilities on the planet, and the home of the Large Hadron Collider.

CentOS Dojos are the best place to meet other members of the CentOS community, and the various communities - such as OpenStack and Ceph - that have a large overlap with CentOS.

May 10, 2018

CentOS 7.5.1804 released

May 10, 2018 04:46 PM

The CentOS community is pleased to announce the immediate availability of CentOS 7.5.1804 to a mirror server near you.

CentOS 7.5.1804 is a rebuild of the Red Hat Enterprise Linux 7.5 release on April 4th, 2018. For complete release notes, please see https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7.1804  You can also read the announcement on the CentOS-Announce mailing list.

To update your 7.4.1708 system to 7.5.1804, use the following procedure:

First, ask your system what version you’re on now:

$ cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)

Next, upgrade with:

$ sudo yum clean all
$ sudo yum upgrade
$ sudo systemctl reboot

Finally, once this is done, you can verify that you’re running the latest build with:

$ cat /etc/redhat-release
CentOS Linux release 7.5.1804 (Core)

We would love to hear your feedback on this new release. There’s a lot of ways to to this:

  • Mailing lists: https://lists.centos.org/mailman/listinfo
  • Twitter: @CentOSProject
  • Forums: https://www.centos.org/forums/
  • Facebook: https://www.facebook.com/groups/centosproject/
  • IRC: #centos-devel on the Freenode IRC network

Thanks for using CentOS!


Powered by Planet!
Last updated: October 19, 2018 07:30 AM