You are here

CentOS.org

Subscribe to CentOS.org feed
Planet CentOS - http://planet.centos.org/
Updated: 2 days 8 hours ago

CentOS Blog: CentOS Atomic Host 7.1906 Available for Download

2019, July 11 - 00:37

The CentOS Atomic SIG has released an updated version of CentOS Atomic Host (7.1906), an operating system designed to run Linux containers, built from standard CentOS 7 RPMs, and tracking the component versions included in Red Hat Enterprise Linux Atomic Host.

CentOS Atomic Host includes these core component versions:

  • atomic-1.22.1-26.gitb507039.el7.centos.x86_64
  • rpm-ostree-client-2018.5-2.atomic.el7.x86_64
  • ostree-2018.5-1.el7.x86_64
  • cloud-init-18.2-1.el7.centos.2.x86_64
  • docker-1.13.1-96.gitb2f74b2.el7.centos.x86_64
  • kernel-3.10.0-957.21.3.el7.x86_64
  • podman-1.3.2-1.git14fdcd0.el7.centos.x86_64
  • flannel-0.7.1-4.el7.x86_64
  • etcd-3.3.11-2.el7.centos.x86_64
Download CentOS Atomic Host

CentOS Atomic Host is available as a VirtualBox or libvirt-formatted Vagrant box, or as an installable ISO, or qcow2 image. For links to media, see the CentOS wiki.

Upgrading

If you’re running a previous version of CentOS Atomic Host, you can upgrade to the current image by running the following command:

# atomic host upgrade Release Cycle

The CentOS Atomic Host image follows the upstream Red Hat Enterprise Linux Atomic Host cadence. After sources are released, they’re rebuilt and included in new images. After the images are tested by the SIG and deemed ready, we announce them.

Getting Involved

CentOS Atomic Host is produced by the CentOS Atomic SIG, based on upstream work from Project Atomic. If you’d like to work on testing images, help with packaging, documentation – join us!

You’ll often find us in #atomic and/or #centos-devel if you have questions. You can also join the atomic-devel mailing list if you’d like to discuss the direction of Project Atomic, its components, or have other questions.

Getting Help

If you run into any problems with the images or components, feel free to ask on the centos-devel mailing list.

Have questions about using Atomic? See the atomic mailing list or find us in the #atomic channel on Freenode.

Categories: Informatika

CentOS Blog: IBM, Red Hat, and CentOS

2019, July 9 - 16:50

CentOS community,

Today marks a new day in the 26-year history of Red Hat. IBM has finalized its acquisition of Red Hat which will operate as a distinct unit within IBM moving forward.

What does this mean for Red Hat’s contributions to the CentOS project?

In short, nothing.

Red Hat always has and will continue to be a champion for open source and projects like CentOS. IBM is committed to Red Hat’s independence and role in open source software communities so that we can continue this work without interruption or changes.

Our mission, governance, and objectives remain the same. We will continue to execute the existing project roadmap. Red Hat associates will continue to contribute to the upstream in the same ways they have been. And, as always, we will continue to help upstream projects be successful and contribute to welcoming new members and maintaining the project.

We will do this together, with the community, as we always have.

If you have questions or would like to learn more about today’s news, I encourage you to review the list of materials below. Red Hat CTO Chris Wright will host an online Q&A session in the coming days where you can ask questions you may have about what the acquisition means for Red Hat and our involvement in open source communities. Details will be announced on the Red Hat blog

More info:

Press release

Chris Wright blog - Red Hat and IBM: Accelerating the adoption of open source

FAQ on Red Hat Community Blog

Categories: Informatika

CentOS Blog: Updated CentOS Vagrant Images Available (v1905.01)

2019, July 7 - 08:19

We are pleased to announce new official Vagrant images of CentOS Linux 6.10 and CentOS Linux 7.6.1810 for x86_64. All included packages have been updated to May 30th, 2019.

Known Issues
  1. The VirtualBox Guest Additions are not preinstalled; if you need them for shared folders, please install the vagrant-vbguest plugin and add the following line to your Vagrantfile: config.vm.synced_folder ".", "/vagrant", type: "virtualbox"

    We recommend using NFS instead of VirtualBox shared folders if possible; you can also use the vagrant-sshfs plugin, which, unlike NFS, works on all operating systems.

  2. Since the Guest Additions are missing, our images are preconfigured to use rsync for synced folders. Windows users can either use SMB for synced folders, or disable the sync directory by adding the line config.vm.synced_folder ".", "/vagrant", disabled: true

    to their Vagrantfile, to prevent errors on "vagrant up".

  3. Installing open-vm-tools is not enough for enabling shared folders with Vagrant’s VMware provider. Please follow the detailed instructions in https://github.com/mvermaes/centos-vmware-tools
  4. Some people reported "could not resolve host" errors when running the centos/7 image for VirtualBox on Windows hosts. We don't have access to any Windows computer, but some people reported that adding the following line to the Vagrantfile fixed the problem: vb.customize ["modifyvm", :id, "--natdnshostresolver1", "off"]
Recommended Setup on the Host

Our automatic testing is running on a CentOS Linux 7 host, using Vagrant 1.9.4 with vagrant-libvirt and VirtualBox 5.1.20 (without the Guest Additions) as providers. We strongly recommend using the libvirt provider when stability is required.

Downloads

The official images can be downloaded from Vagrant Cloud. We provide images for HyperV, libvirt-kvm, VirtualBox and VMware.

If you never used our images before:

vagrant box add centos/6 # for CentOS Linux 6, or... vagrant box add centos/7 # for CentOS Linux 7

Existing users can upgrade their images:

vagrant box update --box centos/6 vagrant box update --box centos/7 Verifying the integrity of the images

The SHA256 checksums of the images are signed with the CentOS 7 Official Signing Key. First, download and verify the checksum file:

$ curl http://cloud.centos.org/centos/7/vagrant/x86_64/images/sha256sum.txt.asc -o sha256sum.txt.asc $ gpg --verify sha256sum.txt.asc

Once you are sure that the checksums are properly signed by the CentOS Project, you have to include them in your Vagrantfile (Vagrant unfortunately ignores the checksum provided from the command line). Here's the relevant snippet from my own Vagrantfile, using v1803.01 and VirtualBox:

Vagrant.configure(2) do |config| config.vm.box = "centos/7" config.vm.provider :virtualbox do |virtualbox, override| virtualbox.memory = 1024 override.vm.box_download_checksum_type = "sha256" override.vm.box_download_checksum = "b24c912b136d2aa9b7b94fc2689b2001c8d04280cf25983123e45b6a52693fb3" override.vm.box_url = "https://cloud.centos.org/centos/7/vagrant/x86_64/images/CentOS-7-x86_64-Vagrant-1803_01.VirtualBox.box" end end Feedback

If you encounter any unexpected issues with the Vagrant images, feel free to ask on the centos-devel mailing list, or in #centos on Freenode IRC.

Ackowledgements

I would like to warmly thank Brian Stinson, Fabian Arrotin and Thomas Oulevey for their work on the build infrastructure, as well as Patrick Lang from Microsoft for testing and feedback on the Hyper-V images. I would also like to thank the CentOS Project Lead, Karanbir Singh, without whose years of continuous support we wouldn't have had the Vagrant images in their present form.

I would also like to thank the following people (in alphabetical order):

  • Graham Mainwaring, for helping with tests and validations;
  • Michael Vermaes, for testing our official images, as well as for writing the detailed guide to using them with VMware Fusion Pro and VMware Workstation Pro;
  • Kirill Kalachev, for reporting and debugging the host name errors with VirtualBox on Windows hosts.
Categories: Informatika

CentOS Blog: CentOS Community Newsletter, July 2019 (#1907)

2019, July 3 - 21:08

Dear CentOS enthusiast,

Yes, I'm running a little behind schedule with this month's newsletter. That's because I just got back from the Open Source Summit in Shanghai, where I met a number of CentOS enthusiasts. More about that a little later.

Categories: Informatika

CentOS Blog: CentOS 8 Status 17-June-2019

2019, June 17 - 15:26

Since the release of Red Hat Enterprise Linux 8 (on 07-May) we've been looking
into the tools that we use to build CentOS Linux. We've chosen to use the Koji
buildsystem for RPMs, paired with the Module Build Service for modules, delivered through a distribution called Mbox.

Mbox allows us to run the Koji Hub (the central job orchestrator), and the Module Build Service in an instance of OKD that we maintain specifically for our buildsystem work. We have 2 instances of mbox; one for the primary architectures (x86_64, ppc64le, and aarch64), and one for the secondary architecture (armhfp). OKD lets us run those instances on the same hardware but in separate namespaces. The builder machines are separate from the OKD cluster, and connect back to the individual buildsystems that they're assigned to.

As usual, you can find the sources for the RPMs and Modules that make up CentOS 8 at https://git.centos.org

Also as usual, we don't forecast dates on when CentOS 8 will release for General Availability, but we will release it as soon as it's ready.

You can follow live updates here: https://wiki.centos.org/About/Building_8

Some Statistics so Far:

Total non-modular Packages: 2542
Packages Built: 2523
Updates to Build: 25
Failed Packages: 17

Total number of Module/Streams: 61
Modules Built: 14
Failed Modules: 0

Secure boot shim status: Done

Challenges

If you've been following progress closely, you may have noticed that the buildsystems seemed quiet over the past week or so. We were almost through the entire non-modular build cycle when we noticed some modules were required for building the next batch of non-modular packages. We focused, then, on building some of the necessary modules but found some of their dependencies were not pushed to git.centos.org. That problem has since been resolved, and we expect to resume module builds (and unblock the rest of the 17 failed packages) sometime this week.

What's Next?

Once the builds are complete, we are also investigating a consolidated approach to composing the repositories and other artifacts (like cloud images) that make up CentOS 8. See the centos-devel mailing list for discussion on the structure of these artifacts.

We still need to do the following things:

  • Finish all of the component builds
  • Sign all of the built RPMs
  • Send a compose to the QA group for testing
  • Finalize the repo structure on the mirrors
  • Compose CentOS 8

Stay tuned for a followup blog post with another update and Frequently Asked Questions

 

Categories: Informatika

CentOS Blog: CentOS Community Newsletter, June 2019 (#1906)

2019, June 4 - 09:17

Dear CentOS enthusiast,

As in most years, May was extremely busy.

The Status of CentOS 8

We'll start with the question that appears to be on everyone's mind.

As you may know by this point, on May 7th, at Red Hat Summit, Red Hat announced the release of Red Hat Enterprise Linux (RHEL) 8. You can read the full announcement on the Red Hat Developer Blog.

Since CentOS is a rebuild of RHEL, you can expect that the release of RHEL 8 will lead to the release of CentOS 8. And, of course, the most frequent question we received at Red Hat Summit, in the CentOS booth, was "when is CentOS 8 coming out?"

We don't have a definitive answer to this, because, especially with a new major release, there can be unforeseen complications. However, historically, a RHEL release is typically followed by the CentOS release within one or two months, so you can probably expect that general timeline.

We've also put up a wiki page that will track the day-to-day status of the rebuild effort. We ask that you follow that page, rather than asking on the mailing list for daily updates, and we will endeavor to keep that page current with daily changes in status.

Releases and updates Red Hat Enterprise Linux 8.0

In May at the annual Red Hat Summit in Boston, Red Hat announced the general availability of Red Hat Enterprise Linux 8. This, in turn, triggered the start of the process to build CentOS 8. This is discussed in more detail in the news item above.

Errata and Enhancements Advisories

We issued the following CEEA (CentOS Errata and Enhancements Advisories) during May:

Errata and Security Advisories

We issued the following CESA (CentOS Errata and Security Advisories) during May:

Errata and Bugfix Advisories

We issued the following CEBA (CentOS Errata and Bugfix Advisories) during May:

Other Announcements

The following announcements also happened during May:

SIG Updates

SIGs - Special Interest Groups - are where people work on the stuff that runs on top of CentOS. We have recently started having SIGs report quarterly, so we have just a few of them each month, getting through the entire list every 3 months.

We have the following SIG reports this month:

CentOS Opstools SIG Quarterly Report

Mar 01, 2019 - May 31 2019

Purpose

provide tools and, documentation, recommendations and best practices
for operators of large infrastructure.

Membership update

The past state still continues, we are not attracting new contributors.

Health and Activity

CentOS opstools packages are being consumed by OpenStack Kolla, and
at the same time, for example also by oVirt.

For the future, we are removing messaging-related packages over
to the CentOS messaging SIG.

Issues for the Board

None at this point, but we should keep an eye on contributors.

Scientific SIG

In recent months, the Scientific Linux project announced that they would discontinue their work and move to CentOS 8 for the future. As a result, there are discussions happening about forming a Scientific SIG to continue their work under the CentOS umbrella. You should see more about this on the centos-devel mailing list in the coming weeks.

Events

As we've mentioned in the past two newsletters, in April we had the CentOS Dojo at Oak Ridge National Labs, Tennessee. I'll bring it up one last time to mention that the videos from the event - the full presentations, and interviews with several of the presenters - are now on our YouTube channel. There's a great presentation from John Turner, talking about what work ORNL does with their supercomputers (running CentOS and RHEL!), and that's a good place to start.

Then, in May, many CentOS community members congregated at Red Hat Summit in Boston. After the RHEL 8 release was announced, Jim Perrin addressed a crowd of people who had questions about what changes are coming for CentOS 8. Questions ranged from timing (addressed elsewhere in this newsletter) to questions about issues raised in the recent post on the Red Hat blog about experimenting with newer functionality in CentOS before it hits RHEL. We're looking forward to the coming year, and how you, our users, will be able to contribute to this process. We also want to hear your thoughts on what this future might look like.

There are still a number of events coming up this year where you can meet and interact with the CentOS community.

I'd particularly like to highlight, again, the CentOS Dojo at DevConf.US in Boston, August 18th. We now have a tentative schedule, but there's probably room for another presentation or two, if you're going to be in the area and have something to share. Based on feedback last year, we've added a lightning talks section, where you can give 5-10 minute presentations on what you've been working on. And we'll have Jim Perrin talking about what's happening around CentOS 8, which will presumably be released by that time. We hope to see you there!

If you're interested in hosting a Dojo at your organization or business, please get in touch with me, at rbowen@centosproject.org, with your proposed event.

Contributing to CentOS Pulse

We are always on the look-out for people who are interested in helping to:

  • Tell us what you're working on
  • Provide a report from the SIG on which you participate
  • Tell us about an event that you attended where there was CentOS content
  • Write an article on an interesting person or topic
  • Tell us about a news article that covered the use of CentOS in an interesting way
  • Suggest an topic that you'd like to see someone else write an article on

Please see the page with further information about contributing. You can also contact the Promotion SIG, or just email Rich directly (rbowen@centosproject.org) with ideas or articles that you'd like to see in the next newsletter.

 

Categories: Informatika

CentOS Blog: CentOS 8.0.1905 build status

2019, May 9 - 14:38

Hi,

As everybody is probably aware now, RHEL 8.0 was released earlier this week .

Instead of publishing multiple blog posts here and then point to updated content, we decided this time to have a dedicated wiki page that can be used to track our current status : https://wiki.centos.org/About/Building_8

So now you can look at that page while we're busy on those tasks, and refresh from time to time.

Let's spread the news about the wiki page and point people (on mailing-lists, irc, forums, etc) to that page to get all latest news about CentOS 8.0.1905 build status !

 

Categories: Informatika

CentOS Blog: CentOS Storage SIG Quarterly Report

2019, May 7 - 16:33
Purpose

To make CentOS a suitable platform for many different storage solutions. It should be very simple for users to deploy CentOS with the components of storage projects of their choice.

Membership Update

Ceph and Gluster are current projects in the CentOS Storage SIG. We have been in touch with other storage projects that have expressed interest, but nothing has come out of that yet. In addition to hoping to onboard new projects, we would also welcome new contributors that are interested in updating and testing packages when new upstream releases are available. Both Ceph and Gluster project consist out of a number of packages, and the few maintainers that keep these updated welcome assistance.

Releases and Packages Ceph

...

Gluster

In the end of March Gluster 6 has been released and announced on the CentOS announce list. This comes with a new centos-release-gluster6 package that replaces the Provides: centos-release-gluster of the Gluster 5 release. New deployments that install centos-release-gluster to enable the most current maintained Gluster release, will automatically get Gluster 6. Older installations will not automatically be updated, but instead stay on the Gluster version that they have. With the release of Gluster 6 there has not been a deprecation from older Gluster versions. For details on what versions are maintained, see the Gluster Community Release Schedule.

Other versions still maintained by the Storage SIG are Gluster 4.1 and Gluster 5. Users can still consume these versions by installing centos-release-gluster41 or centos-release-gluster5.

Categories: Informatika

CentOS Blog: CentOS Pulse Newsletter, May 2019 (#1905)

2019, May 7 - 09:05

Dear CentOS enthusiast,

Another month into 2019, and we have a lot to tell you about.

#CentOS15

Yes, we've mentioned this before, but we're still pretty stoked about it. On the 15th, we celebrated our 15th birthday with a small group of friends in Oak Ridge, Tennessee, before our Dojo at Oak Ridge National Laboratories. You can see some of the videos from that event beginning to appear on our YouTube channel.

If you would like to talk about your involvement in CentOS, please get in touch with Rich at rbowen@centosproject.org  You don't need to be one of the founders - just to have something interesting to say about your involvement, past, present, and future.

git.centos.org changes

As we mentioned last month, there have been some significant changes to git.centos.org. The service was upgraded/migrated to Pagure. You can read details about the change, and instructions on using the new service on the mailing list archive. And further documentation is now in the wiki, at https://wiki.centos.org/Sources

If you have any questions or difficulties using the new service, please drop by either the centos-devel mailing list, or the #centos-devel IRC channel on Freenode.

 

Releases and updates

We had another moderately busy month for update and releases.

Errata and Enhancements Advisories

We issued the following CEEA (CentOS Errata and Enhancements Advisories) during April:

Errata and Security Advisories

We issued the following CESA (CentOS Errata and Security Advisories) during April:

Errata and Bugfix Advisories

We issued the following CEBA (CentOS Errata and Bugfix Advisories) during April:

SIG Updates

SIGs - Special Interest Groups - are where people work on the stuff that runs on top of CentOS. We have recently started having SIGs report quarterly, so we have just a few of them each month, getting through the entire list every 3 months.

We have the following SIG reports this month:

NFV SIG

The NFV SIG posted their report to the CentOS blog.

Storage SIG

This is by no means a complete report but here are a few "juicy" notes
hopefully worth sharing!

Starting in May we'll have a new member in the Storage SIG: Francesco
Pantano, he'll start helping us with the maintenance of the
Ceph/ceph-ansible builds (and their deps).

We have in fact finally populated our Ceph Nautilus repo with a initial
Ceph Nautilus build and we also included RC builds of ceph-ansible;
please help us test both Ceph and the deployment tool itself enabling
the SIG repos by installing the new centos-release-ceph-nautilus package.

We're looking for help with the new builds test automation; ideally we'd
like to have automatic promotion into -release repos of the new builds
when these pass testing; if you can or are interested in helping us with
this effort please get in touch!

See you online.

Cloud SIG Purpose Packaging and maintaining different FOSS based Private cloud infrastructure applications that one can install and run natively on CentOS. https://wiki.centos.org/SpecialInterestGroup/Cloud Membership Update We are always looking for new members, especially representation from cloud technologies other than RDO. Releases and PackagesRDO April 8 - 12 OpenStack Stein Released https://blogs.rdoproject.org/2019/04/rdo-stein-released/ Interesting things in the Stein release include: - Ceph Nautilus is the default version of Ceph, a free-software storage platform, implements object storage on a single distributed computer cluster, and provides interfaces for object-, block- and file-level storage, within RDO (or is it the default without OpenStack?).  Within Nautilus, the Ceph Dashboard has gained a lot of new functionality like support for multiple users / roles, SSO (SAMLv2) for user authentication, auditing support, a new landing page showing more metrics and health info, I18N support, and REST API documentation with Swagger API. - The extracted Placement service, used to track cloud resource inventories and usages to help other services effectively manage and allocate their resources, is now packaged as part of RDO. Placement has added the ability to target a candidate resource provider, easing specifying a host for workload migration, increased API performance by 50% for common scheduling operations, and simplified the code by removing unneeded complexity, easing future maintenance. Other improvements include: - The TripleO deployment service, used to develop and maintain tooling and infrastructure able to deploy OpenStack in production, using OpenStack itself wherever possible, added support for podman and buildah for containers and container images. Open Virtual Network (OVN) is now the default network configuration and TripleO now has improved composable network support for creating L3 routed networks and IPV6 network support.
  •  April 28 - May 1 OpenInfrastructure Summit Denver Colorado USA
  • May 2 - 4 Train Release Project Team Gathering Denver Colorado USA
  • June 3 - 7 Train Milestone 1
  • June 13 - 14 RDO Test Days Train Milestone 1
Health and Activity The Cloud SIG remains fairly healthy. However, it is still, for the most part, a monoculture containing only OpenStack. Issues for the Board We have no issues to bring to the board’s attention at this time. --- As always, a big thank you to our SIGs, for the work that they do, and for the time taken to check back in with these status reports!

Events

In April, as mentioned above, we ran a CentOS Dojo at ORNL - Oak Ridge National Labs. The presentation slides are starting to get added to  the event website. We expect to have the full video from the event within the next week or two.

I'm writing this newsletter from the  Open Infrastructure Summit (formerly known as OpenStack Summit), in Denver. We joined our friends from RDO and Ceph, as well as our colleagues from Red Hat, to discuss all aspects of open infrastructure, especially OpenStack.

A high point included the gathering of some of the largest open science clusters on the planet, running their OpenStack/RDO clouds on CentOS

Look at all these beautiful science clouds! #OpenInfraSummit #ForTheLoveOfOpen pic.twitter.com/a2h658jq5c

— RDO (@RDOcommunity) April 30, 2019

And, coming up, we're planning to run a CentOS Dojo in Boston, on the day before DevConf.US. The call for presentations is open, and we want to hear from you! Talks about anything you're doing in, on, or around CentOS is fair game. Submit your talks HERE.

Contributing to CentOS Pulse

We are always on the look-out for people who are interested in helping to:

  • report on CentOS community activity
  • provide a report from the SIG on which you participate
  • maintain a (sub-)section of the newsletter
  • write an article on an interesting person or topic
  • provide the hint, tip or trick of the month

Please see the page with further information about contributing. You can also contact the Promotion SIG, or just email Rich directly (rbowen@centosproject.org) with ideas or articles that you'd like to see in the next newsletter.

 

Categories: Informatika

CentOS Blog: NFV SIG Quarterly Report

2019, May 1 - 19:13

NFV SIG Quarterly Report through May 1st, 2019

Purpose

The CentOS NFV  SIG exists to support Network Function Virtualization (NFV) in CentOS. Specifically, the idea is to be a vehicle to provide packages for implementers of software networks on the CentOS platform.

Membership Update

In this reporting period, we have had little formal participation. However, there has been continued in NFV on CentOS and interest in deploying our packages on CentOS. We are always looking for additional community participation in all aspects of this SIG, including promoting, building releasing other packages for NFV.

Anyone interested in participating in the NFV SIG should subscribe to the generic CentOS mailing list.

Releases and Packages fd.io VPP

The past quarter has been a somewhat slow one in terms of actual delivered packages.

However, we did release vpp 19.01.

The outlook for vpp 19.04 and 19.08 is TBD at this point.

DPDK

There has been some renewed interest in dpdk packaging. At this point, there is no immediate plans to release recent DPDK in NFV SIG.

We would welcome a sponsor to work with the NFV SIG upstream community to bring recent dpdk packages into CentOS NFV SIG.

Health and Activity

The health of NFV SIG could be better. It was originally perceived as the sponsor for getting OPNFV project into the CentOS distribution. However, subsequently OPNFV releases its own CD images. Subsequently it was primarily sponsoring building opendaylight packages which are still built as part of the upstream product CI.

Since Q1 2018 the project has been focused on building packages and dependencies for upstream fast data plane project, fd.io

In April, vpp 1901 has been released to mirrors and is currently available in build-logs.

At this point, the NFV SIG is continuing to look for a renewed focus. In particular, we are looking for packages to facilitate containerization and kubernetes. Other ideas and sponsors are welcome.

Issues for the Board

We have no issues to bring to the board’s attention at this time.

Categories: Informatika

Fabian Arrotin: Renew/Extend Puppet CA/puppetmasterd certs

2019, April 29 - 00:00
Puppet CA/puppetmasterd cert renewal

While we're still converting our puppet controlled infra to Ansible, we still have some nodes "controlled" by puppet, as converting some roles isn't something that can be done in just one or two days. Add to that other items in your backlog that all have priority set to #1 and then time is flying, until you realize this for your existing legacy puppet environment (assuming false FQDN here, but you'll get the idea):

Warning: Certificate 'Puppet CA: puppetmasterd.domain.com' will expire on 2019-05-06T12:12:56UTC Warning: Certificate 'puppetmasterd.domain.com' will expire on 2019-05-06T12:12:56UTC

So, as long as your PKI setup for puppet is still valid, you can act in advance, resign/extend CA and puppetmasterd and distribute newer CA certs to agents, and go forward with other items in your backlog, while still converting from puppet to Ansible (at least for us)

Puppetmasterd/CA

Before anything else, (in case you don't backup this, but you should), let's take a backup on the Puppet CA (in our case, it's a Foreman driven puppetmasterd, so foreman host is where all this will happen, YMMV)

tar cvzf /root/puppet-ssl-backup.tar.gz /var/lib/puppet/ssl/ CA itself

We first need to regenerate the CSR for the CA cert, and sign it again Ideally we confirm that the ca_key.pem and the existing ca_crt.pem "matches" through modulus (should be equals)

cd /var/lib/puppet/ssl/ca ( openssl rsa -noout -modulus -in ca_key.pem 2> /dev/null | openssl md5 ; openssl x509 -noout -modulus -in ca_crt.pem 2> /dev/null | openssl md5 ) (stdin)= cbc4d35f58b28ad7c4dca17bd4408403 (stdin)= cbc4d35f58b28ad7c4dca17bd4408403

As it's the case, we can now Regenerate from that private key and existing crt a CSR

openssl x509 -x509toreq -in ca_crt.pem -signkey ca_key.pem -out ca_csr.pem Getting request Private Key Generating certificate request

Now that we have the CSR for CA, we need to sign it again, but we have to add extensions

cat > extension.cnf << EOF [CA_extensions] basicConstraints = critical,CA:TRUE nsComment = "Puppet Ruby/OpenSSL Internal Certificate" keyUsage = critical,keyCertSign,cRLSign subjectKeyIdentifier = hash EOF

And now archive old CA crt and sign (new) extended one

cp ca_crt.pem ca_crt.pem.old openssl x509 -req -days 3650 -in ca_csr.pem -signkey ca_key.pem -out ca_crt.pem -extfile extension.cnf -extensions CA_extensions Signature ok subject=/CN=Puppet CA: puppetmasterd.domain.com Getting Private key openssl x509 -in ca_crt.pem -noout -text|grep -A 3 Validity Validity Not Before: Apr 29 08:25:49 2019 GMT Not After : Apr 26 08:25:49 2029 GMT Puppetmasterd server

We have also to regen the CSR from the existing cert (assuming our fqdn for our cert is correctly also the currently set hostname)

cd /var/lib/puppet/ssl openssl x509 -x509toreq -in certs/$(hostname).pem -signkey private_keys/$(hostname).pem -out certificate_requests/$(hostname)_csr.pem Getting request Private Key Generating certificate request

Now that we have CSR, we can sign with new CA

cp certs/$(hostname).pem certs/$(hostname).pem.old #Backing up openssl x509 -req -days 3650 -in certificate_requests/$(hostname)_csr.pem -CA ca/ca_crt.pem \ -CAkey ca/ca_key.pem -CAserial ca/serial -out certs/$(hostname).pem Signature ok

Validating that puppetmasted key and new certs are matching (so crt and private keys are ok)

( openssl rsa -noout -modulus -in private_keys/$(hostname).pem 2> /dev/null | openssl md5 ; openssl x509 -noout -modulus -in certs/$(hostname).pem 2> /dev/null | openssl md5 ) (stdin)= 0ab385eb2c6e9e65a4ed929a2dd0dbe5 (stdin)= 0ab385eb2c6e9e65a4ed929a2dd0dbe5

It seems all good, so let's restart puppetmasterd/httpd (foremand launches puppetmasterd for us)

systemctl restart puppet Puppet agents

From this point, puppet agents will not complain about the puppetmasterd cert, but still about the fact that CA itself will expire soon :

Warning: Certificate 'Puppet CA: puppetmasterd.domain.com' will expire on 2019-05-06T12:12:56GMT

But as we have now the new ca_crt.pem at the puppetmasterd/foreman side, we can just distribute it on clients (through puppet or ansible or whatever) and then it will continue to work

cd /var/lib/puppet/ssl/certs mv ca.pem ca.pem.old

And now distribute the new ca_crt.pem as ca.pem here

puppet snippet for this (in our puppet::agent class)

file { '/var/lib/puppet/ssl/certs/ca.pem': source => 'puppet:///puppet/ca_crt.pem', owner => 'puppet', group => 'puppet', require => Package['puppet'], }

Next time you'll "puppet agent -t" or that puppet will contact puppetmasterd, it will apply the new cert on and on next call, no warning, issue anymore

Info: Computing checksum on file /var/lib/puppet/ssl/certs/ca.pem Info: /Stage[main]/Puppet::Agent/File[/var/lib/puppet/ssl/certs/ca.pem]: Filebucketed /var/lib/puppet/ssl/certs/ca.pem to puppet with sum c63b1cc5a39489f5da7d272f00ec09fa Notice: /Stage[main]/Puppet::Agent/File[/var/lib/puppet/ssl/certs/ca.pem]/content: content changed '{md5}c63b1cc5a39489f5da7d272f00ec09fa' to '{md5}e3d2e55edbe1ad45570eef3c9ade051f'

Hope it helps

Categories: Informatika

CentOS Blog: Happy 15th Birthday CentOS!

2019, April 15 - 09:03

Today, CentOS turns 15 years old. It’s had hard times and good times, and gone through a number of big changes over those years. We feel that we’ve landed in a really great place, over the last 5 years, as part of the Red Hat family of projects, and we’re very excited about what’s coming with CentOS 8, and the years to come.

Right now, we want to look back at how we got where we are now. We did that by going back and talking with some of the people that were involved in those early years, as well as some that joined the project later on.

We started by talking with Greg Kurtzer, who was the original founder of the project. In this interview, he told us about the motivations for starting the project, as well as some of the community challenges that were faced in those first years.

Along the way, Greg had an opportunity to very intentionally set the tone of the community to be welcoming and tolerant. This was primarily because Greg had has some very negative experiences with some of the very hostile communities in those early years. We talked a little bit about those intentional changes in the second half of our interview.

Our next interview was with Manuel “Wolfy” Wolfshant, who was also involved almost from the beginning. He began as a user, and quickly moved to building packages, which he needed for work, but decided to share with the world. He also was then, and is now, very involved in user support in the forums.

That interview can be read on the CentOS blog at https://blog.centos.org/2019/04/centos15-wolfy/

While at FOSDEM, in Brussels, in February, I talked with two members of the community. Mike McLean, a contributor to the project, and the author of the Koji tool that is used extensively in CentOS and Fedora, talked about his contributions:

And Brian Stinson, a more recent addition to the community, talked about his work in the CI and infrastructure of the project:

Our community is very dependent on people that actually use CentOS in production, because they are the people who find the problems, and who have insight into changes that should be made. They also are our most valuable contributors to user support, because they’ve been there, and know how to fix things when they break. Jeff Sheltren is one of those people, and has been using CentOS since the very beginning. Over time, he’s become part of the centos-qa group that helps test and package new versions of the distribution.

And finally, we have an interview with Karsten Wade, who was very instrumental in bringing CentOS into the Red Hat family, and continues to act as the liaison between the CentOS board, and Red Hat, although his position has changed over the years as I (Rich Bowen) have moved full time into that community manager role.

In the coming months, we’ll continue to do these interviews. If you’re part of the CentOS community, we’d like to hear from you - how you got involved, and how your role has changed as you’ve gotten more involved over the years. Get in touch with Rich - rbowen@centosproject.org - and we’ll talk.

Happy Birthday, CentOS. And here’s hoping that the next 15 years are even better. Come see us at Red Hat Summit next month to hear about what’s coming in CentOS 8, and what’s next for our community!

Categories: Informatika

CentOS Blog: CentOS Pulse Newsletter, April 2019 (#1904)

2019, April 2 - 10:30

Dear CentOS enthusiast,

Another month into 2019, and we have a lot to tell you about.

#CentOS15

CentOS turns 15 this month!

We've been talking with some of the people who have been around since the beginning, and a few that joined us a little later on. And we'll be doing more of these interviews in the coming weeks and months. Here's a few of the interviews about how things have changed over the years.

Greg Kurtzer, who originally founded the project, talks about those early days.

Mike McLean talks a little about the transition over the years after that, and about CentOS joining the Red Hat family.

Brian Stinson talks about his responsibilities in the CentOS infrastructure and CI.

Manuel "Wolfy" Wolfshant talks about the path for someone to get involved in the project by jumping in and doing things that you see need doing.

If you would like to talk about your involvement in CentOS, please get in touch with Rich at rbowen@centosproject.org  You don't need to be one of the founders - just to have something interesting to say about your involvement, past, present, and future.

Changes coming to git.centos.org

If you contribute to the CentOS project, you need to be aware of changes that are coming to git.centos.org. To summarize, we're migrating from Gitblit to Pagure, effective April 8th. For the full details, please see this thread on centos-devel, and this new page in the wiki.

Releases and updates

While not as busy as February, we had a number of significant updates released in March.

Errata and Enhancements Advisories

We issued the following CEEA (CentOS Errata and Enhancements Advisories) during March:

Errata and Security Advisories

We issued the following CESA (CentOS Errata and Security Advisories) during March:

Errata and Bugfix Advisories

We issued the following CEBA (CentOS Errata and Bugfix Advisories) during March:

SIG Updates

SIGs - Special Interest Groups - are where people work on the stuff that runs on top of CentOS. We have recently started having SIGs report quarterly, so we have just a few of them each month, getting through the entire list every 3 months.

Software Collections SIG

The Software Collections SIG reports a slow quarter, which is expected. Red Hat collections, from which this SIG builds, are released twice a year. This naturally leads to every other quarter being fairly silent.

Platform as a Service SIG

The PaaS SIG also reports a slow quarter. The main citizen of this SIG, OpenShift, is moving many of their components to containers, leaving less for the SIG to do.

However, there are some potential projects coming up. And, as always, there's lots of room for new contributors to come in and work on areas that interest them. Please do show up on the mailing list, or the IRC channel, to discuss what you'd like to work on.

Events

In two weeks, we'll be running a CentOS Dojo at Oak Ridge National Labs (ORNL), where we'll be featuring talks focused on the kind of scientific research computing that goes on there. You can see the schedule of speakers and sessions on the event website.

However, we have sold out all of the space at this event, and so registration is now closed.

At the end of the month, CentOS will be at the Open Infrastructure Summit (formerly known as OpenStack Summit), in Denver, in the community pod of the Red Hat booth. Come see us!

And we're ramping up towards Red Hat Summit, where we will be in the Community Central portion of the expo hall! This is one of our biggest events of the year, and we'd love to see you there, in Boston!

And, coming up, we're planning to run a CentOS Dojo in Boston, on the day before DevConf.US. The call for presentations is open, and we want to hear from you! Talks about anything you're doing in, on, or around CentOS is fair game. Submit your talks HERE.

Contributing to CentOS Pulse

We are always on the look-out for people who are interested in helping to:

  • report on CentOS community activity
  • provide a report from the SIG on which you participate
  • maintain a (sub-)section of the newsletter
  • write an article on an interesting person or topic
  • provide the hint, tip or trick of the month

Please see the page with further information about contributing. You can also contact the Promotion SIG, or just email Rich directly (rbowen@centosproject.org) with ideas or articles that you'd like to see in the next newsletter.

 

Categories: Informatika

CentOS Blog: #CentOS15 – Manuel “Wolfy” Wolfshant

2019, April 1 - 10:40

For our next #CentOS15 profile, I spoke with Manuel "Wolfy" Wolfshant, who has been an active member of our community since the very beginning, shortly after we started working with the WhiteBox Linux community.

(You can see some of the other #CentOS15 interviews on YouTube.)

When Red Hat moved the business model from selling CDs to selling support, his company had a need to provide a Linux desktop operating system, and packages for it.

Wolfy says that his eye was caught by a news article about Johnny Hughes and the Mayor of Tuttle, Oklahoma, Jerry Taylor.

If you weren't around back then, I'll recap. Due to a failed server upgrade, the Mayor of Tuttle woke to find the generic Apache httpd welcome page, and the CentOS logo, on his city's website. He promptly emailed the CentOS project, threatening to turn them over to the FBI if they didn't undo their malicious hack of the site.

Johnny, being Johnny, responded calmly and respectfully, encouraging the Mayor to contact his IT department, and pointing him to resources to help get his site running again. Given this response, Mr. Taylor
got even angrier, and the conversation went downhill from there. But Johnny remained calm, polite, and professional, and helped guide the city IT department to a solution.

You can read more in the article from the Register at the time.

Impressed with Johnny's calm and helpful response, Wolfy went with CentOS, and has been a happy user for many years since that time.

His involvement in the project began with packaging drivers that were needed for machines in the office. It swiftly moved to other areas, including user support, translation, and starting the very active Romanian Linux user group, RLUG, which remains active today.

Over the years, he has worked on the release notes (for a time providing them in Romanian), packaging for Fedora, and the creation and maintenance of the minimal install kickstart during the CentOS 6 days.

He remains active in the IRC channel, on the mailing lists, and in the CentOS Forum, helping new users (and some experienced ones!) navigate their problems with the CentOS operating system. You can find him #centos-devel channel on Freenode IRC under the name 'wolfy', and on the centos-devel mailing list, answering user questions.

Categories: Informatika

CentOS Blog: Welcoming Packet as new sponsor for CentOS.org infra

2019, March 30 - 18:24

It's not a secret that the CentOS project has always been running on sponsored infra since the beginning of the journey. While over the years we sometimes lost some "sponsors", we are always happy to see new ones joigning us . That's especially true for the infra used to "seed" the CentOS distro and SIGs content to external mirrors, and even more in regions that are less covered.

While we have some nodes in North America and Europe, some other regions are less covered (if not at all). That's why we'd like to say thank you to Packet to have recently sponsored some bare-metal nodes that are now members of our msync network, including (but not limited) to regions like Asia (with one node in Japan !), Europe and America. Welcome !

Categories: Informatika

Theme by me