February 18, 2019

Using buildah to build container images on CentOS

February 18, 2019 09:04 AM

In this post, we're going to talk about how to use buildah to build container images on CentOS.

buildah is a command line tool that facilitates building OCI compliant images. There's a plethora of information available around what buildah is on its GitHub landing page so we won't dive more into what it is. However, it's worth mentioning that buildah helps you build container images without having to run any daemon in the background, unlike the docker CLI tool which requires the Docker daemon to be running in the background.

Installing buildah

buildah is already available in the CentOS repos. All we need to do is:

$ yum install -y buildah
$ buildah -v
buildah version 1.5-dev (image-spec 1.0.0, runtime-spec 1.0.0)

buildah offers a number of features and options. To know about these, simply execute buildah on the command line or refer to its manual page (man buildah).

Building the container image

buildah can build a container image by referring the same Dockerfile that docker build refers to. Let's consider this simple Dockerfile for example. All it does is install the wget package:

$ cat Dockerfile
FROM registry.centos.org/centos/centos

RUN yum install -y wget && yum clean all

Now, build the container image named wget :

$ buildah bud -t wget .
$ buildah images
IMAGE ID             IMAGE NAME                                               CREATED AT             SIZE
2f254a4fff8d         registry.centos.org/centos/centos:latest                 Dec 17, 2018 05:07     210 MB
9b6563cfaff2         localhost/wget:latest                                    Jan 16, 2019 11:01     234 MB

You can use this container image with podman by doing:

$ podman run -it --rm wget bash

podman is a tool for managing pods, containers, and container images. Its website contains extensive detail about its capabilities and uses.

Use the container image with Docker

buildah also makes it possible to use the image thus built via the local Docker daemon. It's as simple as doing a buildah push:

$ docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE

$ buildah images
IMAGE ID             IMAGE NAME                                               CREATED AT             SIZE
2f254a4fff8d         registry.centos.org/centos/centos:latest                 Dec 17, 2018 05:07     210 MB
9b6563cfaff2         localhost/wget:latest                                    Jan 16, 2019 11:01     234 MB

$ buildah push wget:latest docker-daemon:registry.centos.org/centos/wget:latest
Getting image source signatures
Copying blob sha256:b05580fca2f9aabb2d8fa975b29146c9147c8418e559f197c54a4fac04babb95
 200.47 MiB / 200.47 MiB [==================================================] 4s
Copying blob sha256:fa5e7b9f8f4d8f07f7af27cd06269ba16ba0f06cbacacc7c7e96a616da885cab
 22.82 MiB / 22.82 MiB [====================================================] 0s
Copying config sha256:9b6563cfaff28baa1075e86b60c502f85fc31b56bdb641d314a7c61d2e91fae8
 1.33 KiB / 1.33 KiB [======================================================] 0s
Writing manifest to image destination
Storing signatures
Successfully pushed registry.centos.org/centos/wget:latest@sha256:66f4c1c8378c7d9e22a0d3c9a0943739082dfeae3344e5f2b069e9c9ddf08271

$ docker images
REPOSITORY                        TAG                 IMAGE ID            CREATED             SIZE
registry.centos.org/centos/wget   latest              9b6563cfaff2        6 minutes ago       226 MB

Initially, the local Docker daemon storage had no container images. We did buildah push wget:latest docker-daemon:registry.centos.org/wget:latest to push the image to local Docker daemon's storage. Now doing docker images shows the image and can then be used with docker run

That's it

In this blog, we saw simple steps that need to be performed to install and use buildah to build OCI images which can then be pushed to local Docker daemon's storage. buildah can also push container images to the remote registry. It is highly recommended to read the documentation to know about more features and capabilities of buildah.

In a future blog, we will share how the CentOS Container Pipeline team managed to build container images on OpenShift using buildah.

February 14, 2019

Videos from FOSDEM Dojo now live

February 14, 2019 03:56 PM

Just a quick update - the schedule from the recent CentOS Dojo at FOSDEM has been updated to include the videos from each presentation.

Note: Three of the talks are missing video due to equipment failure.

February 07, 2019

CentOS Pulse Newsletter, February 2019 (#1902)

February 07, 2019 03:57 AM

Dear CentOS enthusiast,

Another month into 2019, and we have a lot to tell you about.

Releases and updates

Errata and Enhancements Advisories

We issued the following CEEA (CentOS Errata and Enhancements Advisories) during January:

Errata and Security Advisories

We issued the following CESA (CentOS Errata and Security Advisories) during January:

Errata and Bugfix Advisories

We issued the following CEBA (CentOS Errata and Bugfix Advisories) during January:

SIG Updates

SIGs - Special Interest Groups - are where people work on the stuff that runs on top of CentOS.

Several of our SIGs published their quarterly reports this month:

Next month we hope to hear from:

  • Artwork
  • Cloud Instance
  • OpsTools
  • Public CI
  • Virtualization

Events

We started off February with a bang, with our annual CentOS Dojo at FOSDEM.  You can read a summary of that event on the CentOS blog. We will be posting video from the event on the CentOS YouTube channel as soon as possible.

We also had a table at FOSDEM itself. FOSDEM is a gathering of 6000 free/open source software enthusiasts at Brussel's ULB. Topics covered are everything from distributions to licensing to community to storage. Video from almost every session at the event is already available at the event website.

Next month, we expect to have a presence at FOSSAsia in Singapore.

And in April we are planning to hold a Dojo at Oak Ridge National Labs, in Oak Ridge Tennessee.

If you would like to host a Dojo, or have a suggestion for where we should have one, please get in touch with the CentOS Promo mailing list.

Other upcoming events are always listed on the events wiki page.

Contributing to CentOS Pulse

 

We are always on the look-out for people who are interested in helping to:

  • report on CentOS community activity
  • provide a report from the SIG on which you participate
  • maintain a (sub-)section of the newsletter
  • write an article on an interesting person or topic
  • provide the hint, tip or trick of the month

Please see the page with further information about contributing. You can also contact the Promotion SIG, or just email Rich directly (rbowen@centosproject.org) with ideas or articles that you'd like to see in the next newsletter.

 

February 06, 2019

Releases/updates on Feb 1

February 06, 2019 07:05 PM

On February 1st (last week) there were a large number of enhancements/updates released by the CentOS community:

 

Errata and Enhancements Advisories

We issued the following CEEA (CentOS Errata and Enhancements Advisories):

Errata and Security Advisories

We issued the following CESA (CentOS Errata and Security Advisories):

Errata and Bugfix Advisories

We issued the following CEBA (CentOS Errata and Bugfix Advisories):

CentOS Dojo @ FOSDEM 2019

February 06, 2019 06:16 PM

On Friday of last week, we once again gathered in Brussels for our annual CentOS Dojo at FOSDEM.

14 speakers gave talks on a wide variety of topics, ranging from deeply technical, to community-centered, to a vision of what's coming in CentOS 8. The full schedule is on the event website, and the videos from the event will be posted on YouTube as soon as we can possibly get them up.

We had roughly 90 people in attendance at this event, which was about the same as last year.

At lunch time, we celebrated CentOS's 15th birthday with a lovely birthday cake.

(More pictures here.)

If you missed us in Brussels, don't worry. We have lots of other events coming up.

If you would like to host a Dojo, or have a suggestion of where we should run on, please don't hesitate to get in touch with us on the CentOS-Promo mailing list.

February 03, 2019

Updated CentOS Vagrant Images Available (v1901.01)

February 03, 2019 08:50 AM

We are pleased to announce new official Vagrant images of CentOS Linux 6.10 and CentOS Linux 7.6.1810 for x86_64. All included packages have been updated to January 28th, 2019.

Known Issues

  1. The VirtualBox Guest Additions are not preinstalled; if you need them for shared folders, please install the vagrant-vbguest plugin and add the following line to your Vagrantfile:
    config.vm.synced_folder ".", "/vagrant", type: "virtualbox"

    We recommend using NFS instead of VirtualBox shared folders if possible; you can also use the vagrant-sshfs plugin, which, unlike NFS, works on all operating systems.

  2. Since the Guest Additions are missing, our images are preconfigured to use rsync for synced folders. Windows users can either use SMB for synced folders, or disable the sync directory by adding the line
    config.vm.synced_folder ".", "/vagrant", disabled: true

    to their Vagrantfile, to prevent errors on "vagrant up".

  3. Installing open-vm-tools is not enough for enabling shared folders with Vagrant’s VMware provider. Please follow the detailed instructions in https://github.com/mvermaes/centos-vmware-tools
  4. Some people reported "could not resolve host" errors when running the centos/7 image for VirtualBox on Windows hosts. We don't have access to any Windows computer, but some people reported that adding the following line to the Vagrantfile fixed the problem:
    vb.customize ["modifyvm", :id, "--natdnshostresolver1", "off"]

Recommended Setup on the Host

Our automatic testing is running on a CentOS Linux 7 host, using Vagrant 1.9.4 with vagrant-libvirt and VirtualBox 5.1.20 (without the Guest Additions) as providers. We strongly recommend using the libvirt provider when stability is required.

Downloads

The official images can be downloaded from Vagrant Cloud. We provide images for HyperV, libvirt-kvm, VirtualBox and VMware.

If you never used our images before:

vagrant box add centos/6 # for CentOS Linux 6, or...
vagrant box add centos/7 # for CentOS Linux 7

Existing users can upgrade their images:

vagrant box update --box centos/6
vagrant box update --box centos/7

Verifying the integrity of the images

The SHA256 checksums of the images are signed with the CentOS 7 Official Signing Key. First, download and verify the checksum file:

$ curl http://cloud.centos.org/centos/7/vagrant/x86_64/images/sha256sum.txt.asc -o sha256sum.txt.asc
$ gpg --verify sha256sum.txt.asc

Once you are sure that the checksums are properly signed by the CentOS Project, you have to include them in your Vagrantfile (Vagrant unfortunately ignores the checksum provided from the command line). Here's the relevant snippet from my own Vagrantfile, using v1803.01 and VirtualBox:

Vagrant.configure(2) do |config|
  config.vm.box = "centos/7"

  config.vm.provider :virtualbox do |virtualbox, override|
    virtualbox.memory = 1024
    override.vm.box_download_checksum_type = "sha256"
    override.vm.box_download_checksum = "b24c912b136d2aa9b7b94fc2689b2001c8d04280cf25983123e45b6a52693fb3"
    override.vm.box_url = "https://cloud.centos.org/centos/7/vagrant/x86_64/images/CentOS-7-x86_64-Vagrant-1803_01.VirtualBox.box"
  end
end

Feedback

If you encounter any unexpected issues with the Vagrant images, feel free to ask on the centos-devel mailing list, or in #centos on Freenode IRC.

Ackowledgements

I would like to warmly thank Brian Stinson, Fabian Arrotin and Thomas Oulevey for their work on the build infrastructure, as well as Patrick Lang from Microsoft for testing and feedback on the Hyper-V images. I would also like to thank the CentOS Project Lead, Karanbir Singh, without whose years of continuous support we wouldn't have had the Vagrant images in their present form.

I would also like to thank the following people (in alphabetical order):

  • Graham Mainwaring, for helping with tests and validations;
  • Michael Vermaes, for testing our official images, as well as for writing the detailed guide to using them with VMware Fusion Pro and VMware Workstation Pro;
  • Kirill Kalachev, for reporting and debugging the host name errors with VirtualBox on Windows hosts.

January 30, 2019

CentOS NFV SIG Quarterly Report

January 30, 2019 08:42 PM

NFV SIG Quarterly Report through February 1st, 2019

Purpose

The CentOS NFV  SIG exists to support Network Function Virtualization (NFV) in CentOS. Specifically, the idea is to be a vehicle to provide packages for implementers of software networks on the CentOS platform.

Membership Update

In this reporting period, we have had little formal participation. However, there has been continued in NFV on CentOS and interest in deploying our packages on CentOS. We are always looking for additional community participation in all aspects of this SIG, including promoting, building releasing other packages for NFV.

Anyone interested in participating in the NFV SIG should subscribe to the generic CentOS mailing list.

Releases and Packages

fd.io VPP

The past quarter has been a slow one in terms of actual delivered packages. Our main active package, VPP has not been released since 1807. Upstream version 1810 requires dev-toolset 7.

However, recently dev-toolset-7 and all prerequisites have been built and-or cross tagged into the NFV SIG common. We are currently in the process of building vpp 19.01 for release and plan to have these packages ready in February.

To install latest release of VPP,

yum install centos-release-fdio

yum install vpp*

Health and Activity

The health of NFV SIG could be better. It was originally perceived as the sponsor for getting OPNFV project into the CentOS distribution. However, subsequently OPNFV releases its own CD images. Subsequently it was primarily sponsoring building opendaylight packages which are still built as part of the upstream product CI.

Since Q1 2018 the project has been focused on building packages and dependencies for upstream fast data plane project, fd.io

including vpp.

At this point, the project is looking for a renewed focus. Perhaps, packages to facilitate containerization and kubernetes. Other ideas and sponsors are welcome.

Also, we have also been working towards several upcoming events.

On February 1st, we will have a presentation about NFV SIG at  CentOS Dojo at FOSDEM, in Brussels.

Issues for the Board

We have no issues to bring to the board’s attention at this time.

 

January 24, 2019

Promo SIG quarterly report, February 2019

January 24, 2019 03:37 PM

As per the SIG reporting guide, the Promo SIG offers its quarterly report for the period from Nov 1, 2018 through Feb 1, 2019

Purpose

The CentOS Promotion SIG exists to provide promotion, and consistent messaging, of CentOS, both at physical events and online.

Membership Update

In the reporting period, we have had participation from a handful of people. We are always looking for additional community participation in all aspects of this SIG, including, but not limited to, helping out at events.

Anyone interested in participating in the Promo SIG should subscribe to the mailing list.

Activity

The past quarter has been a slow one in terms of actual event participation.

We had a presence at the Supercomputing event SC18 in Dallas, Texas, where Rich Bowen interviewed some of the student cluster competition teams. Those videos may be seen on the CentOS YouTube channel.

We have also been working towards several upcoming events.

On February 1st, we will be holding the annual CentOS Dojo at FOSDEM, in Brussels. At the time of this writing, we have 125 people registered for the event. A followup event report will be posted here in the next 2 weeks.

In April, we are planning to hold a Dojo at ORNL, in Oak Ridge, Tennessee, USA. The schedule is coming together and we should be announcing more details immediately after FOSDEM.

Later in 2019, we plan to hold dojos at DevConf.US, and DevConf.IN. No details are available for either of these events, but should be announced in the next month.

Each month we publish the community newsletter. These may be read on this blog, and are listed in the wiki.

We are planning various things around the upcoming 15th anniversary of the CentOS project, including birthday cakes at various of our Dojos, and a series of interviews with people who have been around the project for many years. We hope to record some of these interviews at FOSDEM, and others both online, and at upcoming events during the year. If you would like to be interviewed, please contact Rich on the promo mailing list.

This has been a slow quarter for social media, as November and December often are. However, we continue to post content to Twitter, Facebook, LinkedIn, and Reddit. With the announced retirement of Google+, we have discontinued posting content there.

January 15, 2019

CentOS PaaS SIG Quarterly report

January 15, 2019 12:07 PM

Purpose

The CentOS PaaS SIG is working on delivering multiple PaaS Stacks that are built, tested and delivered into the CentOS Ecosystem for end user consumption, run as a service and also provided in various formats ( rpms, containers, images etc ) for other efforts in the CentOS Ecosystem, that can derive value from this content.

Releases and Packages

OKD 3.11 has released in this quarter and we keep working on maintaining the packages while the updates are coming from the main repository. We provide also the openshift-ansible package containing all playbooks to deploy OKD on CentOS environments.

To install openshift-ansible package, run the command:

yum install openshift-ansible

Biweekly meetings

The SIG decided to host biweekly meetings due to low traffic of information. We invite everyone to join the meeting and ask for help, improvements, and collaboration. Our meeting is biweeklyWednesdays at 17:00 UTC. You can check your timezone time with the command:

date -d "1700 UTC"

January 14, 2019

Updated CentOS Vagrant Images Available (v1812.01)

January 14, 2019 08:52 PM

We are pleased to announce new official Vagrant images of CentOS Linux 6.10 and CentOS Linux 7.6.1810 for x86_64. All included packages have been updated to January 1st, 2019.

Important changes

The centos/7 images use the XFS filesystem again (we had to temporarily switch to ext4 due to filesystem corruption involving qemu and XFS in 7.5.1804).

Known Issues

  1. The VirtualBox Guest Additions are not preinstalled; if you need them for shared folders, please install the vagrant-vbguest plugin and add the following line to your Vagrantfile:
    config.vm.synced_folder ".", "/vagrant", type: "virtualbox"

    We recommend using NFS instead of VirtualBox shared folders if possible; you can also use the vagrant-sshfs plugin, which, unlike NFS, works on all operating systems.

  2. Since the Guest Additions are missing, our images are preconfigured to use rsync for synced folders. Windows users can either use SMB for synced folders, or disable the sync directory by adding the line
    config.vm.synced_folder ".", "/vagrant", disabled: true

    to their Vagrantfile, to prevent errors on "vagrant up".

  3. Installing open-vm-tools is not enough for enabling shared folders with Vagrant’s VMware provider. Please follow the detailed instructions in https://github.com/mvermaes/centos-vmware-tools
  4. Some people reported "could not resolve host" errors when running the centos/7 image for VirtualBox on Windows hosts. We don't have access to any Windows computer, but some people reported that adding the following line to the Vagrantfile fixed the problem:
    vb.customize ["modifyvm", :id, "--natdnshostresolver1", "off"]

Recommended Setup on the Host

Our automatic testing is running on a CentOS Linux 7 host, using Vagrant 1.9.4 with vagrant-libvirt and VirtualBox 5.1.20 (without the Guest Additions) as providers. We strongly recommend using the libvirt provider when stability is required.

Downloads

The official images can be downloaded from Vagrant Cloud. We provide images for HyperV, libvirt-kvm, VirtualBox and VMware.

If you never used our images before:

vagrant box add centos/6 # for CentOS Linux 6, or...
vagrant box add centos/7 # for CentOS Linux 7

Existing users can upgrade their images:

vagrant box update --box centos/6
vagrant box update --box centos/7

Verifying the integrity of the images

The SHA256 checksums of the images are signed with the CentOS 7 Official Signing Key. First, download and verify the checksum file:

$ curl http://cloud.centos.org/centos/7/vagrant/x86_64/images/sha256sum.txt.asc -o sha256sum.txt.asc
$ gpg --verify sha256sum.txt.asc

Once you are sure that the checksums are properly signed by the CentOS Project, you have to include them in your Vagrantfile (Vagrant unfortunately ignores the checksum provided from the command line). Here's the relevant snippet from my own Vagrantfile, using v1803.01 and VirtualBox:

Vagrant.configure(2) do |config|
  config.vm.box = "centos/7"

  config.vm.provider :virtualbox do |virtualbox, override|
    virtualbox.memory = 1024
    override.vm.box_download_checksum_type = "sha256"
    override.vm.box_download_checksum = "b24c912b136d2aa9b7b94fc2689b2001c8d04280cf25983123e45b6a52693fb3"
    override.vm.box_url = "https://cloud.centos.org/centos/7/vagrant/x86_64/images/CentOS-7-x86_64-Vagrant-1803_01.VirtualBox.box"
  end
end

Feedback

If you encounter any unexpected issues with the Vagrant images, feel free to ask on the centos-devel mailing list, or in #centos on Freenode IRC.

Ackowledgements

I would like to warmly thank Brian Stinson, Fabian Arrotin and Thomas Oulevey for their work on the build infrastructure, as well as Patrick Lang from Microsoft for testing and feedback on the Hyper-V images. I would also like to thank the CentOS Project Lead, Karanbir Singh, without whose years of continuous support we wouldn't have had the Vagrant images in their present form.

I would also like to thank the following people (in alphabetical order):

  • Graham Mainwaring, for helping with tests and validations;
  • Michael Vermaes, for testing our official images, as well as for writing the detailed guide to using them with VMware Fusion Pro and VMware Workstation Pro;
  • Kirill Kalachev, for reporting and debugging the host name errors with VirtualBox on Windows hosts.

January 08, 2019

CentOS SCLo SIG Quarterly report

January 08, 2019 03:21 PM

CentOS SCLo SIG Quarterly report

Purpose

Packaging and maintaining Software Collections packages,
providing the ability to install several versions of various software side by side.

Releases and packages

Several new software collections were provided:

Some older software collections were retired due to their upstream End-of-Life status.
If a collection you depend on vanished from the repositories,
it is advised to upgrade to a newer variant of that collection as soon as possible.
As a last resort, the retired and unsupported packages can be found at CentOS vault.

CentOS Pulse Newsletter, January 2019 (#1901)

January 08, 2019 02:41 PM

Dear CentOS enthusiast,

We wish you a happy and prosperous 2019, full of CentOS!

Releases and updates


December was a very busy month for releases and updates. The following releases and updates happened in December. For each update, the given URL provides the upstream notes about the change.

Errata and Enhancements Advisories

We issued the following CEEA (CentOS Errata and Enhancements Advisories) during December:

Errata and Security Advisories

We issued the following CESA (CentOS Errata and Security Advisories) during December:

Errata and Bugfix Advisories

We issued the following CEBA (CentOS Errata and Bugfix Advisories) during December:

Other releases

The following releases also happened during December:

 

SIG Updates

SIGs - Special Interest Groups - are where people work on the stuff that runs on top of CentOS.

Cloud SIG

Last month the Cloud SIG produced a detailed quarterly report, which you can read in a separate post. This kind of detailed report is what we'd love to see from other SIGs in the future.

Software Collections SIG

The Software Collections SIG has also published a quarterly report, covering their progress in the last few months.

Other SIG Reports

Due to so many people taking time off in December to spend time with friends and family, several other SIG reports are running a little late. Don't worry, they're on the way, and you can see them here, on blogs.centos.org, in the next week or two. Thanks for your patience!

Events

Upcoming events

Coming up in February, we'll be participating in FOSDEM, with a table in the expo area, as most years. Drop by for all your CentOS sticker needs, or to tell us about what you're doing with CentOS! You can find out more about FOSDEM on their website at https://fosdem.org/2019/.

And, on the day before FOSDEM starts, we'll be holding our annual CentOS Dojo, at the Marriott near Grand Place. We'll have a full day of technical presentations (two tracks!) and, of course, the always valuable hallway track where you can talk with other people in the CentOS community. Attendance is free, but we need you to register, so that we can plan. Details, the schedule, and the registration like, are all on the event website at https://wiki.centos.org/Events/Dojo/Brussels2019

There's a lot of other events around FOSDEM, too, that you might want to check out. These are loosely called the FOSDEM Fringe, and are listed here: https://fosdem.org/2019/fringe/

Contributing to CentOS Pulse

We are always on the look-out for people who are interested in helping to:

  • report on CentOS community activity
  • provide a report from the SIG on which you participate
  • maintain a (sub-)section of the newsletter
  • write an article on an interesting person or topic
  • provide the hint, tip or trick of the month

Please see the page with further information about contributing. You can also contact the Promotion SIG, or just email Rich directly (rbowen@centosproject.org) with ideas or articles that you'd like to see in the next newsletter.

 

January 02, 2019

CentOS Cloud SIG Quarterly Report

January 02, 2019 08:54 PM

01 September 2018 - 31 November 2018

Purpose

Packaging and maintaining different FOSS based Private cloud infrastructure applications that one can install and run natively on CentOS.

https://wiki.centos.org/SpecialInterestGroup/Cloud

Membership Update

We are always looking for new members, especially representation from other cloud technologies.

The SIG agreed to replace the inactive SIG Chair, Kushal Das, with new chair Rain Leander, at the recent SIG gathering at CERN, in October.

No SIG members have been added in this quarter. However, the SIG membership list was updated on the SIG wiki page to reflect reality.

Releases and Packages

RDO

Aug 27 - Aug 31 Rocky Release https://blogs.rdoproject.org/2018/09/rdo-rocky-released/

Interesting features in the Rocky release include:

  • New neutron ML2 driver networking-ansible has been included in RDO. This module abstracts management and interaction with switching hardware to Ansible Networking.
  • Swift3 has been moved to swift package as the “s3api” middleware.

Other improvements include:

  • Metalsmith is now included in RDO. This is a simple tool to provision bare metal machines using ironic, glance and neutron.

The full release notes are at https://releases.openstack.org/rocky/highlights.html

Sep 10 - Sep 14 Stein Release Project Team Gathering

Oct 22 - Oct 26 Stein-1 milestone

Health and Activity

The Cloud SIG remains fairly healthy. However, it is still, for the most part, a monoculture containing only OpenStack.

In recent days, CloudStack has indicated an interest in once again participating in the SIG, with an eye towards providing CloudStack 4.11.2.0 rpms, and having more visibility in CentOS 8, in particular, once that is released.

Currently OpenStack group is focusing in preparing CentOS 8 support (E.g: python3, podman) through a fork of Fedora 28. This repository is used in upstream and downstream CI to reduce the gap as much as possible when CentOS 8 will be available.

Issues for the Board

We have no issues to bring to the board’s attention at this time.

Reminder: CentOS Dojo at FOSDEM just a few weeks away

January 02, 2019 05:09 PM

We're looking forward to seeing all of you in Brussels next month!

The annual FOSDEM CentOS Dojo will be happening, as usual, on the Friday
before FOSDEM starts - February 1st, 2019 - at the Marriott Grand Place,
just a few minutes walk from Grand Place.

We do ask that you register, so that we can plan for space, budget, and
coffee breaks. We are currently about two thirds full, so don't wait!

More details, including the full schedule of presentations, and the
registration link, are on the event website:

https://wiki.centos.org/Events/Dojo/Brussels2019 

See you in Brussels!

December 13, 2018

Fasttrack is back!

December 13, 2018 09:02 PM

Once upon a time, there was a repository called fasttrack, and it used to get low priority updates before going through all the usual checks.

Eventually, that repo was deprecated, we couldn't delete it without breaking compatibility, so it just stayed there, empty and silent.

A few days ago, a bug appeared in bind, that was giving headaches to many people, we had a fix and wanted to give the users an option without waiting for the official build, so we decided to bring fasttrack back to life.

What will it be for?
Well, exactly for cases like this, simple fixes that the CentOS QA team or community members come up with, and helps users while they wait for the official solution.

How do I enable it?
sudo yum-config-manager --enable fasttrack
Then run yum update as usual.

What are the steps?
1) Submit your bug in https://bugs.centos.org/
2) If you have a patch, or a reference to the program's bug tracking system, add it to the bug.
3) This is the most important step, "Be patient!!!"
4) If all goes well, and we like the patch, we'll create a temporary build and point you to it in the bug entry.
5) You'll have to install and test that this build works.
6) If not done already, submit a bug in https://bugzilla.redhat.com/ and point it to the one created in CentOS.
7) Once all of this is done, we'll sign and push it to the fasttrack repo for everybody to use.

Please keep in mind that this repo is for "temporary" fixes, until Red Hat comes up with the real solution.

If you have any problems, please report back through the usual channels (irc, forums, Bug Tracker, Mailing Lists, etc)

Pablo.

Update: Added steps. all this is WiP at the moment.

December 08, 2018

Updated CentOS Vagrant Images Available (v1811.01)

December 08, 2018 09:45 AM

2018-12-12: We published new Vagrant images, v1811.02, fixing CentOS bug 15552 (wrong permissions on file /etc/sudoers.d/vagrant cause visudo -c to report an error, which can result in problems with Puppet).

We are pleased to announce new official Vagrant images of CentOS Linux 6.10 and CentOS Linux 7.6.1810 for x86_64. All included packages have been updated to November 30th, 2018.

Known Issues

  1. The VirtualBox Guest Additions are not preinstalled; if you need them for shared folders, please install the vagrant-vbguest plugin and add the following line to your Vagrantfile:
    config.vm.synced_folder ".", "/vagrant", type: "virtualbox"

    We recommend using NFS instead of VirtualBox shared folders if possible; you can also use the vagrant-sshfs plugin, which, unlike NFS, works on all operating systems.

  2. Since the Guest Additions are missing, our images are preconfigured to use rsync for synced folders. Windows users can either use SMB for synced folders, or disable the sync directory by adding the line
    config.vm.synced_folder ".", "/vagrant", disabled: true

    to their Vagrantfile, to prevent errors on "vagrant up".

  3. Installing open-vm-tools is not enough for enabling shared folders with Vagrant’s VMware provider. Please follow the detailed instructions in https://github.com/mvermaes/centos-vmware-tools
  4. Some people reported "could not resolve host" errors when running the centos/7 image for VirtualBox on Windows hosts. We don't have access to any Windows computer, but some people reported that adding the following line to the Vagrantfile fixed the problem:
    vb.customize ["modifyvm", :id, "--natdnshostresolver1", "off"]

Recommended Setup on the Host

Our automatic testing is running on a CentOS Linux 7 host, using Vagrant 1.9.4 with vagrant-libvirt and VirtualBox 5.1.20 (without the Guest Additions) as providers. We strongly recommend using the libvirt provider when stability is required.

Downloads

The official images can be downloaded from Vagrant Cloud. We provide images for HyperV, libvirt-kvm, VirtualBox and VMware.

If you never used our images before:

vagrant box add centos/6 # for CentOS Linux 6, or...
vagrant box add centos/7 # for CentOS Linux 7

Existing users can upgrade their images:

vagrant box update --box centos/6
vagrant box update --box centos/7

Verifying the integrity of the images

The SHA256 checksums of the images are signed with the CentOS 7 Official Signing Key. First, download and verify the checksum file:

$ curl http://cloud.centos.org/centos/7/vagrant/x86_64/images/sha256sum.txt.asc -o sha256sum.txt.asc
$ gpg --verify sha256sum.txt.asc

Once you are sure that the checksums are properly signed by the CentOS Project, you have to include them in your Vagrantfile (Vagrant unfortunately ignores the checksum provided from the command line). Here's the relevant snippet from my own Vagrantfile, using v1803.01 and VirtualBox:

Vagrant.configure(2) do |config|
  config.vm.box = "centos/7"

  config.vm.provider :virtualbox do |virtualbox, override|
    virtualbox.memory = 1024
    override.vm.box_download_checksum_type = "sha256"
    override.vm.box_download_checksum = "b24c912b136d2aa9b7b94fc2689b2001c8d04280cf25983123e45b6a52693fb3"
    override.vm.box_url = "https://cloud.centos.org/centos/7/vagrant/x86_64/images/CentOS-7-x86_64-Vagrant-1803_01.VirtualBox.box"
  end
end

Feedback

If you encounter any unexpected issues with the Vagrant images, feel free to ask on the centos-devel mailing list, or in #centos on Freenode IRC.

Ackowledgements

I would like to warmly thank Brian Stinson, Fabian Arrotin and Thomas Oulevey for their work on the build infrastructure, as well as Patrick Lang from Microsoft for testing and feedback on the Hyper-V images. I would also like to thank the CentOS Project Lead, Karanbir Singh, without whose years of continuous support we wouldn't have had the Vagrant images in their present form.

I would also like to thank the following people (in alphabetical order):

  • Graham Mainwaring, for helping with tests and validations;
  • Michael Vermaes, for testing our official images, as well as for writing the detailed guide to using them with VMware Fusion Pro and VMware Workstation Pro;
  • Kirill Kalachev, for reporting and debugging the host name errors with VirtualBox on Windows hosts.

December 07, 2018

CentOS Atomic Host 7.1811 Available for Download

December 07, 2018 08:57 PM

The CentOS Atomic SIG has released an updated version of CentOS Atomic Host (7.1811), an operating system designed to run Linux containers, built from standard CentOS 7 RPMs, and tracking the component versions included in Red Hat Enterprise Linux Atomic Host.

CentOS Atomic Host includes these core component versions:

  • atomic-1.22.1-26.gitb507039.el7.centos.x86_64
  • cloud-init-18.2-1.el7.centos.1.x86_64
  • podman-0.11.1.1-3.git594495d.el7.centos.x86_64
  • docker-1.13.1-84.git07f3374.el7.centos.x86_64
  • etcd-3.2.22-1.el7.x86_64
  • flannel-0.7.1-4.el7.x86_64
  • kernel-3.10.0-957.1.3.el7.x86_64
  • ostree-2018.5-1.el7.x86_64
  • rpm-ostree-client-2018.5-2.atomic.el7.x86_64

Download CentOS Atomic Host

CentOS Atomic Host is available as a VirtualBox or libvirt-formatted Vagrant box, or as an installable ISO, qcow2 or Amazon Machine image. For links to media, see the CentOS wiki.

Upgrading

If you’re running a previous version of CentOS Atomic Host, you can upgrade to the current image by running the following command:

# atomic host upgrade

Release Cycle

The CentOS Atomic Host image follows the upstream Red Hat Enterprise Linux Atomic Host cadence. After sources are released, they’re rebuilt and included in new images. After the images are tested by the SIG and deemed ready, we announce them.

Getting Involved

CentOS Atomic Host is produced by the CentOS Atomic SIG, based on upstream work from Project Atomic. If you’d like to work on testing images, help with packaging, documentation – join us!

You’ll often find us in #atomic and/or #centos-devel if you have questions. You can also join the atomic-devel mailing list if you’d like to discuss the direction of Project Atomic, its components, or have other questions.

Getting Help

If you run into any problems with the images or components, feel free to ask on the centos-devel mailing list.

Have questions about using Atomic? See the atomic mailing list or find us in the #atomic channel on Freenode.

December 06, 2018

Using go-toolset on CentOS Linux 7/x86_64

December 06, 2018 01:30 PM

With golang now gone from the CentOS Linux 7 distro ( deprecated upstream ), the best way to get golang for your system is to get it from the SCL.

Firstly, enable scl itself :

yum install centos-release-scl

Then install the go-toolset-7 scl ( this brings in version 1.10.2 at the moment )

yum install go-toolset-7

In order to use it, interactively you can run the scl enable command, which would also involve spawning a new shell. Note that the /bin/bash can be replaced with the commmand or shell you want to work in :

$ scl enable go-toolset-7 /bin/bash
$ go version
go version go1.10.2 linux/amd64
$ which go
/opt/rh/go-toolset-7/root/usr/bin/go

If you want, like I do, want to just make this the default go for all our shells, add something like this to your .bashrc

source scl_source enable go-toolset-7

MAny thanks to the CentOS SCL SIG for shipping this go-toolset collection.

December 04, 2018

CentOS Pulse Newsletter, December 2018 (#1807)

December 04, 2018 08:06 AM

Dear CentOS enthusiast,

Can you believe it's December already? Here's what's been happening in the past month at CentOS.

Releases and updates

The following releases and updates happened in November. For each update, the given URL provides the upstream notes about the change.

Errata and Enhancements Advisories

There were no CEEA (CentOS Errata and Enhancements Advisories) during November.

Errata and Security Advisories

We issued the following CESA (CentOS Errata and Security Advisories) during November:

Errata and Bugfix Advisories

We issued the following CEBA (CentOS Errata and Bugfix Advisories) during November:

SIG Updates

SIGs - Special Interest Groups - are where people work on the stuff that runs on top of CentOS.

Virtualization SIG

We have two new member for Virt SIG: yuvalt and tomo

Upstream released oVirt 4.3.0 alpha on November 26th

Initial manual testing with 7.6 CR repo enabled are passing, waiting for CentOS 7.6 to GA.

Upstream preparing a first release candidate for 4.2.8, should go out on November 28th, GA is planned in January.
oVirt 4.3 is going to switch to GlusterFS 5, waiting to get it released along with CentOS 7.6.

We are working with OpsTools SIG to get ready for collectd 5.8.1, also coming with CentOS 7.6.

Waiting on CentOS infra for having an appliance shipping ovirt-guest-agent, hopefully with CentOS 7.6 GA.

Why your project should participate in a CentOS SIG

Last week we published an overview of Why your project should participate in a CentOS SIG. If you're involved in any open source project, and want it to have more exposure and better testing on CentOS, the SIGs are designed specifically for you. Join an existing SIG, or propose a new one that better fits your project.

The CentOS Container Pipeline Project

Did you know that CentOS Container Pipeline project offers an automated way of building CetntOS based containers? All you need to do to get started is add details about your open-source project to the container-index repository The service picks things up from there and rebuilds your container image every time you push a commit to the specified branch!

The team recently revamped the service architecture to be based on OpenShift. The service is hosted on CentOS infrastructure but can be easily deployed in your own infrastructure.

The project also scans container images for rpm, pip, npm and gem package updates; capabilities of resulting container; and integrity of RPM data. You can also leverage parent-child relationship to trigger a build of child image(s) whenever its parent image gets updated!

Got questions? Contact the team on 'container-apps' channel on Mattermost.

Events

Recent events

In November, we had a small presence at SuperComputing 18 in Dallas. While there, we talked with a few of the teams participating in the Student Cluster Competition. As usual, student supercomputing is #PoweredByCentOS, with 11 of the 15 participating teams running CentOS. (One Fedora, two Ubuntu, one Debian.)

Our congratulations go out to the team from Tsinghua University, who won this year's competition!

Upcoming events

In December, we'll be at the Red Hat booth at Kubecon in Seattle. Drop by for all of your CentOS sticker needs.

Coming up next year, we have two Dojos in the early part of the year that you'll want to be at.

In Europe, we have our annual Dojo at FOSDEM. It will be held at the Grand Place Marriott on Friday, February 1st, 2019. Registration is free, but we do need you to register, so that we can adequately plan. The schedule, details, and registration, are available on the event web page.

And, in North America, we have just announced our upcoming Dojo at Oak Ridge National Labs, on Tuesday, April 16th, 2019. Initial information, and the call for presentations, is on the event web page.

Contributing to CentOS Pulse

We are always on the look-out for people who are interested in helping to:

  • report on CentOS community activity
  • provide a report from the SIG on which you participate
  • maintain a (sub-)section of the newsletter
  • write an article on an interesting person or topic
  • provide the hint, tip or trick of the month

Please see the page with further information about contributing. You can also contact the Promotion SIG, or just email Rich directly (rbowen@centosproject.org) with ideas or articles that you'd like to see in the next newsletter.

 

November 26, 2018

Why your project should participate in a CentOS SIG

November 26, 2018 03:13 PM

When thinking about the CentOS Project, it’s natural to think of the Linux distro and how it makes operations and administration easy through sane package integration and management.  If you are an open source software project, though, how is the CentOS Linux platform useful to you beyond the operating system?

This is where SIGs come in.

Special Interest Groups (SIG) are smaller groups within the CentOS community that focus on a small set of issues, in order to either create awareness or to focus on development along a specific topic.

For example, the Cloud SIG produces packages for cloud infrastructure projects such as OpenStack and Cloudstack. And the Storage SIG produces packages for software defined storage projects, such as Gluster and Ceph.

Other SIGs, such as the Promotion SIG and the Artwork SIG, focus on non-technical aspects of the CentOS distribution, and are other ways to get involved in the life of the community. These SIGs are a topic for another day.

There are a number of reasons that your open source project might want to engage with a CentOS SIG.

CI and Packaging

The most important service that the CentOS Project provides to your project is the CI and packaging tools. These are described in the SIG Guide, along with other tools and resources that are available to SIGs.

By using the CentOS CBS (Community Build System) you can ensure that your project not only works flawlessly on CentOS, but also doesn’t have any conflicts with other projects that are providing packages for CentOS.

With help from the larger CentOS community, and other projects within your SIG, this relieves you of the need to be a CentOS expert yourself.

Easier to install on CentOS and RHEL

The primary output of a SIG is a repository of packages. This makes it easier for users of CentOS to install and use your project, with a simple ‘yum install’, and ensure that they’ll get all of the necessary dependencies with no additional effort on their part.

Community of like-minded developers

Other projects in your same subject area are often faced with similar problems. The SIG is a great place to solve those problems together, whether they are CentOS specific, or more generally applicable to your problem space.

Promotion of your project to CentOS users

Each time you push a release, this can be promoted to the CentOS community through our various social media channels, mailing lists, forums and newsletter. This expands the reach of your project to an audience who isn’t on your project promotional channels. This can be a real boon to smaller projects, as well as to projects that are very developer focused and don’t have much user/operator outreach.

A place for your users to address platform-specific issues

Problems that people have with your project are often actually problems with the platform on which they’re running them. Perhaps they don’t understand how services work on CentOS, or aren’t familiar with the configuration nuances that are specific to CentOS. Having a place where users can ask these questions, and get authoritative answers, can take a lot of the support burden off of your regular community, who, while deeply familiar with your project, maybe aren’t so familiar with the idiosyncrasies of CentOS.

November 14, 2018

Student supercomputing is #PoweredByCentOS at SC18

November 14, 2018 03:45 PM

I'm at SC18 - the premiere international supercomputing event - in Dallas, Texas. Every year at this event, hundreds of companies and universities gather to show what they've been doing in the past year in supercomputing and HPC.

As usual, the highlight of this event for me is the student cluster competition. Teams from around the world gather to compete on which team can make the fastest, most efficient supercomputer within certain constraints. In particular, the machine must be built from commercially available components and not consume more than a certain amount of electrical power while doing so.

This year's teams come from Europe, North America, Asia, and Australia, and come from a pool of applicants of hundreds of universities who have been narrowed down to this list.

Of the 15 teams participating, 11 of them are running their clusters on CentOS. There are 2 running Ubuntu, one Running Debian, and one running fedora. This is, of course, typical at these competitions, with Centos leading as the preferred supercomputing operating system.

The teams are given a variety of projects to work on before they get here, and then there is one surprise project that is presented to them when they arrive. They have 48 hours to work on these projects, and the winner is selected based on benchmarks and power consumption.

You can read more about the competition, and about the teams participating, on the SCC website.

 

 

November 09, 2018

OKD v3.11 packages now available

November 09, 2018 07:18 PM

We would like to announce that OKD v3.11 rpms been officially released and are available at http://mirror.centos.org/centos/7/paas/x86_64/openshift-origin311/. [1]

OKD is the Origin community distribution of Kubernetes.

In order to use the released repo [1] we have created and published the rpm (contains the yum configuration file) [2] which is in the main CentOS extra repository. The rpm itself has a dependency on the centos-release-ansible26 [3] which is the ansbile 2.6 version rpm built by CentOS Infra team.

Should you decide not to use the centos-release-openshift-origin3* rpm then will be your responsibility to get ansible 2.6 required to by openshift-ansible installer.

Please note that due to ongoing work on releasing CentOS 7.6, the mirror.centos.org repo is in freeze mode - see https://lists.centos.org/pipermail/centos-devel/2018-November/017033.html [4] and as such we have not published the rpms to http://mirror.centos.org/centos/7/paas/x86_64/openshift-origin/ [5]. Once the freeze mode will end, we'll publish the rpms.

Kudos goes to CentOS Infra team for being very kind in giving us a waiver to make the current release possible.

Thank you,
PaaS SIG team

Reference URLs:

[1] http://mirror.centos.org/centos/7/paas/x86_64/openshift-origin311/
[2] http://mirror.centos.org/centos/7/extras/x86_64/Packages/centos-release-openshift-origin311-1-2.el7.centos.noarch.rpm
[3] http://mirror.centos.org/centos/7/extras/x86_64/Packages/centos-release-ansible26-1-3.el7.centos.noarch.rpm
[4] https://lists.centos.org/pipermail/centos-devel/2018-November/017033.html
[5] http://mirror.centos.org/centos/7/paas/x86_64/openshift-origin/

 

November 07, 2018

Schedule, Registration now available for CentOS Dojo at FOSDEM

November 07, 2018 03:35 PM

We are pleased to announce the (tentative) schedule of talks for the
upcoming CentOS Dojo in Brussels, which will be held on the day before
FOSDEM - February 1, 2019 - at the Grand Place Marriott.

Details, and the schedule, are now available at
https://wiki.centos.org/Events/Dojo/Brussels2019 (Schedule subject to
change).

Registration is free, but we need to know how many people are coming,
for catering and space purposes. You can register today at:
https://www.eventbrite.com/e/centos-dojo-at-fosdem-tickets-52306704762

See you in Brussels!

November 06, 2018

Implementing Zabbix custom LLD rules with Ansible

November 06, 2018 11:00 PM

While I have to admit that I'm using Zabbix since the 1.8.x era, I also have to admit that I'm not an expert, and that one can learn new things every day. I recently had to implement a new template for a custom service, that is multi-instances aware, and so can be started multiple times with various configurations, and so with its own set of settings, like tcp port on which to listen, etc .. , but also the number of instances running as it can be different from one node to the next one.

I was thinking about the best way to implement this through Zabbix, and my initial idea was to just have one template per possible instance type, that would though use macros defined at the host level, to know which port to check, etc .. so in fact backporting into zabbix what configuration management (Ansible in our case) already has to know to deploy such app instance.

But parallel to that, I always liked the fact that Zabbix itself has some internal tools to auto-discover items and so triggers for those : That's called Low-level Discovery (LLD in short).

By default, if you use (or have modified) some zabbix templates, you can see those in actions for the mounted filesystems or even the present network interfaces in your linux OS. That's the "magic" : you added a new mount point or a new interface ? Zabbix discovers it automatically and start monitoring it, and also graph values for those.

So back to our monitoring problem and the need for multiple templates : what if we could use LLD too and so have Zabbix automatically checking our deployed instances (multiple ones) automatically ? The good is that we can : one can create custom LLD rules and so it would work OOTB when only one template would be added for those nodes.

If you read the link above for custom LLD rule, you'll see some examples about a script being called at the agent level, from the zabbix server, at periodic interval, to "discover" those custom discovery checks. The interesting part to notice is that it's a json that is returned to zabbix server , pointing to a new key, that is declared at the template level.

So it (usually) goes like this :

  • create a template
  • create a new discovery rule, give it a name and a key (and also eventually add Filters)
  • deploy a new UserParameter at the agent level reporting to that key the json string it needs to declare to zabbix server
  • Zabbix server receives/parses that json and based on the checks/variables declared in that json, it will create , based on those returned macros, some Item Prototypes, Trigger prototypes and so on ...

Magic! ... except that in my specific case, for some reasons I never allowed the zabbix user to really launch commands, due to limited rights and also the Selinux context in which it's running (for interested people, it's running in the zabbix_agent_t context)

I suddenly didn't want to change that base rule for our deployments, but the good news is that you don't have to use UserParameter for LLD ! . It's true that if you look at the existing Discovery Rules for "Network interface discovery", you'll see the key net.if.discovery, that is used for everything after, but the Type is "Zabbix agent". We can use something else in that list, like we already do for a "normal" check

I'm already (ab)using the Trapper item type for a lot of hardware checks : reason is simple : as zabbix user is limited (and I don't want to grant more rights for it), I have some scripts checking for hardware raid controllers (if any), etc, and reporting back to zabbix through zabbix_sender.

Let's use the same logic for the json string to be returned to Zabbix server for LLD. (as yes, Trapper is in the list for the discovery rule Type.

It's even easier for us, as we'll control that through Ansible : It's what is already used to deploy/configure our RepoSpanner instances so we have all the logic there.

Let's first start by creating the new template for repospanner, and create a discovery rule (detecting each instances and settings) :

zabbix-discovery-type.png

You can then apply that template to host[s] and wait ... but first we need to report back from agent to server which instances are deployed/running. So let's see how to implement that through ansible.

To keep it short, in Ansible we have the following (default values, not the correct ones) variables (from roles/repospanner/default.yml):

...
repospanner_instances:
  - name: default
    admin_cli: False
    admin_ca_cert:
    admin_cert:
    admin_key:
    rpc_port: 8443
    rpc_allow_from:
      - 127.0.0.1
    http_port: 8444
    http_allow_from:
      - 127.0.0.1
    tls_ca_cert: ca.crt
    tls_cert: nodea.regiona.crt
    tls_key: nodea.regiona.key
    my_cn: localhost.localdomain
    master_node : nodea.regiona.domain.com # to know how to join a cluster for other nodes
    init_node: True # To be declared only on the first node
...

That simple example has only one instance, but you can easily see how to have multiple ones, etc So here is the logic : let's have ansible, when configuring the node, create the file that will be used zabbix_sender (triggered by ansible itself) to send the json to zabbix server. zabbix_sender can use a file that is separated (man page) like this :

  • hostname (or '-' to use name configured in zabbix_agentd.conf)
  • key
  • value

Those three fields have to be separated by one space only, and important : you can't have extra empty line (but something can you easily see when playing with this the first time)

How does our file (roles/repospanner/templates/zabbix-repospanner-lld.j2) look like ? :

- repospanner.lld.instances { "data": [ {% for instance in repospanner_instances -%} { "{{ '{#INSTANCE}' }}": "{{ instance.name }}", "{{ '{#RPCPORT}' }}": "{{ instance.rpc_port }}", "{{ '{#HTTPPORT}' }}": "{{ instance.http_port }}" } {%- if not loop.last -%},{% endif %} {% endfor %} ] }

If you have already used jinja2 templates for Ansible, it's quite easy to understand. But I have to admit that I had troubles with the {#INSTANCE} one : that one isn't an ansible variable, but rather a fixed name for the macro that we'll send to zabbix (and so reused as macro everywhere). But ansible, when trying to translate the jinja2 template, was complaining about missing "comment' : Indeed {# ... #} is a comment in jinja2. So the best way (thanks to people in #ansible for that trick) is to include it in {{ }} brackets but then escape it so that it would be rendered as {#INSTANCE} (nice to know if you have to do that too ....)

The rest is trival : excerpt from monitoring.yml (included in that repospanner role) :

- name: Distributing zabbix repospanner check file
  template:
    src: "{{ item }}.j2"
    dest: "/usr/lib/zabbix/{{ item }}"
    mode: 0755
  with_items:
    - zabbix-repospanner-check
    - zabbix-repospanner-lld
  register: zabbix_templates   
  tags:
    - templates

- name: Launching LLD to announce to zabbix
  shell: /bin/zabbix_sender -c /etc/zabbix/zabbix_agentd.conf -i /usr/lib/zabbix/zabbix-repospanner-lld
  when: zabbix_templates is changed

And this is how is rendered on one of my test node :

- repospanner.lld.instances { "data": [ { "{#INSTANCE}": "namespace_rpms", "{#RPCPORT}": "8443", "{#HTTPPORT}": "8444" }, { "{#INSTANCE}": "namespace_centos", "{#RPCPORT}": "8445", "{#HTTPPORT}": "8446" }  ] }

As ansible auto-announces/push that back to zabbix, zabbix server can automatically start creating (through LLD, based on the item prototypes) some checks and triggers/graphs and so start monitoring each newly instance. You want to add a third one ? (we have two in our case) : ansible pushes the config, would modify the .j2 template and would notify zabbix server. etc, etc ...

The rest is just "normal" operation for zabbix : you can create items/trigger prototypes and just use those special Macros coming from LLD :

zabbix-item-prototypes.png

It was worth spending some time in the LLD doc and in #zabbix to discuss LLD, but once you see the added value, and that you can automatically configure it through Ansible, one can see how powerful it can be.

CentOS Pulse Newsletter, November 2018 (#1806)

November 06, 2018 02:46 PM

Dear CentOS enthusiast,

Here's what's been happening in the past month at CentOS.

Releases and updates

The following releases and updates happened in October. For each update, the given URL provides the upstream notes about the change.

Errata and Enhancements Advisories

We issued the following CEEA (CentOS Errata and Enhancements Advisories) during October:

Errata and Security Advisories

We issued the following CESA (CentOS Errata and Security Advisories) during October:

Errata and Bugfix Advisories

We issued the following CEBA (CentOS Errata and Bugfix Advisories) during October:

SIG Updates

SIGs - Special Interest Groups - are where people work on the stuff that runs on top of CentOS.

NFV SIG

We have been focused on VPP and pre-requisite packages required to build VPP.

OVS and DPDK are available in Cloud SIG but can also be made available in NFV SIG on request.

Current projects are enabling building of VPP 1810 which requires toolset7 and some additional build dependencies.

Storage SIG

Luminous is the current latest major version of ceph maintained by the SIG

We have very recently promoted in this repo the very first version of ceph-ansible which supports ansible 2.6 (previously it would only work with 2.4 and 2.5)

There isn't and probably there won't be a repo for the mimic version

There will be a repo for the nautilus version instead, which will be the first ceph version supporting centos 8

Get involved with the SIGs!

At the recent SIG gathering at CERN, we discussed at some length how to get more people, and more projects, involved in the SIG process.

A SIG is a place for related projects to gather, to work together to get their products packaged, tested, and distributed in CentOS. For example, the Cloud SIG has representatives from OpenStack and Cloudstack, producing packages of their code.

Unfortunately, many of our SIGs have only one project represented. For example, the Storage SIG is primarily Gluster, while the Virtualization SIG is primarily oVirt. We'd like to expand these to include more projects, both to increase the diversity of project availability on CentOS, and because these projects are often solving similar problems, and can cooperate on them.

Which brings us to you. There are so many ways that you can get involved in the SIG process, no matter what your skills and interests.

Packaging

The primary output of a SIG is a package repository, and so creating those packages tends to be where the main focus of a SIG rests. If you like to create packages, or want to learn how, this is your place to get involved.

Testing

While there's extensive process around automated testing of the packages, there's no substitute for actual human testing, to find the edge cases, ensure that things are working correctly, and catch things for which there's no automated testing yet. And creating those tests are a great way to ensure that problems don't reappear in the future.

Promotion and outreach

We want the CentOS SIGs to represent the enormous diversity of the open source landscape itself. We want the Storage SIG to represent not only the hugely popular software defined storage solutions everyone has heard of, but also the smaller communities with more niche use cases. We want the PaaS SIG to represent all of the various PaaS projects.

This takes outreach to the projects themselves, and to the users of those projects, to persuade them of the value of being involved in the SIG process, and then to help onboard them into that process.

It also takes improvement of our documentation to make it more accessible to people who aren't already familiar with how this all works.

And it takes enthusiastic people to produce materials for use at events, and then staff those events to explain to beginners how to get involved.

We even have a separate SIG for this - the Promotion SIG - which focuses on getting the word out, and helping to onboard people when they arrive. And the Artwork SIG is responsible for creating artwork for use both in the distribution, and on our various websites, to make the entire experience more visually appealing.

Get involved!

If you want to get involved in a SIG, or to start a new one, come join us for the SIG meetings on the #centos-devel channel on Freenode IRC. Have a look at the list of active SIGs, and see if there's one that interests you. Or look at the proposed SIGs and see if there's something you can do to get them bootstrapped.

Events

Recent events

October was a very, very busy month for CentOS events all over the world.

CentOS was a sponsor of Ohio LinuxFest, in Columbus, Ohio. OLF is an annual event, drawing most of its attendees from Ohio, and surrounding states. The first day of the event has in-depth technical tutorials, while the second day draws more of a hobbyist audience, including a number of highschool students. As such, it’s a great opportunity to talk about CentOS and Fedora. Our friends from Fedora shared our space with us, and we had a number of great conversations with our fans, as well as talking with a number of local businesses who run their operations on CentOS, Fedora, and RHEL.

Later in the month, we held our second annual CentOS Dojo at CERN. There were around 100 people in attendance, and presentations ranged from science to technical to community. We started the day with a presentation from CERN about how they use CentOS, OpenStack, and Ceph in their investigation of the secrets of the universe. We then heard from a number of our SIGs (Special Interest Groups) about what they’re working on, and how people can get more involved. You can watch the video from each presentation by clicking on the paperclip icon next to the individual items in the event schedule listing.

On the day before the Dojo, we had a smaller gathering of our SIGs. There was discussion about the upcoming changes to the Git infrastructure - a conversation that was started at this event last year. Various SIGs reported on what they’ve been working on over the last few months. And there was discussion about how we can get more contributors involved in the SIG process. (See the SIG Updates section of this newsletter for more about this.) Watch the centos-devel list for more discussions around these topics.

During the week of October 22nd, a few of us were at Open Source Summit in Edinburgh (the event formerly known as LinuxCon. Here, too, we had great interactions with people from all levels of involvement, from people running massive server farms to kids running CentOS at home.

And finally, in the last week of the month, we had a sponsor booth at LISA in Nashville, once again shared with our friends from Fedora. LISA - Large Installation System Administration Conference - is one of the oldest software conferences in the world, going back to 1987.

If you are aware of any events in November where CentOS has (or should have!) a presence, please don’t hesitate to announce it on the centos-promo mailing list so that we can help you promote it. Or, you can add it directly to the upcoming events page.

Upcoming events

The next big event for the CentOS community is FOSDEM, and the CentOS Dojo immediately before FOSDEM. We will be announcing the schedule for this event today or tomorrow - as soon as the speakers respond with confirmation of their attendance. See you in Brussels!

Contributing to CentOS Pulse

We are always on the look-out for people who are interested in helping to:

  • report on CentOS community activity
  • provide a report from the SIG on which you participate
  • maintain a (sub-)section of the newsletter
  • write an article on an interesting person or topic
  • provide the hint, tip or trick of the month

Please see the page with further information about contributing. You can also contact the Promotion SIG, or just email Rich directly (rbowen@centosproject.org) with ideas or articles that you'd like to see in the next newsletter.

 

November 01, 2018

Video from the CentOS Dojo at CERN now available

November 01, 2018 04:36 PM

The videos from the recent #CentOSDojo at #CERN are now available on the CentOS YouTube channel. If you have time for only one, be sure to watch the first video, which talks about the challenges that CERN has with the enormous amount of data they produce every day in the LHC.

Also recommended, Fabian's discussion of the coming (and already in place!) changes to the CentOS Git infrastructure.

[UPDATE: The videos which were previously updated were truncated, and we're looking into fixing that. meanwhile you can view the video on the event schedule by clicking the paperclip icon next to each talk title.]

October 08, 2018

Upcoming changes to downloading AltArch .iso images

October 08, 2018 10:00 PM

Greetings from the mirror-management department! This notice is for those who employ some sort of an automation to download AltArch (ie. aarch64, armhfp, i386, power9, ppc64, ppc64le) CentOS 7 .iso/.raw.xz images from mirror.centos.org. Those using a regular browser to download these images are not particularly affected, and you can continue to the next post on this blog.

Previously, only main architecture .iso image downloads from mirror.centos.org were redirected to isoredirect.centos.org, which then displayed the user a list of nearby external mirrors. We will shortly extend this configuration to cover AltArch image downloads as well, ie. direct AltArch image downloads from mirror.centos.org will no longer be possible. mirror.centos.org will still serve .rpm downloads for all architectures as before.

There are three reasons for the change. First, to save bandwidth from mirror.centos.org nodes directly managed by the CentOS Project. Most of these mirror.centos.org hosts are also used for seeding the 600+ external mirrors we have. By directing some of that .iso download traffic to external mirrors we can offer faster sync speeds for those external mirrors, and for people downloading individual rpms from mirror.centos.org. Second, most of those external mirrors offer faster download speeds to end users than what could be achieved by downloading from mirror.centos.org, so the users will benefit from this change as well. Finally, because there are much more external mirrors than mirror.centos.org  nodes, it is likely that your bits will need to travel a shorter path, conserving bandwidth globally.

The above change will be implemented some time between the releases of RHEL 7.6 and CentOS 7.6.18xx, so that external mirrors syncing CentOS 7.6.18xx content would not need to fight for bandwidth between AltArch .iso downloaders.

The other change, which has already been implemented, is related to how isoredirect.centos.org behaves when accessed with curl or wget. If you now do a wget http://isoredirect.centos.org/altarch/7/isos/i386/CentOS-7-i386-Everything-1804.iso, isoredirect will notice that you are trying to download the file and will redirect the request to the nearest external mirror. If you access the same URL with a regular browser, you will see a list of nearby mirrors from which you can pick your favourite mirror. wget will follow redirects by default, but curl needs a --location switch to follow redirects. If a filename is not specified, you will get a list of mirrors regardless of the browser used.

So, combining the effects of the above two changes: If you currently use some sort of a script that downloads AltArch .iso images from mirror.centos.org, those requests will soon be served by external mirrors instead of mirror.centos.org. In the case of wget you will only see one additional request and you probably don't need to change anything. If you use curl, you must add the --location switch to curl to follow the redirect issued by isoredirect.centos.org. If you want to eliminate one redirect, you can change mirror.centos.org to isoredirect.centos.org in your script. The rest of the URL is the same, ie. /altarch/<release>/isos/<arch>/<filename.iso or .raw.xz>

As an aside, even though mirror.centos.org nodes are managed by the CentOS Project, those servers and their hosting are donations from various organizations. If you think your organization could donate an additional server to share the load and to give us better geographical coverage, please see https://wiki.centos.org/Donate

If you have questions or concerns regarding this change, please let me know. Thanks!

Revamp CentOS Community Container Pipeline to run on OpenShift

October 08, 2018 08:19 PM

It's been over a year since we published anything about the CentOS Community Container Pipeline. Many interesting things have happened during the past year, many things have changed and there's a complete shift in the architecture of the service that's was rolled out over the last weekend.

Wait, I've never heard of this project

If this is the first time you're hearing about CentOS Community Container Pipeline project, it would be best to refer this blog post, or the GitHub repo of the project, or the wiki page. But to put it in short, the service does below things:

  • Pre-build the artifacts/binaries to be added to the container image
  • Lint the Dockerfile for adherence to best practices
  • Build the container image
  • Scan the image for:
    • available RPM updates
    • updates for packages installed via other package managers:
      • npm
      • pip
      • gem
    • Verify RPM installed files and binaries for integrity
    • point out capabilities of container created from the resulting image by examining RUN label in its Dockerfile
  • Weekly scanning of the container images using above scanners
  • Automatic rebuild of container image when the git repo is modified
  • Parent-child relationship between images to automatically trigger rebuild of child image when parent image gets updated
  • Repo tracking to automatically rebuild the container image in event of an RPM getting updated in any of its configured repos (not available yet in new architecture)
  • A UI that lists all the container images built with the service at registry.centos.org.

How did the old system work?

When we talked about the project at DevConf.cz '18, we received a positive response from the audience. However, at that time, we knew that our service couldn't handle more build requests and on-boarding more community projects would be counter-productive when our backend didn't have the ability to serve those requests.

Old implementation of the service had a lot of plumbing. There are workers written for most of the features mentioned above.

  • Pre-build happened on CentOS CI (ci.c.o) infrastructure.
  • Lint worker ran as a systemd service.
  • Build worker ran as a standalone container and triggered a build in an OpenShift cluster.
  • Scan worker ran as a systemd service and used atomic scan to scan the containers. This in turn spun up a few containers which we needed to delete along with their volumes to make sure that host system disk doesn’t get filled up.
  • Weekly scanning was a Jenkins job that checked against container index, registry.centos.org and underlying database of the service before triggering a weekly scan
  • Repo tracking was a Django project and heavily relied on database which we almost always failed to successfully migrate whenever the schema was changed. That's our shortcoming, not Django's. All these heterogeneous pieces talked through beanstalkd.

Everything was spread across different hosts and we were using really huge Ansible playbooks to bring up the service. A fresh deployment took 30 minutes on an average. Testing any change in dev environment would require us to do a redeployment of the service which took another 15 minutes on an average. Deploying and maintaining this service was quite a pain!

What did we do about these problems?

Since long time we were discussing about developing our service on top of OpenShift. Then, at some point, we read about OpenShift Pipeline and found it interesting. We took the plunge and came up with a proof of concept implementation of CentOS Community Container Pipeline on top of OpenShift OKD using Minishift. Results were exciting! We were able to do parallel builds of container image, Jenkins Pipelines orchestrated the flow really well, build times were faster, we didn't need to use beanstalkd at all and, most importantly, there was very less code written to get things done!

With the POC in place, we went ahead with developing more tangible service on top of a real OpenShift cluster instead of developing on top of Minishift. What used to be individual workers doing their thing in old system is now pretty much all inside OpenShift Pipeline.

We now have an OpenShift Pipeline for every project on CentOS Container Index that does Pre-build, Dockerfile lint, container image build, scan the container image and push it to external registry; all from a single container! We have another OpenShift Pipeline for every project to do their weekly scans. So instead of having five workers to do these tasks and communicate with each other via beanstalkd, we have orchestrated things through OpenShift Pipelines.

What are we working on now?

We don't have Repo tracking implemented in the new architecture yet. We don't have a UI for the users to take a look at their build logs or weekly scan logs either. We're initially focusing on getting the UI for logs up and then we will start working on Repo tracking.  We are also working on setting up a CI job that tests core parts of the service on Minishift so that anyone willing to take the service for a spin should literally be able to do it on a Minishift VM!

Let us know your thoughts!

This project is solely focused on making things easier for open-source projects and its developers. If you are working on an open-source project that's building on top of CentOS, we would like to know your thoughts. If you need help getting started, you can contact us on IRC (#centos-devel on Freenode) or take a look at project documentation.

Dharmit Shah (dharmit on #centos-devel IRC)

October 04, 2018

Updated CentOS Vagrant Images Available (v1809.01)

October 04, 2018 09:26 AM

We are pleased to announce new official Vagrant images of CentOS Linux 6.9 and CentOS Linux 7.5.1804 for x86_64 (based on the sources of RHEL 7.5). All included packages have been updated to September 30th, 2018.

Notable Changes

  1. The images now use the ext4 filesystem, instead of XFS. We have been getting unbootable images due to XFS corruption over the last few months (the journal appears to be zeroed out, for reasons we do not yet understand). This is why we haven't had any monthly releases since May - I'm still looking into what happens.
  2. The images now use a single partition, swapping into a preallocated 2GB file. This makes resizing the partition and/or swap easier than it was before, with separate partitions inside LVM.
  3. The CentOS Linux 7 image comes with open-vm-tools preinstalled, enabling it to work with VMware ESXi.

Known Issues

  1. The VirtualBox Guest Additions are not preinstalled; if you need them for shared folders, please install the vagrant-vbguest plugin and add the following line to your Vagrantfile:
    config.vm.synced_folder ".", "/vagrant", type: "virtualbox"

    We recommend using NFS instead of VirtualBox shared folders if possible; you can also use the vagrant-sshfs plugin, which, unlike NFS, works on all operating systems.

  2. Since the Guest Additions are missing, our images are preconfigured to use rsync for synced folders. Windows users can either use SMB for synced folders, or disable the sync directory by adding the line
    config.vm.synced_folder ".", "/vagrant", disabled: true

    to their Vagrantfile, to prevent errors on "vagrant up".

  3. Installing open-vm-tools is not enough for enabling shared folders with Vagrant’s VMware provider. Please follow the detailed instructions in https://github.com/mvermaes/centos-vmware-tools
  4. Some people reported "could not resolve host" errors when running the centos/7 image for VirtualBox on Windows hosts. We don't have access to any Windows computer, but some people reported that adding the following line to the Vagrantfile fixed the problem:
    vb.customize ["modifyvm", :id, "--natdnshostresolver1", "off"]

Recommended Setup on the Host

Our automatic testing is running on a CentOS Linux 7 host, using Vagrant 1.9.4 with vagrant-libvirt and VirtualBox 5.1.20 (without the Guest Additions) as providers. We strongly recommend using the libvirt provider when stability is required.

Downloads

The official images can be downloaded from Vagrant Cloud. We provide images for HyperV, libvirt-kvm, VirtualBox and VMware.

If you never used our images before:

vagrant box add centos/6 # for CentOS Linux 6, or...
vagrant box add centos/7 # for CentOS Linux 7

Existing users can upgrade their images:

vagrant box update --box centos/6
vagrant box update --box centos/7

Verifying the integrity of the images

The SHA256 checksums of the images are signed with the CentOS 7 Official Signing Key. First, download and verify the checksum file:

$ curl http://cloud.centos.org/centos/7/vagrant/x86_64/images/sha256sum.txt.asc -o sha256sum.txt.asc
$ gpg --verify sha256sum.txt.asc

Once you are sure that the checksums are properly signed by the CentOS Project, you have to include them in your Vagrantfile (Vagrant unfortunately ignores the checksum provided from the command line). Here's the relevant snippet from my own Vagrantfile, using v1803.01 and VirtualBox:

Vagrant.configure(2) do |config|
  config.vm.box = "centos/7"

  config.vm.provider :virtualbox do |virtualbox, override|
    virtualbox.memory = 1024
    override.vm.box_download_checksum_type = "sha256"
    override.vm.box_download_checksum = "b24c912b136d2aa9b7b94fc2689b2001c8d04280cf25983123e45b6a52693fb3"
    override.vm.box_url = "https://cloud.centos.org/centos/7/vagrant/x86_64/images/CentOS-7-x86_64-Vagrant-1803_01.VirtualBox.box"
  end
end

Feedback

If you encounter any unexpected issues with the Vagrant images, feel free to ask on the centos-devel mailing list, or in #centos on Freenode IRC.

Ackowledgements

I would like to warmly thank Brian Stinson, Fabian Arrotin and Thomas Oulevey for their work on the build infrastructure, as well as Patrick Lang from Microsoft for testing and feedback on the Hyper-V images. I would also like to thank the CentOS Project Lead, Karanbir Singh, without whose years of continuous support we wouldn't have had the Vagrant images in their present form.

I would also like to thank the following people (in alphabetical order):

  • Graham Mainwaring, for helping with tests and validations;
  • Michael Vermaes, for testing our official images, as well as for writing the detailed guide to using them with VMware Fusion Pro and VMware Workstation Pro;
  • Kirill Kalachev, for reporting and debugging the host name errors with VirtualBox on Windows hosts.

October 02, 2018

CentOS Pulse Newsletter, October 2018 (#1805)

October 02, 2018 07:37 AM

Dear CentOS enthusiast,

Here's what's been happening in the past month at CentOS

Releases and Updates

The following releases and updates happened in Setember. For each update, the given URL provides the notes about the change.

Errata and Enhancements Advisories

We issued the following CEEA (CentOS Errata and Enhancements Advisories) during September:

Errata and Security Advisories

We issued the following CESA (CentOS Errata and Security Advisories) during September:

Errata and Bugfix Advisories

We issued the following CEBA (CentOS Errata and Bugfix Advisories) during September:

Blog posts and news

If you're not watching the CentOS blog, you may be missing our periodic updates there. I'd like to particularly draw attention to two recent posts:

EPEL for armhfp - Pablo Greco posted about the work on armhfp in the EPEL repository.

New CentOS Pastebin Instance - John R. Dennison posted about the new CentOS pastebin, and the more modern functionality that comes with it.

If you'd like to post on the CentOS blog about work you're doing around the CentOS community, please don't hesitate to contact me directly, at rbowen@centosproject.org

SIG Updates

SIGs - Special Interest Groups - are where people work on the stuff that runs on top of CentOS. Here's some of the highlights from a few of our SIGs from the past month

Cloud SIG

The RDO project and the Cloud SIG participated in the OpenStack PTG (Project Teams Gathering) last month in Denver, and we anticipate seeing the interviews from that event start coming to the RDO YouTube channel in the coming weeks. They'll also be participating in the upcoming SIG day ahead of the CERN Dojo in October.

Events

In September, we had a table at ApacheCon in Montreal, Canada. CentOS is a platform which many open source projects use for development and testing, and the Apache community of projects is no exception. We had visits from representatives from several Apache projects, and talked about the CentOS CI infrastructure, and our SIGs.

October 12-13: In 2 weeks, CentOS will be sponsoring Ohio LinuxFest in Columbus, Ohio. OLF is an annual gathering of Linux and Open Source enthusiasts from Ohio and the greater Ohio Valley area. We are looking forward to conversations with attendees. If you'd like to volunteer some time to work the CentOS table, please contact me - rbowen@centosproject.org - to volunteer. Ohio LinuxFest will be held October 12-13 at the Hyatt Regency Columbus.

October 19th: In the third week of October, we'll be gathering at CERN for the annual CERN CentOS Dojo. Details and the event schedule are available on the event website. The event is free to attend, but you must register, in order to get through security at the front desk. That's October 19th at CERN!

October 22-24: CentOS will also have a presence at the Open Source Summit, in Edinburgh, Scotland. Drop by the Red Hat booth for all your CentOS sticker needs.

October 29-31: Finally, we'll also be at LISA/Usenix in Nashville, in the last week of October.

We look forward to meeting you at any or all of these venues!

Contributing to CentOS Pulse

We are always on the look-out for people who are interested in helping to:

  • report on CentOS community activity
  • provide a report from the SIG on which you participate
  • maintain a (sub-)section of the newsletter
  • write an article on an interesting person or topic
  • provide the hint, tip or trick of the month

Please see the page with further information about contributing. You can also contact the Promotion SIG, or just email Rich directly (rbowen@centosproject.org) with ideas or articles that you'd like to see in the next newsletter.


Powered by Planet!
Last updated: February 21, 2019 09:30 PM