auto sync

Hello,

I’ve been deploying centos7 images with MAAS for the last few months. When centos7.8 was released, our centos7 image auto synced and went from centos7.7 to centos7.8 right underneath us.

This broke quite a few things.

We have now been running centos7.8 from the auto-synced centos7 image MAAS gets from simplestreams for the last few months. We have adjusted our driver builds and other software to accommodate the changes in requirements, kernels, and package versions that came along with centos7.8. Everything was looking good until I went to stand up some servers today and none of my drivers would work or install. After some troubleshooting I realized that my nodes were all running centos7.6.

How can we get ourselves out of this auto-syncing madness that is now controlling our lives?

In part, to avoid this happening again, it looks like we need to host our own simplestreams mirror and images as mentioned here, but I think there is something else going on. We shouldn’t be getting centos7.6 images today when yesterday we were getting centos7.8.

@ltrager any thoughts on how I might dig in further here?

@ltrager I have filed this bug in relation to the issue of differing images.

It also sounds like we need to support the minor versions of CentOS explicitly, so people choose the version they deploy.

2 Likes

MAAS aims to provide an up to date, secure, environment, as soon as an operating system is deployed. This isn’t possible to do with CentOS point releases as they are no longer supported upstream.

From https://wiki.centos.org/Download

The CentOS project does not offer any of the various approaches to extended life for an earlier point release which its upstream occasionally does for its subscribing clientèle. Once a new point release is issued (say: 6.3, following 6.2), no further source packages (from which updates can be built) are released for the earlier version and therefore CentOS is no longer able to produce security or other updates. After a transition interval of a few weeks, the old point version binaries are moved to the vault.

If there is a specific version you need to use I would suggest building a custom image with Packer-MAAS. You’ll have to reconfigure the kickstart file to use the repositories from the DVD. Kickstart will also configure the image to use the latest package repositories, you’ll have to manually reconfigure them to use vault.centos.org to ensure the image isn’t updated. Keep in mind while this will work to lock your CentOS minor version you will not receive security updates leaving your environment vulnerable.

2 Likes