centos / centos-infra-docs

Clone
Source Code
GIT

Files

master
  1.   master
  2.   docs
  3.   operations
  4.   intro.md
Text Blame History Raw

CentOS Operations guide

This section will list some of the operations that we have to automate to deploy/maintain/migrate/decommission services and/or infrastructure components used in the CentOS infra.

Supported Operating Systems in CentOS Infra

CentOS

It makes sense to use what we build and distribute and we've always relied on CentOS Linux for our own infrastructure. To deploy it we just use our own mirror.centos.org mirrors pool and internal mirrors.

Deployed and maintained versions (in ansible roles and repositories) :

  • CentOS Linux 7
  • CentOS Stream 8

Red Hat Enterprise Linux

We also started to deploy RHEL in parallel for some services that will have to stay longer available (starting from CentOS Stream, expected life time is ~5y, versus 10y for RHEL). We point to an internal mirror for deployments and also use some TLS certs (subscription) to access Red Hat CDN to get updates (or point also to internal mirror)

Deployed and maintained versions (in ansible roles and repositories) :

  • RHEL 8
  • RHEL 9

Note

See internal ansible inventory group_vars/all doc/notes/snippet around the rhel_* variables about how to use this, not covered in public documentation for obvious reasons

Refreshing RHEL mirror content for new major.minor releases

On the deployment mirrors that host installable trees for RHEL deployment (pxe based, through ansible) we need to manually refresh the content when there is a new major.minor release. One has just to connect on such mirrors and call (as root), the distributed script /usr/libexec/centos/pull_rhel_iso

That script needs some parameters so you'll need to connect to https://access.redhat.com with a valid user and then feed needed information to be able to download .iso for each arch/release :

/usr/libexec/centos/pull_rhel_iso 

This script will let you create installable tree for RHEL deployments
You'll need first to login to access.redhat.com to retrieve temporary download links for iso images
You need to call the script like this : /usr/libexec/centos/pull_rhel_iso -arguments

        -i : full path to iso image (required, default:none, don't forget to quote it)
        -v : RHEL version (required , default:none, example "8.5")
        -a : RHEL architecture for .iso
        -c : iso checksum from access.redhat.com for .iso (required , default:none, )
        -h : display this help

Keeping internal mirror up2date for RHEL

In the centos infra, we can either use internal mirror (to speed up updates accross internal fleet) or just use the classical Red Hat CDN. It's all defined through ansible (see note before about group_vars/host_vars) The internal mirrors have distributed script/template that would fetch/reposync repositories for all used versions/releases/architectures

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation