[LINUX] Play with CentOS 8
DMM.com Advent Calendar 2019 This is the article on the 17th day.
My name is @sinnershiki and I am in charge of the infrastructure for DMM video distribution.
Last year's DMM.com Advent Calendar did StackStorm Introductory Story, but this year I would like to introduce CentOS 8 released in September. I will.
Summary of major changes
Differences between CentOS 8 and CentOS 7, be careful of yum and middleware
As introduced above, I think the following three are famous for middleware-like changes.
- yum -> dnf
- ntp -> chrony
- iptables -> nftables
However, since the difference when actually using it is not known from this alone, I would like to try it from the OS installation.
Also, I would like to mention a little about the change in the default of python that I personally care about from 2 series to 3 series.
environment
This time, I would like to play in various environments, so I would like to start by putting the OS on an appropriate server and also play with vagrant's bento / centos-8 image.
Environment 1
A suitable server that was left over
Environment 2
vagrant
https://app.vagrantup.com/bento/boxes/centos-8
Vagrant.configure("2") do |config|
config.vm.box = "bento/centos-8"
end
Installation
I tried OS installation on a suitable server. It was okay to use a VM separately, but there was a surplus.
There were no major changes, and the selection of the Software installation part changed so much? It was about.
Disk allocation automatic generation did not change significantly
By the way, due to the big change in the software selection items, I couldn't figure out where the network-script was, and when I entered it without checking anything, the server without the network-script came up.
I wonder if I have to operate NetworkManager properly in earnest.
% systemctl status network
Unit network.service could not be found.
dnf
From here on, I'd like to basically go to Vagrant environment.
An alternative to yum, yum runs on python2, while dnf runs on python3. However, the yum command can still be used. Because it seems to be an alias for dnf. So, I felt that there wasn't much change in usage compared to yum for normal use.
The following is the command when tmux is inserted with dnf as a trial.
[root@vm01 ~]# which dnf
/usr/bin/dnf
[root@vm01 ~]# which yum
/usr/bin/yum
[root@vm01 ~]# ls -la /usr/bin/yum
lrwxrwxrwx. 1 root root 5 May 13 2019 /usr/bin/yum -> dnf-3
[root@vm01 ~]# dnf search tmux
Last metadata expiration check: 0:00:22 ago on Sun 15 Dec 2019 01:35:52 PM UTC.
============================ Name Exactly Matched: tmux =============================
tmux.x86_64 : A terminal multiplexer
tmux.i686 : A terminal multiplexer
tmux.x86_64 : A terminal multiplexer
[root@vm01 ~]# dnf install -y tmux
Datadog, Inc. 23 kB/s | 2.5 kB 00:00
CentOS-8 - AppStream 1.4 MB/s | 6.3 MB 00:04
CentOS-8 - Base 1.7 MB/s | 7.9 MB 00:04
CentOS-8 - Extras 791 B/s | 2.1 kB 00:02
Dependencies resolved.
=====================================================================================
Package Arch Version Repository Size
=====================================================================================
Installing:
tmux x86_64 2.7-1.el8 BaseOS 317 k
Transaction Summary
=====================================================================================
Install 1 Package
Total download size: 317 k
Installed size: 781 k
Downloading Packages:
tmux-2.7-1.el8.x86_64.rpm 285 kB/s | 317 kB 00:01
-------------------------------------------------------------------------------------
Total 119 kB/s | 317 kB 00:02
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : tmux-2.7-1.el8.x86_64 1/1
Running scriptlet: tmux-2.7-1.el8.x86_64 1/1
Verifying : tmux-2.7-1.el8.x86_64 1/1
Installed:
tmux-2.7-1.el8.x86_64
Complete!
[root@vm01 ~]# dnf list --installed | grep tmux
tmux.x86_64 2.7-1.el8 @BaseOS
About adding a repository to dnf
Basically it seems to read /etc/yum.repo.d/*.repo. There is no difference with yum here either. It is said that it will be read even if it is described in /etc/dnf/dnf.conf.
The repository settings are usually done in yum.repo.d, and the priority is also higher in yum.repo.d, so the handling of repo files is the same as yum.
What will happen after dnf has penetrated this?
Below is the addition of the CentOS epel repository. If you install epel-release as usual, it will be installed, so it will not change even if it becomes dnf.
[root@vm01 ~]# dnf install epel-release
Last metadata expiration check: 0:12:21 ago on Sun 15 Dec 2019 01:35:52 PM UTC.
Dependencies resolved.
=====================================================================================
Package Arch Version Repository Size
=====================================================================================
Installing:
epel-release noarch 8-5.el8 extras 22 k
Transaction Summary
=====================================================================================
Install 1 Package
Total download size: 22 k
Installed size: 30 k
Is this ok [y/N]: y
Downloading Packages:
epel-release-8-5.el8.noarch.rpm 21 kB/s | 22 kB 00:01
-------------------------------------------------------------------------------------
Total 9.5 kB/s | 22 kB 00:02
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : epel-release-8-5.el8.noarch 1/1
Running scriptlet: epel-release-8-5.el8.noarch 1/1
Verifying : epel-release-8-5.el8.noarch 1/1
Installed:
epel-release-8-5.el8.noarch
Complete!
[root@vm01 ~]# ls -la /etc/yum.repos.d/epel.repo
-rw-r--r--. 1 root root 1206 Aug 6 18:17 /etc/yum.repos.d/epel.repo
[root@vm01 ~]# cat /etc/yum.repos.d/epel.repo
[epel]
name=Extra Packages for Enterprise Linux $releasever - $basearch
#baseurl=https://download.fedoraproject.org/pub/epel/$releasever/Everything/$basearch
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever
[epel-debuginfo]
name=Extra Packages for Enterprise Linux $releasever - $basearch - Debug
#baseurl=https://download.fedoraproject.org/pub/epel/$releasever/Everything/$basearch/debug
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-$releasever&arch=$basearch&infra=$infra&content=$contentdir
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever
gpgcheck=1
[epel-source]
name=Extra Packages for Enterprise Linux $releasever - $basearch - Source
#baseurl=https://download.fedoraproject.org/pub/epel/$releasever/Everything/SRPMS
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-source-$releasever&arch=$basearch&infra=$infra&content=$contentdir
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever
gpgcheck=1
iptables
As mentioned at the beginning, iptables has been replaced with nftables. The back side of firewalld has also changed from iptables to nftables, but there seemed to be no particular problems in operating firewalld.
In addition, iptables is not completely unusable, it seems that it can be used if it is installed.
So, if you don't want to change your operations right away, you can extend your life. I'm wondering if it's good or not ...
[root@vm01 ~]# dnf install -y iptables-services
Last metadata expiration check: 1:20:15 ago on Mon 16 Dec 2019 01:11:06 AM UTC.
Dependencies resolved.
=====================================================================================
Package Arch Version Repository Size
=====================================================================================
Installing:
iptables-services x86_64 1.8.2-9.el8_0.1 BaseOS 58 k
Transaction Summary
=====================================================================================
Install 1 Package
Total download size: 58 k
Installed size: 20 k
Downloading Packages:
iptables-services-1.8.2-9.el8_0.1.x86_64.rpm 691 kB/s | 58 kB 00:00
-------------------------------------------------------------------------------------
Total 42 kB/s | 58 kB 00:01
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : iptables-services-1.8.2-9.el8_0.1.x86_64 1/1
Running scriptlet: iptables-services-1.8.2-9.el8_0.1.x86_64 1/1
Verifying : iptables-services-1.8.2-9.el8_0.1.x86_64 1/1
Installed:
iptables-services-1.8.2-9.el8_0.1.x86_64
Complete!
[root@vm01 ~]# systemctl stop firewalld nftables
[root@vm01 ~]# systemctl disable firewalld nftables
[root@vm01 ~]# systemctl enable iptables
Created symlink /etc/systemd/system/basic.target.wants/iptables.service → /usr/lib/systemd/system/iptables.service.
[root@vm01 ~]# systemctl start iptables
[root@vm01 ~]# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
python
Until now, CentOS had yum running on python, so python was included by default and python commands could be used.
[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 7.5.1804 (Core)
[root@localhost ~]# python -V
Python 2.7.5
However, in CentOS8, the python command is not actually in the path by default. It should be used by dnf, so it exists, so let's explore its location.
[root@vm01 ~]# cat /etc/redhat-release
CentOS Linux release 8.0.1905 (Core)
[root@vm01 ~]# python -V
-bash: python: command not found
[root@vm01 ~]# head /usr/bin/dnf
#!/usr/libexec/platform-python
# The dnf executable script.
#
# Copyright (C) 2012-2016 Red Hat, Inc.
#
# This copyrighted material is made available to anyone wishing to use,
# modify, copy, or redistribute it subject to the terms and conditions of
# the GNU General Public License v.2, or (at your option) any later version.
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY expressed or implied, including the implied warranties of
[root@vm01 ~]# ls -la /usr/libexec/platform-python
lrwxrwxrwx. 1 root root 20 Oct 7 18:00 /usr/libexec/platform-python -> ./platform-python3.6
[root@vm01 ~]# /usr/libexec/platform-python -V
Python 3.6.8
Well, I found out that python is in / usr / libexec / platform-python like this. Actually, it affects some software and up to 2.7 series of ansible does not work by default due to this influence.
Starting with ansible 2.8.0, the default python is available as in ChangeLog. If not, it seems that there is a specification to search for that place.
% ansible -i inventory all -m ping
vm01 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
If you want to run ansible 2.7 series or lower for CentOS8, you should specify the parameter ansible_python_interpreter. is.
% ansible --version
ansible 2.7.10
ansible python module location = /opt/rh/python27/root/usr/lib/python2.7/site-packages/ansible
executable location = /opt/rh/python27/root/usr/bin/ansible
python version = 2.7.13 (default, Apr 12 2017, 06:53:51) [GCC 4.4.7 20120313 (Red Hat 4.4.7-18)]
% ansible -i inventory all -m shell -a "cat /etc/redhat-release" -kK
SSH password:
SUDO password[defaults to SSH password]:
server | FAILED! => {
"changed": false,
"module_stderr": "Shared connection to xxx.xxx.xxx.xxx closed.\r\n",
"module_stdout": "/bin/sh: /usr/bin/python: No such file or directory\r\n",
"msg": "The module failed to execute correctly, you probably need to set the interpreter.\nSee stdout/stderr for the exact error",
"rc": 127
}
% ansible -i inventory all -m shell -a "cat /etc/redhat-release" -kK --extra-vars='ansible_python_interpreter=/usr/libexec/platform-python'
SSH password:
SUDO password[defaults to SSH password]:
server | CHANGED | rc=0 >>
CentOS Linux release 8.0.1905 (Core)
Summary
Actually, I wanted to do something like clearing up the problem that datadog did not work when I verified it at the time of release or searching for the cause, but as expected, it was firmly dealt with two months after the release.
So, I think that the environment has become quite usable at present, so I think it's time to start using CentOS 8 in earnest.
CentOS7 can still be used, but the EOL [^ EOL] of CentOS6 is approaching, and I would like to use a new OS. [^ EOL]: EOL on CentOS 6 is November 30th, 2020
Recommended Posts