[LINUX] Play with CentOS 8

DMM.com Advent Calendar 2019 This is the article on the 17th day.

My name is @sinnershiki and I am in charge of the infrastructure for DMM video distribution.

Last year's DMM.com Advent Calendar did StackStorm Introductory Story, but this year I would like to introduce CentOS 8 released in September. I will.

Summary of major changes

Differences between CentOS 8 and CentOS 7, be careful of yum and middleware

As introduced above, I think the following three are famous for middleware-like changes.

However, since the difference when actually using it is not known from this alone, I would like to try it from the OS installation.

Also, I would like to mention a little about the change in the default of python that I personally care about from 2 series to 3 series.

environment

This time, I would like to play in various environments, so I would like to start by putting the OS on an appropriate server and also play with vagrant's bento / centos-8 image.

Environment 1

A suitable server that was left over

Environment 2

vagrant

https://app.vagrantup.com/bento/boxes/centos-8

Vagrant.configure("2") do |config|
  config.vm.box = "bento/centos-8"
end

Installation

I tried OS installation on a suitable server. It was okay to use a VM separately, but there was a surplus.

There were no major changes, and the selection of the Software installation part changed so much? It was about.

スクリーンショット 2019-10-17 16.44.03.png スクリーンショット 2019-10-17 16.47.57.png

Disk allocation automatic generation did not change significantly スクリーンショット 2019-10-17 16.49.35.png

By the way, due to the big change in the software selection items, I couldn't figure out where the network-script was, and when I entered it without checking anything, the server without the network-script came up.

I wonder if I have to operate NetworkManager properly in earnest.

% systemctl status network
Unit network.service could not be found.

dnf

From here on, I'd like to basically go to Vagrant environment.

An alternative to yum, yum runs on python2, while dnf runs on python3. However, the yum command can still be used. Because it seems to be an alias for dnf. So, I felt that there wasn't much change in usage compared to yum for normal use.

DNF Command Reference

The following is the command when tmux is inserted with dnf as a trial.

[root@vm01 ~]# which dnf
/usr/bin/dnf
[root@vm01 ~]# which yum
/usr/bin/yum
[root@vm01 ~]# ls -la /usr/bin/yum
lrwxrwxrwx. 1 root root 5 May 13  2019 /usr/bin/yum -> dnf-3
[root@vm01 ~]# dnf search tmux
Last metadata expiration check: 0:00:22 ago on Sun 15 Dec 2019 01:35:52 PM UTC.
============================ Name Exactly Matched: tmux =============================
tmux.x86_64 : A terminal multiplexer
tmux.i686 : A terminal multiplexer
tmux.x86_64 : A terminal multiplexer
[root@vm01 ~]# dnf install -y tmux
Datadog, Inc.                                         23 kB/s | 2.5 kB     00:00
CentOS-8 - AppStream                                 1.4 MB/s | 6.3 MB     00:04
CentOS-8 - Base                                      1.7 MB/s | 7.9 MB     00:04
CentOS-8 - Extras                                    791  B/s | 2.1 kB     00:02
Dependencies resolved.
=====================================================================================
 Package          Arch               Version                Repository          Size
=====================================================================================
Installing:
 tmux             x86_64             2.7-1.el8              BaseOS             317 k

Transaction Summary
=====================================================================================
Install  1 Package

Total download size: 317 k
Installed size: 781 k
Downloading Packages:
tmux-2.7-1.el8.x86_64.rpm                            285 kB/s | 317 kB     00:01
-------------------------------------------------------------------------------------
Total                                                119 kB/s | 317 kB     00:02
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                             1/1
  Installing       : tmux-2.7-1.el8.x86_64                                       1/1
  Running scriptlet: tmux-2.7-1.el8.x86_64                                       1/1
  Verifying        : tmux-2.7-1.el8.x86_64                                       1/1

Installed:
  tmux-2.7-1.el8.x86_64

Complete!
[root@vm01 ~]# dnf list --installed | grep tmux
tmux.x86_64                          2.7-1.el8                             @BaseOS

About adding a repository to dnf

DNF Configuration Reference

Basically it seems to read /etc/yum.repo.d/*.repo. There is no difference with yum here either. It is said that it will be read even if it is described in /etc/dnf/dnf.conf. The repository settings are usually done in yum.repo.d, and the priority is also higher in yum.repo.d, so the handling of repo files is the same as yum. What will happen after dnf has penetrated this?

Below is the addition of the CentOS epel repository. If you install epel-release as usual, it will be installed, so it will not change even if it becomes dnf.

[root@vm01 ~]# dnf install epel-release
Last metadata expiration check: 0:12:21 ago on Sun 15 Dec 2019 01:35:52 PM UTC.
Dependencies resolved.
=====================================================================================
 Package                Arch             Version              Repository        Size
=====================================================================================
Installing:
 epel-release           noarch           8-5.el8              extras            22 k

Transaction Summary
=====================================================================================
Install  1 Package

Total download size: 22 k
Installed size: 30 k
Is this ok [y/N]: y
Downloading Packages:
epel-release-8-5.el8.noarch.rpm                       21 kB/s |  22 kB     00:01
-------------------------------------------------------------------------------------
Total                                                9.5 kB/s |  22 kB     00:02
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                             1/1
  Installing       : epel-release-8-5.el8.noarch                                 1/1
  Running scriptlet: epel-release-8-5.el8.noarch                                 1/1
  Verifying        : epel-release-8-5.el8.noarch                                 1/1

Installed:
  epel-release-8-5.el8.noarch

Complete!
[root@vm01 ~]# ls -la /etc/yum.repos.d/epel.repo
-rw-r--r--. 1 root root 1206 Aug  6 18:17 /etc/yum.repos.d/epel.repo
[root@vm01 ~]# cat /etc/yum.repos.d/epel.repo
[epel]
name=Extra Packages for Enterprise Linux $releasever - $basearch
#baseurl=https://download.fedoraproject.org/pub/epel/$releasever/Everything/$basearch
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever

[epel-debuginfo]
name=Extra Packages for Enterprise Linux $releasever - $basearch - Debug
#baseurl=https://download.fedoraproject.org/pub/epel/$releasever/Everything/$basearch/debug
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-$releasever&arch=$basearch&infra=$infra&content=$contentdir
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever
gpgcheck=1

[epel-source]
name=Extra Packages for Enterprise Linux $releasever - $basearch - Source
#baseurl=https://download.fedoraproject.org/pub/epel/$releasever/Everything/SRPMS
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-source-$releasever&arch=$basearch&infra=$infra&content=$contentdir
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever
gpgcheck=1

iptables

As mentioned at the beginning, iptables has been replaced with nftables. The back side of firewalld has also changed from iptables to nftables, but there seemed to be no particular problems in operating firewalld.

In addition, iptables is not completely unusable, it seems that it can be used if it is installed.

So, if you don't want to change your operations right away, you can extend your life. I'm wondering if it's good or not ...

[root@vm01 ~]# dnf install -y  iptables-services
Last metadata expiration check: 1:20:15 ago on Mon 16 Dec 2019 01:11:06 AM UTC.
Dependencies resolved.
=====================================================================================
 Package                  Arch          Version                  Repository     Size
=====================================================================================
Installing:
 iptables-services        x86_64        1.8.2-9.el8_0.1          BaseOS         58 k

Transaction Summary
=====================================================================================
Install  1 Package

Total download size: 58 k
Installed size: 20 k
Downloading Packages:
iptables-services-1.8.2-9.el8_0.1.x86_64.rpm         691 kB/s |  58 kB     00:00
-------------------------------------------------------------------------------------
Total                                                 42 kB/s |  58 kB     00:01
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                             1/1
  Installing       : iptables-services-1.8.2-9.el8_0.1.x86_64                    1/1
  Running scriptlet: iptables-services-1.8.2-9.el8_0.1.x86_64                    1/1
  Verifying        : iptables-services-1.8.2-9.el8_0.1.x86_64                    1/1

Installed:
  iptables-services-1.8.2-9.el8_0.1.x86_64

Complete!
[root@vm01 ~]# systemctl stop firewalld nftables
[root@vm01 ~]# systemctl disable firewalld nftables
[root@vm01 ~]# systemctl enable iptables
Created symlink /etc/systemd/system/basic.target.wants/iptables.service → /usr/lib/systemd/system/iptables.service.
[root@vm01 ~]# systemctl start iptables
[root@vm01 ~]# iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

python

Until now, CentOS had yum running on python, so python was included by default and python commands could be used.

[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 7.5.1804 (Core)
[root@localhost ~]# python -V
Python 2.7.5

However, in CentOS8, the python command is not actually in the path by default. It should be used by dnf, so it exists, so let's explore its location.

[root@vm01 ~]# cat /etc/redhat-release
CentOS Linux release 8.0.1905 (Core)
[root@vm01 ~]# python -V
-bash: python: command not found
[root@vm01 ~]# head /usr/bin/dnf
#!/usr/libexec/platform-python
# The dnf executable script.
#
# Copyright (C) 2012-2016 Red Hat, Inc.
#
# This copyrighted material is made available to anyone wishing to use,
# modify, copy, or redistribute it subject to the terms and conditions of
# the GNU General Public License v.2, or (at your option) any later version.
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY expressed or implied, including the implied warranties of
[root@vm01 ~]# ls -la /usr/libexec/platform-python
lrwxrwxrwx. 1 root root 20 Oct  7 18:00 /usr/libexec/platform-python -> ./platform-python3.6
[root@vm01 ~]# /usr/libexec/platform-python -V
Python 3.6.8

Well, I found out that python is in / usr / libexec / platform-python like this. Actually, it affects some software and up to 2.7 series of ansible does not work by default due to this influence. Starting with ansible 2.8.0, the default python is available as in ChangeLog. If not, it seems that there is a specification to search for that place.

% ansible -i inventory all -m ping
vm01 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}

If you want to run ansible 2.7 series or lower for CentOS8, you should specify the parameter ansible_python_interpreter. is.

% ansible --version
ansible 2.7.10
  ansible python module location = /opt/rh/python27/root/usr/lib/python2.7/site-packages/ansible
  executable location = /opt/rh/python27/root/usr/bin/ansible
  python version = 2.7.13 (default, Apr 12 2017, 06:53:51) [GCC 4.4.7 20120313 (Red Hat 4.4.7-18)]
% ansible -i inventory all -m shell -a "cat /etc/redhat-release" -kK
SSH password:
SUDO password[defaults to SSH password]:
server | FAILED! => {
    "changed": false,
    "module_stderr": "Shared connection to xxx.xxx.xxx.xxx closed.\r\n",
    "module_stdout": "/bin/sh: /usr/bin/python: No such file or directory\r\n",
    "msg": "The module failed to execute correctly, you probably need to set the interpreter.\nSee stdout/stderr for the exact error",
    "rc": 127
}
% ansible -i inventory all -m shell -a "cat /etc/redhat-release" -kK --extra-vars='ansible_python_interpreter=/usr/libexec/platform-python'
SSH password:
SUDO password[defaults to SSH password]:
server | CHANGED | rc=0 >>
CentOS Linux release 8.0.1905 (Core)

Summary

Actually, I wanted to do something like clearing up the problem that datadog did not work when I verified it at the time of release or searching for the cause, but as expected, it was firmly dealt with two months after the release.

So, I think that the environment has become quite usable at present, so I think it's time to start using CentOS 8 in earnest.

CentOS7 can still be used, but the EOL [^ EOL] of CentOS6 is approaching, and I would like to use a new OS. [^ EOL]: EOL on CentOS 6 is November 30th, 2020

Recommended Posts

Play with CentOS 8
Play with Prophet
Play with PyTorch
CentOS8 --Play --Django
Play with 2016-Python
Play with Pyramid
Play with Fathom
Play with Othello (Reversi)
Let's play with 4D 4th
Let's play with Amedas data-Part 1
Play with reinforcement learning with MuZero
Play with push notifications with imap4lib
Play around with Linux partitions
Let's play with Amedas data-Part 4
Play RocketChat with API / Python
Let's play with Amedas data-Part 3
Let's play with Amedas data-Part 2
Play with ASE MD module
Play with A3RT (Text Suggest)
Use pyright with CentOS7, emacs lsp-mode
Play with numerical calculation of magnetohydrodynamics
Play with a turtle with turtle graphics (Part 1)
Play with Poincare series and SymPy
Server construction with CONOHA VPS (CentOS)
Play with Pythonista UI implementation [Action implementation]
Play with PIR sensor module [DSUN-PIR]
Python3 environment construction with pyenv-virtualenv (CentOS 7.3)
Using Chainer with CentOS7 [Environment construction]
Spark play with WSL anaconda jupyter (2)
Play with Turtle on Google Colab
Play with demons because it's setsubun
Play video with sound with python !! (tkinter / imageio)
[Introduction to WordCloud] Let's play with scraping ♬
Join CentOS 8.3 with SSSD to Active Directory
Play audio files from Python with interrupts
Play like a web app with ipywidgets
Play around with the pythonista3 ui module
Run Keras with CNTK backend from CentOS
A memo with Python2.7 and Python3 on CentOS
I want to play with aws with python
CentOS 6.4 with Python 2.7.3 with Apache with mod_wsgi and Django
Server construction with CONOHA VPS (CentOS)
Install Mecab on Linux (CentOS) with brew
Play with Pythonista UI implementation [Screen elements]
Play with MoleculeNet's PDBBind and DeepChem's RDKitGridFeaturizer
Play audio files with interrupts using PyAudio
Play with puns using the COTOHA API
Load csv with pandas and play with Index
Build CentOS 8 on ESXi 6.7 with minimal configuration
CentOS 7: Enable pyenv with Apache (httpd) CGI
How to install python3 with docker centos
Python hand play (let's get started with AtCoder?)
[REAPER] How to play with Reascript in Python
Start Caddy with docker without putting Caddy in CentOS8
Play with Google Spread Sheets in python (OAuth)
[Piyopiyokai # 1] Let's play with Lambda: Creating a Lambda function
VM cannot boot with specific kernel of CentOS7
Build a python environment with ansible on centos6
Play with Lambda layer (python) for about 5 minutes
I wanted to play with the Bezier curve
Understand grid points and play with contour lines.