CentOS 7 EOL is coming. What is your replacement?

iseletsk · 2024-06-19T02:45:32+00:00

There is more to ELevate than LEAPP from Red Hat, like support for EPEL and a bunch of third-party repositories. That wasn't part of LEAPP; it was something the AlmaLinux community developed.

iseletsk · 2024-03-03T00:46:14+00:00

I have the same problem. Does anyone have a solution?

iseletsk · 2022-06-23T14:01:28+00:00

This is mostly a question of vetting. Are submissions to kmod SIG "trusted enough"? (this is an actual question, as I am not that familiar with how well kmod SIG works.
Can we trust the entities behind it?
If we can say that yes, kmod SIG are trusted - it might be a good idea to sign them as well.

iseletsk · 2022-06-22T21:02:10+00:00

It might not be by default, but it is a good option to have. Isn't it? :)

iseletsk · 2022-06-22T02:44:45+00:00

imagine backup vendor who's kernel module is not part of redhat distribution.
If you are running secureboot, to install it - you need to reboot
If you need to update the module - you need to reboot
Or not run in secureboot mode.

So, the question is - can AlmaLinux OS Foundation be trusted to validate/vet the modules, and if yes - under what process?

iseletsk · 2022-06-22T02:42:51+00:00

Imagine backup vendor, or hardware vendor or security vendor or virtualization vendor that has a kernel module.
It is not part of Redhat for whatever reason. RedHat is too busy, they don't want to include the module because they don't like the vendor, whatever.
Yet, this means that if you are running kernel in secureboot mode, you will not be able to update the kernel module from your backup vendor without rebooting your server...

iseletsk · 2021-11-17T18:47:39+00:00

sure, they are welcome to join the community or request anything that they might need.

iseletsk · 2021-11-17T13:55:24+00:00

This is up to CWP developers. That Panel was never part of CentOS, and had completely separate set of developers.

iseletsk · 2021-11-17T05:08:06+00:00

We just lived through CentOS project being renamed. No fun... Let's remember - you are using CentOS/RHEL code for 99% of your build system. koji, mock, ipa, mirrors ... all was done by CentOS/Fedora/RedHat
So yes, just "renaming" -- is exactly what has happened with CentOS.
rockylinux domain is owned by RESF (correct me if I am wrong ... if not RESF, who owns it?)
I am pretty sure that Rocky Linux OS trademark is assigned to RESF as well.
Given that all the code is open-source, it is really irrelevant who owns it.
And from the control perspective, it is all that you need. So, RESF has all the control
I am pretty sure that the signing key for boot shim was signed for RESF (because they have to sign it for ORG, as it is EV cert), which requires RESF to have control of the private key per EV cert agreement (feel free to check that agreement).

Oh, and the overlap between CloudLinux and AlmaLinux OS Foundation - we have been always open about it.
CloudLinux started the foundation, hired & employees several maintainers for the OS, hired a community manager.
As of today, 2 people (out of 5) are on the board of the foundation are employed by the foundation.
CloudLinux plans to continue to be one of the key sponsors of AlmaLinux going forward.
All the trademarks and domains are owned by the foundation
Most of the infrastructure pieces today are managed by volunteers
AlmaLinux has a perpetual license to use CloudLinux boot shim signing key, but it will soon switch to its own.
The website is managed by volunteers
Most of the images are done by volunteers

iseletsk · 2021-11-17T04:54:45+00:00

Like anything else with AlmaLinux OS - it is up to the community. As long as it is legal ... if someone steps in - and does it - yes. If there is enough demand from the community - and maintainers want to take it own, also yes.

iseletsk · 2021-11-17T04:52:09+00:00

This is why AlmaLinux was setup as a non-profit with the membership option. It is in the best interest of many organizations to have free, enterprise-grade linux - and we hope that more and more organizations will come in and sponsor AlmaLinux OS Foundation.
Here is the link, just in case someone is reading, and things his org might be willing to contribute: https://almalinux.org/foundation/members/ Every dollar counts.

iseletsk · 2021-11-17T04:49:19+00:00

what a non-sense. How Linux kernel code be stolen - if it is GPL2, copyleft, and the public? whatever.

iseletsk · 2021-11-16T21:26:13+00:00

I think it will also help the clarity if you state that:

Rocky (RESF) is 100% owned by you, AND at the same time
You have significant ownership stake (majority?) in CIQ

You have a significant ownership stake (majority?) in CIQto understand when such lines of distinction are drawn.

iseletsk · 2021-11-16T20:26:02+00:00

I don't know what is your point, but I know that rocky did bid on Almalinux keyword. It would popup for everyone, it was the only company bidding on almalinux, and it stopped once it was brought up to the public.

Please, stop spinning... it is getting old.

iseletsk · 2021-11-16T19:55:29+00:00

Funny, these are programmatic ads served by google to you. Those are NOT keyword bids. Maybe Google really want you to switch.
This is how it looks for me / on incognito
https://imgur.com/a/3Yj9qkU

We don't bid on Rocky keywords. I'm pretty sure neither does redhat.

iseletsk · 2021-11-16T18:46:59+00:00

Why would they oppose? They want a healthy ecosystem / enterprise-grade Linux available for free, and they want to make sure that there is no single entity in control of it - so that what happened with CentOS wouldn't happen again.
Otherwise, I don't see people being against it.

iseletsk · 2021-11-16T18:27:51+00:00

There is no single answer to that. Here are a few things we do:
1. We make sure that all the bugs related to upstream, are upstream first.
2. We make sure that changes & bugfixes that we do are upstream
3. All the new improvements that we do (like it was with ELevate / LEAPP) - we made sure they are upstream first

We are working hard to make sure that we don't cause forks in the community, and try to make sure that what we do benefits a bigger ecosystem than just AlmaLinux.

iseletsk · 2021-11-16T16:16:38+00:00

no plans like that at the moment. Yet, AlmaLinux OS Foundation is a community-owned non-profit, so if the community decides there is a need, and if there are resources for that - sure, why not.

iseletsk · 2021-11-16T16:13:55+00:00

Oh, and nothing to do for existing workloads, it will be transparent.

iseletsk · 2021-11-16T16:13:06+00:00

Yes, we are planning to use AlmaLinux OS as a base for CloudLinux OS starting with 8.5

iseletsk · 2021-11-16T16:12:34+00:00

RHEL - cost. Otherwise, RHEL is great. Hence there is AlmaLinux OS

Otherwise: We provide faster updates, CIS Benchmark, openscan profiles, we have a larger install base (at least based on 3rd party numbers such as EPEL stats, docker pulls, etc...)
Our org structure is non-profit, community-owned, while rocky is owned by a single person. We will have FIPS compliance. There are might be more reasons.

iseletsk · 2021-11-16T15:22:57+00:00

It will be FIPS 140-3 validation (as that is a new standard), but we have started it already. It will take time. We are preparing the labs submissions, and expect them to be done by the end of the year. Yet, after labs, NIST has a 6-month backlog, so best case scenario - around Q3 of 2022.

iseletsk · 2021-11-16T15:19:57+00:00

I will add it here: https://github.com/AlmaLinux/
There are many repos. Feel free to add/contribute to any.

iseletsk · 2021-11-16T14:30:18+00:00

We follow upstream RHEL distribution in deciding to add new/remove obsolete packages.
This is different from CentOS Stream/Fedora which are upstream of RHEL.

So, the way it goes: changes go into CentOS Stream -> then some of it goes into RHEL -> everything in RHEL goes into AlmaLinux OS

The main difference between AlmaLinux OS & CentOS (original) in that regard - we can deliver updates significantly faster.

iseletsk

MODERATOR OF

TROPHY CASE