Hi,
> On 26 Jul 2024, at 20:22, Josh Durgin <jdur...@redhat.com> wrote:
>
> We didn't want to stop building on Centos 8, but the way it went end of
> life and stopped doing any security updates forced our hand. See this
> thread for details [0].
>
> Essentially this made even building and testing with Centos 8 infeasible,
> so we suggest users migrate to Centos 9 (so they continue to get security
> updates) or run Ceph with containers.
>
> Josh
Personally, I don't understand how distribution security updates and package
build are related. Perhaps, it is not obvious from the developer's side, but
from the operational point of view it is not always possible to just take and
change the kernel. Because for Ceph to work, hardware is needed (surprise), let
me give you an example:
Imagine that you are in June 2023. You know for sure that the Reef release will
be available on CentOS-Stream 8 [1]. You decide to choose this distribution and
deploy it on the Pacific release, so that in 2025-2026 you can start the
transition to the Reef release, without changing the distribution. Later, in
2029, the plan may be revised. But not earlier. All this time, the selected
distribution will are completely satisfied, it does not matter at all whether
new "security updates" will be received or not, because the distribution has
exactly two tasks: to support the hardware and run Ceph.
A plan, budget and hardware are laid down. Everything is fine, the deployment
is in progress, the kernel works correctly. Now you are in July 2024, 0.15
Exabytes are deployed and a problem appears that leads to an interesting
situation:
* to change the distribution, you need to change the network adapters. More
precisely, 980 network cards (because there is no stable driver for newer
kernels [2]), this requires (excluding warehouse work, Ceph engineers, data
center engineers and delivery) - $245,000
* engineer's salary for 5 years, so no one will let you just spend money to
change one 10G network adapters to another 10G network adapters
* what will be done? local package builds
* what can an engineer do instead of organizing local package builds? Help the
Ceph community and make the backports. This is how open source works
I remind that for Ceph there has always been a concept of ABC testing [3], from
which it is obvious whether the packages were tested, or they are simply builds
and provided. The community highlights that the C option is much better than
the nothing option. The simplest fix of CentOS-Stream 8 distro/container build
is sed before first dnf command
sed -i -e 's|mirrorlist|#mirrorlist|g' \
-e
's|#baseurl=http://mirror.centos.org|baseurl=https://vault.centos.org|g' \
/etc/yum.repos.d/*.repo
Thanks,
k
[1] https://download.ceph.com/rpm-18.1.0/el8
[2] https://forums.developer.nvidia.com/t/mlnx-en-4-9-4-18-0-535-el8/279404/2
[3] https://docs.ceph.com/en/latest/start/os-recommendations/#platforms
_______________________________________________
ceph-users mailing list -- ceph-users@ceph.io
To unsubscribe send an email to ceph-users-le...@ceph.io
