[lug] Thoughts on upgrading to CentOS 7

[Rob Nagler]

I've been in a very long process of upgrading from CentOS 6 to 7. Some of
the work has been in implementing a new config mgmt system, but most of the
time has been in debugging changes between CentOS 6 and 7 as well as not
remembering odd behaviors of classic Linux tools like logrotate. The
biggest change is systemd, of course, which has quite a bit of trickle
down. However, we are containerizing some older services, and that has had
unexpected effects, too. I'm just writing some of my thoughts fwiw, imiho,
and tl;dr. :)

Consider logrotate, which out-of-the-box does not rotate systemd logs.
Worse, the journal is not persisted by default on most distros. If you
don't look at these things, you wouldn't know this. I don't know how an
"enterprise" operating systems could persist to tmpfs by default.

Once you start realizing the logs aren't being rotated, you have to
configure logrotate, which is it's own can of worms. Why, for example, does
logrotate not rotate the logs the first time it executes? I don't know, but
it doesn't, and you need to know that, especially when you are testing a
completely new rule (exporting the journal on firstaction).

Then you realize that despite all this fancy systemd configuration,
/etc/crontab, /etc/anacrontab, /etc/cron.*, etc. is all still being used
for critical functions. Looking into that is really funny, because emacs
backup files (*~) are read as part of the configuration, because the code
still has some crazy rules:

        # Don't run *.{rpmsave,rpmorig,rpmnew,swp,cfsaved} scripts
        [ "${i%.cfsaved}" != "${i}" ] && continue
        [ "${i%.rpmsave}" != "${i}" ] && continue
        [ "${i%.rpmorig}" != "${i}" ] && continue
        [ "${i%.rpmnew}" != "${i}" ] && continue
        [ "${i%.swp}" != "${i}" ] && continue
        [ "${i%,v}" != "${i}" ] && continue

which of course are repeated in a different way in init.d/functions:

# Check whether file $1 is a backup or rpm-generated file and should be
ignored
is_ignored_file() {
    case "$1" in
    *~ | *.bak | *.orig | *.rpmnew | *.rpmorig | *.rpmsave)
        return 0
        ;;
    esac
    return 1
}

And later in in init.d/functions:

# A sed expression to filter out the files that is_ignored_file recognizes
__sed_discard_ignored_files='/\(~\|\.bak\|\.orig\|\.rpmnew\|\.rpmorig\|\.rpmsave\)$/d'

But who uses init.d/functions anyway now that we have systemd?
network.service does, actually, and you need that, because NetworkManager
is still not quite right for a server environment. That brings up what
happens when you say:

systemctl status network

   Loaded: loaded (/etc/rc.d/init.d/network; bad; vendor preset: disabled)

It's bad because it still is Sys V init script...

I pick on the little things, because they are easier to document, and they
do add up. The big things like Docker, are very serious, too. Docker can't
seem to get past triggering kernel bugs. Docker runs well enough despite
the bugs, which is why we use it, but the fact that it outputs random
kernel messages (due to triggering obscure network and file system bugs) is
frustrating, and occasionally, you have to reboot, when you are mucking
about. Red Hat has flipped multiple times on overlay vs device-mapper. They
are back to overlay. None seems to work seamlessly.

IOW, you have to know what you are doing with this stuff. I think that's
the summary of my experience with this upgrade, which is a lot like
previous upgrades. That's the part that is bumming me out: it's not getting
simpler.

Have a nice day.

Rob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20180325/bd1be2f2/attachment.html>