All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Adventures in RHEL Land
raindog308
Administrator, Veteran
After my previous PHP8 investigation, I decided to check out RHEL-based distros, as I haven't played with them as an admin in a while.
RackNerd
@dustinc I think your Alma and Rocky templates are borked. After a fresh reinstall, I logged in as root and the first thing I did was a yum -y update:
# yum -y update AlmaLinux 9 - AppStream 8.3 MB/s | 8.0 MB 00:00 AlmaLinux 9 - BaseOS 4.8 MB/s | 2.9 MB 00:00 AlmaLinux 9 - Extras 33 kB/s | 17 kB 00:00 Last metadata expiration check: 0:00:01 ago on Mon 27 Feb 2023 03:32:13 PM CST. Error: Problem: cannot install both initscripts-10.11.5-1.el9.x86_64 and initscripts-10.11.4-1.el9.x86_64 - package network-scripts-10.11.4-1.el9.x86_64 requires initscripts(x86-64) = 10.11.4-1.el9, but none of the providers can be installed - cannot install the best update candidate for package initscripts-10.11.4-1.el9.x86_64 - problem with installed package network-scripts-10.11.4-1.el9.x86_64 (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages) # yum -y update Rocky Linux 9 - BaseOS 820 kB/s | 1.8 MB 00:02 Rocky Linux 9 - AppStream 4.1 MB/s | 6.6 MB 00:01 Rocky Linux 9 - Extras 11 kB/s | 8.5 kB 00:00 Error: Problem: cannot install both initscripts-10.11.5-1.el9.x86_64 and initscripts-10.11.4-1.el9.x86_64 - package network-scripts-10.11.4-1.el9.x86_64 requires initscripts(x86-64) = 10.11.4-1.el9, but none of the providers can be installed - cannot install the best update candidate for package initscripts-10.11.4-1.el9.x86_64 - problem with installed package network-scripts-10.11.4-1.el9.x86_64 (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)
I spent some time investigating but since I haven't played with yum...er, dnf, I figured I'd see how it looks at other providers.
Vultr
No yum update issues at Vultr. Indeed, they do a "yum -y update" as part of their install. But who wants to pay $12/month?!?
My current "production" web servers is at @MannDude's house and I didn't feel like messing with it, so I thought I'd try...
BuyVM
...because this is one of those rare stretches where I don't have at least one VM at the house of ponies. Since they offer ISO upload, I thought I'd upload the actual RHEL 9 boot.iso since I have a free dev subscription. I laughed at the ISO upload screen:
I would totally run MS-DOS 6.22 Webscale Edition. Reminds me to play with FreeDOS again. Anyway...
Unfortunately, @Francisco sold me a bum VM. It was jacked out of the box and no template would install. No big deal - I only opened a ticket about an half hour ago and they're usually pretty quick, so I'm not quite ready to open a nuclear thunder thread on LET.
Next up...because I'm impatient...hmmm...how about...
Hetzner
...only because they're in Hillsboro, OR which is a lot closer than Seattle or Silicon Valley.
First time customer and their onboarding process is very smooth. For some reason I didn't have to pay - I just said PayPal but they provisioned withouth making me put anything down. I'm sure I'll get an invoice on the 1st but I thought that was quite trusting of them.
They don't offer Alma...but do offer Rocky. Why? Because Rocky sounds more German than Alma? Who knows.
Curious
Converted my Debian playbooks to RHEL...er, Rocky and things went fine. However, oddly Rocky doesn't come with firewalld turned on or even installed. I thought Rocky 9 was supposed to be 1:1 with RHEL 9?
Comments
Hi @raindog308 -- we are aware of the deprecated ‘network-scripts’ package in our RHEL9 based OS templates, which require a workaround until we transition over to SolusVM 2. This is because SolusVM 1's "reconfigure network" feature does not acknowledge NetworkManager in RHEL9. This transition should occur in the next few months (barring any major complications or setbacks in our SolusVM 2 testing), but until then, we suggest one of these workarounds:
1) You can uninstall the network-scripts package within your VPS and configure NetworkManager instead - but keep in mind by doing this, the “reconfigure network” button in SolusVM will not work.
2) utilize the "--skip-broken" flag when using yum or dnf
3) request for our technical support team to mount an ISO for manual installation of an OS via the VNC console
4) wait for us to transition to SolusVM V2 which is based on cloud-init and will not require network-scripts for automated network functions to function.
Based on this feedback, we will add this to our knowledgebase and reference said article in our SolusVM OS templates page. Apologies for the inconvenience caused and thanks for your patience
Me: 4:48PM
@dustinc: 4:56PM
That's some hustle!
@raindog308 -- We all got to keep the grind going
Hmm, firewalld is installed and active when I do a regular minimum install.
Try doing an install from ISO without using templates. I can't tell you how many hours I've wasted chasing crazy problems without realizing that some template is missing a component that I expected. Even if you use Ansible, you can't always anticipate which services/packages some template may not have, so you never think to include it in your playbook.
As @aj_potc said above, templates sometimes don't include packages that would have been in an install from ISO. It can make sense IMO to not have firewalld by default on a VPS though, if the provider offers a firewall on their interface, why would you use your VPS' resources for the firewall when the host system can do it for you on its own resources.
Often you'll find SELinux in permissive mode or even disabled, which would not happen with a ISO install.
I think you've hit the nail on the head in this case. Hetzner offers firewall controls from their panel.
If you open a console to watch a Vultr install, you'll see it relabeling
I can vouch that #3 works well. Soon after I got a Racknerd VPS, I submitted a ticket to mount a .iso image for a preferred Linux distro. It was done quickly and I installed my own Linux from the .iso. I like that.
Hint:
Before you install your favorite distro from a .iso image, install one of their templates and write down the network information that you need - device name, IP address, gateway, netmask, and any other information you may want.
For my Racknerd VPS, I had to change eth0 to ens3, for example.
-> The same hint may apply to other KVM providers with similar capabilities. Sorry, it will not work with OpenVZ. That is why I like KVM providers.
What a sight to behold that must be
@dustinc Just letting you know the CentOS 9 issue still exists.
--skip-brokendidn't work but--nobestdid.@raindog308 Hope to see more comparison on RPM based distros in general. Both Fedora and Suse are leading the charge on immutable distros, perfect for containerized environments which is practically everything these days 😂.
Pavin.
As a casual SuSE enjoyer, I wouldnt consider it an immutable distro. But out of RPM based distros, SuSE is solid you just need to get over its quirks. Once you learn zypper and yast, you really just dont want to go elsewhere. YaST has saved my ass so many times before. Its really nice.
OpenSuse Aeon, formerly known as MicroOS is immutable while Fedora's immutable flavor is called CoreOS (Silverblue and others on desktop). I'm personally a little biased towards fedora though people who use Suse swear by it, have to give credit where it's due as Suse is one of the only major distros to offer btrfs snapshots and full system rollback from the grub menu. It's so good I rolled my own poor man's version for APT.
dnf and zypper won't be available on these immutable flavors as they use rpm-ostree and other similar technologies (btrfs snapshots in Aeon) for layering packages on top of the base image/snapshot. All user facing mutable environments and their packages should preferably be containerized and not layered. The OS automatically updates to the latest base image and applies any layered packages on top of it. The change is applied atomically on the next reboot. You can rollback to the previous image if there are any issues, rebase to a third party image and even back to upstream image. Very powerful concept IMHO, basically an unbreakable and secure Linux OS without any host OS maintenance.
Pavin.