Official Vagrant images for CentOS Linux 6.8 and CentOS Linux 7.2.1511 for x86_64 are now available for download, featuring updated packages to 30 October 2016, as well as the following user-visible changes:

  • several optimisations to make the images smaller and faster:
    • do not install most firmware packages
    • do not install microcode_ctl
    • do not build a rescue initramfs (resulting in significantly faster kernel updates)
    • do not load the floppy module on centos/7 (this reduces boot time by ca. 5s)
  • [security]: do not allow regular users to use su to become root or vagrant – see issue #76
  • set the SELinux type of /etc/sudoers.d/vagrant to etc_t

Known Issues

  1. The centos/7 image is based on CentOS Linux 7.2.1511, since CentOS Linux 7.3 is not available yet.
  2. The VirtualBox Guest Additions are not preinstalled; if you need them for shared folders, please install the vagrant-vbguest plugin and add the following line to your Vagrantfile:
    config.vm.synced_folder “.”, “/vagrant”, type: “virtualbox”

    We recommend using NFS instead of VirtualBox shared folders if possible.

  3. Since the Guest Additions are missing, our images are preconfigured to use rsync for synced folders. Windows users can either use SMB for synced folders, or disable the sync directory by adding the line
    config.vm.synced_folder ".", "/vagrant", disabled: true

    to your Vagrantfile.

  4. Please use Vagrant 1.8.6 (version 1.8.5 is unable to create new Linux boxes due to Vagrant bug #7610, while version 1.8.7 is unable to download or update boxes due to Vagrant bug #7969).
  5. Installing open-vm-tools is not enough for enabling shared folders with Vagrant’s VMware provider. Please follow the detailed instructions in https://github.com/mvermaes/centos-vmware-tools.

Downloads

The official images can be downloaded from Hashicorp’s Atlas. We provide images for libvirt-kvm, VirtualBox and VMware.

If you never used our images before:

$ vagrant box add centos/6 # for CentOS Linux 6
$ vagrant box add centos/7 # for CentOS Linux 7

Existing users can upgrade their images:

$ vagrant box update --box centos/6
$ vagrant box update --box centos/7

If you are using CentOS Linux on the host, we recommend installing Vagrant from SCL and using the libvirt images. In general, the Vagrant packages provided by your Linux distribution are preferable, since they usually backport fixes for some upstream bugs. If you are using Vagrant on other operating systems, please use Vagrant 1.8.6 (see Known issues, item 4).

Verifying the integrity of the images

The SHA256 checksums of the images are signed with the CentOS 7 Official Signing Key. First, download and verify the checksum file:

$ curl http://cloud.centos.org/centos/7/vagrant/x86_64/images/sha256sum.txt.asc -o sha256sum.txt.asc
$ gpg --verify sha256sum.txt.asc

If the check passed, you can use the corresponding checksum when downloading the image with Vagrant:

$ vagrant box add --checksum-type sha256 --checksum ce12f84646efab28b007bdf16f3134686a23fa052f809c4600919561274051da --provider libvirt --box-version 1610.01 centos/7

Unfortunately, this is not possible with vagrant box update.

Feedback

If you encounter any unexpected issues with the Vagrant images, feel free to ask on the centos-devel mailing list, or via IRC, in #centos on Freenode.

Ackowledgements

Some of the optimisations in this release were inspired by the Vagrant images from Fedora Cloud and Debian Cloud.

We would also like to thank the following people (in alphabetical order):

  • Graham Mainwaring, for helping with tests and validations
  • Michael Vermaes, for testing our official images, as well as for writing the detailed guide to using them with VMware Fusion Pro and VMware Workstation Pro.

Over past few months, we’ve been working on CentOS Community Container Pipeline which aims to help developers focus on what they love doing most – write awesome code – and sysadmins have an insight into the image by providing metadata about it! The project code is hosted at Github.com since its inception. The hosted service, that runs off this code, is available to the community at large, and delivers content to registry.centos.org.
What is CentOS Community Container Pipeline?

CentOS Community Container Pipeline enables developers and sysadmins to have a container images built, tested and scanned on the CentOS Project’s infrastructure right after a developer pushes code to the git repository!

Container Pipeline Flow

Once the developer pushes code to git repo, Container Pipeline fetches the changes and container images are built using OpenShift which provides an enterprise distribution of Kubernetes project. Once the image is built, it gets scanned using atomic scanners (more on this soon!). The result of these scanners is combined into a mail and sent to the author of the container image. Container images can also be tested using the user provided test scripts to ensure that container can be spinned off the image on platforms like CentOS Linux, CentOS Atomic Host and OpenShift.

Why scan images?

Building container images and spinning containers is rather simple. Having more information a.k.a metadata about the container images before running them in one’s production environment is of paramount value! Of course, the kind of information is what makes it of paramount or negligible value. That’s what we aim to provide with CentOS Community Container Pipeline.

Scanners in CentOS Community Container Pipeline

At this point we have two scanners operational. One that checks your CentOS Linux based container images for package updates and other that verifies them. Both the scanners are based on atomic tool developed by the Project Atomic folks. We are working on rolling out more scanners in near future!

Atomic Scanner

The scanners based on atomic are run automatically by the Pipeline after successful completion of image building process. These scanners can be run stand-alone as well! That is, you can install the scanner on your CentOS Linux based systems and run it against a container image built on CentOS Linux base image. And it does this without bringing up or executing the container itself.

In the pipeline, upon completion of scan process, the user is notified about issues with the image that need to be addressed. Addressing these issues would instill more confidence in deploying the resulting container image in a production environment.

Besides scanning an image after it is built, in near future, scanners would also run periodically and provide developer with the actionable information.

yum update scanner

This scanner provides user with the information about RPM packages that need to be updated in the container image. If you’re a developer this information is helpful to ensure you’re running latest packages with bug and security fixes to avoid having surprises in production.

Example output:

$ atomic scan --scanner pipeline-scanner --rootfs /mnt registry.centos.org/centos/centos
...

Files associated with this scan are in /var/lib/atomic/pipeline-scanner/2016-11-10-10-30-46-609885.

Scanner ran succesfully and has stored the scan data under /var directory. Let’s see the output:

$ cat /var/lib/atomic/pipeline-scanner/2016-11-10-10-30-46-609885/_mnt/image_scan_results.json
{
    "Scanner": "pipeline-scanner", 
    "Successful": "true", 
    "Start Time": "2016-11-10-10-42-46-265018", 
    "Scan Results": {
        "Package Updates": [
            "bind-license.noarch", 
            "kmod.x86_64", 
            "kmod-libs.x86_64", 
            "kpartx.x86_64", 
            "openssl-libs.x86_64", 
            "python.x86_64", 
            "python-libs.x86_64", 
            "systemd.x86_64", 
            "systemd-libs.x86_64", 
            "tzdata.noarch"
        ], 
        "OS Release": "CentOS Linux 7 (Core)"
    }, 
    "Scan Type": "Image Scan", 
    "CVE Feed Last Updated": "NA", 
    "Finished Time": "2016-11-10-10-42-52-184442", 
    "UUID": "mnt"
}

The Package Updates key in above output lists packages that need to be updated in the scanned container image.

RPM verify scanner

As its name suggests RPM verify scanner verifies all installed files (libraries and binaries) via RPM packages in given container image. It reports any modified or tampered libraries and binaries in given container image. This is useful to ensure that given container image is not shipped with any tainted libraries or binaries.

Example output:

$ atomic scan --scanner rpm-verify docker.io/centos/postgresql
{
    "Scanner": "scanner-rpm-verify",
    "Successful": "true",
    "Start Time": "2016-11-10-19-49-06-740445",
    "Scan Results": {
        "rpmVa_issues": [
            {
                "config": false,
                "issue": "missing",
                "rpm": {Once the developer pushes code to git repo, Container Pipeline fetches the changes and container images are built using OpenShift which provides an enterprise version of Kubernetes project. Once the image is built, it gets scanned using atomic scanners (more on this soon!). Container images can also be tested using the user provided test scripts to ensure that container can be spinned off the image on platforms like CentOS Linux, CentOS Atomic Host and OpenShift.
                    "VENDOR": "CentOS",
                    "PACKAGER": "CentOS BuildSystem ",
                    "BUILDHOST": "worker1.bsys.centos.org",
                    "RPM": "glibc-2.17-55.el7_0.1.x86_64",
                    "SIGNATURE": "RSA/SHA256, Sat Aug 30 02:20:20 2014, Key ID 24c6a8a7f4a80eb5"
                },
                "filename": "/sbin/sln"
            },
            {
                "config": false,
                "issue": "........P",
                "rpm": {
                    "VENDOR": "CentOS",
                    "PACKAGER": "CentOS BuildSystem ",
                    "BUILDHOST": "worker1.bsys.centos.org",
                    "RPM": "iputils-20121221-6.el7.x86_64",
                    "SIGNATURE": "RSA/SHA256, Fri Jul  4 07:38:44 2014, Key ID 24c6a8a7f4a80eb5"
                },
                "filename": "/usr/sbin/clockdiff"
            }
        ]
    },
    "Scan Type": "RPM Verify scan for finding tampered files.",
    "CVE Feed Last Updated": "NA",
    "Finished Time": "2016-11-10-19-49-10-933952",
    "UUID": "da4ffaac638fada8723c6721721d99b0dfaba67d79c8507e881ee8327e17ecb"
}

Adding your container to the pipeline

It’s simple! Add an entry for your opensource project under index.d directory on CentOS Container Index. You can see a few files representing projects or individual developers under this directory already. Also, you need to have a cccp.yml file in your project that has information useful for the Container Pipeline to use. You can refer respective GitHub repos to get more information. Or get in touch with us on #centos-devel IRC channel on FreeNode network.

Dharmit Shah and Navid Shaikh

An updated version of CentOS Atomic Host (tree version 7.20161006), is now available, featuring the option of substituting the host’s default docker 1.10 container engine with a more recent, docker 1.12-based version, provided via the docker-latest package.

CentOS Atomic Host is a lean operating system designed to run Docker containers, built from standard CentOS 7 RPMs, and tracking the component versions included in Red Hat Enterprise Linux Atomic Host.

CentOS Atomic Host is available as a VirtualBox or libvirt-formatted Vagrant box, or as an installable ISO, qcow2 or Amazon Machine image. These images are available for download at cloud.centos.org. The backing ostree repo is published to mirror.centos.org.

CentOS Atomic Host includes these core component versions:

  • atomic-1.10.5-7.el7.x86_64
  • cloud-init-0.7.5-10.el7.centos.1.x86_64
  • docker-1.10.3-46.el7.centos.14.x86_64
  • etcd-2.3.7-4.el7.x86_64
  • flannel-0.5.3-9.el7.x86_64
  • kernel-3.10.0-327.36.1.el7.x86_64
  • kubernetes-1.2.0-0.13.gitec7364b.el7.x86_64
  • ostree-2016.7-2.atomic.el7.x86_64

docker-latest

You can switch to the alternate docker version by running:

# systemctl disable docker --now
# systemctl enable docker-latest --now
# sed -i '/DOCKERBINARY/s/^#//g' /etc/sysconfig/docker

Because both docker services share the /run/docker directory, you cannot run both docker and docker-latest at the same time on the same system.

Upgrading

If you’re running a previous version of CentOS Atomic Host, you can upgrade to the current image by running the following command:

$ sudo atomic host upgrade

Images

Vagrant

CentOS-Atomic-Host-7-Vagrant-Libvirt.box (546 MB) and CentOS-Atomic-Host-7-Vagrant-Virtualbox.box (558 MB) are Vagrant boxes for Libvirt and Virtualbox providers.

The easiest way to consume these images is via the Atlas / Vagrant Cloud setup (see https://atlas.hashicorp.com/centos/boxes/atomic-host). For example, getting the VirtualBox instance up would involve running the following two commands on a machine with vagrant installed:

$ vagrant init centos/atomic-host && vagrant up --provider virtualbox

ISO

The installer ISO (776 MB) can be used via regular install methods (PXE, CD, USB image, etc.) and uses the Anaconda installer to deliver the CentOS Atomic Host. This image allows users to control the install using kickstarts and to define custom storage, networking and user accounts. This is the recommended option for getting CentOS Atomic Host onto bare metal machines, or for generating your own image sets for custom environments.

QCOW2

The CentOS-Atomic-Host-7-GenericCloud.qcow2 (1.2 GB) image is suitable for use in on-premise and local virtualized environments. We test this on OpenStack, AWS and local Libvirt installs. If your virtualization platform does not provide its own cloud-init metadata source, you can create your own NoCloud iso image.

Amazon Machine Images

Region         Image ID
------         --------
ap-northeast-1 ami-494e9628 
ap-northeast-2 ami-07bb6f69 
ap-southeast-1 ami-60b51203 
ap-southeast-2 ami-598cbf3a 
eu-central-1   ami-6350af0c 
eu-west-1      ami-8c2c6fff 
sa-east-1      ami-5a51c336 
us-east-1      ami-cfeca0d8 
us-west-1      ami-71bef711 
us-west-2      ami-f020f890

SHA Sums

3af63166dd86c0b719efb57b5b4cc0997b959caa6680d3f86ff710bc382a2bd6 CentOS-Atomic-Host-7.1609-GenericCloud.qcow2
4ab6c62710cf81ae1e632c428a915648e3573adddab9f9c5d6fed517dcf27553 CentOS-Atomic-Host-7.1609-GenericCloud.qcow2.gz
06549195aa626b82f9b7473a366a7f1b32932dff60e8d53be924b3b0c2635e00 CentOS-Atomic-Host-7.1609-GenericCloud.qcow2.xz
e26651dd1c3dde5b6dfee088876189fb29fb79f729e86fcd516fe87ccd992381 CentOS-Atomic-Host-7.1609-Installer.iso
037dad130293cf7476e9d711fec0d40d88f370f36dae66b80c8cce4ab5082fc2 CentOS-Atomic-Host-7.1609-Vagrant-Libvirt.box
1353920c87b0516c44072a184bbb8845c89ba1e538185a4dfc03076f65401dca CentOS-Atomic-Host-7.1609-Vagrant-VirtualBox.box

Release Cycle

The CentOS Atomic Host image follows the upstream Red Hat Enterprise Linux Atomic Host cadence. After sources are released, they’re rebuilt and included in new images. After the images are tested by the SIG and deemed ready, we announce them.

Getting Involved

CentOS Atomic Host is produced by the CentOS Atomic SIG, based on upstream work from Project Atomic. If you’d like to work on testing images, help with packaging, documentation — join us!

The SIG meets weekly on Thursdays at 16:00 UTC in the #centos-devel channel, and you’ll often find us in #atomic and/or #centos-devel if you have questions. You can also join the atomic-devel mailing list if you’d like to discuss the direction of Project Atomic, its components, or have other questions.

Getting Help

If you run into any problems with the images or components, feel free to ask on the centos-devel mailing list. Have questions about using Atomic? See the atomic mailing list or find us in the #atomic channel on Freenode.

Official Vagrant images for CentOS Linux 6 and CentOS Linux 7 for x86_64 are now available for download, featuring updated packages to 30 September 2016, as well as the following user-visible changes:

  • the centos/7 image now uses the XFS filesystem, which is the default filesystem when installing CentOS Linux 7 from the official DVD images
  • fixed issue #73 (VMware Tools installation unable to complete successfully due to a dracut configuration problem)

Known Issues

  1. The VirtualBox Guest Additions are not preinstalled; if you need them for shared folders, please install the vagrant-vbguest plugin. We recommend using NFS instead of VirtualBox shared folders if possible.
  2. Since the Guest Additions are missing, our images are preconfigured to use rsync for synced folders. Windows users can either use SMB for synced folders, or disable the sync directory by adding the line
    config.vm.synced_folder ".", "/vagrant", disabled: true

    to your Vagrantfile.

  3. Vagrant 1.8.5 is unable to create new Linux boxes due to Vagrant bug #7610. Please upgrade to Vagrant 1.8.6.
  4. Installing open-vm-tools is not enough for enabling shared folders with Vagrant’s VMware provider. Please follow the detailed instructions in https://github.com/mvermaes/centos-vmware-tools.
  5. [security]: Any new user accounts that you create can gain root privileges via su - root or su - vagrant.

Downloads

The official images can be downloaded from Hashicorp’s Atlas. We provide images for libvirt-kvm, VirtualBox and VMware.

If you never used our images before:

$ vagrant box add centos/6 # for CentOS Linux 6
$ vagrant box add centos/7 # for CentOS Linux 7

Existing users can upgrade their images:

$ vagrant box update --box centos/6
$ vagrant box update --box centos/7

Verifying the integrity of the images

The SHA256 checksums of the images are signed with the CentOS 7 Official Signing Key. First, download and verify the checksum file:

$ curl http://cloud.centos.org/centos/7/vagrant/x86_64/images/sha256sum.txt.asc -o sha256sum.txt.asc
$ gpg --verify sha256sum.txt.asc

If the check passed, you can use the corresponding checksum when downloading the image with Vagrant:

$ vagrant box add --checksum-type sha256 --checksum 3c35dc1945fff00c2dddc40a05d7ccf1026b70cfa31a8ba0cc018c5001b22699 --provider libvirt --box-version 1609.01 centos/7

Unfortunately, this is not possible with vagrant box update.

Feedback

If you encounter any unexpected issues with the Vagrant images, feel free to ask on the centos-devel mailing list, or via IRC, in #centos on Freenode.

Ackowledgements

We would like to thank the following people (in alphabetical order):

  • Graham Mainwaring, for helping with tests and validations
  • Rafal Skolasinski, for reporting the su issue
  • Michael Vermaes, for testing our official images, as well as for writing the detailed guide to using them with VMware Fusion Pro and VMware Workstation Pro.

The CentOS Infrastructure team will be moving the machines hosting cbs.centos.org, ci.centos.org and accounts.centos.org on October 10th, 2016. We expect a downtime of 48hrs. Contact us in #centos-devel on freenode at any time during that period for questions, or watch the centos-devel mailing list for the latest updates.

The servers, switches, PDUs, and even the racks themselves hosting CBS, ci.centos.org, accounts.centos.org and registry.centos.org are all stored in a datacenter in Raleigh, North Carolina, USA and will be moved to a new space in the datacenter on Monday October 10th. This new space provides a little bit of expansion room for the future of these services and consolidates networks that were previously separate (namely the CICO cloud with the rest of the CI infrastructure). During this window, all services related to the listed CentOS properties will be down.

We blocked out 2 days (48hrs) to do the move, but we will do our best to restore services as soon as it is possible to do so.

UPDATE 2016-09-08: Due to additional checks, we had to retire v1608.01 from Atlas and release it again as v1608.02. The two versions are identical.

Official Vagrant images for CentOS Linux 6 and CentOS Linux 7 for x86_64 are now available for download, featuring updated packages to 31 August 2016, as well as a new image for VMware Fusion.

Known Issues

  1. The VirtualBox Guest Additions are not preinstalled; if you need them for shared folders, please install the vagrant-vbguest plugin. We recommend using NFS instead of VirtualBox shared folders if possible.
  2. Since the Guest Additions are missing, our images are preconfigured to use rsync for synced folders. Windows users can either use SMB for synced folders, or disable the sync directory by adding the line config.vm.synced_folder ".", "/vagrant", disabled: true to the Vagrantfile.
  3. Vagrant 1.8.5 is unable to create new Linux boxes due to Vagrant bug #7610. You can use Vagrant 1.8.4 until version 1.8.6 is released.
  4. The VMware Tools installer fails to generate a new initramfs due to a dracut configuration error in both our image and VMware Tools. As a workaround, change the add_drivers line in /etc/dracut.conf.d/vmware-fusion-drivers.conf to
    add_drivers+=" mptspi "

    (add spaces directly before and after mptspi) before trying to install VMware Tools or open-vm-tools.

Downloads

The official images can be downloaded from Hashicorp’s Atlas. We provide images for libvirt, VirtualBox and VMware.

If you never used our images before:

$ vagrant box add centos/6 # for CentOS Linux 6
$ vagrant box add centos/7 # for CentOS Linux 7

Existing users can upgrade their images by:

$ vagrant box update --box centos/6
$ vagrant box update --box centos/7

Checksums

The downloaded images should have the following SHA256 checksums:

914ab02db12f2d19f71dbd3c6cb171dff683893443e26f2f03160491945366dc  CentOS-6-x86_64-Vagrant-1608_01.LibVirt.box
5391ea7bdafafe8d8df58b8405d81cafdcd0b8273c18cdd37133dcf1cb329a0b  CentOS-6-x86_64-Vagrant-1608_01.VirtualBox.box
4d6a5906ada93a5228f62671f7c97bed0ae3c961df108c25ceee278a8d9d17d2  CentOS-6-x86_64-Vagrant-1608_01.VMwareFusion.box
2916442968486a41315cb93d35fbbaeaf72e200f051f4996b5766649b8c3a325  CentOS-7-x86_64-Vagrant-1608_01.LibVirt.box
415b79487cdb7e0246ef93585de08d2063b1e7b85ff5666f60de5cb96a4a027c  CentOS-7-x86_64-Vagrant-1608_01.VirtualBox.box
44d26155e89fa5d74994167489bd66da4187b3da02ac3a063f0b26cfab965baf  CentOS-7-x86_64-Vagrant-1608_01.VMwareFusion.box

Vagrant has the ability to verify that the downloaded image has a specific checksum, e.g.

$ vagrant box add --checksum-type sha256 --checksum 2916442968486a41315cb93d35fbbaeaf72e200f051f4996b5766649b8c3a325 --provider libvirt centos/7

Unfortunately, this is not possible with vagrant box update.

Feedback

If you encounter any unexpected issues with the Vagrant images, feel free to ask on the centos-devel mailing list, or in #centos-devel on Freenode.

Since yesterday, we have production-ready automated tests for our Vagrant images on ci.centos.org, fully integrated with GitHub. We were only able to build and test scratch images manually until now, which was time consuming and had the disadvantage that, due to hardware limitations on my side, only the images for VirtualBox were actually tested.

A pull request to the CentOS/sig-cloud-instance-build repository on GitHub will trigger the cloudinstance-vagrant-build Jenkins job on ci.centos.org, which builds all Vagrant images in CBS. If the build process completes without errors, the cloudinstance-vagrant-test job will test the Vagrant images for both CentOS Linux 6 and CentOS Linux 7, using the libvirt and virtualbox Vagrant providers. If everything is ok, you can see the test result directly below the pull request on GitHub (please note that a full test currently needs almost two hours to complete, most of the time being spent building the images):

Screenshot of a successful test, taken on GitHub

Most of the code for the test is in my cloudinstance-vagrant-cico-util repository on GitHub, with a few additional snippets in the Jenkins configuration for each job. We are using the latest Vagrant provided by the Software Collections SIG, and VirtualBox 5.0.26 from virtualbox.org (at the time of writing this post, Vagrant refuses to start if it detects VirtualBox 5.1). Feedback is of course welcome.

An updated version of CentOS Atomic Host (tree version 7.20160818), featuring support for rpm-ostree package layering, is available for download. Using the command rpm-ostree pkg-add, it’s now possible to layer new packages into an installed image that persist across reboots and upgrades.

CentOS Atomic Host is a lean operating system designed to run Docker containers, built from standard CentOS 7 RPMs, and tracking the component versions included in Red Hat Enterprise Linux Atomic Host.

CentOS Atomic Host is available as a VirtualBox or libvirt-formatted Vagrant box, or as an installable ISO, qcow2 or Amazon Machine image. These images are available for download at cloud.centos.org. The backing ostree repo is published to mirror.centos.org.

CentOS Atomic Host includes these core component versions:

  • docker-1.10.3-46.el7.centos.10.x86_64
  • kubernetes-1.2.0-0.13.gitec7364b.el7.x86_64
  • kernel-3.10.0-327.28.2.el7.x86_64
  • atomic-1.10.5-7.el7.x86_64
  • flannel-0.5.3-9.el7.x86_64
  • ostree-2016.7-2.atomic.el7.x86_64
  • etcd-2.3.7-2.el7.x86_64
  • cloud-init-0.7.5-10.el7.centos.1.x86_64

Upgrading

If you’re running a previous version of CentOS Atomic Host, you can upgrade to the current image by running the following command:

$ sudo atomic host upgrade

Images

Vagrant

CentOS-Atomic-Host-7-Vagrant-Libvirt.box (530 MB) and CentOS-Atomic-Host-7-Vagrant-Virtualbox.box (541 MB) are Vagrant boxes for Libvirt and Virtualbox providers.

The easiest way to consume these images is via the Atlas / Vagrant Cloud setup (see https://atlas.hashicorp.com/centos/boxes/atomic-host). For example, getting the VirtualBox instance up would involve running the following two commands on a machine with vagrant installed:

$ vagrant init centos/atomic-host && vagrant up --provider virtualbox

ISO

The installer ISO (757 MB) can be used via regular install methods (PXE, CD, USB image, etc.) and uses the Anaconda installer to deliver the CentOS Atomic Host. This image allows users to control the install using kickstarts and to define custom storage, networking and user accounts. This is the recommended option for getting CentOS Atomic Host onto bare metal machines, or for generating your own image sets for custom environments.

QCOW2

The CentOS-Atomic-Host-7-GenericCloud.qcow2 (1.1 GB) image is suitable for use in on-premise and local virtualized environments. We test this on OpenStack, AWS and local Libvirt installs. If your virtualization platform does not provide its own cloud-init metadata source, you can create your own NoCloud iso image.

Amazon Machine Images

Region         Image ID

us-east-1      ami-d43d5dc3 
us-west-2      ami-0227f362 
us-west-1      ami-52df9d32
eu-west-1      ami-ed4b3d9e 
eu-central-1   ami-014abb6e 
ap-southeast-1 ami-27a27a44 
ap-northeast-1 ami-4d35fa2c 
ap-southeast-2 ami-65b18606
ap-northeast-2 ami-12ae7b7c 
sa-east-1      ami-6ed34202

SHA Sums

5e2d2bc26d4017f556d3f1e65b6cf1a8ca111534515bbb7a6fea3d446af1b674 CentOS-Atomic-Host-7.1607-GenericCloud.qcow2 c8e908072b63581a7c8a3ffc2658eaf64cb30e1f85db7ed97d1e7fa3605dc26f CentOS-Atomic-Host-7.1607-GenericCloud.qcow2.gz 99776addb6ab2ff25d64831a21eb0c7bfe337be68d402095fd740c05f5d40a3e CentOS-Atomic-Host-7.1607-GenericCloud.qcow2.xz 05ccc8c1db8047028fabb92c89c3fda9f07286f5e7f2832c9ee92a05bf1bc8dc CentOS-Atomic-Host-7.1607-Installer.iso 443af2e145370dee939eaab38df9a61a15a0aa1636e477acb7864a175f78b584 CentOS-Atomic-Host-7.1607-Vagrant-Libvirt.box 7fef5a9c02c4c351f051f73e00f24d3a7ce8c0a081ae0f0956eb820b1211dd06 CentOS-Atomic-Host-7.1607-Vagrant-VirtualBox.box

Release Cycle

The CentOS Atomic Host image follows the upstream Red Hat Enterprise Linux Atomic Host cadence. After sources are released, they’re rebuilt and included in new images. After the images are tested by the SIG and deemed ready, we announce them.

Getting Involved

CentOS Atomic Host is produced by the CentOS Atomic SIG, based on upstream work from Project Atomic. If you’d like to work on testing images, help with packaging, documentation — join us!

The SIG meets weekly on Thursdays at 16:00 UTC in the #centos-devel channel, and you’ll often find us in #atomic and/or #centos-devel if you have questions. You can also join the atomic-devel mailing list if you’d like to discuss the direction of Project Atomic, its components, or have other questions.

Getting Help

If you run into any problems with the images or components, feel free to ask on the centos-devel mailing list.

Have questions about using Atomic? See the atomic mailing list or find us in the #atomic channel on Freenode.

Official Vagrant images for CentOS Linux 6 and CentOS Linux 7 for x86_64 are now available for download, featuring updated packages to 28 July 2016 and the following improvements:

  • Follow upstream Vagrant recommendations:
    • The default Vagrant sync directory is set to /vagrant
    • sshd DNS lookups are disabled by default
    • The root password is set to vagrant
  • The GRUB timeout is set to just 1 second, to decrease the boot time
  • [security]: sshd password authentication is now disabled (the vagrant user is configured with the publicly-known password vagrant and passwordless sudo, making it trivial for third-parties to gain administrative access via ssh if password authentication is enabled). You can still login as root or vagrant by entering the password on the console, if needed. We recommend re-creating all Vagrant boxes that were configured with private or public networking in the Vagrantfile.

Known Issues

  • The VirtualBox Guest Additions are not preinstalled, and there are currently no concrete plans of adding them. They are only needed for VirtualBox shared folders (host-only networking and forwarded ports work properly without the Guest Additions). We recommend using NFS instead of VirtualBox shared folders if possible, since the latter are significantly slower and files can be corrupted or not properly updated when sendfile is enabled. If you still want to install the Guest Additions, you can try either vbguest or, if you already use Ansible, take a look at https://github.com/lpancescu/cloud-instance-starter-kit for an example of automatic installation.
  • The default sync directory is configured to use rsync. This might cause vagrant up to fail on Windows, where rsync is not installed by default. As a workaround, Windows users can either install rsync via Cygwin or MSYS, or disable the sync directory by adding the line config.vm.synced_folder ".", "/vagrant", disabled: true to the Vagrantfile.
  • Vagrant 1.8.5 sets the permissions on ~vagrant/.ssh/authorized_keys to 0644 (world-readable) when replacing the insecure public key with a newly generated one. Since sshd will only accept keys readable just by their owner, vagrant up returns an error, since it cannot connect with the new key and it already removed the insecure key. This is Vagrant bug #7610, which affects all Linux distributions (not just CentOS); you can either downgrade to Vagrant 1.8.4 or wait for 1.8.6 to be released.

Downloads

Only x86_64 images are currently available, for Vagrant’s libvirt and VirtualBox providers.

First-time users can download the official images from Hashicorp’s Atlas. You can use vagrant box add centos/6 for CentOS Linux 6, or vagrant box add centos/7 for CentOS Linux 7.

Existing users can upgrade their boxes directly by Vagrant, e.g. vagrant box update --box centos/7, but the changes will only apply to newly created instances.

Feedback

If you encounter any unexpected issues with the Vagrant images, feel free to ask on the centos-devel mailing list, or in #centos-devel on Freenode.

Acknowledgements

We would like to thank Nico Kadel-Garcia for his valuable insight on preventing sshd from performing reverse DNS lookups.

Official Vagrant images for CentOS Linux 6 and CentOS Linux 7 for x86_64 are now available for download, featuring updated packages to 1st July 2016 and some improvements:

  • the default timezone is set to UTC (instead of New York, USA)
  • NTP is enabled by default (using ntpd on CentOS Linux 6 and chrony on CentOS Linux 7)
  • yum-utils is installed by default on CentOS Linux 7, providing needs-restarting

Known Issues

  • The Vagrant sync folder is /home/vagrant/sync instead of /vagrant (which is the Vagrant default). This will be changed in the next release.
  • The root password is set to a random string, instead of “vagrant”. Use sudo as the vagrant user to gain administrative privileges, no password is required.
  • The VirtualBox Guest Additions are not preinstalled, and there are currently no plans of adding them. They are only needed for shared folders; host-only networking and forwarded ports work, although Vagrant displays a warning to the contrary. If you use Ansible, take a look at https://github.com/lpancescu/cloud-instance-starter-kit for an example of automatic installation. The vagrant-vbguest plugin might also work (not tested).

Downloads

Only x86_64 images are currently available, for Vagrant’s libvirt and VirtualBox providers.

First-time users can download the official images from Hashicorp’s Atlas. You can use vagrant box add centos/6 for CentOS Linux 6, or vagrant box add centos/7 for CentOS Linux 7.

Existing users can upgrade their boxes directly by Vagrant, e.g. vagrant box update --box centos/7, but the changes will only apply to newly created instances.

Feedback

If you encounter any unexpected issues with the Vagrant images, feel free to ask on the centos-devel mailing list, or in #centos-devel on Freenode.