Future of CentOS in ApisCP
🎯 AlmaLinux + Rocky Linux now supported as of v3.2.26
Earlier today Red Hat/CentOS announced a significant shift in how CentOS releases operate. Beginning January 2022, instead of remaining a derivative of RHEL, it will become its own rolling release tracking ahead of RHEL releases that are synonymous with enterprise stability. CentOS would be to RHEL what Rawhide is to Fedora, an opportunity to explore new technology at a faster pace than what its target OS offers.
This strategy introduces quite a bit of unknown, which we'll watch carefully over the next 6 months.
First, we need to see how the community responds as well as how IBM (who owns Red Hat) manages this announcement as some foreshadowing is quite disconcerting.
If you are using CentOS Linux 8 in a production environment, and are concerned that CentOS Stream will not meet your needs, we encourage you to contact Red Hat about options.
Second, ApisCP works with CentOS 8 Stream out of the box, in fact from an E2E this morning, builds just fine. I moved the demo server over to Stream because the best way to test if a parachute works is jump with it. Moving a CentOS 8 server to Stream is easy,
dnf install centos-release-stream
dnf swap centos-{linux,stream}-repos
dnf distro-sync
upcp -sb
Third, RHEL is the de facto OS for banks, hospitals, government institutions, and other major enterprise organizations that value stability above all. Enterprise is big business. Red Hat generated $3.36 billion in revenue FY2019 (Canonical, producers of Ubuntu, ~$111 million). Red Hat have the wherewithal to staff competent engineers and their reputation affirms that capacity, but these organizations that make up Red Hat’s core hate change.
For hosting, we’re dealing with a lot of emerging technology that doesn’t move at the same pace as RHEL releases. I reported a bug in tmpfiles that took a year to move a fairly simple patch upstream. More recently there’s a nasty bug with systemd-resolved
that fails on startup blocking DNS resolution due to intrinsic changes in systemd’s security policies. It took 5 months to incorporate it into RHEL after reporting; 8 months after reporting it’s still incomplete in CentOS (a broken package with ProtectSystems=
[sic] was released). Not one to wait for grass to grow beneath my feet, I rolled out a hotfix ahead of CentOS.
On the other end of the spectrum we can build a hodgepodge OS much the way cPanel has done with its own OpenSSL build for TLSv1.3 in Apache under CentOS 7 (C8 was first to officially support TLSv1.3). "Frankenservers" create proprietary dependency webs that are cumbersome without the same rigorous testing procedure as what Red Hat can deliver. ApisCP relies on system packages, sometimes backporting newer releases in their pristine form if needed. A rolling release model affords a continual feed of new technology without surgical extraction.
Having quicker releases coupled with the engineering talent of Red Hat also allows for fixes and features to be woven into a stable OS faster, which in turn could allow Red Hat to catch up with Canonical for emerging tech. To note, ApisCP runs non-standard: Apache, Postfix, Dovecot, PHP, MySQL, PostgreSQL, Node, Python, and Ruby packages because RHEL lags so far behind these vital components. Reseller support, set to launch Q1 2021, will utilize project quotas in xfs + cgroupv2 subtrees for online enforcement of overselling. Compared with periodic offline accounting in cPanel, this provides an OS-enforced non-preemptive limit on resource consumption. This technology wasn't stable/possible in CentOS 7. Faster release cycles help us build better technology so long as the software remains stable; that's the goal of Fedora.
Could IBM sunset CentOS? No, it's too valuable to them as an intermediary between Fedora and RHEL. As a peer to RHEL, CentOS delivers a worse value proposition than if it becomes a springboard to RHEL. Moreover, lest we forget that Red Hat is still comprised of GPL/BSD/MIT licensed software and Gregory Kurtzer, the original founder of CentOS, looks to be firing up his engine to create another RHEL derivative.
Lastly, let’s play the other angle that it is a catastrophe in 6 months with little hope to salvage CentOS' future. Assuming worst case, I’ll shunt development and assess alternative distributions in June to position ApisCP 4.0 on a new distro. Knowing what uncertainty lies ahead, development over the next 6 months will take into consideration the possibility of a new distro as well as ramping up E2E testing on CentOS 8 Stream platforms so I have a clearer picture as June approaches.
To be continued.
Update: Gregory Kurtzer's new RHEL derivative will be called Rocky Linux.