Greetings from the mirror-management department! This notice is for those who employ some sort of an automation to download AltArch (ie. aarch64, armhfp, i386, power9, ppc64, ppc64le) CentOS 7 .iso/.raw.xz images from Those using a regular browser to download these images are not particularly affected, and you can continue to the next post on this blog.

Previously, only main architecture .iso image downloads from were redirected to, which then displayed the user a list of nearby external mirrors. We will shortly extend this configuration to cover AltArch image downloads as well, ie. direct AltArch image downloads from will no longer be possible. will still serve .rpm downloads for all architectures as before.

There are three reasons for the change. First, to save bandwidth from nodes directly managed by the CentOS Project. Most of these hosts are also used for seeding the 600+ external mirrors we have. By directing some of that .iso download traffic to external mirrors we can offer faster sync speeds for those external mirrors, and for people downloading individual rpms from Second, most of those external mirrors offer faster download speeds to end users than what could be achieved by downloading from, so the users will benefit from this change as well. Finally, because there are much more external mirrors than  nodes, it is likely that your bits will need to travel a shorter path, conserving bandwidth globally.

The above change will be implemented some time between the releases of RHEL 7.6 and CentOS 7.6.18xx, so that external mirrors syncing CentOS 7.6.18xx content would not need to fight for bandwidth between AltArch .iso downloaders.

The other change, which has already been implemented, is related to how behaves when accessed with curl or wget. If you now do a wget, isoredirect will notice that you are trying to download the file and will redirect the request to the nearest external mirror. If you access the same URL with a regular browser, you will see a list of nearby mirrors from which you can pick your favourite mirror. wget will follow redirects by default, but curl needs a --location switch to follow redirects. If a filename is not specified, you will get a list of mirrors regardless of the browser used.

So, combining the effects of the above two changes: If you currently use some sort of a script that downloads AltArch .iso images from, those requests will soon be served by external mirrors instead of In the case of wget you will only see one additional request and you probably don't need to change anything. If you use curl, you must add the --location switch to curl to follow the redirect issued by If you want to eliminate one redirect, you can change to in your script. The rest of the URL is the same, ie. /altarch/<release>/isos/<arch>/<filename.iso or .raw.xz>

As an aside, even though nodes are managed by the CentOS Project, those servers and their hosting are donations from various organizations. If you think your organization could donate an additional server to share the load and to give us better geographical coverage, please see

If you have questions or concerns regarding this change, please let me know. Thanks!

It's been over a year since we published anything about the CentOS Community Container Pipeline. Many interesting things have happened during the past year, many things have changed and there's a complete shift in the architecture of the service that's was rolled out over the last weekend.

Wait, I've never heard of this project

If this is the first time you're hearing about CentOS Community Container Pipeline project, it would be best to refer this blog post, or the GitHub repo of the project, or the wiki page. But to put it in short, the service does below things:

  • Pre-build the artifacts/binaries to be added to the container image
  • Lint the Dockerfile for adherence to best practices
  • Build the container image
  • Scan the image for:
    • available RPM updates
    • updates for packages installed via other package managers:
      • npm
      • pip
      • gem
    • Verify RPM installed files and binaries for integrity
    • point out capabilities of container created from the resulting image by examining RUN label in its Dockerfile
  • Weekly scanning of the container images using above scanners
  • Automatic rebuild of container image when the git repo is modified
  • Parent-child relationship between images to automatically trigger rebuild of child image when parent image gets updated
  • Repo tracking to automatically rebuild the container image in event of an RPM getting updated in any of its configured repos (not available yet in new architecture)
  • A UI that lists all the container images built with the service at

How did the old system work?

When we talked about the project at '18, we received a positive response from the audience. However, at that time, we knew that our service couldn't handle more build requests and on-boarding more community projects would be counter-productive when our backend didn't have the ability to serve those requests.

Old implementation of the service had a lot of plumbing. There are workers written for most of the features mentioned above.

  • Pre-build happened on CentOS CI (ci.c.o) infrastructure.
  • Lint worker ran as a systemd service.
  • Build worker ran as a standalone container and triggered a build in an OpenShift cluster.
  • Scan worker ran as a systemd service and used atomic scan to scan the containers. This in turn spun up a few containers which we needed to delete along with their volumes to make sure that host system disk doesn’t get filled up.
  • Weekly scanning was a Jenkins job that checked against container index, and underlying database of the service before triggering a weekly scan
  • Repo tracking was a Django project and heavily relied on database which we almost always failed to successfully migrate whenever the schema was changed. That's our shortcoming, not Django's. All these heterogeneous pieces talked through beanstalkd.

Everything was spread across different hosts and we were using really huge Ansible playbooks to bring up the service. A fresh deployment took 30 minutes on an average. Testing any change in dev environment would require us to do a redeployment of the service which took another 15 minutes on an average. Deploying and maintaining this service was quite a pain!

What did we do about these problems?

Since long time we were discussing about developing our service on top of OpenShift. Then, at some point, we read about OpenShift Pipeline and found it interesting. We took the plunge and came up with a proof of concept implementation of CentOS Community Container Pipeline on top of OpenShift OKD using Minishift. Results were exciting! We were able to do parallel builds of container image, Jenkins Pipelines orchestrated the flow really well, build times were faster, we didn't need to use beanstalkd at all and, most importantly, there was very less code written to get things done!

With the POC in place, we went ahead with developing more tangible service on top of a real OpenShift cluster instead of developing on top of Minishift. What used to be individual workers doing their thing in old system is now pretty much all inside OpenShift Pipeline.

We now have an OpenShift Pipeline for every project on CentOS Container Index that does Pre-build, Dockerfile lint, container image build, scan the container image and push it to external registry; all from a single container! We have another OpenShift Pipeline for every project to do their weekly scans. So instead of having five workers to do these tasks and communicate with each other via beanstalkd, we have orchestrated things through OpenShift Pipelines.

What are we working on now?

We don't have Repo tracking implemented in the new architecture yet. We don't have a UI for the users to take a look at their build logs or weekly scan logs either. We're initially focusing on getting the UI for logs up and then we will start working on Repo tracking.  We are also working on setting up a CI job that tests core parts of the service on Minishift so that anyone willing to take the service for a spin should literally be able to do it on a Minishift VM!

Let us know your thoughts!

This project is solely focused on making things easier for open-source projects and its developers. If you are working on an open-source project that's building on top of CentOS, we would like to know your thoughts. If you need help getting started, you can contact us on IRC (#centos-devel on Freenode) or take a look at project documentation.

Dharmit Shah (dharmit on #centos-devel IRC)

We are pleased to announce new official Vagrant images of CentOS Linux 6.9 and CentOS Linux 7.5.1804 for x86_64 (based on the sources of RHEL 7.5). All included packages have been updated to September 30th, 2018.

Notable Changes

  1. The images now use the ext4 filesystem, instead of XFS. We have been getting unbootable images due to XFS corruption over the last few months (the journal appears to be zeroed out, for reasons we do not yet understand). This is why we haven't had any monthly releases since May - I'm still looking into what happens.
  2. The images now use a single partition, swapping into a preallocated 2GB file. This makes resizing the partition and/or swap easier than it was before, with separate partitions inside LVM.
  3. The CentOS Linux 7 image comes with open-vm-tools preinstalled, enabling it to work with VMware ESXi.

Known Issues

  1. The VirtualBox Guest Additions are not preinstalled; if you need them for shared folders, please install the vagrant-vbguest plugin and add the following line to your Vagrantfile:
    config.vm.synced_folder ".", "/vagrant", type: "virtualbox"

    We recommend using NFS instead of VirtualBox shared folders if possible; you can also use the vagrant-sshfs plugin, which, unlike NFS, works on all operating systems.

  2. Since the Guest Additions are missing, our images are preconfigured to use rsync for synced folders. Windows users can either use SMB for synced folders, or disable the sync directory by adding the line
    config.vm.synced_folder ".", "/vagrant", disabled: true

    to their Vagrantfile, to prevent errors on "vagrant up".

  3. Installing open-vm-tools is not enough for enabling shared folders with Vagrant’s VMware provider. Please follow the detailed instructions in
  4. Some people reported "could not resolve host" errors when running the centos/7 image for VirtualBox on Windows hosts. We don't have access to any Windows computer, but some people reported that adding the following line to the Vagrantfile fixed the problem:
    vb.customize ["modifyvm", :id, "--natdnshostresolver1", "off"]

Recommended Setup on the Host

Our automatic testing is running on a CentOS Linux 7 host, using Vagrant 1.9.4 with vagrant-libvirt and VirtualBox 5.1.20 (without the Guest Additions) as providers. We strongly recommend using the libvirt provider when stability is required.


The official images can be downloaded from Vagrant Cloud. We provide images for HyperV, libvirt-kvm, VirtualBox and VMware.

If you never used our images before:

vagrant box add centos/6 # for CentOS Linux 6, or...
vagrant box add centos/7 # for CentOS Linux 7

Existing users can upgrade their images:

vagrant box update --box centos/6
vagrant box update --box centos/7

Verifying the integrity of the images

The SHA256 checksums of the images are signed with the CentOS 7 Official Signing Key. First, download and verify the checksum file:

$ curl -o sha256sum.txt.asc
$ gpg --verify sha256sum.txt.asc

Once you are sure that the checksums are properly signed by the CentOS Project, you have to include them in your Vagrantfile (Vagrant unfortunately ignores the checksum provided from the command line). Here's the relevant snippet from my own Vagrantfile, using v1803.01 and VirtualBox:

Vagrant.configure(2) do |config| = "centos/7"

  config.vm.provider :virtualbox do |virtualbox, override|
    virtualbox.memory = 1024
    override.vm.box_download_checksum_type = "sha256"
    override.vm.box_download_checksum = "b24c912b136d2aa9b7b94fc2689b2001c8d04280cf25983123e45b6a52693fb3"
    override.vm.box_url = ""


If you encounter any unexpected issues with the Vagrant images, feel free to ask on the centos-devel mailing list, or in #centos on Freenode IRC.


I would like to warmly thank Brian Stinson, Fabian Arrotin and Thomas Oulevey for their work on the build infrastructure, as well as Patrick Lang from Microsoft for testing and feedback on the Hyper-V images. I would also like to thank the CentOS Project Lead, Karanbir Singh, without whose years of continuous support we wouldn't have had the Vagrant images in their present form.

I would also like to thank the following people (in alphabetical order):

  • Graham Mainwaring, for helping with tests and validations;
  • Michael Vermaes, for testing our official images, as well as for writing the detailed guide to using them with VMware Fusion Pro and VMware Workstation Pro;
  • Kirill Kalachev, for reporting and debugging the host name errors with VirtualBox on Windows hosts.

Dear CentOS enthusiast,

Here's what's been happening in the past month at CentOS

Releases and Updates

The following releases and updates happened in Setember. For each update, the given URL provides the notes about the change.

Errata and Enhancements Advisories

We issued the following CEEA (CentOS Errata and Enhancements Advisories) during September:

Errata and Security Advisories

We issued the following CESA (CentOS Errata and Security Advisories) during September:

Errata and Bugfix Advisories

We issued the following CEBA (CentOS Errata and Bugfix Advisories) during September:

Blog posts and news

If you're not watching the CentOS blog, you may be missing our periodic updates there. I'd like to particularly draw attention to two recent posts:

EPEL for armhfp - Pablo Greco posted about the work on armhfp in the EPEL repository.

New CentOS Pastebin Instance - John R. Dennison posted about the new CentOS pastebin, and the more modern functionality that comes with it.

If you'd like to post on the CentOS blog about work you're doing around the CentOS community, please don't hesitate to contact me directly, at

SIG Updates

SIGs - Special Interest Groups - are where people work on the stuff that runs on top of CentOS. Here's some of the highlights from a few of our SIGs from the past month

Cloud SIG

The RDO project and the Cloud SIG participated in the OpenStack PTG (Project Teams Gathering) last month in Denver, and we anticipate seeing the interviews from that event start coming to the RDO YouTube channel in the coming weeks. They'll also be participating in the upcoming SIG day ahead of the CERN Dojo in October.


In September, we had a table at ApacheCon in Montreal, Canada. CentOS is a platform which many open source projects use for development and testing, and the Apache community of projects is no exception. We had visits from representatives from several Apache projects, and talked about the CentOS CI infrastructure, and our SIGs.

October 12-13: In 2 weeks, CentOS will be sponsoring Ohio LinuxFest in Columbus, Ohio. OLF is an annual gathering of Linux and Open Source enthusiasts from Ohio and the greater Ohio Valley area. We are looking forward to conversations with attendees. If you'd like to volunteer some time to work the CentOS table, please contact me - - to volunteer. Ohio LinuxFest will be held October 12-13 at the Hyatt Regency Columbus.

October 19th: In the third week of October, we'll be gathering at CERN for the annual CERN CentOS Dojo. Details and the event schedule are available on the event website. The event is free to attend, but you must register, in order to get through security at the front desk. That's October 19th at CERN!

October 22-24: CentOS will also have a presence at the Open Source Summit, in Edinburgh, Scotland. Drop by the Red Hat booth for all your CentOS sticker needs.

October 29-31: Finally, we'll also be at LISA/Usenix in Nashville, in the last week of October.

We look forward to meeting you at any or all of these venues!

Contributing to CentOS Pulse

We are always on the look-out for people who are interested in helping to:

  • report on CentOS community activity
  • provide a report from the SIG on which you participate
  • maintain a (sub-)section of the newsletter
  • write an article on an interesting person or topic
  • provide the hint, tip or trick of the month

Please see the page with further information about contributing. You can also contact the Promotion SIG, or just email Rich directly ( with ideas or articles that you'd like to see in the next newsletter.

After many years of excellent service by the Oregon State University Open Source Lab the CentOS Project has decided to migrate our web-based pastebin instance to a self-hosted platform running on our infrastructure.  This has provided us the opportunity to move to a different solution based on the Stikked pastebin server which is a more modern solution with a number of features we felt would best benefit our user communities:

  • Encrypted pastes
  • Direct paste replies along with a 'diff' feature which we believe useful for developer collaboration
  • Burn on reading / immediate expiry on view
  • Anti-spam features
  • And a number of behind-the-scenes improvements

The web interface is available at and from there you can paste content directly into the provided web form and optionally add your name or a paste title and even select the language of the paste if you wish the contents to be syntactically colored when displayed.  You are able to select a number of time periods for the paste's lifetime from the dropdown selection and may opt to have the paste delete itself on view, so called "burn on view".  The option also exists to encrypt your paste if you wish.  After you submit the form you can share the resulting URL with others.

Additionally we've made a command line client, cpaste, available to enable pasting directly from your servers / desktops to our pastebin instance.  This client is based on the Stikkit client by Petr Bena.  This package is in our "extras" repository and can be installed with:

yum --enablerepo=extras install cpaste

Usage information can be retrieved with:

cpaste --help

Examples illustrating how to how the command line client:

Paste a file directly to our server:

cpaste ~/problem.txt

Paste a python code snippet with a title of "code snippet" and an author name of "John Q. Public"

cpaste -l python -t "code snippet" -a "John Q. Public" -i ~/src/project/

Paste the standard output of a process and return only the paste's url:

~/bin/process | cpaste -s

One notable difference between the new and old instances is that the new instance supports paste lifetimes of up to one day only.

We hope you find the new service useful.

We would also like to thank OSUOSL for providing the old pastebin instance for the past many years.

The following CentOS Updates have been announced in the past week:

For timely notifications of releases, updates, and security advisories, subscribe to the CentOS-announce mailing list.

A few weeks ago, Fabian passed me the torch in our quest for a fully working EPEL rebuild for armhfp, that included access to the builders, the build system manager and a blind, unfunded trust that I wasn't going to break anything.

The plan up to that point was, "if it builds, great, if it doesn't, someone will have to fix it". Enter someone (me) completely clueless of what needed to be done and what I needed to know to actually do it.

Having absolutely no idea where to start, I decided to use repodiff against x86_64, to see if something really jumped at me and said "START HERE!!!!", but all it did was inform me of the hard truth, there were approximately 600 packages that were failing. I needed a quick win and an ego boost, and seeing that cinnamon was only missing a few rpms, I decided to start there.

A few days go by, the list keeps shrinking, I get a brutal fight to the death trying to bootstrap ghc, and finally I see the light at the end of the tunnel. With about 100 packages remaining, I start thinking that our plan wasn't that crazy after all.

Now, the list is 10 rpms long, and it is time to start testing everything. Since I have absolutely no idea what most of the packages that were built actually do, I have no way of testing, so please, install, test, break, fix and, most of all, report back.

If you already installed CentOS (and activated EPEL) using the instructions here, you should have everything you need to start hacking!!

Thanks for testing!

On February 1, 2019, we'll be holding our annual CentOS Dojo in Brussels, on the day before FOSDEM starts.

FOSDEM, as you probably know, is the annual Free and Open Source Developers European Meeting in Brussels - two days of presentations, projects, and hallway meetings with new and old friends.

For the last several years, CentOS has held a small meetup on the Friday before FOSDEM, and this year we'll once again be at the Marriott Grand Place, just a 3 minute walk from Grand Place in central Brussels. We'll have two tracks of CentOS-related content, and lots of space and time to meet other people in the CentOS community.

If you'd like to be on stage at this event, consider submitting a presentation here:

The call for presentations closes October 15th, 9am Eastern US time.

(A note from Brian Stinson, from the CI team.)

Some of you may know that the CentOS Community Build System, and CentOS CI Infrastructures are hosted in Raleigh, North Carolina.

I wanted to take this opportunity to let all of you know that outages are possible (but not expected) in the coming days as Hurricane Florence makes its way toward the US East coast. We are confident in the precautions taken by our datacenter vendor, and in the preparedness plans by our DC operations team.

If there happen to be outages, we will work to get things back as soon as we can.


Dear CentOS enthusiast,

Here's what's been happening in the past month at CentOS

Releases and Updates

The following releases and updates happened in August. For each update, the given URL provides the upstream notes about the change.


We're pleased to announce the following releases in August:

Errata and Enhancements Advisories

We issued the following CEEAs (CentOS Errata and Enhancement Advisory) during August:

Errata and Security Advisories

We issued the following CESAs (CentOS Errata and Security Advisory) during August:

Errata and Bugfix Advisories

We issued the following CEBAs (CentOS Errata and Bugfix Advisory) during August:

SIG Updates

SIGs - Special Interest Groups - are where people work on the stuff that runs on top of CentOS. Here's some of the highlights from a few of our SIGs from the past month

Platform as a Service (PaaS) SIG

  • Origin 3.10 released, work on 3.11 is in progress
  • Introducing fkluknav as new SIG member
  • Discussing consuming Ansible RPMs from the Config Management SIG
  • Ricardo Martinelli presented at the CentOS Dojo at (video, slides)


  • dpdk 17.11 is in buildlogs
  • vpp 17.10 is in buildlogs
  • OpenVswitch 2.9.2 is in buildlogs

Virtualization SIG

  • Switching to Xen 4.8
  • Xen 4.10 is available in testing

SIG Reporting

If your SIG wants a report to appear in the newsletter, send your report to the centos-devel mailing list with a subject line containing "XYZ SIG Report" (where "XYZ" is the name of your SIG), and we'll include it in upcoming newsletters.

SIG meeting minutes may be read in full in the MeetBot IRC archive.


CentOS participates in many events, in various capacities, in order to build our local communities all over the world.


In August, we were at three large events:

On August 4th through 5th, was held in Bengaluru, India, and CentOS was there, sharing space with Fedora. DevConf is an annual developers conference which is held in three different locations around the world.

Speaking of which, later in the month we also were at DevConf.US in Boston. This was the first DevConf in North America, and we were delighted to be there.

In addition to the main event, we ran a Dojo on the day before, with presentations covering a wide range of topics. The videos from all of the presentations at the event are now on our YouTube channel.

And, in the last week of August, we were at Open Source Summit North America in Vancouver. OSSummit is a great event in that we get a lot of people that may be either new to Linux, or at least to CentOS, and so we have the chance to teach them. But there's also representation from a huge range of industries, and so we get to learn about how CentOS is being used in many different applications.

(If you have photos from any of these events, please consider adding them to the CentOS group on Flickr.)


September looks pretty quiet on the events front (please tell me if you know of any relevant events!), but in October we have two great events.

First, we have the CentOS Dojo at CERN, on October 19th. This is a full day of CentOS technical talks at the legendary CERN facility in Meyrin, Switzerland. Like last year, there's an emphasis on cloud computing, but other topics are also covered. The schedule is published, and registration is open!

The following week, we'll be in Edinburgh for the Open Source Summit Europe. That's a week-long event covering a wide range of technical content around Linux and open source.

We hope to see you there!

Contributing to CentOS Pulse

We are always on the look-out for people who are interested in helping to:

  • report on CentOS community activity
  • provide a report from the SIG on which you participate
  • maintain a (sub-)section of the newsletter
  • write an article on an interesting person or topic
  • provide the hint, tip or trick of the month

Please see the page with further information about contributing. You can also contact the Promotion SIG, or just email Rich directly ( with ideas or articles that you'd like to see in the next newsletter.