RIPE Atlas Anchor Operating System Upgrade
Dear colleagues, RIPE Atlas anchors are scheduled for an Operating System (OS) upgrade soon since the current OS will reach its end-of-life on 30 June 2024 [1]. We are currently implementing and testing the necessary changes to support a smooth transition to the new OS without service interruption. Consequently, all live anchors will be upgraded by 31 August 2024. During this period, anchors will run on an outdated OS for a couple of months, but we do not anticipate any security issues here. For the few outward-facing services or lower-level software (such as the kernel) running on anchors, we will provide backports of necessary packages. If needed, we will shut down affected services or the anchor until the upgrade is complete. Due to this upgrade process, we have now paused applications for new anchors. New applications will resume from 15 July 2024 with anchors that will be provisioned with the new OS. If you have any questions please email gii-requests@ripe.net. Kind regards, Paul de Weerd RIPE NCC [1] https://www.redhat.com/en/topics/linux/centos-linux-eol
Dear colleagues, As shared in June, we’re currently working on upgrading the RIPE Atlas anchors to a newer operating system. We had aimed at having all live anchors upgraded by 31 August 2024, but have run into some issues that we want to tell you about. As of 31 August, all anchors that are online and meet the criteria for an upgrade, have been upgraded i.e. 478 anchors. However, we have been unable to upgrade the remaining anchors due to the following reasons: 27 anchors operate on Soekris hardware that cannot be upgraded due to a CPU limitation. 130 anchors are running on virtual machines with the same CPU limitation. We will be able to update these anchors remotely once their hosts update their configuration to match the current anchor requirements. Approximately 230 anchors have been offline for at least the duration of the upgrade window. These anchors will eventually be decommissioned if the hosts remain unresponsive. —----------- V2 Soekris Anchors —----------- Anchors using the v2 Soekris hardware cannot be upgraded as they do not support the new operating system for anchors, Oracle Linux 9, built for the x86_64-v2 microarchitecture. More information about the new RIPE Atlas anchor operating system is available here: https://developers.redhat.com/blog/2021/01/05/building-red-hat-enterprise-li... We have contacted all v2 Soekris anchor hosts to ask them to switch to alternatives. If you are a v2 anchor host, please reach out to us so that we can help you transition to a virtual machine anchor or to new hardware. As the v2 anchors using Soekris are not able to run Oracle Linux 9, we will decommission any remaining v2 anchors on 1 November 2024. —----------- VM Anchors —----------- These anchors cannot be remotely upgraded without changes to their configuration. We therefore ask all anchor hosts running VMs to ensure their VMs meet the current requirements, so we can proceed with upgrading the anchors: https://atlas.ripe.net/docs/howtos/installing-atlas-anchor.html#virtual-mach... We will be reaching out to hosts of anchors with specific issues preventing the remote upgrade to unblock the process, or provide installation images the hosts can use to complete the upgrade instead. If we do not receive a reply, they will also be decommissioned from 1 November 2024. Anchors that are unreachable or that have existing issues cannot be upgraded by us remotely. If your anchor is offline and you would like to continue hosting it, we ask that you get in touch with us to avoid having your anchor decommissioned. If you have any questions please get in touch with us at gii-requests@ripe.net. Kind regards, Paul de Weerd RIPE NCC On Thu, 27 Jun 2024 at 15:46, Paul de Weerd <pdeweerd@ripe.net> wrote:
Dear colleagues,
RIPE Atlas anchors are scheduled for an Operating System (OS) upgrade soon since the current OS will reach its end-of-life on 30 June 2024 [1].
We are currently implementing and testing the necessary changes to support a smooth transition to the new OS without service interruption. Consequently, all live anchors will be upgraded by 31 August 2024.
During this period, anchors will run on an outdated OS for a couple of months, but we do not anticipate any security issues here. For the few outward-facing services or lower-level software (such as the kernel) running on anchors, we will provide backports of necessary packages. If needed, we will shut down affected services or the anchor until the upgrade is complete.
Due to this upgrade process, we have now paused applications for new anchors. New applications will resume from 15 July 2024 with anchors that will be provisioned with the new OS.
If you have any questions please email gii-requests@ripe.net.
Kind regards,
Paul de Weerd RIPE NCC
Hi Paul, thank you for your effort, and also thanks a lot for the transparency! Since the anchors are managed by the RIPE Atlas Team: can you tell us if virtual anchors have Open VM Tools (for ESXi) or QEMU Guest Agents (for KVM) installed by default, so that Hosts can shut down virtual anchors gracefully, in case of a maintenance? If i remember correctly, the tools/agents were not installed by default, for the previous CentOS based virtual anchors. Do we have to request manual installation by you again, after the upgrade to Oracle Linux 9? Thanks, Simon On 02.09.24 16:40, Paul de Weerd wrote:
Dear colleagues,
As shared in June, we’re currently working on upgrading the RIPE Atlas anchors to a newer operating system. We had aimed at having all live anchors upgraded by 31 August 2024, but have run into some issues that we want to tell you about.
As of 31 August, all anchors that are online and meet the criteria for an upgrade, have been upgraded i.e. 478 anchors. However, we have been unable to upgrade the remaining anchors due to the following reasons:
27 anchors operate on Soekris hardware that cannot be upgraded due to a CPU limitation. 130 anchors are running on virtual machines with the same CPU limitation. We will be able to update these anchors remotely once their hosts update their configuration to match the current anchor requirements. Approximately 230 anchors have been offline for at least the duration of the upgrade window. These anchors will eventually be decommissioned if the hosts remain unresponsive.
—----------- V2 Soekris Anchors —----------- Anchors using the v2 Soekris hardware cannot be upgraded as they do not support the new operating system for anchors, Oracle Linux 9, built for the x86_64-v2 microarchitecture. More information about the new RIPE Atlas anchor operating system is available here: https://developers.redhat.com/blog/2021/01/05/building-red-hat-enterprise-li...
We have contacted all v2 Soekris anchor hosts to ask them to switch to alternatives. If you are a v2 anchor host, please reach out to us so that we can help you transition to a virtual machine anchor or to new hardware. As the v2 anchors using Soekris are not able to run Oracle Linux 9, we will decommission any remaining v2 anchors on 1 November 2024.
—----------- VM Anchors —----------- These anchors cannot be remotely upgraded without changes to their configuration. We therefore ask all anchor hosts running VMs to ensure their VMs meet the current requirements, so we can proceed with upgrading the anchors: https://atlas.ripe.net/docs/howtos/installing-atlas-anchor.html#virtual-mach...
We will be reaching out to hosts of anchors with specific issues preventing the remote upgrade to unblock the process, or provide installation images the hosts can use to complete the upgrade instead. If we do not receive a reply, they will also be decommissioned from 1 November 2024.
Anchors that are unreachable or that have existing issues cannot be upgraded by us remotely. If your anchor is offline and you would like to continue hosting it, we ask that you get in touch with us to avoid having your anchor decommissioned.
If you have any questions please get in touch with us atgii-requests@ripe.net.
Kind regards,
Paul de Weerd RIPE NCC
On Thu, 27 Jun 2024 at 15:46, Paul de Weerd<pdeweerd@ripe.net> wrote:
Dear colleagues,
RIPE Atlas anchors are scheduled for an Operating System (OS) upgrade soon since the current OS will reach its end-of-life on 30 June 2024 [1].
We are currently implementing and testing the necessary changes to support a smooth transition to the new OS without service interruption. Consequently, all live anchors will be upgraded by 31 August 2024.
During this period, anchors will run on an outdated OS for a couple of months, but we do not anticipate any security issues here. For the few outward-facing services or lower-level software (such as the kernel) running on anchors, we will provide backports of necessary packages. If needed, we will shut down affected services or the anchor until the upgrade is complete.
Due to this upgrade process, we have now paused applications for new anchors. New applications will resume from 15 July 2024 with anchors that will be provisioned with the new OS.
If you have any questions please emailgii-requests@ripe.net.
Kind regards,
Paul de Weerd RIPE NCC
To unsubscribe from this mailing list or change your subscription options, please visit:https://mailman.ripe.net/mailman3/lists/ripe-atlas.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at:https://www.ripe.net/membership/mail/mailman-3-migration/
On Mon, 2024-09-02 at 17:16 +0200, Simon Brandt via ripe-atlas wrote:
Since the anchors are managed by the RIPE Atlas Team: can you tell us if virtual anchors have Open VM Tools (for ESXi) or QEMU Guest Agents (for KVM) installed by default, so that Hosts can shut down virtual anchors gracefully, in case of a maintenance?
This isn't necessary. ACPI-triggered shutdown in guests works just fine, and is enabled by default in every widely deployed hypervisor. -Rob
There are more advantages: - Generation of heartbeat from guest to host for vSphere HA solution to determine guest's availability. - Quiescing guest file systems to allow host to capture file-system-consistent guest snapshot/backup BR, Simon On 02.09.24 18:12, Rob Foehl wrote:
On Mon, 2024-09-02 at 17:16 +0200, Simon Brandt via ripe-atlas wrote:
Since the anchors are managed by the RIPE Atlas Team: can you tell us if virtual anchors have Open VM Tools (for ESXi) or QEMU Guest Agents (for KVM) installed by default, so that Hosts can shut down virtual anchors gracefully, in case of a maintenance? This isn't necessary. ACPI-triggered shutdown in guests works just fine, and is enabled by default in every widely deployed hypervisor.
-Rob
participants (3)
-
Paul de Weerd -
ripe.net@toppas.net -
Rob Foehl