Merge pull request #3355 from ferricoxide/Issue_3353

Add a note on how to adapt to discontinuation of "live" repos for CentOS Stream distos
plus3it · Jun 6, 2024 · 0dd504b · 0dd504b
2 parents a4a0e32 + 42d5836
commit 0dd504b
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 6 deletions.
diff --git a/docs/CentOS-Stream.md b/docs/CentOS-Stream.md
@@ -0,0 +1,36 @@
+```{eval-rst}
+.. image:: images/cropped-plus3it-logo-cmyk.png
+   :width: 140px
+   :alt: Powered by Plus3 IT Systems
+   :align: right
+   :target: https://www.plus3it.com
+```
+<br>
+
+# CentOS Stream Discontinuation Notes
+
+With the CentOS maintainers having discontinued CentOS Stream 8 at the end of
+May of 2024, access to security-update and feature content is no longer
+available within the repositories activated by default in templates and systems
+deployed prior to that date. As a result, hardening-operations that require the
+installation of either additional packages or updates to already-installed
+packages will fail. This may be worked around by deactivating the standard
+repositories and creating "vault" repositories from them. This may be done with
+a quick script like:
+
+```
+# (
+  cd /etc/yum.repos.d &&
+  for RepoFile in CentOS-Stream-{BaseOS,AppStream,Extras{,-common},HighAvailability,NFV,PowerTools,RealTime,ResilientStorage}.repo
+  do
+    sed -e '/^mirrorlist/s/^/##/' \
+        -e '/baseurl=/s/^#*//' \
+        -e '/baseurl=/s/mirror\.centos\.org/vault.centos.org/' \
+        -e '/\[/s/^\[/&vault-/' \
+        -e '/^name/s/$/ (Vault)/' \
+      "${RepoFile}" > "${RepoFile//.repo/-Vault.repo}"
+  done
+)
+# dnf config-manager --save --set-disabled appstream baseos extras
+# dnf config-manager --save --set-enabled vault-{appstream,baseos,extras}
+```
diff --git a/docs/faq.md b/docs/faq.md
@@ -81,15 +81,11 @@ page for a list of all supported operating systems.
 
 ## Does watchmaker support Enterprise Linux 8?
 
-Watchmaker is supported on RedHat 8, CentOS 8 Stream, and Oracle Linux 8. See the
+Watchmaker is supported on RedHat 8, CentOS Stream 8, and Oracle Linux 8. See the
 [index](index) page for a list of all supported operating systems.
 
-## Does watchmaker support Enterprise Linux 9?
+Also: See CentOS Stream deprecation [notes](CentOS-Stream.md)
 
-As of today's date (2024-04-10), watchmaker's hardening-modules do not yet
-support Enterprise Linux 9 or related distros. This is currently a
-to-be-started project-task. Action on support for Enterprise Linux 9-based
-distros can be tracked through [ash-linux-formula issue #496](https://github.com/plus3it/ash-linux-formula/issues/496).
 
 ## How can I exclude salt states when executing watchmaker?
 

diff --git a/docs/index.md b/docs/index.md
@@ -45,6 +45,7 @@ findings/index.md
 api.md
 contributing.md
 changelog.md
+CentOS-Stream.md
 ```
 
 ## Supported Operating Systems