Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

 
alt

Daniel Nashed

 

First look at CentOS Stream 9

Daniel Nashed  16 October 2021 09:38:44

CentOS Stream is the distribution which will be the next RedHat enterprise version.
RedHat is working on CentOS Stream 9 -- At the same time CentOS Stream 8 continues to be the stable release CentOS 8 used to be.

Updating to major new software versions is not happening inside a code stream.
So when you look into CentOS 7 you see for example a very old major version of OpenSSL.

CentOS 8 is on OpenSSL 1.1.1 -- which is the current version also Domino is using.

Domino is not depending on the OpenSSL version installed, because it installs it's own version into the Domino program directory.
So even on older CentOS version, Domino uses a more current version of OpenSSL-- As long you keep your Domino servers updated!!

Keeping software up to date!
Also other software installs their own version of OpenSSL. And this is often problematic.
Software installing their own version of OpenSSL will not benefit from security patches on OS level!
I have seen some pretty old versions of OpenSSL for some other software!
This is sometimes because admins don't update the software and sometimes also because the vendor bundles a pretty old OpenSSL version!


OpenSSL 3.0

OpenSSL 3.0 just shipped recently with important changes but good compatibility for existing software.
Still there is some work to adopt this new major version! Usually you can't just recompile and you are done.
This will be a major shift of the next version of Linux! So I was very interested to see the current state.

CentOS Stream 9 install on Docker
There are no ISO images for CentOS Stream 9 yet, but they have a Docker image, which makes the installation on an existing machine easier.
I just downloaded the current development Stream 9 version and took a look into the software they use.

You can see some output below from curl that the software is already adopted OpenSSL 3.0.

Looks like this is my new test bed for OpenSSL development now!
Before I have been testing my own application by compiling and installing OpenSSL 3.0 on my CentOS Stream 8 VM.


CentOS Stream 9

On my PhotonOS VM I just ran a new container to get my hands on the latest version.
And quickly checked out the software I am mostly interested in...

docker run -it --rm --name centos-stream9-dev quay.io/centos/centos:stream9-development bash

OpenSSL

openssl version
OpenSSL 3.0.0 7 sep 2021 (Library: OpenSSL 3.0.0 7 sep 2021)

Curl

curl --version
curl 7.76.1 (x86_64-redhat-linux-gnu) libcurl/7.76.1 OpenSSL/3.0.0 zlib/1.2.11 brotli/1.0.9 libidn2/2.3.0 libpsl/0.21.1 (+libidn2/2.3.0) libssh/0.9.6/openssl/zlib nghttp2/1.43.0
Release-Date: 2021-04-14
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli GSS-API HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP UnixSockets

NGINX

ldd /usr/sbin/nginx
        linux-vdso.so.1 (0x00007ffdbeb80000)
        libcrypt.so.2 => /lib64/libcrypt.so.2 (0x00007fd00445f000)
        libpcre.so.1 => /lib64/libpcre.so.1 (0x00007fd0043e7000)
        libssl.so.3 => /lib64/libssl.so.3 (0x00007fd004342000)
        libcrypto.so.3 => /lib64/libcrypto.so.3 (0x00007fd003f19000)
        libz.so.1 => /lib64/libz.so.1 (0x00007fd003eff000)
        libc.so.6 => /lib64/libc.so.6 (0x00007fd003cf5000)
        /lib64/ld-linux-x86-64.so.2 (0x00007fd0045ff000)


Domino 12.0.1 Beta 2

Of course Domino 12 isn't supported on a not yet released Linux distribution.
But I gave it a quick try with my new one touch Domino install.
Because I could not find any CentOS Stream 9 ISO yet, I am using PhotonOS 4. which comes with a Linux kernel 5.

The installer correctly detects the version of the kernel and the Linux version, but installs and runs :-)

No this isn't something to try at home. It is just a quick look into the future.
I will keep my eye on the first CentOS Stream 9 ISO images to download and will install a VM for testing. But this is clearly just a preview.


WARNING: Running Domino with a kernel at version 5 has NOT been tested by HCL!
WARNING: The operating system CentOS Stream 9 has NOT been tested by HCL!


Conclusion

This isn't something to look into this year. But is already looks promising.
I will keep my eye on what is happening and will probably give it a closer look once the first ISOs are around.
But this really looks good at first glance!




Links

    Archives


    • [HCL Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]