Skip to content

Remove CentOS-specific code and assets#620

Merged
aramprice merged 1 commit into
ubuntu-jammyfrom
remove-centos-cleanup-jammy
Jun 10, 2026
Merged

Remove CentOS-specific code and assets#620
aramprice merged 1 commit into
ubuntu-jammyfrom
remove-centos-cleanup-jammy

Conversation

@neddp

@neddp neddp commented Jun 9, 2026

Copy link
Copy Markdown
Member

CentOS stemcells are no longer built, so this drops dead stages, assets, and code paths. Also removes the default_su_directive override (already removed on ubuntu-noble), which silently overrode the correct 'su root syslog' set globally in ubuntu-logrotate.conf.

@neddp
Remove CentOS-specific code and assets
b98e2b1 
CentOS stemcells are no longer built, so this drops dead stages,
assets, and code paths. Also removes the default_su_directive
override (already removed on ubuntu-noble), which silently overrode
the correct 'su root syslog' set globally in ubuntu-logrotate.conf.
@coderabbitai

coderabbitai Bot commented Jun 9, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 5203ec63-c2a3-4b42-9f5d-50f04c5471d4

📥 Commits

Reviewing files that changed from the base of the PR and between 8c989bc and b98e2b1.

📒 Files selected for processing (12)
  • bosh-stemcell/lib/shellout_types/service.rb
  • bosh-stemcell/spec/support/stemcell_shared_examples.rb
  • stemcell_builder/stages/bosh_audit_centos/apply.sh
  • stemcell_builder/stages/image_install_grub/apply.sh
  • stemcell_builder/stages/image_install_grub_efi/apply.sh
  • stemcell_builder/stages/image_install_grub_softlayer_two_partitions/apply.sh
  • stemcell_builder/stages/logrotate_config/apply.sh
  • stemcell_builder/stages/logrotate_config/assets/centos-logrotate.conf
  • stemcell_builder/stages/logrotate_config/assets/default_su_directive
  • stemcell_builder/stages/password_policies/assets/centos/password-auth.patch
  • stemcell_builder/stages/password_policies/assets/centos/system-auth.patch
  • stemcell_builder/stages/system_open_vm_tools/apply.sh
💤 Files with no reviewable changes (8)
  • stemcell_builder/stages/password_policies/assets/centos/password-auth.patch
  • stemcell_builder/stages/logrotate_config/apply.sh
  • stemcell_builder/stages/bosh_audit_centos/apply.sh
  • stemcell_builder/stages/logrotate_config/assets/centos-logrotate.conf
  • stemcell_builder/stages/system_open_vm_tools/apply.sh
  • stemcell_builder/stages/logrotate_config/assets/default_su_directive
  • stemcell_builder/stages/password_policies/assets/centos/system-auth.patch
  • bosh-stemcell/spec/support/stemcell_shared_examples.rb

Walkthrough

This PR removes CentOS as a supported Linux distribution from the BOSH Linux stemcell builder while enhancing security policies for remaining supported distributions. The changes include removing CentOS from distribution detection logic, eliminating CentOS-specific logrotate configuration assets and directives, updating PAM authentication and password policies with faillock and cracklib modules, and refreshing infrastructure documentation examples from CentOS to Ubuntu paths.

Suggested reviewers

  • mkocher
  • rkoster
🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
Description check ❓ Inconclusive The description explains the reasoning (CentOS stemcells no longer built) and covers key changes (removal of stages, assets, and the default_su_directive), but does not address the merge-forward strategy or branching guidance specified in the template. Consider referencing the merge-forward strategy from the template, such as indicating which branch this targets and whether subsequent merge-forward PRs are needed.
✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title 'Remove CentOS-specific code and assets' clearly and concisely summarizes the main objective of the pull request, which is demonstrated across all the file changes.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch remove-centos-cleanup-jammy

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@neddp neddp mentioned this pull request Jun 9, 2026
Merged
@github-project-automation github-project-automation Bot moved this from Inbox to Pending Merge | Prioritized in Foundational Infrastructure Working Group Jun 9, 2026
@aramprice aramprice requested a review from Copilot June 9, 2026 17:33
Copilot AI reviewed Jun 9, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Removes remaining CentOS-specific stages/assets and related code paths from the stemcell builder and test suite, reflecting that CentOS stemcells are no longer produced. It also drops the logrotate default_su_directive override so the globally configured su root syslog behavior is no longer silently replaced.

Changes:

  • Deleted CentOS-only stages and security/logrotate assets (PAM patches, logrotate config, CentOS audit stage).
  • Removed installation of /etc/logrotate.d/default_su_directive and the corresponding spec.
  • Updated distro detection and inline documentation examples to no longer mention CentOS.

Reviewed changes

Copilot reviewed 12 out of 12 changed files in this pull request and generated no comments.

Show a summary per file
File Description
stemcell_builder/stages/system_open_vm_tools/apply.sh Removes outdated CentOS-only installation note.
stemcell_builder/stages/password_policies/assets/centos/system-auth.patch Removes CentOS-only PAM patch asset.
stemcell_builder/stages/password_policies/assets/centos/password-auth.patch Removes CentOS-only PAM patch asset.
stemcell_builder/stages/logrotate_config/assets/default_su_directive Removes CentOS workaround that overrode the intended global su directive behavior.
stemcell_builder/stages/logrotate_config/assets/centos-logrotate.conf Removes CentOS-only logrotate configuration asset.
stemcell_builder/stages/logrotate_config/apply.sh Stops installing the removed default_su_directive file.
stemcell_builder/stages/image_install_grub/apply.sh Updates comment examples to use Ubuntu paths instead of CentOS.
stemcell_builder/stages/image_install_grub_softlayer_two_partitions/apply.sh Updates comment examples to use Ubuntu paths instead of CentOS.
stemcell_builder/stages/image_install_grub_efi/apply.sh Updates comment examples to use Ubuntu paths instead of CentOS.
stemcell_builder/stages/bosh_audit_centos/apply.sh Removes CentOS-specific audit stage script.
bosh-stemcell/spec/support/stemcell_shared_examples.rb Removes spec that asserted presence/content of default_su_directive.
bosh-stemcell/lib/shellout_types/service.rb Removes CentOS from distro allowlist used by service enablement checks.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

aramprice
aramprice approved these changes Jun 9, 2026
View reviewed changes

@aramprice aramprice left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, thank you for tackling this!

Wondering if we should also remove this test for rpm, or is it relevant because of openSUSE?

  describe package("rpm") do
    it { should_not be_installed }
  end

^ https://github.com/cloudfoundry/bosh-linux-stemcell-builder/blob/remove-centos-cleanup-jammy/bosh-stemcell/spec/os_image/ubuntu_spec.rb#L13-L15

aramprice
aramprice reviewed Jun 9, 2026
View reviewed changes
Comment thread bosh-stemcell/lib/shellout_types/service.rb
@neddp

neddp commented Jun 10, 2026

Copy link
Copy Markdown
Member Author

Hi @aramprice,

This is something I planned to bring up on the community meeting. If we confirm that SUSE is also not being used, we can do the cleanup separately.

I would like to go over the other repositories as well and do the same, especially the docs-bosh. Where is the correct place to open an issue to track the clean up?

@aramprice

aramprice commented Jun 10, 2026

Copy link
Copy Markdown
Member

Maybe an umbrella issue would be best in the community repo? I'm not certain though.

@aramprice aramprice merged commit 40a2bdd into ubuntu-jammy Jun 10, 2026
13 checks passed
@github-project-automation github-project-automation Bot moved this from Pending Merge | Prioritized to Done in Foundational Infrastructure Working Group Jun 10, 2026
@aramprice aramprice deleted the remove-centos-cleanup-jammy branch June 10, 2026 21:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aramprice aramprice aramprice approved these changes

Copilot code review Copilot Copilot left review comments

@coderabbitai coderabbitai[bot] coderabbitai[bot] approved these changes

Assignees

No one assigned

Labels

None yet

Projects

Foundational Infrastructure Working Group
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@neddp @aramprice