Hi Paul,

thank you for your effort, and also thanks a lot for the transparency!

Since the anchors are managed by the RIPE Atlas Team: can you tell us if virtual anchors have Open VM Tools (for ESXi) or QEMU Guest Agents (for KVM) installed by default, so that Hosts can shut down virtual anchors gracefully, in case of a maintenance?

If i remember correctly, the tools/agents were not installed by default, for the previous CentOS based virtual anchors.
Do we have to request manual installation by you again, after the upgrade to Oracle Linux 9?

Thanks,
Simon


On 02.09.24 16:40, Paul de Weerd wrote:
Dear colleagues,

As shared in June, we’re currently working on upgrading the RIPE Atlas
anchors to a newer operating system. We had aimed at having all live
anchors upgraded by 31 August 2024, but have run into some issues that
we want to tell you about.

As of 31 August, all anchors that are online and meet the criteria for
an upgrade, have been upgraded i.e. 478 anchors. However, we have been
unable to upgrade the remaining anchors due to the following reasons:

27 anchors operate on Soekris hardware that cannot be upgraded due to
a CPU limitation.
130 anchors are running on virtual machines with the same CPU
limitation. We will be able to update these anchors remotely once
their hosts update their configuration to match the current anchor
requirements.
Approximately 230 anchors have been offline for at least the duration
of the upgrade window. These anchors will eventually be decommissioned
if the hosts remain unresponsive.

—-----------
V2 Soekris Anchors
—-----------
Anchors using the v2 Soekris hardware cannot be upgraded as they do
not support the new operating system for anchors, Oracle Linux 9,
built for the x86_64-v2 microarchitecture.  More information about the
new RIPE Atlas anchor operating system is available here:
https://developers.redhat.com/blog/2021/01/05/building-red-hat-enterprise-linux-9-for-the-x86-64-v2-microarchitecture-level#

We have contacted all v2 Soekris anchor hosts to ask them to switch to
alternatives. If you are a v2 anchor host, please reach out to us so
that we can help you transition to a virtual machine anchor or to new
hardware. As the v2 anchors using Soekris are not able to run Oracle
Linux 9, we will decommission any remaining v2 anchors on 1 November
2024.

—-----------
VM Anchors
—-----------
These anchors cannot be remotely upgraded without changes to their
configuration. We therefore ask all anchor hosts running VMs to ensure
their VMs meet the current requirements, so we can proceed with
upgrading the anchors:
https://atlas.ripe.net/docs/howtos/installing-atlas-anchor.html#virtual-machine-cpu-requirements

We will be reaching out to hosts of anchors with specific issues
preventing the remote upgrade to unblock the process, or provide
installation images the hosts can use to complete the upgrade instead.
If we do not receive a reply, they will also be decommissioned from 1
November 2024.

Anchors that are unreachable or that have existing issues cannot be
upgraded by us remotely. If your anchor is offline and you would like
to continue hosting it, we ask that you get in touch with us to avoid
having your anchor decommissioned.

If you have any questions please get in touch with us at gii-requests@ripe.net.

Kind regards,

Paul de Weerd
RIPE NCC

On Thu, 27 Jun 2024 at 15:46, Paul de Weerd <pdeweerd@ripe.net> wrote:

Dear colleagues,

RIPE Atlas anchors are scheduled for an Operating System (OS) upgrade
soon since the current OS will reach its end-of-life on 30 June 2024
[1].

We are currently implementing and testing the necessary changes to
support a smooth transition to the new OS without service
interruption. Consequently, all live anchors will be upgraded by 31
August 2024.

During this period, anchors will run on an outdated OS for a couple of
months, but we do not anticipate any security issues here. For the few
outward-facing services or lower-level software (such as the kernel)
running on anchors, we will provide backports of necessary packages.
If needed, we will shut down affected services or the anchor until the
upgrade is complete.

Due to this upgrade process, we have now paused applications for new
anchors. New applications will resume from 15 July 2024 with anchors
that will be provisioned with the new OS.

If you have any questions please email gii-requests@ripe.net.

Kind regards,

Paul de Weerd
RIPE NCC

[1]  https://www.redhat.com/en/topics/linux/centos-linux-eol

-----
To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/ripe-atlas.ripe.net/
As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. 
More details at: https://www.ripe.net/membership/mail/mailman-3-migration/