#966 Public CentOS 7.x AMIs on AWS under Owner ID = 125523088429 (CPE) are no longer available...
Closed: Fixed with Explanation 17 days ago by arrfab. Opened 20 days ago by estedev.

Hi there,

it seems that in the (UTC) afternoon of the 10th of November 2022, the previously available CentOS 7.x AMIs have been suddenly pulled, across all regions. CentOS 8.x and CentOS Stream is still available under the owner (ID = 125523088429)...

Is this due to an error, or was it an intended change relating to CentOS 7 images on AWS?

We rely on the latest community provided AMIs for bringing up infrastructure, as you're the experts in keeping those updated. This sudden change was unexpected though - is there any particular mailing list or announcement about this, in case a notification about this went out?

Thanks in advance for your feedback!

CentOS.png


I'll have a look at that later but it's related to https://aws.amazon.com/about-aws/whats-new/2022/03/amazon-machine-images-public-visibility-two-years/

But you can still deploy the AMIs, and the links we provide under https://www.centos.org/download/aws-images/ are still working too.

We'll investigate though why AWS API even refuses to remove the limitation .
When following AWS doc, it's just answering "Failed to undeprecate the AMI ami-00f8e2c955f7ffa9b. API error: "DisableImageDeprecation failed. Disabling of deprecation on public images not allowed."

@davdunc ^ any idea ?

Thanks for the update, that's really useful! At least we can exclude it was an intentional thing by the CPE... On GCP all CentOS 7.x images were still available, so we did start to wonder what was going on.

FYI: I was able to deploy an instance using an AMI via https://www.centos.org/download/aws-images/ - but we're obviously unable to do so via infrastructure-as-code as we need AWS to return the latest AMI (ID) based upon a filter; which obviously doesn't work in the AWS console manually nor programmatically.
Ad interim we'll most likely end up creating a temp AMI of our own to expose until the CPE ones are visible again - that is in the hope AWS has an alternative to the failed DisableImageDeprecation call...

Have a great weekend!

Metadata Update from @arrfab:
- Issue assigned to arrfab

17 days ago

Metadata Update from @arrfab:
- Issue tagged with: centos-build-pipeline, centos-common-infra, high-gain, high-trouble

17 days ago

Hello,
Sorry I might ask the question again here, but what about this AMI below?
CentOS 7 (x86_64) - with Updates HVM
Is it an official one ? As it seems to be provided by AWS:
By: Amazon Web Services Latest Version: CentOS-7.2009-20220825.1

Thanks in advance!

For our purpose, we'd rather steer clear of the marketplace as it (historically at least) didn't allow for auto-subscribing when building anything programmatically. Also, I'd rather get the AMI from the CPE owner instead of AWS, but that is another discussion :-)

Given CentOS 7's EOL date, June 30, 2024, the disable-image-deprecation option julferts mentioned might sound interesting to un-deprecate the AMIs, but @arrfab gave that a go already on Friday ("Failed to undeprecate the AMI ami-00f8e2c955f7ffa9b. API error: "DisableImageDeprecation failed. Disabling of deprecation on public images not allowed."). Another alternative would be to get a brand new build out...

In the meantime we're using a manually repackaged CentOS 7.x AMI from the CPE (built using https://www.centos.org/download/aws-images/) as a temporary work-around.

status update : while still investigating with @davdunc about the deprecation thing, we built refreshed CentOS Linux 7 AMI images for both x86_64 and aarch64.
These were just tested and so are being (as I'm typing this) uploaded to 20 AWS regions (so they should appear soon everywhere).
I'll update wiki and website to reflect newer AMI IDs too

Thanks for the update @arrfab!

I've just spotted "CentOS Linux 7 x86_64 - 2211" in eu-west-1. Sorry for asking the question, but: any reason why this AMI deviates from the usual naming convention of, eg. "CentOS 7.9.2009 x86_64" ?

Thanks for the update @arrfab!

I've just spotted "CentOS Linux 7 x86_64 - 2211" in eu-west-1. Sorry for asking the question, but: any reason why this AMI deviates from the usual naming convention of, eg. "CentOS 7.9.2009 x86_64" ?

It's just that it was based on the new "convention" used for Stream : just a major release and arch but in that case it shows that it was build on November 2022 .. Nothing changes, it's just the visible name :)

Following git commit reflects the new CentOS Linux 7 AMI IDs per region (for x86_64 and aarch64 architectures)

Closing for now but I'll still try to get info from AWS through @davdunc about Deprecation on the 7.9.2009 GA images (still available, but not displayed)

Metadata Update from @arrfab:
- Issue close_status updated to: Fixed with Explanation
- Issue status updated to: Closed (was: Open)

17 days ago

Login to comment on this ticket.

Metadata
Boards 1
Attachments 1
Attached 20 days ago View Comment