Trellis on Red Hat Enterprise


I’m about to start a new Project using trellis. I have succesfully deployed a few client projects using trellis on DO and a few other servers. All of them were using Linux trusty or Xenial as recommended by roots.
Now, the sysadmins of my new client work only with Red Hat.

I believe it should work just as well but just in case, have anybody used Red Hat before? Any gotchas?

Thanks in advance!

So your going to definitely run into issues mainly because Ubuntu uses the APT package manager and RHEL / CentOS use the YUM package manager. So right off the rip every role / step that installs or updates packages is going to error out.

Package names are different on RHEL, also they are on an older kernel and a ton of the packages are going to be older to much older versions then on Xenial. Namely OpenSSL so if you are using SSL you most likely will not be getting the speed benefit of HTTP/2, now you can try compiling OpenSSL from source, or building NGINX yourself and compile it with the newest version of OpenSSL which should do the trick for most users and will get you HTTP/2 for Chrome users as well.

It’s going to take some work to port Trellis for RHEL, it can be done for sure.

I recommend finding out which RHEL version they are using first of all and then getting the corresponding CentOS version and start working with CentOS in a virtualbox environment locally. CentOS is an open source mirror of RHEL (same packages and everything) you just don’t get the support package, which is what your paying for with RHEL.

Also before you plan on compiling OpenSSL or anything from source on RHEL, or adding the EPEL repo (which will get you newer packages from Fedora) you need to ask their sysadmins if they will even allow it.


Hi @Rifi2k Many thanks for your answer!
I’m definitely not motivated enough to port Trellis to Red Hat :wink:
I’ll try to convince my client and his sysadmins to make an exception or delegate everything to some external cloud server.

Thanks again for the throughout response!

Ansible contains helpers to make easier to do this as well. There’s a generic package module instead of using apt like we do (if you want to change all these, we’d probably accept a PR for the changes).

As @RiFi2k mentioned though, some package names are different. Ansible let’s you use a conditional based on the “OS” family too. Example:


Thanks @swalkinshaw. Good to know there is a easier way if the sysadmins wont cooperate.

If I were you I would just position yourself as the authority on websites, since they odiously are not or else they would have just made it themselves already, haha. Just explain to them that although RHEL may be the golden standard as far as their infrastructure is concerned, when websites are concerned you need the use of up to date packages (not just old packages backported for security) so you can take advantage of the newest web technologies which actually in reality would keep their website safer than what they are proposing.

Also, why would you want your front facing website, which continually gets scanned, attacked, probed, and generally hung out to dry, anywhere near your secure network. If it were me I want people scanning my web URL to not get a public IP having any connection to my network I use internally.

Out of curiosity ever kick around the idea of supporting any other OS or having a port over branch / repo?

I would probably use CentOS or Debian Jessie personally if the whole OpenSSL HTTP/2 thing wasn’t so annoying.

Ah, if it could be that easy… I’m building a platform for the local government of a german city. The Sysadmin responsible for their network is not so cooperative and any decision have to bubble up and down a few times to happen…

1 Like

I’d welcome changes to make it more generic, but doubt we’d ever support another Linux OS. It’s already hard enough to test everything on a single OS as it is :frowning:


Let’s just go bleeding edge Fedora! I’m sure it will hardly ever break or anything…