/etc/centos-release messing up AWS SSM


The Rocky AMI that is in the AWS marketplace doesn’t come with an /etc/centos-release file.

But one gets installed during a yum upgrade from the rocky-release-8.4-34.el8.noarch package.

Once this file is in place, the AWS SSM agent gets confused by the presence of the /etc/centos-release file, because it is expecting that the contents of /etc/centos-release actually contains the string “CentOS”.

See amazon-ssm-agent/platform_unix.go at a65a94f46200d68b4c2ed9d4bf26c59dce0eba49 · aws/amazon-ssm-agent · GitHub

Admittedly, the logic in the SSM agent code is weak.

But on the other hand, if Rocky is to be bug-for-bug compatible, shouldn’t the /etc/centos-file mimick the contents of a real CentOS installation?

Hi, Rocky is bug-for-bug compatible with RHEL, not CentOS. If the AWS package is incorrect, then AWS need to fix it so that it will work with Rocky.

But that’s the question.

From my standpoint, both are wrong. The SSM logic is weak, and a centos-release file shouldn’t exist, as it’s not CentOS. It’s Rocky.

So by creating the /etc/centos-release file, Rocky IS attempting to be bug-for-bug compatible with CentOS, but fails since the contents aren’t the same.

Hello. Having a /etc/centos-release file (which is just a symlink to /etc/rocky-release) in my opinion isn’t the wrong thing to do. From a Release Engineering and development standpoint, it actually to help us with:

  • Be more compatible with vendor packages or otherwise that rely on the presence of that file (I personally think this is a mistake, vendors and otherwise should be looking for /etc/redhat-release at least and then at most /etc/someel-release file)
  • Helps with some builds without having to do our own patches in the distribution
  • Allows us to provide centos-release to enable our users to use CentOS SIG release packages now and in the future, while also allowing for easier migrations from CentOS to Rocky.

For more information about the above, see here or here.

As an aside, there is already an issue opened about this. I’ve asked my fellow team members to see if we can reach out to our AWS contacts to see about getting this addressed in the mean time.


Hello…Thank you for the explanation.

I understand what you are trying to do…Just not convinced it’s the correct way to go about it. I’m wondering what other software is expecting an /etc/centos-release file to actually contain ‘CentOS’ if the file exists? You know, unintended consequences, just trading one problem for another, etc, etc.

I am the one who opened the SSM issue on GitHub. I was annoyed at the typical “it’s not supported” cop-out. I also tried to open a case internally with AWS support and received the same response. I have escalated to our AWS technical team as well, so hopefully it will get resolved soon.

Maybe AWS marketing needs to send a memo to AWS engineering that AWS is a sponsor and they need to support Rocky Linux now with all their tools.