OS Baseline¶
HybridOps runs a deliberate, small OS matrix across on-prem, cloud, and control roles. Each OS is chosen for a specific layer; the selection avoids drift and keeps automation roles predictable.
Linked decisions: ADR-0017 – Operating System Baseline · ADR-0608 – Docker Engine Baseline
The baseline¶
| Layer | OS | Current images | Role |
|---|---|---|---|
| Infrastructure & automation | Rocky Linux 9 (→ 10) | 9.6, 10.0 | Proxmox VM templates, automation nodes, RKE2 workers |
| Control & CI | Ubuntu 24.04 LTS | 24.04.3 | ctrl-01, CI agents, observability stack |
| RHEL-compatible fallback | AlmaLinux 9 | : | Drop-in for vendor-managed or non-Proxmox deployments |
| Hybrid identity & Windows workloads | Windows Server 2022 / 2025 | Eval ISOs | Active Directory, DNS, Windows-only workload validation |
| Endpoint simulation | Windows 11 Enterprise | Eval ISO | MDM, Intune, BitLocker, hybrid-join testing |
Packer builds for all Linux images target Proxmox via VirtIO. Windows builds use SATA disk + WinRM. Cloud-init is the standard initialisation method for all Linux templates.
Docker Engine (CE, from official repos) is available on Ubuntu 22.04/24.04 and Rocky 9 control nodes: not distro packages, not legacy Compose. This is the only supported path; non-standard installs fail fast.
Why this matrix¶
Rocky Linux is the primary compute OS because it is binary-compatible with RHEL, carries a 10-year support lifecycle per major version, and has neutral community governance (RESF). The same Ansible roles and Packer templates that target Rocky 9 target Rocky 10 without rework. RKE2 runs on Rocky VMs rather than LXC because full VMs give predictable DR isolation and eliminate hypervisor-layer gotchas at failback.
Ubuntu sits in the control and toolchain layer because the HashiCorp stack, GitHub Actions runners, and container tooling all treat it as a first-class target. Ubuntu 22.04 remains in use for Docker Engine compatibility on build agents; 24.04 is the default for new control roles.
AlmaLinux is interchangeable with Rocky at runtime. It exists in the matrix to allow CloudLinux-backed enterprise contracts and vendor-managed deployments without forking automation.
Windows Server is required for hybrid identity (Active Directory, DNS/DHCP) and for scenarios that involve Windows-native workloads. Both 2022 and 2025 are in scope to cover LTSC-aligned deployments and forward compatibility with SMB over QUIC and enhanced container support.
Windows 11 covers endpoint simulation: modern enterprise clients, BitLocker, Intune, and hybrid domain join. Android emulation is optional for mobile-app validation.
Lifecycle summary¶
| OS | EOL |
|---|---|
| Rocky Linux 9 | 2032 |
| Rocky Linux 10 | ~2042 (estimated) |
| Ubuntu 24.04 LTS | 2029 (standard), 2034 (ESM) |
| AlmaLinux 9 | 2032 |
| Windows Server 2022 | 2031 |
| Windows Server 2025 | 2034 |