On Nov 10, 2011, at 6:44 AM, Bob Hoffman wrote:
This is a continuation of the thread about redhat vs centos and the thought of moving from centos due to redhats new business model. Forgive the length, but I had to share.
I went ahead and downloaded the 5 year supported version of ubuntu server. You think centos/redhat is a bit tough or not polished? One day with ubuntu server and you will look at centos install and setup as a god!
Where do I begin?
1- you download the iso, burn a cd. But guess what? It is only a small boot setup (about 600mb). The install actually sets up your eth port and then SLOWLY downloads a base set of packages. Then when you are done with your drive set up, you get to pick a package. Then it downloads and installs, asking you a few questions as it does. Then it upgrades itself. About 40 minutes due to the downloads for me...
---- you can turn off networking or unplug the cable if you you only want a base install and don't want it to install the latest updates out of the box. ----
2- uses a really lame 1980 DOS version of a text installer. It does not and will not use a basic vid driver install which means your setting up of lvms and such during the install is really fun.
---- ubuntu server is basic (no x) - it's a small footprint install. Most people who do servers prefer this.
As for setting up LVM's and such... it's pretty much the same as any RH... just looks different ----
3- I don't know about having a server being forced to connect to the internet before you can even begin to secure it up. But the only way to really install it is to do that. Wait til you see the insecure firewall setup if gave me too.
---- again, you don't have to connect to the internet to install ----
4- I picked the virtual host package, as the machine will hold guest OS's (presumably ubuntu).
5- booted up fine.
6- uses upstart and init, mixed up a bit. Upstart, BY DESIGN AND ACCORDING TO DOCUMENTATION is new and still being built so they do not want to put any documentation out on it yet. This makes chkconfig and things like that useless. Hence, if you want to know what is running, set to run, etc, you need to dig in multiple folders and read the scripts. There is no other way. What a horror.
---- RHEL v6 (and CentOS 6) use upstart too... life has all sorts of curveballs ----
7- The install, of the virtual host, added libvirt. It did not however install things like virt-install or any other virt software. Infact, no guest installation tools were added, though things like virsh were installed. Sigh.
8- The firewall and network do not have the scripts folder. You have to build your own firewall file and add scripts to make it over ride the stock one via the eth you want to use it for....wtf?
---- all sorts of packages for firewall management.
apt-cache search firewall | wc -l 152
why be content with the minimal firewall tool when you actually can have a choice? ----
9- here is the firewall, for a virtual host, that should not have anything but port 22 open as far as the initial install should (at least in my opinion).....Ubuntu starts with this.... (remember, ubuntu forces you to be online to install and this is how it protects your server)
---- nothing like chaining lack of understanding to dramatize ----
I was not blocked on a single port going from my desktop to my server via my router. ALL PORTS were accessible. This is out of the box. Shell 22 was open from all my computers. Not listed in the firewall as open. You can see it is quite different than the centos stock and I think ubuntu is a 'run away' install.
---- sure - there's a difference but you're chaining again. ----
There is no bridge set up in the network interface files either. There is no bridge set up. The firewall is looking at virbr0 but there is no such configuration I could find in the etc folder, anywhere. Very odd.
# Generated by iptables-save v1.4.4 on Mon Nov 7 23:35:47 2011 *nat :PREROUTING ACCEPT [84:12492] :POSTROUTING ACCEPT [9:626] :OUTPUT ACCEPT [9:626] -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE COMMIT # Completed on Mon Nov 7 23:35:47 2011 # Generated by iptables-save v1.4.4 on Mon Nov 7 23:35:47 2011 *filter :INPUT ACCEPT [3701:295955] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [793:1276008] -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT -A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT -A FORWARD -i virbr0 -o virbr0 -j ACCEPT -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable COMMIT # Completed on Mon Nov 7 23:35:47 2011
In closing, it is down to suse or back to centos and just pray redhat turns around. Maybe scientific linux. Ubuntu is not ready for prime time and a HUGE step backwards. It is not cutting edge and very insecure.
So maybe centos, even if a year or two behind, is way better than ubuntu will ever be.
---- It's different - not better, not worse (save for the fact that with Ubuntu I have been able to get timely updates this year). Also, I much prefer their packaging of Apache & BIND9 to Red Hat's.
I personally love their minimal installation CD, from the text based install to the minimal package install, etc. and think that their minimal approach is vastly superior to Red Hat (and all downstream packagers) installer that is slow and bloated. I can typically get a vm spun up with Ubuntu in about 5 mins and it takes much longer to install a CentOS vm.
If your expectation was that you could take your limited knowledge base and apply it equally across all Linux distributions and expect it to behave as a Red Hat derived system, then all other distributions will disappoint you.
Seriously
Craig