This is a continuation of the thread about redhat vs centos and the thought of moving from centos due to redhats new business model. Forgive the length, but I had to share.
I went ahead and downloaded the 5 year supported version of ubuntu server. You think centos/redhat is a bit tough or not polished? One day with ubuntu server and you will look at centos install and setup as a god!
Where do I begin?
1- you download the iso, burn a cd. But guess what? It is only a small boot setup (about 600mb). The install actually sets up your eth port and then SLOWLY downloads a base set of packages. Then when you are done with your drive set up, you get to pick a package. Then it downloads and installs, asking you a few questions as it does. Then it upgrades itself. About 40 minutes due to the downloads for me...
2- uses a really lame 1980 DOS version of a text installer. It does not and will not use a basic vid driver install which means your setting up of lvms and such during the install is really fun.
3- I don't know about having a server being forced to connect to the internet before you can even begin to secure it up. But the only way to really install it is to do that. Wait til you see the insecure firewall setup if gave me too..
4- I picked the virtual host package, as the machine will hold guest OS's (presumably ubuntu).
5- booted up fine.
6- uses upstart and init, mixed up a bit. Upstart, BY DESIGN AND ACCORDING TO DOCUMENTATION is new and still being built so they do not want to put any documentation out on it yet. This makes chkconfig and things like that useless. Hence, if you want to know what is running, set to run, etc, you need to dig in multiple folders and read the scripts. There is no other way. What a horror.
7- The install, of the virtual host, added libvirt. It did not however install things like virt-install or any other virt software. Infact, no guest installation tools were added, though things like virsh were installed. Sigh.
8- The firewall and network do not have the scripts folder. You have to build your own firewall file and add scripts to make it over ride the stock one via the eth you want to use it for....wtf?
9- here is the firewall, for a virtual host, that should not have anything but port 22 open as far as the initial install should (at least in my opinion).....Ubuntu starts with this.... (remember, ubuntu forces you to be online to install and this is how it protects your server)
I was not blocked on a single port going from my desktop to my server via my router. ALL PORTS were accessible. This is out of the box. Shell 22 was open from all my computers. Not listed in the firewall as open. You can see it is quite different than the centos stock and I think ubuntu is a 'run away' install.
There is no bridge set up in the network interface files either. There is no bridge set up. The firewall is looking at virbr0 but there is no such configuration I could find in the etc folder, anywhere. Very odd.
# Generated by iptables-save v1.4.4 on Mon Nov 7 23:35:47 2011 *nat :PREROUTING ACCEPT [84:12492] :POSTROUTING ACCEPT [9:626] :OUTPUT ACCEPT [9:626] -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE COMMIT # Completed on Mon Nov 7 23:35:47 2011 # Generated by iptables-save v1.4.4 on Mon Nov 7 23:35:47 2011 *filter :INPUT ACCEPT [3701:295955] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [793:1276008] -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT -A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT -A FORWARD -i virbr0 -o virbr0 -j ACCEPT -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable COMMIT # Completed on Mon Nov 7 23:35:47 2011
In closing, it is down to suse or back to centos and just pray redhat turns around. Maybe scientific linux. Ubuntu is not ready for prime time and a HUGE step backwards. It is not cutting edge and very insecure.
So maybe centos, even if a year or two behind, is way better than ubuntu will ever be.
I took a shot at paid support. You have to send them a contact mail. I did. After 3 days sent them another. 2 days later, no response from that one either.
down to suse or back to centos.
One good thing about ubuntu was the bug redhat has for the ati onboard video is not an issue making no errors on boot and no long hang time that centos was causing me.