This is a continuation of the thread about redhat vs centos and the thought of moving from centos due to redhats new business model. Forgive the length, but I had to share.
I went ahead and downloaded the 5 year supported version of ubuntu server. You think centos/redhat is a bit tough or not polished? One day with ubuntu server and you will look at centos install and setup as a god!
Where do I begin?
1- you download the iso, burn a cd. But guess what? It is only a small boot setup (about 600mb). The install actually sets up your eth port and then SLOWLY downloads a base set of packages. Then when you are done with your drive set up, you get to pick a package. Then it downloads and installs, asking you a few questions as it does. Then it upgrades itself. About 40 minutes due to the downloads for me...
2- uses a really lame 1980 DOS version of a text installer. It does not and will not use a basic vid driver install which means your setting up of lvms and such during the install is really fun.
3- I don't know about having a server being forced to connect to the internet before you can even begin to secure it up. But the only way to really install it is to do that. Wait til you see the insecure firewall setup if gave me too..
4- I picked the virtual host package, as the machine will hold guest OS's (presumably ubuntu).
5- booted up fine.
6- uses upstart and init, mixed up a bit. Upstart, BY DESIGN AND ACCORDING TO DOCUMENTATION is new and still being built so they do not want to put any documentation out on it yet. This makes chkconfig and things like that useless. Hence, if you want to know what is running, set to run, etc, you need to dig in multiple folders and read the scripts. There is no other way. What a horror.
7- The install, of the virtual host, added libvirt. It did not however install things like virt-install or any other virt software. Infact, no guest installation tools were added, though things like virsh were installed. Sigh.
8- The firewall and network do not have the scripts folder. You have to build your own firewall file and add scripts to make it over ride the stock one via the eth you want to use it for....wtf?
9- here is the firewall, for a virtual host, that should not have anything but port 22 open as far as the initial install should (at least in my opinion).....Ubuntu starts with this.... (remember, ubuntu forces you to be online to install and this is how it protects your server)
I was not blocked on a single port going from my desktop to my server via my router. ALL PORTS were accessible. This is out of the box. Shell 22 was open from all my computers. Not listed in the firewall as open. You can see it is quite different than the centos stock and I think ubuntu is a 'run away' install.
There is no bridge set up in the network interface files either. There is no bridge set up. The firewall is looking at virbr0 but there is no such configuration I could find in the etc folder, anywhere. Very odd.
# Generated by iptables-save v1.4.4 on Mon Nov 7 23:35:47 2011 *nat :PREROUTING ACCEPT [84:12492] :POSTROUTING ACCEPT [9:626] :OUTPUT ACCEPT [9:626] -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE COMMIT # Completed on Mon Nov 7 23:35:47 2011 # Generated by iptables-save v1.4.4 on Mon Nov 7 23:35:47 2011 *filter :INPUT ACCEPT [3701:295955] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [793:1276008] -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT -A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT -A FORWARD -i virbr0 -o virbr0 -j ACCEPT -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable COMMIT # Completed on Mon Nov 7 23:35:47 2011
In closing, it is down to suse or back to centos and just pray redhat turns around. Maybe scientific linux. Ubuntu is not ready for prime time and a HUGE step backwards. It is not cutting edge and very insecure.
So maybe centos, even if a year or two behind, is way better than ubuntu will ever be.
I took a shot at paid support. You have to send them a contact mail. I did. After 3 days sent them another. 2 days later, no response from that one either.
down to suse or back to centos.
One good thing about ubuntu was the bug redhat has for the ati onboard video is not an issue making no errors on boot and no long hang time that centos was causing me.
Bob Hoffman wrote:
This is a continuation of the thread about redhat vs centos and the thought of moving from centos due to redhats new business model. Forgive the length, but I had to share.
Thank you, very much, for the details (not that I was planning on going to ubuntu...)
Two things: <snip>
2- uses a really lame 1980 DOS version of a text installer. It does not and will not use a basic vid driver install which means your setting up of lvms and such during the install is really fun.
What's wrong with text mode? I certainly prefer it. Oh, and those menus came along 2-3 years later.... <g> <snip>
6- uses upstart and init, mixed up a bit. Upstart, BY DESIGN AND ACCORDING TO DOCUMENTATION is new and still being built so they do not want to put any documentation out on it yet. This makes chkconfig and things like that useless. Hence, if you want to know what is running, set to run, etc, you need to dig in multiple folders and read the scripts. There is no other way. What a horror.
Yes. Just like the grub ubuntu uses, that is a bloody script, and a .d directory *full* of files, rather than the clean, simple menu with RHEL/CentOS. <snip>
I don't want to have to read scripts to find out how to configure something, or make it do something. A README, at the very least, should have that (not "here's the license, go figure out everything else).
From what I've been reading on /., along with gnome 3 and "unity", that
wing of the F/OSS movement, presumably in an effort to go head-to-head with M$ and Apple, are going the same way they are: here's how you do it, don't try to do it any other way, and we'll make it *REALLY* hard to do it any other way.
mark
On Thu, Nov 10, 2011 at 09:18:43AM -0500, m.roth@5-cent.us wrote:
Bob Hoffman wrote:
This is a continuation of the thread about redhat vs centos and the thought of moving from centos due to redhats new business model. Forgive the length, but I had to share.
Thank you, very much, for the details (not that I was planning on going to ubuntu...)
I want to add my thanks as well--we have a few, non-firewalled, Ubuntu servers that we're working with--the people who do the stuff these servers do are more experienced with it, and we left it to them.
Two things:
<snip> > 2- uses a really lame 1980 DOS version of a text installer. It does not > and will not use a basic vid driver install > which means your setting up of lvms and such during the install is > really fun.
What's wrong with text mode? I certainly prefer it. Oh, and those menus came along 2-3 years later.... <g>
Yeah, all kidding aside, I think the whole crippling of the RH text installer was a step in the wrong direction. A text installer is smaller, faster, and doesn't suddenly, as has happened to me with various video card monitor combos, stop working or have the buttons off the screen and no way to reach them save to tab, enter, and hope you're on the right one.
<snip> > 6- uses upstart and init, mixed up a bit. Upstart, BY DESIGN AND > ACCORDING TO DOCUMENTATION is new and > still being built so they do not want to put any documentation out on it > yet. This makes chkconfig and things like > that useless. Hence, if you want to know what is running, set to run, > etc, you need to dig in multiple folders and > read the scripts. There is no other way. What a horror.
Well, Fedora is going to systemd, which seems more designed for desktop/laptop users, where speed of a boot seems to be the most important goal, so I suspect RH will get there too.
Yes. Just like the grub ubuntu uses, that is a bloody script, and a .d directory *full* of files, rather than the clean, simple menu with RHEL/CentOS.
<snip>
Enjoy it while you can. (Sorry, not being funny here, everyone is going to grub2 with its 200 plus files in the /boot/grub2 directory.)
I don't want to have to read scripts to find out how to configure something, or make it do something. A README, at the very least, should have that (not "here's the license, go figure out everything else).
Sorry, but this sounds like RH to me. I came to CentOS from the BSDs, where if there was a service running, you could type man <name> and get an idea of what it was doing. My first day on this job, I'd type man <some extra service that RH thought I should have> and no clue what it did only to find, eventually, that there was nothing but a document telling me it's free software in /usr/share/doc. (Granted, this is my memory speaking, and like an old flame one hasn't seen in many years, the difference between BSD and RH docs probably aren't as drastic as I remember, but shucks, complaining is FUN!).
From what I've been reading on /., along with gnome 3 and "unity", that
wing of the F/OSS movement, presumably in an effort to go head-to-head with M$ and Apple, are going the same way they are: here's how you do it, don't try to do it any other way, and we'll make it *REALLY* hard to do it any other way.
Yes, and I greatly fear that RH will follow Fedora along much of that path.
On Thu, 10 Nov 2011, Scott Robbins wrote:
Yeah, all kidding aside, I think the whole crippling of the RH text installer was a step in the wrong direction. A text installer is smaller, faster, and doesn't suddenly, as has happened to me with various video card monitor combos, stop working or have the buttons off the screen and no way to reach them save to tab, enter, and hope you're on the right one.
I don't entirely disagree, but it didn't make sense to maintain two code bases. Even with EL5 there were differences in what you could do in text vs graphical (can't remember the details but there was something missing RAID/LVM related). If you're doing a one off install either you've normally got functional network to another computer and so can use VNC, or you've got a usable graphics setup. It's not *that* often you've not got either. For non-one offs then you're installing with kickstart so it doesn't really matter.
Well, Fedora is going to systemd, which seems more designed for desktop/laptop users, where speed of a boot seems to be the most important goal, so I suspect RH will get there too.
upstart/systemd both should both offer more than we're used to. Having a service marked as 'should be on' such that it gets kicked back into life if it crashes isn't necessarily a bad thing.
jh
Vreme: 11/10/2011 04:30 PM, Scott Robbins piše:
Well, Fedora is going to systemd, which seems more designed for desktop/laptop users, where speed of a boot seems to be the most important goal, so I suspect RH will get there too.
systemd will be much much more once it is done.
From http://0pointer.de/blog/projects/systemd.html :
A central part of a system that starts up and maintains services should be process babysitting: it should watch services. Restart them if they shut down. If they crash it should collect information about them, and keep it around for the administrator, and cross-link that information with what is available from crash dump systems such as abrt, and in logging systems like syslog or the audit system.
--------------------------------------------------------------------
Status
All the features listed above are already implemented. Right now systemd can already be used as a drop-in replacement for Upstart and sysvinit (at least as long as there aren't too many native upstart services yet. Thankfully most distributions don't carry too many native Upstart services yet.)
However, testing has been minimal, our version number is currently at an impressive 0. Expect breakage if you run this in its current state. That said, overall it should be quite stable and some of us already boot their normal development systems with systemd (in contrast to VMs only). YMMV, especially if you try this on distributions we developers don't use.
---------------------------------------------------------------------
So it is not only booting, but also unifying and better controlling entire environment.
I just want to say that this is the stupidest conversation I have ever had heard - Screw this I am going back to FreeBSD.
Benjamin Warriner Technology Specialist Region 7 Education Service Center 1909 North Longview Street Kilgore, Texas 75662 Phone: (903) 988-6949 Fax: (903) 988-6965
"Region 7 Education Service Center is committed to student success by providing quality programs and services that meet or exceed our customers' expectations."
CONFIDENTIALITY NOTICE: This email & attached documents may contain confidential information. All information is intended only for the use of the named recipient. If you are not the named recipient, you are not authorized to read, disclose, copy, distribute or take any action in reliance on the information and any action other than immediate delivery to the named recipient is strictly prohibited. If you have received this email in error, do not read the information and please immediately notify sender by telephone to arrange for a return of the original documents. If you are the named recipient you are not authorized to reveal any of this information to any other unauthorized person. If you did not receive all pages listed or if pages are not legible, please immediately notify sender by phone.
[ESC7]http://www.esc7.net/
Please Think Before You Print.
On Thu, Nov 10, 2011 at 8:22 AM, Warriner, Benjamin bwarriner@esc7.net wrote:
I just want to say that this is the stupidest conversation I have ever had heard - Screw this I am going back to FreeBSD.
Thank you, yuou made my Friday
On 2011-11-10 17:07, Ljubomir Ljubojevic wrote:
Vreme: 11/10/2011 04:30 PM, Scott Robbins piše:
Well, Fedora is going to systemd, which seems more designed for desktop/laptop users, where speed of a boot seems to be the most important goal, so I suspect RH will get there too.
systemd will be much much more once it is done.
From http://0pointer.de/blog/projects/systemd.html :
A central part of a system that starts up and maintains services should be process babysitting: it should watch services. Restart them if they shut down. If they crash it should collect information about them, and keep it around for the administrator, and cross-link that information with what is available from crash dump systems such as abrt, and in logging systems like syslog or the audit system.
Compare systemd to Solaris Service Management Facility. Solaris SMF is a very nice and useful part of Solaris. A lot of similarities between systemd and SMF. Solaris is mainly a server OS.
On Friday, November 11, 2011 12:37 AM, Thomas Johansson wrote:
Compare systemd to Solaris Service Management Facility. Solaris SMF is a very nice and useful part of Solaris. A lot of similarities between systemd and SMF. Solaris is mainly a server OS.
Why can't people just use daemontools?
It's been available before these I believe :-D
----- Original Message ----- | Bob Hoffman wrote: <snip>
| Yes. Just like the grub ubuntu uses, that is a bloody script, and a .d | directory *full* of files, rather than the clean, simple menu with | RHEL/CentOS. | <snip> | | I don't want to have to read scripts to find out how to configure | something, or make it do something. A README, at the very least, | should | have that (not "here's the license, go figure out everything else).
Fedora 16 moved to GRUB 2 as well. It will be in RHEL/CentOS in the next release. Get used to it. ;)
</snip>
James A. Peltier wrote:
Fedora 16 moved to GRUB 2 as well. It will be in RHEL/CentOS in the next release. Get used to it. ;)
Grub2 really seems extraordinarily verbose. One can't help wondering if the simplicity of the old grub offended the developers. Simplicity does not seem to be highly valued nowadays.
On 11/10/2011 07:05 PM, Timothy Murphy wrote:
James A. Peltier wrote:
Fedora 16 moved to GRUB 2 as well. It will be in RHEL/CentOS in the next release. Get used to it. ;)
Grub2 really seems extraordinarily verbose. One can't help wondering if the simplicity of the old grub offended the developers. Simplicity does not seem to be highly valued nowadays.
+10
On Fri, 2011-11-11 at 01:05 +0100, Timothy Murphy wrote:
James A. Peltier wrote:
Fedora 16 moved to GRUB 2 as well. It will be in RHEL/CentOS in the next release. Get used to it. ;)
Grub2 really seems extraordinarily verbose. One can't help wondering if the simplicity of the old grub offended the developers. Simplicity does not seem to be highly valued nowadays.
---- grub2 has more utility (ie can boot of the newer fs types like ext4) and thus was inevitable.
Craig
On Friday 11 November 2011 07:44, John Hodrien wrote:
grub in EL6 can boot of ext4, and that's grub-0.97-68.el6.x86_64.
Grub (version 1) from CentOS 6 has apparently been patched to be able to handle ext4. There's no doubt that Grub 1 by itself can't boot an ext4 file system.
There's a little more information in my How-To in progress at: http://wiki.centos.org/YvesBellefeuille/Grub_Installation
On Saturday 12 November 2011 22:47:28 Yves Bellefeuille wrote:
On Friday 11 November 2011 07:44, John Hodrien wrote:
grub in EL6 can boot of ext4, and that's grub-0.97-68.el6.x86_64.
Grub (version 1) from CentOS 6 has apparently been patched to be able to handle ext4. There's no doubt that Grub 1 by itself can't boot an ext4 file system.
Patched or not, Grub 1 has been successfully booting my F14 machine from an ext4 partition for a full year now, since I first installed F14.
Ability to boot from ext4 is certainly *not* the reason for moving to Grub 2, one way or the other.
HTH, :-) Marko
Am 11.11.2011 13:38, schrieb Craig White:
On Fri, 2011-11-11 at 01:05 +0100, Timothy Murphy wrote:
James A. Peltier wrote:
Fedora 16 moved to GRUB 2 as well. It will be in RHEL/CentOS in the next release. Get used to it. ;)
Grub2 really seems extraordinarily verbose. One can't help wondering if the simplicity of the old grub offended the developers. Simplicity does not seem to be highly valued nowadays.
grub2 has more utility (ie can boot of the newer fs types like ext4) and thus was inevitable.
so tell me why i do not need GRUB2 for this more than a year?
2.6.40.8-4.fc15.x86_64 #1 SMP Tue Nov 1 18:17:12 UTC 2011
/dev/md1 ext4 29G 8,0G 21G 28% / /dev/md0 ext4 485M 52M 429M 11% /boot /dev/md2 ext4 3,6T 602G 3,0T 17% /mnt/data
On Fri, 11 Nov 2011, Reindl Harald wrote:
so tell me why i do not need GRUB2 for this more than a year?
2.6.40.8-4.fc15.x86_64 #1 SMP Tue Nov 1 18:17:12 UTC 2011
/dev/md1 ext4 29G 8,0G 21G 28% / /dev/md0 ext4 485M 52M 429M 11% /boot /dev/md2 ext4 3,6T 602G 3,0T 17% /mnt/data
Presumably because ext4 is backwards compatible to ext3 grub didn't even notice the change...
Ubuntu's pages list a number of improvements. I guess I'm not overly bothered about themes and the like, but maybe it does *something* I want. I remember the resistence to GRUB when we were all using LILO.
GRUB 2's major improvements over the original GRUB include:
Scripting support including conditional statements and functions Dynamic module loading Rescue mode Custom Menus Themes Graphical boot menu support and improved splash capability Boot LiveCD ISO images directly from hard drive New configuration file structure Non-x86 platform support (such as PowerPC) Universal support for UUIDs (not just Ubuntu)
jh
Am 11.11.2011 14:01, schrieb John Hodrien:
On Fri, 11 Nov 2011, Reindl Harald wrote:
so tell me why i do not need GRUB2 for this more than a year?
2.6.40.8-4.fc15.x86_64 #1 SMP Tue Nov 1 18:17:12 UTC 2011
/dev/md1 ext4 29G 8,0G 21G 28% / /dev/md0 ext4 485M 52M 429M 11% /boot /dev/md2 ext4 3,6T 602G 3,0T 17% /mnt/data
Presumably because ext4 is backwards compatible to ext3 grub didn't even notice the change...
IT IS NOT BACKWARD-COMPATIBLE try to mount native ext4 (extent) with ext3-driver and you will see it
native ext4 is default for /boot since a long time https://bugzilla.redhat.com/show_bug.cgi?id=486284
tune2fs 1.41.14 (22-Dec-2010) Filesystem volume name: boot Last mounted on: /boot Filesystem UUID: 1de836e4-e97c-43ee-b65c-400b0c29d3aa Filesystem magic number: 0xEF53 Filesystem revision #: 1 (dynamic) Filesystem features: has_journal ext_attr resize_inode dir_index filetype needs_recovery extent flex_bg sparse_super huge_file uninit_bg dir_nlink extra_isize Filesystem flags: signed_directory_hash Default mount options: user_xattr acl Filesystem state: clean Errors behavior: Continue Filesystem OS type: Linux Inode count: 128016 Block count: 511988 Reserved block count: 4096 Free blocks: 443096 Free inodes: 127933 First block: 1 Block size: 1024 Fragment size: 1024 Reserved GDT blocks: 256 Blocks per group: 8192 Fragments per group: 8192 Inodes per group: 2032 Inode blocks per group: 254 Flex block group size: 16 Filesystem created: Wed Jun 8 13:10:48 2011 Last mount time: Fri Nov 11 13:34:40 2011 Last write time: Fri Nov 11 13:34:40 2011 Mount count: 20 Maximum mount count: -1 Last checked: Tue Oct 25 18:28:00 2011 Check interval: 2592000 (1 month) Next check after: Thu Nov 24 17:28:00 2011 Lifetime writes: 2167 MB Reserved blocks uid: 0 (user root) Reserved blocks gid: 0 (group root) First inode: 11 Inode size: 128 Journal inode: 8 Default directory hash: half_md4 Directory Hash Seed: 7c5447a5-c4ae-483f-ac58-786ad0ecd86c Journal backup: inode blocks
Craig White wrote:
On Fri, 2011-11-11 at 01:05 +0100, Timothy Murphy wrote:
James A. Peltier wrote:
Fedora 16 moved to GRUB 2 as well. It will be in RHEL/CentOS in the
next
release. Get used to it. ;)
Grub2 really seems extraordinarily verbose. One can't help wondering if the simplicity of the old grub offended the developers. Simplicity does not seem to be highly valued nowadays.
grub2 has more utility (ie can boot of the newer fs types like ext4) and thus was inevitable.
It that's what they have on my Ubuntu netbook remix on my netbook, it is ludicrously complex, and there's no reason that one more parm wouldn't work in normal grub.
mark, "yeah, Grand Unified Boot Loader...."
Vreme: 11/10/2011 02:44 PM, Bob Hoffman piše:
In closing, it is down to suse or back to centos and just pray redhat turns around. Maybe scientific linux. Ubuntu is not ready for prime time and a HUGE step backwards. It is not cutting edge and very insecure.
So maybe centos, even if a year or two behind, is way better than ubuntu will ever be.
Since 6.1 is close now, I do not expect delays longer then 6 months, and since CR repo exists most of the stuff will come to us much quicker.
ElRepo's Mainline kernel (2.6.39-4.rc6.1.el6.elrepo) was completed yesterday, and should pose no problems with CentOS distro. That can, if no other option exists help you with kernel/video problems.
Ljubomir Ljubojevic wrote --------------------------------
Vreme: 11/10/2011 02:44 PM, Bob Hoffman pis(e:
/ In closing, it is down to suse or back to centos and just pray redhat
/>/ turns around. Maybe scientific linux. />/ Ubuntu is not ready for prime time and a HUGE step backwards. It is not />/ cutting edge and very insecure. />/ />/ So maybe centos, even if a year or two behind, is way better than ubuntu />/ will ever be. / Since 6.1 is close now, I do not expect delays longer then 6 months, and since CR repo exists most of the stuff will come to us much quicker.
ElRepo's Mainline kernel (2.6.39-4.rc6.1.el6.elrepo) was completed yesterday, and should pose no problems with CentOS distro. That can, if no other option exists help you with kernel/video problems.
--------------------------------
My only real concern was where red hat was going with this clone war (just a yoda line :) ) I decided to try out some non red hat versions. I really was excited about ubu and getting somewhat newer packages of things and trying them out. Turns out my experience is very disappointing with ubu. It makes centos look light years ahead of them in all ways. One just wishes redhat had a realistic upgrade of some packages (like php) during the life.
Where is this CR repo listed at? I did not see it on centos.org.
I may just go with it.
Vreme: 11/10/2011 03:36 PM, Bob Hoffman piše:
Ljubomir Ljubojevic wrote
My only real concern was where red hat was going with this clone war (just a yoda line :) ) I decided to try out some non red hat versions. I really was excited about ubu and getting somewhat newer packages of things and trying them out. Turns out my experience is very disappointing with ubu. It makes centos look light years ahead of them in all ways. One just wishes redhat had a realistic upgrade of some packages (like php) during the life.
Remi's repository has those, but is 3rd party repo. http://rpms.famillecollet.com/
Where is this CR repo listed at? I did not see it on centos.org.
I may just go with it.
http://wiki.centos.org/AdditionalResources/Repositories/CR
On Nov 10, 2011, at 6:44 AM, Bob Hoffman wrote:
This is a continuation of the thread about redhat vs centos and the thought of moving from centos due to redhats new business model. Forgive the length, but I had to share.
I went ahead and downloaded the 5 year supported version of ubuntu server. You think centos/redhat is a bit tough or not polished? One day with ubuntu server and you will look at centos install and setup as a god!
Where do I begin?
1- you download the iso, burn a cd. But guess what? It is only a small boot setup (about 600mb). The install actually sets up your eth port and then SLOWLY downloads a base set of packages. Then when you are done with your drive set up, you get to pick a package. Then it downloads and installs, asking you a few questions as it does. Then it upgrades itself. About 40 minutes due to the downloads for me...
---- you can turn off networking or unplug the cable if you you only want a base install and don't want it to install the latest updates out of the box. ----
2- uses a really lame 1980 DOS version of a text installer. It does not and will not use a basic vid driver install which means your setting up of lvms and such during the install is really fun.
---- ubuntu server is basic (no x) - it's a small footprint install. Most people who do servers prefer this.
As for setting up LVM's and such... it's pretty much the same as any RH... just looks different ----
3- I don't know about having a server being forced to connect to the internet before you can even begin to secure it up. But the only way to really install it is to do that. Wait til you see the insecure firewall setup if gave me too.
---- again, you don't have to connect to the internet to install ----
4- I picked the virtual host package, as the machine will hold guest OS's (presumably ubuntu).
5- booted up fine.
6- uses upstart and init, mixed up a bit. Upstart, BY DESIGN AND ACCORDING TO DOCUMENTATION is new and still being built so they do not want to put any documentation out on it yet. This makes chkconfig and things like that useless. Hence, if you want to know what is running, set to run, etc, you need to dig in multiple folders and read the scripts. There is no other way. What a horror.
---- RHEL v6 (and CentOS 6) use upstart too... life has all sorts of curveballs ----
7- The install, of the virtual host, added libvirt. It did not however install things like virt-install or any other virt software. Infact, no guest installation tools were added, though things like virsh were installed. Sigh.
8- The firewall and network do not have the scripts folder. You have to build your own firewall file and add scripts to make it over ride the stock one via the eth you want to use it for....wtf?
---- all sorts of packages for firewall management.
apt-cache search firewall | wc -l 152
why be content with the minimal firewall tool when you actually can have a choice? ----
9- here is the firewall, for a virtual host, that should not have anything but port 22 open as far as the initial install should (at least in my opinion).....Ubuntu starts with this.... (remember, ubuntu forces you to be online to install and this is how it protects your server)
---- nothing like chaining lack of understanding to dramatize ----
I was not blocked on a single port going from my desktop to my server via my router. ALL PORTS were accessible. This is out of the box. Shell 22 was open from all my computers. Not listed in the firewall as open. You can see it is quite different than the centos stock and I think ubuntu is a 'run away' install.
---- sure - there's a difference but you're chaining again. ----
There is no bridge set up in the network interface files either. There is no bridge set up. The firewall is looking at virbr0 but there is no such configuration I could find in the etc folder, anywhere. Very odd.
# Generated by iptables-save v1.4.4 on Mon Nov 7 23:35:47 2011 *nat :PREROUTING ACCEPT [84:12492] :POSTROUTING ACCEPT [9:626] :OUTPUT ACCEPT [9:626] -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE COMMIT # Completed on Mon Nov 7 23:35:47 2011 # Generated by iptables-save v1.4.4 on Mon Nov 7 23:35:47 2011 *filter :INPUT ACCEPT [3701:295955] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [793:1276008] -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT -A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT -A FORWARD -i virbr0 -o virbr0 -j ACCEPT -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable COMMIT # Completed on Mon Nov 7 23:35:47 2011
In closing, it is down to suse or back to centos and just pray redhat turns around. Maybe scientific linux. Ubuntu is not ready for prime time and a HUGE step backwards. It is not cutting edge and very insecure.
So maybe centos, even if a year or two behind, is way better than ubuntu will ever be.
---- It's different - not better, not worse (save for the fact that with Ubuntu I have been able to get timely updates this year). Also, I much prefer their packaging of Apache & BIND9 to Red Hat's.
I personally love their minimal installation CD, from the text based install to the minimal package install, etc. and think that their minimal approach is vastly superior to Red Hat (and all downstream packagers) installer that is slow and bloated. I can typically get a vm spun up with Ubuntu in about 5 mins and it takes much longer to install a CentOS vm.
If your expectation was that you could take your limited knowledge base and apply it equally across all Linux distributions and expect it to behave as a Red Hat derived system, then all other distributions will disappoint you.
Seriously
Craig
On Thu, 10 Nov 2011, Craig White wrote:
I personally love their minimal installation CD, from the text based install to the minimal package install, etc. and think that their minimal approach is vastly superior to Red Hat (and all downstream packagers) installer that is slow and bloated. I can typically get a vm spun up with Ubuntu in about 5 mins and it takes much longer to install a CentOS vm.
I'd argue that's not entirely true. I've been doing some testing with Spacewalk and CentOS 6 VMs on VMWare so did quite a lot of installs. 5 minutes was pretty much bang on how long it was taking to do a boot/partition/install/register to spacewalk with a fairly minimal server setup across a gigabit network.
jh
On Thursday, November 10, 2011 10:33:38 AM Craig White wrote:
[Ubuntu is] different - not better, not worse (save for the fact that with Ubuntu I have been able to get timely updates this year). Also, I much prefer their packaging of Apache & BIND9 to Red Hat's.
[snip]
If your expectation was that you could take your limited knowledge base and apply it equally across all Linux distributions and expect it to behave as a Red Hat derived system, then all other distributions will disappoint you.
While this is not the CentOS-advocacy list, I do want to mention that if the tradeoff is between a secure (from a firewall and mandatory access control (MAC) standpoint) system and a system with more timely updates, I think I'd rather have the system that is more secure out of the box on the firewall side, SElinux (the upstream-preferred MAC solution) notwithstanding.
Too much choice can be worse than sane defaults; and I say this after doing many installs of the following distributions of Linux, and some non-Linux *nix: SLS (go look it up) Red Hat Linux (pre-Enterprise) and derivatives, including Fedora, CentOS, SL, etc. SuSE Caldera OpenServer TurboLinux Gentoo Stage 1 (on Alpha, no less) Debian (multiple toys^H^H^H^Hversions (codename pun), multiple architectures) Ubuntu/Kubuntu of multiple versions, desktop and server, multiple architectures And some minor specialized distributions, including the free and the commercial versions of Smoothwall. OpenBSD, multiple architectures IRIX (6.5.x, Indigo2, O2, and Octane) Apollo DomainOS 10 Solaris 9 and 10 Tandy Xenix, both V7 based and System III, from 8 inch floppies on a Tandy 6000 AT&T/Convergent Unix System V Release 2 on 3B1 4.3BSD on a DEC PDP 11/23 (70MB MFM disk.....)
Of the PC things, SLS was probably the most fun to do, but that's primarily because that was so long ago and even Windows 95 was available on floppies.... and it was just so cool to run a *nix on the 386SX box.... the coolness factor has definitely worn off.
So I'm in somewhat of a position to comment on what I want and don't want from an install, be it text or GUI. Regardless of ease of install, I very much want/desire/need something that once the initial no-internet-connection install is complete the box comes up with things pretty well locked down by default. CentOS/SL/upstream EL does this, by default, and that is good, updates or no updates. Updates are no more of a panacea than firewalls are.
If you doubt the speed at which a non-locked-down system can be exploited, take a 1990s vintage copy of, say, RHL 6.2, go ahead and pre-download the last set of updates for that distribution, do the install on a public IP with no firewall appliance in front of you, and see if you can get the updates installed before you're pwned.
This is the world we live in, especially with advanced persistent threats gaining internal network access; firewalling, even on the inside, is no longer optional for a server install. The firewall of course is but one layer in the security of the system; MAC helps immensely, as do proactive NAC/IDS/IPS setups. As the theme song of the USA television series 'Monk' says, it's a jungle out there....
On Nov 10, 2011, at 9:59 AM, Lamar Owen wrote:
On Thursday, November 10, 2011 10:33:38 AM Craig White wrote:
[Ubuntu is] different - not better, not worse (save for the fact that with Ubuntu I have been able to get timely updates this year). Also, I much prefer their packaging of Apache & BIND9 to Red Hat's.
[snip]
If your expectation was that you could take your limited knowledge base and apply it equally across all Linux distributions and expect it to behave as a Red Hat derived system, then all other distributions will disappoint you.
While this is not the CentOS-advocacy list, I do want to mention that if the tradeoff is between a secure (from a firewall and mandatory access control (MAC) standpoint) system and a system with more timely updates, I think I'd rather have the system that is more secure out of the box on the firewall side, SElinux (the upstream-preferred MAC solution) notwithstanding.
---- I would generally agree with this (brevity is not your strongest trait)
Craig
On Thursday, November 10, 2011 12:16:18 PM Craig White wrote:
I would generally agree with this (brevity is not your strongest trait)
That would be correct. As Mark Twain once said, "I didn't have time to write a short letter, so I wrote a long one instead." And I type (and read) relatively quickly....
But on-topic, hopefully, I would say that there are more similarities between CentOS and Debian Stable than between Ubuntu LTS and CentOS, primarily due to the way security and version upgrades are handled in terms of process, but that's my opinion because my use cases are better served by the CentOS way of doing things, at least for now.
And I would add Scientific Linux to the comparison mix partially due to the difference from CentOS in the way SL handles security-only updates even for older point releases. To see a very clear example of SL's way of doing it, please look at the timestamps of the packages in: ftp://ftp.scientificlinux.org/linux/scientific/50/x86_64/updates/security/ which is the security updates directory for SL 5.0. Yes, .0, not .7.
There is no perfect Linux distribution, and there never can be, since there are so many differences in the ways users want to use their systems.
Lamar Owen wrote ----------------------------
If you doubt the speed at which a non-locked-down system can be exploited, take a 1990s vintage copy of , say, RHL 6.2, go ahead and pre-download the last set of updates for that distribution, do the install on a public IP with no firewall appliance in front of you, and see if you can get the updates installed before you're pwned.
------------------------------ Completely agree. I noticed upon a new datacenter install with new ips a large number of very strange traffic hits my firewall logs are full of it. I feel, and I could be wrong, that scripts run that just check ips that usually never answer. Then one day the ip answers. The script knows it is probably a new install and they send it all at once.
Ubu and centos, different animals. However, the ubu server is touted as an enterprise ready system with commercial support. I found the initial install lacking in that regards and the commercial support sales never answered my mails. I think ubu is all about the desktop and really getting into the cloud. But for a standalone webserver the initial setup is not ready for prime time.
I think a company with some good techs can build a nice system that can then be passed along to their servers. However, for the small operator I would take a pass on ubu at this time.
The newer stuff is cool, but it lacks the polish of a ready to go system. Centos has the polish, but lacks the new stuff. sigh.
On Thursday, November 10, 2011 02:20:25 PM Bob Hoffman wrote:
The newer stuff is cool, but it lacks the polish of a ready to go system. Centos has the polish, but lacks the new stuff. sigh.
And right there is the core (or maybe it's 'sore') point to all of this; it really depends on what you need and how much work you have to do to make it fit your needs. And then keeping up with your needs, as they inevitably change.
CentOS is what it is: as close as possible to upstream EL without being upstream EL. Nothing more, nothing less, and bug-for-bug compatible. If that's not what you need, then CentOS won't meet your need.
On Thu, Nov 10, 2011 at 1:30 PM, Lamar Owen lowen@pari.edu wrote:
CentOS is what it is: as close as possible to upstream EL without being upstream EL. Nothing more, nothing less, and bug-for-bug compatible. If that's not what you need, then CentOS won't meet your need.
Yes, but that 'possible' part is the problem. How much reason do you have to think that it will continue to be possible to be anywhere close to upstream?
On Thu, 2011-11-10 at 14:30 -0500, Lamar Owen wrote:
On Thursday, November 10, 2011 02:20:25 PM Bob Hoffman wrote:
The newer stuff is cool, but it lacks the polish of a ready to go system. Centos has the polish, but lacks the new stuff. sigh.
And right there is the core (or maybe it's 'sore') point to all of this; it really depends on what you need and how much work you have to do to make it fit your needs. And then keeping up with your needs, as they inevitably change.
CentOS is what it is: as close as possible to upstream EL without being upstream EL. Nothing more, nothing less, and bug-for-bug compatible. If that's not what you need, then CentOS won't meet your need.
---- close?
May 19, 2011 (RH 6.1)
I thought the term 'close' only applied to horseshoes and hand grenades.
Given the track record for CentOS for v 6, it's pretty clear that installing it means that you are likely to have deployed servers that will lag for months without security updates and it's awful easy to set up iptables ;-) I'm not saying this to disparage the developers because I'm sure that they're doing the best that they can but I can't tell my friends/clients/employer/etc. that I can recommend using CentOS knowing the struggles they are having getting out releases & updates.
Craig
When all of you mean to stop wasting our time bickering among yourself?
If there was ANY chance ANY of you would change it's mind then I would be willing to endure senseless flame war. Since that is not likely to happen in next 100 years, I ask you nicely to finish this thread with "we agree to disagree" policy.
Thank you.
On 11/10/2011 07:40 PM, Craig White wrote:
On Thu, 2011-11-10 at 14:30 -0500, Lamar Owen wrote:
On Thursday, November 10, 2011 02:20:25 PM Bob Hoffman wrote:
The newer stuff is cool, but it lacks the polish of a ready to go system. Centos has the polish, but lacks the new stuff. sigh.
And right there is the core (or maybe it's 'sore') point to all of this; it really depends on what you need and how much work you have to do to make it fit your needs. And then keeping up with your needs, as they inevitably change.
CentOS is what it is: as close as possible to upstream EL without being upstream EL. Nothing more, nothing less, and bug-for-bug compatible. If that's not what you need, then CentOS won't meet your need.
close?
May 19, 2011 (RH 6.1)
I thought the term 'close' only applied to horseshoes and hand grenades.
Given the track record for CentOS for v 6, it's pretty clear that installing it means that you are likely to have deployed servers that will lag for months without security updates and it's awful easy to set up iptables ;-) I'm not saying this to disparage the developers because I'm sure that they're doing the best that they can but I can't tell my friends/clients/employer/etc. that I can recommend using CentOS knowing the struggles they are having getting out releases & updates.
This is just no longer true Craig ... you obviously have not been looking at or using the CR for CentOS-6.
We have also now totally automated many parts of the QA system to test packages.
http://wiki.centos.org/QaWiki/AutomatedTests/WritingTests/t_functional
Also, I would like an audit of your servers that you manage to see how often you install those security updates that ARE available. How fast are you pushing all the updates that you are getting SO QUICKLY with these other OS's?
I can only tell you that we are cranking out packages at a very quick pace now, and that they are also now being tested much better and much faster than before.
We are also asking for "the community" to help us be designing tests that can be used in t_functional ... have YOU designed any tests to ensure that a problem that you have had in the past does not sneak in anymore and put it in t_functional ... or are you just here to continually complain and run down our OS?
On Fri, 2011-11-11 at 04:20 -0600, Johnny Hughes wrote:
On 11/10/2011 07:40 PM, Craig White wrote:
On Thu, 2011-11-10 at 14:30 -0500, Lamar Owen wrote:
On Thursday, November 10, 2011 02:20:25 PM Bob Hoffman wrote:
The newer stuff is cool, but it lacks the polish of a ready to go system. Centos has the polish, but lacks the new stuff. sigh.
And right there is the core (or maybe it's 'sore') point to all of this; it really depends on what you need and how much work you have to do to make it fit your needs. And then keeping up with your needs, as they inevitably change.
CentOS is what it is: as close as possible to upstream EL without being upstream EL. Nothing more, nothing less, and bug-for-bug compatible. If that's not what you need, then CentOS won't meet your need.
close?
May 19, 2011 (RH 6.1)
I thought the term 'close' only applied to horseshoes and hand grenades.
Given the track record for CentOS for v 6, it's pretty clear that installing it means that you are likely to have deployed servers that will lag for months without security updates and it's awful easy to set up iptables ;-) I'm not saying this to disparage the developers because I'm sure that they're doing the best that they can but I can't tell my friends/clients/employer/etc. that I can recommend using CentOS knowing the struggles they are having getting out releases & updates.
This is just no longer true Craig ... you obviously have not been looking at or using the CR for CentOS-6.
---- correct, not from lack of desire though.
I was dying to try out FreeIPA but the target is continually moving. Even at the point where I can install 6.1 FreeIPA is whole on 6.2 ----
We have also now totally automated many parts of the QA system to test packages.
http://wiki.centos.org/QaWiki/AutomatedTests/WritingTests/t_functional
Also, I would like an audit of your servers that you manage to see how often you install those security updates that ARE available. How fast are you pushing all the updates that you are getting SO QUICKLY with these other OS's?
---- I'm not sure why you decided to go here when Russ made it so clear that this was off-topic so I will defer an answer ----
I can only tell you that we are cranking out packages at a very quick pace now, and that they are also now being tested much better and much faster than before.
We are also asking for "the community" to help us be designing tests that can be used in t_functional ... have YOU designed any tests to ensure that a problem that you have had in the past does not sneak in anymore and put it in t_functional ... or are you just here to continually complain and run down our OS?
---- If that's how you see it - then so be it. I would suppose it would be unnecessary to re-quote your own thoughts on timeliness of security updates on another list but certainly relevant. I don't see myself 'running down' CentOS at all but noting that installing CentOS 6.0 on a public facing server requires a leap of faith that I don't currently have. Perhaps it is useful that not everyone is patiently waiting for releases, updates and parroting 'good job' when it is 6+ months behind upstream.
Craig
On 11/11/2011 07:11 AM, Craig White wrote:
On Fri, 2011-11-11 at 04:20 -0600, Johnny Hughes wrote:
On 11/10/2011 07:40 PM, Craig White wrote:
On Thu, 2011-11-10 at 14:30 -0500, Lamar Owen wrote:
On Thursday, November 10, 2011 02:20:25 PM Bob Hoffman wrote:
The newer stuff is cool, but it lacks the polish of a ready to go system. Centos has the polish, but lacks the new stuff. sigh.
And right there is the core (or maybe it's 'sore') point to all of this; it really depends on what you need and how much work you have to do to make it fit your needs. And then keeping up with your needs, as they inevitably change.
CentOS is what it is: as close as possible to upstream EL without being upstream EL. Nothing more, nothing less, and bug-for-bug compatible. If that's not what you need, then CentOS won't meet your need.
close?
May 19, 2011 (RH 6.1)
I thought the term 'close' only applied to horseshoes and hand grenades.
Given the track record for CentOS for v 6, it's pretty clear that installing it means that you are likely to have deployed servers that will lag for months without security updates and it's awful easy to set up iptables ;-) I'm not saying this to disparage the developers because I'm sure that they're doing the best that they can but I can't tell my friends/clients/employer/etc. that I can recommend using CentOS knowing the struggles they are having getting out releases & updates.
This is just no longer true Craig ... you obviously have not been looking at or using the CR for CentOS-6.
correct, not from lack of desire though.
I was dying to try out FreeIPA but the target is continually moving. Even at the point where I can install 6.1 FreeIPA is whole on 6.2
We have also now totally automated many parts of the QA system to test packages.
http://wiki.centos.org/QaWiki/AutomatedTests/WritingTests/t_functional
Also, I would like an audit of your servers that you manage to see how often you install those security updates that ARE available. How fast are you pushing all the updates that you are getting SO QUICKLY with these other OS's?
I'm not sure why you decided to go here when Russ made it so clear that this was off-topic so I will defer an answer
As will I.
I can only tell you that we are cranking out packages at a very quick pace now, and that they are also now being tested much better and much faster than before.
We are also asking for "the community" to help us be designing tests that can be used in t_functional ... have YOU designed any tests to ensure that a problem that you have had in the past does not sneak in anymore and put it in t_functional ... or are you just here to continually complain and run down our OS?
If that's how you see it - then so be it. I would suppose it would be unnecessary to re-quote your own thoughts on timeliness of security updates on another list but certainly relevant. I don't see myself 'running down' CentOS at all but noting that installing CentOS 6.0 on a public facing server requires a leap of faith that I don't currently have. Perhaps it is useful that not everyone is patiently waiting for releases, updates and parroting 'good job' when it is 6+ months behind upstream.
Timeliness of updates are important ... but so is the timeliness of criticism. We have taken steps to make this process much faster ... your comments are about the process as it existed 6+ months ago, not the one that exists now.
My criticism was about the upstream release practices of upstream as the existed THEN, not as they exist NOW. But, John Morris' reply then is very valid. He said, if you need updates faster, this is not your OS ... so the people who wanted faster updates moved. We did not continue to SPAM his list for years asking him to change. When it was clear there would be no change, we moved on ... (HINT)
It is NOT 6+ months behind upstream ... that is the point of CR. If you are using CR, you are not 6+ months behind.
There were RPMs released into CR 2 weeks ago. There are 2192 "6.1 RPMs" released in the x86_64 CR repo right now. They were released in 8 different batches over the last month.
So, thanks for your input ... now, please sync that input with reality. We have DONE many things to make the process better for 6.x, but you are not acknowledging any of them.
We created a QA feedback mechanism. http://qaweb.dev.centos.org/qa/dashboard
We created a CR repo. http://wiki.centos.org/AdditionalResources/Repositories/CR
We created a public testing mechanism to help us get packages out faster and asked for community input: http://wiki.centos.org/QaWiki/AutomatedTests/WritingTests/t_functional
On Thursday, November 10, 2011 11:33 PM, Craig White wrote:
7- The install, of the virtual host, added libvirt. It did not however install things like virt-install or any other virt software. Infact, no guest installation tools were added, though things like virsh were installed. Sigh.
8- The firewall and network do not have the scripts folder. You have to build your own firewall file and add scripts to make it over ride the stock one via the eth you want to use it for....wtf?
all sorts of packages for firewall management.
apt-cache search firewall | wc -l 152
why be content with the minimal firewall tool when you actually can have a choice?
What? Those crap choices like ufw or fwbuilder? Oh, btw, if there really was 152 blooming choices, they would on the most part be total crap.
I like how you seem to think that stuff like upsd, stone, perdition, libiax-dev for a small sample are somehow firewall related.
Managing a firewall on Ubuntu is retarded and I have to write my own scripts to hook into interfaces so that I can a sane set of iptables rules loaded/unloaded without the mess from ufw/fwbuilder/whateverothercrap.
On Fri, 2011-11-11 at 11:07 +0800, Christopher Chan wrote:
On Thursday, November 10, 2011 11:33 PM, Craig White wrote:
7- The install, of the virtual host, added libvirt. It did not however install things like virt-install or any other virt software. Infact, no guest installation tools were added, though things like virsh were installed. Sigh.
8- The firewall and network do not have the scripts folder. You have to build your own firewall file and add scripts to make it over ride the stock one via the eth you want to use it for....wtf?
all sorts of packages for firewall management.
apt-cache search firewall | wc -l 152
why be content with the minimal firewall tool when you actually can have a choice?
What? Those crap choices like ufw or fwbuilder? Oh, btw, if there really was 152 blooming choices, they would on the most part be total crap.
I like how you seem to think that stuff like upsd, stone, perdition, libiax-dev for a small sample are somehow firewall related.
Managing a firewall on Ubuntu is retarded and I have to write my own scripts to hook into interfaces so that I can a sane set of iptables rules loaded/unloaded without the mess from ufw/fwbuilder/whateverothercrap.
---- don't know a thing about ufw or fwbuilder but if you want simplistic firewall rules (ie, RH/Fedora /etc/init.d/iptables) Ubuntu has iptables-persistent which gets the job done just fine. Of course someone with your skills would have no problem migrating RH's /etc/init.d/iptables to Ubuntu (estimated time, 10 minutes).
If you want something heavy duty you could simply 'apt-get install shorewall'' but I suspect that you just want to be pedantic. The point that Lamar made - that was that there wasn't any firewall installed by default at all, which I agreed with.
Now if it's package quantity vs. quality type of discussion that you want to have... yes, there are some packages that Ubuntu has that don't interest me in the least but the quantity can be mind boggling. For example (and in my sphere of interest), Ubuntu has pre-built packages for netatalk, davical & bacula which I use everywhere and I am building them from source for RHEL or CentOS deployments. To be fair however, I did have to build cyrus-imapd from source on Ubuntu whereas Simon's packages for RHEL/CentOS are terrific.
Then there's the utility of aptitude/apt-get vs. yum where I can deploy and dynamically manage 'holding' packages on Ubuntu which is simply not available with an rpm/yum package provider. Yum/rpm is good, apt/dpkg is better.
Linux is pretty much still Linux and one thing has become obvious since I started playing around with Ubuntu the last 7 or 8 months... that my skills have improved by learning how the other half lives. I still love Red Hat stuff, still use Fedora for my desktop. Some things Ubuntu does better, some things I much prefer Red Hat methodology. In the end, it's still Linux.
I just can't embrace installing an OS whose security updates have consistently lagged 3-6 months behind.
Craig
On Thu, Nov 10, 2011 at 08:49:33PM -0700, Craig White wrote:
I just can't embrace installing an OS whose security updates have consistently lagged 3-6 months behind.
You've made this point, repeatedly, for the past few months. It's getting old; we are all well aware of your feelings about this. So perhaps we can just let it go now? Please?
This thread is an example of what is wrong with this list. There is little to no value to be had with threads of this nature. This isn't an advocacy list; nor is it a list to beat about the merits of one of server distro versus another.
John
On Thu, 2011-11-10 at 22:07 -0600, John R. Dennison wrote:
On Thu, Nov 10, 2011 at 08:49:33PM -0700, Craig White wrote:
I just can't embrace installing an OS whose security updates have consistently lagged 3-6 months behind.
You've made this point, repeatedly, for the past few months. It's getting old; we are all well aware of your feelings about this. So perhaps we can just let it go now? Please?
This thread is an example of what is wrong with this list. There is little to no value to be had with threads of this nature. This isn't an advocacy list; nor is it a list to beat about the merits of one of server distro versus another.
---- "If timely updates are not a key factor for you, then WBEL is a great distro. If timely updates are the most important thing you consider about the distro you want, then WBEL might not be a fit for you"
http://beau.org/pipermail/whitebox-users/2004-December/004761.html
I'm not advocating for any distribution - I am sure I could probably work with any of them.
Craig
On Friday, November 11, 2011 11:49 AM, Craig White wrote:
If you want something heavy duty you could simply 'apt-get install shorewall'' but I suspect that you just want to be pedantic. The point that Lamar made - that was that there wasn't any firewall installed by default at all, which I agreed with.
I have seen shorewall generated rules. Far way too much branching off and following rule paths is a pain. For small setups, yes, it will do.
But if you need to handle high traffic and therefore optimize the rules, forget it.
Now if it's package quantity vs. quality type of discussion that you want to have... yes, there are some packages that Ubuntu has that don't interest me in the least but the quantity can be mind boggling. For example (and in my sphere of interest), Ubuntu has pre-built packages for netatalk, davical& bacula which I use everywhere and I am building them from source for RHEL or CentOS deployments. To be fair however, I did have to build cyrus-imapd from source on Ubuntu whereas Simon's packages for RHEL/CentOS are terrific.
1) Not all packages in the provided repos are Canonical supported. Most of them are actually third-party aka 'community' maintained or unmaintained even and 2) You can get a similar if lesser experience with regards to quantity if you also add third-party repos on RHEL/Centos.
Just because you don't get third-party packages available without a bit of tinkering is not that much of a plus for Ubuntu.
Then there's the utility of aptitude/apt-get vs. yum where I can deploy and dynamically manage 'holding' packages on Ubuntu which is simply not available with an rpm/yum package provider. Yum/rpm is good, apt/dpkg is better.
I can play that game too. apt/dpkg is good but yum/rpm is better because it gives me 1) checksums and 2) multi-arch support.
Linux is pretty much still Linux and one thing has become obvious since I started playing around with Ubuntu the last 7 or 8 months... that my skills have improved by learning how the other half lives. I still love Red Hat stuff, still use Fedora for my desktop. Some things Ubuntu does better, some things I much prefer Red Hat methodology. In the end, it's still Linux.
I just can't embrace installing an OS whose security updates have consistently lagged 3-6 months behind.
I would not have said much if you have pushed Debian but Ubuntu? It's a joke. I only happen to have one Ubuntu Hardy server because I did not have a Centos disk at hand when I had to do an emergency installation of a box to take over the predecessor's read RH9 squid/nat box. I have no qualms learning the ropes of another distro but the Ubuntu distro takes the cake for faking a community and having tools that are way behind those available with RHEL/Centos. Does d-i support/have lvm on raid recipes yet?
On Fri, 2011-11-11 at 12:12 +0800, Christopher Chan wrote:
I would not have said much if you have pushed Debian but Ubuntu? It's a joke. I only happen to have one Ubuntu Hardy server because I did not have a Centos disk at hand when I had to do an emergency installation of a box to take over the predecessor's read RH9 squid/nat box. I have no qualms learning the ropes of another distro but the Ubuntu distro takes the cake for faking a community and having tools that are way behind those available with RHEL/Centos. Does d-i support/have lvm on raid recipes yet?
---- yeah - community... see SADFL
http://www.ubuntu.com/project/about-ubuntu/governance
;-)
I don't know what you mean by 'd-1' Seems you can do pretty much anything with their version of kickstart (apparently they have incorporated anaconda now but I haven't ever used it) and they also have preseed and I am using puppet and foreman so I have other methodologies.
Craig
On Friday, November 11, 2011 12:33 PM, Craig White wrote:
On Fri, 2011-11-11 at 12:12 +0800, Christopher Chan wrote:
I would not have said much if you have pushed Debian but Ubuntu? It's a joke. I only happen to have one Ubuntu Hardy server because I did not have a Centos disk at hand when I had to do an emergency installation of a box to take over the predecessor's read RH9 squid/nat box. I have no qualms learning the ropes of another distro but the Ubuntu distro takes the cake for faking a community and having tools that are way behind those available with RHEL/Centos. Does d-i support/have lvm on raid recipes yet?
yeah - community... see SADFL
http://www.ubuntu.com/project/about-ubuntu/governance
;-)
I don't know what you mean by 'd-1'
d-i = debian-installer which is what Ubuntu uses for its text installer.
Seems you can do pretty much anything with their version of kickstart (apparently they have incorporated anaconda now but I haven't ever used it) and they also have preseed and I am using puppet and foreman so I have other methodologies.
Oh, things have improved have they? Last I tried, you could not get d-i to do lvm on raid whether on the console or through preseed. Are you telling me that you can now get that done with ks files when you could not with preseed or manually?
On Thu, 2011-11-10 at 23:49 -0500, R P Herrold wrote:
On Thu, 10 Nov 2011, Craig White wrote:
I just can't embrace installing an OS whose security updates have ...
Then please leave -- your sustained venom and bile are not needed, wanted, nor useful here, let alone remotely on topic
---- what venom? what bile?
For the record, I wasn't the one who brought up Ubuntu
Craig
On Thu, 10 Nov 2011, Craig White wrote:
On Thu, 2011-11-10 at 23:49 -0500, R P Herrold wrote:
Then please leave -- your sustained venom and bile are not needed, wanted, nor useful here, let alone remotely on topic
what venom? what bile?
For the record, I wasn't the one who brought up Ubuntu
nor did I mention non-centos distributions --- take your cruft elsewhere ... this thread is over
-- Russ herrold
Just to throw out the background on the thread...
It was started questioning whether redhat is going to actively try and make it harder over time to clone it, thus making any derivatives of it untenable.
I tried ubuntu and that is what this sub thread is about.
I tried ubuntu from the standpoint of a non-developer, non-it-worker, hobbyist web site owner putting together a stand alone webserver.
Ubuntu vs centos in this regard goes fully to centos. Having to get a degree in grub, iptable scripts, etc just to do a out of the box install of a virtual host is rather much in that regard. Centos had a much easier and somewhat more intuitive installer and installed a firewall that limited input to a bridged device and port 22. Ubuntu opened the virtual host to the entire lan, all ports, and added forwarding to non existent virtual bridge that had not been built yet.
Ubu had forced me during the install to download packages and get on the net. Centos did not.
From what I now understand of debian derived ubuntu is they are quite an excellent desktop system and are working on an interesting cloud infrastructure. I understand now that ubuntu command line stuff (non desktop) is for someone with much more knowledge of linux and all its programs than a person using centos would need to know.
In that regard, not coming from a bank of servers and knowledgeable university background, ubuntu is a massive learning curve far beyond the pre-set-up nature of centos.
I did want the ability to get newer programs in regards to web stuff like php. I may try to install some ubu as web servers, but not as the virtual host. It seems to require too much time and knowledge to properly secure it.
With centos I can lock the virtual host down and access solely through the ipmi interface ensuring that as the only fail point. Right out of the box. Easily. I like the security and ease of it.
As a virtual host, I found ubu install tedious, slow, and demanding way too much knowledge and skill to just simply start adding guests and go. Ubu virtual host is definitely requires much more configuration skills than centos. Something I do not feeling like having to learn when centos comes with it set to go.
If you are from a university background or have worked with many types of linux for a long time, then maybe it is simple for you to take a few minutes out and configure the scripts for network, iptables, secure the box, check all the pre-installed stuff. But for me it would take much longer and I would never know what I missed.
Le 11/11/2011 10:39, Bob Hoffman a écrit :
Ubuntu opened the virtual host to the entire lan, all ports, and added forwarding to non existent virtual bridge that had not been built yet.
This is simply false for Ubuntu Server. After first install, there is simply no single port opened, even 22, you need to install openssh for that. So there is no need for a firewall with the basic install. It is this philosophy that is not unsderstood by RHEL.CentOS users. You don't need a firewall when there are no ports opened.
The first release was even delayed because it remained one open port !
Meanwhile, you can access the Internet (it does not open ports on the external), and update your machine.
I am using Ubuntu Server for VMs, and I like this behavior. It is very light, and a fast installation. Then I install and open only the required services and ports, and control the ports that can reached from Internet with a site firewall.
Alain
On Fri, Nov 11, 2011 at 02:28:26PM +0100, Alain Péan wrote:
* Diatribe on Ubuntu removed *
Seriously. This is _not_ the list for this. Readers should not have to wade through the morass of this thread or even spend the second or so required to thread kill it. It's off-topic. This is not an advocacy list to debate merits of one distro over another. If you like Ubuntu, fine - we don't need to know about it. If you don't like CentOS, fine, this list, however, isn't the venue to rattle on about it.
If you are unhappy with CentOS then you need to think that perhaps you should be using something else. And if you _are_ using something else why bother taking up my time and that of the thousands of other list members complaining about CentOS or expressing your various displeasures here?
So I ask you, and all the others, to _please_ consider that the _vast_ majority of active readers of this list don't care one way or another about opinions of CentOS vs Ubuntu or hearing, yet again, about your displeasure with whatever is irritating you today about CentOS.
Thank you.
John
On Fri, Nov 11, 2011 at 7:45 AM, John R. Dennison jrd@gerdesas.com wrote:
On Fri, Nov 11, 2011 at 02:28:26PM +0100, Alain Péan wrote:
Seriously. This is _not_ the list for this. Readers should not have to wade through the morass of this thread or even spend the second or so required to thread kill it. It's off-topic. This is not an advocacy list to debate merits of one distro over another. If you like Ubuntu, fine - we don't need to know about it. If you don't like CentOS, fine, this list, however, isn't the venue to rattle on about it.
This thread and others like it are not about people not 'liking' CentOS all of a sudden and everyone know that. It is about what the people who expected a reasonably current CentOS to be available may be forced to use instead.
If you are unhappy with CentOS then you need to think that perhaps you should be using something else. And if you _are_ using something else why bother taking up my time and that of the thousands of other list members complaining about CentOS or expressing your various displeasures here?
We are pretty much all in the same boat here. If someone can authoritatively say that CentOS will never be more than a few weeks (even months, whatever...) behind upstream, then such discussion will end of its own accord. Otherwise everyone needs a plan B.
So I ask you, and all the others, to _please_ consider that the _vast_ majority of active readers of this list don't care one way or another about opinions of CentOS vs Ubuntu or hearing, yet again, about your displeasure with whatever is irritating you today about CentOS.
Sorry, but I don't believe that there is any such vast majority that isn't concerned about the situation.
On 11/11/2011 08:04 AM, Les Mikesell wrote:
On Fri, Nov 11, 2011 at 7:45 AM, John R. Dennison jrd@gerdesas.com wrote:
On Fri, Nov 11, 2011 at 02:28:26PM +0100, Alain Péan wrote:
Seriously. This is _not_ the list for this. Readers should not have to wade through the morass of this thread or even spend the second or so required to thread kill it. It's off-topic. This is not an advocacy list to debate merits of one distro over another. If you like Ubuntu, fine - we don't need to know about it. If you don't like CentOS, fine, this list, however, isn't the venue to rattle on about it.
This thread and others like it are not about people not 'liking' CentOS all of a sudden and everyone know that. It is about what the people who expected a reasonably current CentOS to be available may be forced to use instead.
If you are unhappy with CentOS then you need to think that perhaps you should be using something else. And if you _are_ using something else why bother taking up my time and that of the thousands of other list members complaining about CentOS or expressing your various displeasures here?
We are pretty much all in the same boat here. If someone can authoritatively say that CentOS will never be more than a few weeks (even months, whatever...) behind upstream, then such discussion will end of its own accord. Otherwise everyone needs a plan B.
What is older than that now if you look at 6.x CR? The only thing lagging right now is the building of new install media. But if you install 6.0 and use CR, you are in good shape. There are even updates in there that are newer than 6.1 (it also contains the updates TO 6.1).
I can never say how long it will take to build something that we have not built yet ... if we have to redesign a system from scratch, it will take time. You are correct, if CentOS does not work for you then move on. Move on to a new OS and move on to a new list.
So I ask you, and all the others, to _please_ consider that the _vast_ majority of active readers of this list don't care one way or another about opinions of CentOS vs Ubuntu or hearing, yet again, about your displeasure with whatever is irritating you today about CentOS.
Sorry, but I don't believe that there is any such vast majority that isn't concerned about the situation.
This list is for the community to use to get and provide support for CentOS ... not for constant bellyaching and non stop whining. This list has become non usable because of the trash that it has become.
Starting today, I will be banning people from posting on this list.
On Fri, Nov 11, 2011 at 8:16 AM, Johnny Hughes johnny@centos.org wrote:
This list is for the community to use to get and provide support for CentOS ... not for constant bellyaching and non stop whining. This list has become non usable because of the trash that it has become.
Are you deploying 6.x yourself yet in public facing sites - at least ones not prepared to by RHEL licenses? Unless I missed something, your last advice posted here was to stick to 5.x. What's the official support position on that today?
On 11/11/2011 09:50 AM, Les Mikesell wrote:
On Fri, Nov 11, 2011 at 8:16 AM, Johnny Hughes johnny@centos.org wrote:
This list is for the community to use to get and provide support for CentOS ... not for constant bellyaching and non stop whining. This list has become non usable because of the trash that it has become.
Are you deploying 6.x yourself yet in public facing sites - at least ones not prepared to by RHEL licenses? Unless I missed something, your last advice posted here was to stick to 5.x. What's the official support position on that today?
There is no official position. I personally use 5.x for almost everything because there are still more than 2.5 years of support for 5.x, 5.x is very stable, and 6.x is still very new. However, just from a "security perspective" either 5.x or 6.x is fine now if you are using CR. There are 2182 "6.1" or newer RPMS in the x86_64 CR repo right now.
I certainly use 6.x on my workstation machines ... admittedly they are not normally directly Internet facing.
I do recommend that people give weight to security and consider buying RHEL licenses for critical machines, but there are millions of satisfied CentOS users.
I know several Universities that have deployed 6.x or are going to do so in the next couple of months.
I know that Dell is using CentOS for deploying application appliances, Facebook is using CentOS, cPanel uses CentOS in a huge percentage of their deployments, 8 of the top 500 super computers in the world are CentOS, and that CentOS is still the most used version of Linux on the internet:
http://w3techs.com/technologies/details/os-linux/all/all
I would also like to point out that the cPanel, Plesk and OpenVZ deployments of CentOS (about 1/2 of the total deployed CentOS web servers on the Internet) do not even show up as "CentOS" ... they show up as "unknown Unix" on that survey.
Vreme: 11/11/2011 03:16 PM, Johnny Hughes piše:
This list is for the community to use to get and provide support for CentOS ... not for constant bellyaching and non stop whining. This list has become non usable because of the trash that it has become.
Starting today, I will be banning people from posting on this list.
You should post this also as a separate thread since a lot of people avoids reading that thread.
Alain wrote ---------------------------
Le 11/11/2011 10:39, Bob Hoffman a écrit :
/ Ubuntu opened the virtual host to the entire lan, all ports, and added
/>/ forwarding to non existent />/ virtual bridge that had not been built yet. / This is simply false for Ubuntu Server. After first install, there is simply no single port opened, even 22, you need to install openssh for that. So there is no need for a firewall with the basic install. It is this philosophy that is not unsderstood by RHEL.CentOS users. You don't need a firewall when there are no ports opened.
The first release was even delayed because it remained one open port !
Meanwhile, you can access the Internet (it does not open ports on the external), and update your machine.
I am using Ubuntu Server for VMs, and I like this behavior. It is very light, and a fast installation. Then I install and open only the required services and ports, and control the ports that can reached from Internet with a site firewall.
Alain ------------------------- Well, I did the stock install as a virtual guest and was able to use port 22 to shell right into it even though that port was not specifically listed as opened in the firewall I posted. I was able to see all other ports open too. I just assumed it was setting up a lan/masquerade for my whole network as part of the dhcp. It was enough for me to uninstall it as a virtual host as it was beyond my skill to understand a proper response to an open firewall.
Christopher Chan wrote:
On Thursday, November 10, 2011 11:33 PM, Craig White wrote:
7- The install, of the virtual host, added libvirt. It did not however install things like virt-install or any other virt software. Infact, no guest installation tools were added, though things like virsh were installed. Sigh.
8- The firewall and network do not have the scripts folder. You have to build your own firewall file and add scripts to make it over ride the stock one via the eth you want to use it for....wtf?
all sorts of packages for firewall management.
<snip> Tried Bastille Linux? It's not a distro, but a set of hardening scripts, and is highly thought of, including by me.
mark
----- Original Message ----- | This is a continuation of the thread about redhat vs centos and the | thought of moving from centos | due to redhats new business model. Forgive the length, but I had to | share. | | I went ahead and downloaded the 5 year supported version of ubuntu | server. | You think centos/redhat is a bit tough or not polished? | One day with ubuntu server and you will look at centos install and | setup | as a god!
Let me start out by saying that I totally agree with you here. Ubiquity is a really crappy installer! I've fought with it for many years. However, like RHEL/CentOS you can use kickstart to install the machine. It's called kickseed in Ubuntu/Debian and maps a subset of the Kickstart features to the debian-installer equivalent.
| Where do I begin? | | 1- you download the iso, burn a cd. But guess what? It is only a small | boot setup (about 600mb). | The install actually sets up your eth port and then SLOWLY downloads a | base set of packages.
This, like the RHEL/CentOS installer can be changed if you are using kickstart. If you are are installing from CD it will install packages *that have not been updated* from the CD. However, the installer does check security.ubuntu.com and downloads updates during installation for those packages. This would be the equivalent to including the updates and CR repos during a kickstart.
| Then when you are done with your drive set up, you get to pick a | package. | Then it downloads and installs, asking you a few questions as it does. | Then it upgrades itself. | About 40 minutes due to the downloads for me...
See above statement. If you are kickstarting, it's no big deal.
| 2- uses a really lame 1980 DOS version of a text installer. It does | not | and will not use a basic vid driver install | which means your setting up of lvms and such during the install is | really fun.
Then you downloaded the alternative, netboot or server installer. The desktop installer is fully graphical, however, is lacking many features such as LVM and RAID support selections. This is *entirely* different than Anaconda which actually works the same whether using the text, VNC or standard graphical install.
| 3- I don't know about having a server being forced to connect to the | internet before you can even begin to secure | it up. But the only way to really install it is to do that. Wait til | you | see the insecure firewall setup if gave me too..
And during installation of RHEL/CentOS how to do secure the box before installing? How about applying updates before putting it in production? Let's be fair here.
| 4- I picked the virtual host package, as the machine will hold guest | OS's (presumably ubuntu).
Would be covered by a kickstart and a virtual host package is the equivalent to the package group in RH speak
| 5- booted up fine. | | 6- uses upstart and init, mixed up a bit. Upstart, BY DESIGN AND | ACCORDING TO DOCUMENTATION is new and | still being built so they do not want to put any documentation out on | it | yet. This makes chkconfig and things like | that useless. Hence, if you want to know what is running, set to run, | etc, you need to dig in multiple folders and | read the scripts. There is no other way. What a horror.
You are arguing that something is misunderstood by you and thereby horrific. As a person who manages several UNIX & UNIX-like operating systems, I would agree that it is "horrific" to have to understand the differences about how to enable / disable services on each platform.
| 7- The install, of the virtual host, added libvirt. It did not however | install things like virt-install or any other virt software. | Infact, no guest installation tools were added, though things like | virsh | were installed. Sigh.
That is correct, those packages are provided as "extra" tools. They are not needed for virtualization to work.
| | 8- The firewall and network do not have the scripts folder. You have | to | build your own firewall file and add scripts | to make it over ride the stock one via the eth you want to use it | for....wtf?
Is it that you don't understand where they are or that it's just not possible? There's a difference. Yeah, on RH there is an /etc/sysconfig/network-scripts. On Debian/Ubuntu there is a /etc/network/interfaces file that controls all. What's wrong with that. Personally, I can think of lots of things, but it's my opinion. I'm trying to show that you are making assumptions about how this "should" be compared to how things are before learning the "why" things are the way they are.
| 9- here is the firewall, for a virtual host, that should not have | anything but port 22 open as far as the initial install | should (at least in my opinion).....Ubuntu starts with this.... | (remember, ubuntu forces you to be online to install and this is how | it | protects your server) | | I was not blocked on a single port going from my desktop to my server | via my router. ALL PORTS were accessible. | This is out of the box. Shell 22 was open from all my computers. Not | listed in the firewall as open. | You can see it is quite different than the centos stock and I think | ubuntu is a 'run away' install.
It is? SSH is open in all stock installs.
| There is no bridge set up in the network interface files either. There | is no bridge set up.
Yes, but you installed the virtualization package group which set this up for you. The fact that it isn't there is irrelevant. If you added it you would be protected.
| The firewall is looking at virbr0 but there is no such configuration I | could find in the | etc folder, anywhere. | Very odd. | | # Generated by iptables-save v1.4.4 on Mon Nov 7 23:35:47 2011 | *nat | :PREROUTING ACCEPT [84:12492] | :POSTROUTING ACCEPT [9:626] | :OUTPUT ACCEPT [9:626] | -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j | MASQUERADE --to-ports 1024-65535 | -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j | MASQUERADE --to-ports 1024-65535 | -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE | COMMIT | # Completed on Mon Nov 7 23:35:47 2011 | # Generated by iptables-save v1.4.4 on Mon Nov 7 23:35:47 2011 | *filter | :INPUT ACCEPT [3701:295955] | :FORWARD ACCEPT [0:0] | :OUTPUT ACCEPT [793:1276008] | -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT | -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT | -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT | -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT | -A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state | RELATED,ESTABLISHED -j ACCEPT | -A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT | -A FORWARD -i virbr0 -o virbr0 -j ACCEPT | -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable | -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable | COMMIT | # Completed on Mon Nov 7 23:35:47 2011 | | | In closing, it is down to suse or back to centos and just pray redhat | turns around. Maybe scientific linux. | Ubuntu is not ready for prime time and a HUGE step backwards. It is | not | cutting edge and very insecure. | | So maybe centos, even if a year or two behind, is way better than | ubuntu | will ever be. | | | I took a shot at paid support. | You have to send them a contact mail. I did. | After 3 days sent them another. | 2 days later, no response from that one either. | | down to suse or back to centos. | | One good thing about ubuntu was the bug redhat has for the ati onboard | video is not an issue making | no errors on boot and no long hang time that centos was causing me.
I can't believe that I have defended Ubuntu so much in this E-Mail. I don't even like Ubuntu! I used it for years, but only as a personal desktop and from that perspective it was a *really* nice platform to work with. It made installing proprietary drivers and codecs a snap (thereby signing off all my freedoms ;) ), but if you need to deviate from the "Ubuntu way" or do *anything* that is remotely complex Ubuntu falls over dead and this is why I moved away from it.
There was some talk about porting Anaconda to Ubuntu to replace Ubiquity. I'd welcome that and maybe even start to use it in our department, but there are still *way* too many "broken" things that stop me from rolling it out. One of those things just happens to be the insatiable need to just rip out core parts of the system willy-nilly to get the lasted "cool kid" code.
On Thu, Nov 10, 2011 at 12:42:36PM -0800, James A. Peltier wrote:
Then you downloaded the alternative, netboot or server installer. The desktop installer is fully graphical, however, is lacking many features such as LVM and RAID support selections. This is *entirely* different than Anaconda which actually works the same whether using the text, VNC or standard graphical install.
It does not. The text-based anaconda installer is crippled and has been so for many years. You are fully unable to exercise full control of the install process as you can with the gui version. The problems are well known and have been for years.
John
On 11/10/2011 05:44 AM, Bob Hoffman wrote:
I went ahead and downloaded the 5 year supported version of ubuntu server. You think centos/redhat is a bit tough or not polished? One day with ubuntu server and you will look at centos install and setup as a god!
I'm assuming your refering to ubuntu 10.04 LTS. Like every distribution it's got it's quirks. I routinely use both CentOS/Redhat and Ubuntu for different purposes. Both distributions have things that I like and things that I don't like so much. If you've been running Ubuntu or other debian based distribution, you could install CentOS/Redhat and spend quite a bit of time becoming familiar with Redhat. My responses in this message are NOT meant to be an attack on redhat CentOS, but simply to share some of my experiences with Ubuntu.
Where do I begin?
1- you download the iso, burn a cd. But guess what? It is only a small boot setup (about 600mb). The install actually sets up your eth port and then SLOWLY downloads a base set of packages. Then when you are done with your drive set up, you get to pick a package. Then it downloads and installs, asking you a few questions as it does. Then it upgrades itself. About 40 minutes due to the downloads for me...
The package management tools in Ubuntu/Debian are small and fast. I've come to like them, though I fought with them at first. I like their handling of dependencies. The package repositories for Ubuntu/Debian are huge. I've rarely had to go outside of the Ubuntu repositories looking for software that I needed to run. I've spent much more time compiling software and messing with outside repositories for CentOS. My understanding is that Linux in general is moving towards a common package management and package format that will be shared by most linux distributions.
2- uses a really lame 1980 DOS version of a text installer. It does not and will not use a basic vid driver install which means your setting up of lvms and such during the install is really fun.
I believe the standard desktop uses Ubuntu's own installer. The Ubuntu server and the 'alternative' distribution use the debian installer. I fought with it at first, but it is much more flexible than the redhat installer. You can build arbitrary LVM/raid configurations with it and you can also go into the shell from the installer and customize things that you can't with the redhat installer.
3- I don't know about having a server being forced to connect to the internet before you can even begin to secure it up. But the only way to really install it is to do that. Wait til you see the insecure firewall setup if gave me too..
I've not experienced any distribution to provide a great default firewall setup. What I do notice about Ubuntu server is there are very few services running in the default install, so if you probe a newly installed machine, it's not very vulnerable. I usually run new installs behind my Internet firewall anyway. I like doing a basic install and then adding the services that I want to enable, rather then a server install that comes up with dozens of services that you may not need and you have to turn them all off to secure the machine.
4- I picked the virtual host package, as the machine will hold guest OS's (presumably ubuntu).
I do like CentOS/Redhat 6 better as a virtualization server. Thing to realize here is that Redhat is leading the development effort for KVM, libvirt etc, so Ubuntu's code lags behind redhat. For the current stable Ubuntu 10.04 LTS release Ubuntu lags behind redhat 6 and since 10.04 LTS is a stable release it doesn't just get arbitrary updates unless they are security fixes.
One thing I like about Ubuntu/debian is the /etc/network/interfaces file over /etc/sysconfig/network-scripts /etc/sysconfig/network.
5- booted up fine.
6- uses upstart and init, mixed up a bit. Upstart, BY DESIGN AND ACCORDING TO DOCUMENTATION is new and still being built so they do not want to put any documentation out on it yet. This makes chkconfig and things like that useless. Hence, if you want to know what is running, set to run, etc, you need to dig in multiple folders and read the scripts. There is no other way. What a horror.
Redhat 6 uses a similar hybrid mess between the old startup format and upstart. Like many things in Linux, finding good documentation is not always easy, but it can be found. It takes a bit of time to master upstart, but it does let you create dependancies in the startup process which is nicer than having to add sleep commands and doing other things to muck with daemons that have dependancy on other services. Upstart is going to be replaced in future Redhat releases. http://bazaar.launchpad.net/~upstart-documenters/upstart-cookbook/trunk/revi... http://bazaar.launchpad.net/%7Eupstart-documenters/upstart-cookbook/trunk/revision/30
I do find apparmor a whole lot easier to master than selinux.
7- The install, of the virtual host, added libvirt. It did not however install things like virt-install or any other virt software. Infact, no guest installation tools were added, though things like virsh were installed. Sigh.
apt-get install virtinst
8- The firewall and network do not have the scripts folder. You have to build your own firewall file and add scripts to make it over ride the stock one via the eth you want to use it for....wtf?
Just another flavor of linux. There are various packages that can be installed to do this for you. ufw is one of them. I prefer to use my own scripts though.
I took a shot at paid support. You have to send them a contact mail. I did. After 3 days sent them another. 2 days later, no response from that one either.
That I'm sorry to hear. I've never tried their paid support. They are pretty quick at providing security updates though.
Nataraj
On Saturday, November 12, 2011 03:59 PM, Nataraj wrote:
I believe the standard desktop uses Ubuntu's own installer. The Ubuntu server and the 'alternative' distribution use the debian installer. I fought with it at first, but it is much more flexible than the redhat installer. You can build arbitrary LVM/raid configurations with it and you can also go into the shell from the installer and customize things that you can't with the redhat installer.
Last time I tried, you could not do lvm on raid and it was acknowledged as such on the ubuntu-installer/ubuntu-devel-discuss list. Arbitrary lvm/raid and lvm on raid has been possible on anaconda for quite a while.
3- I don't know about having a server being forced to connect to the internet before you can even begin to secure it up. But the only way to really install it is to do that. Wait til you see the insecure firewall setup if gave me too..
I've not experienced any distribution to provide a great default firewall setup. What I do notice about Ubuntu server is there are very few services running in the default install, so if you probe a newly installed machine, it's not very vulnerable. I usually run new installs behind my Internet firewall anyway. I like doing a basic install and then adding the services that I want to enable, rather then a server install that comes up with dozens of services that you may not need and you have to turn them all off to secure the machine.
Nobody said anything about any distribution providing a 'great' default setup. Someone said something about dozens of firewall management tools but in reality, they were all solutions that drive you insane.
Redhat/Centos = service iptables save. End of story.
4- I picked the virtual host package, as the machine will hold guest OS's (presumably ubuntu).
I do like CentOS/Redhat 6 better as a virtualization server. Thing to realize here is that Redhat is leading the development effort for KVM, libvirt etc, so Ubuntu's code lags behind redhat. For the current stable Ubuntu 10.04 LTS release Ubuntu lags behind redhat 6 and since 10.04 LTS is a stable release it doesn't just get arbitrary updates unless they are security fixes.
Sometimes stuff don't get updates at all. Even when working patches have been provided. Maybe only some Canonical maintained packages get backports.
One thing I like about Ubuntu/debian is the /etc/network/interfaces file over /etc/sysconfig/network-scripts /etc/sysconfig/network.
I must say that that is one thing among others nice in Debian. Just like runparts is from Debian.
Just another flavor of linux. There are various packages that can be installed to do this for you. ufw is one of them. I prefer to use my own scripts though.
Using your own scripts is the only sane way to do things...ufw, fwbuilder, even shorewall are just either inadequate, inflexible or way too complicated to trace/optimize things.
On 11/12/2011 08:08 AM, Christopher Chan wrote:
On Saturday, November 12, 2011 03:59 PM, Nataraj wrote:
Not to necessarily feed this thread ... but the last 2 posts have been sane and relevant (as much as this topic can be).
I used to use Debian as my distribution of choice before RHEL came out and I was on the staff at:
There is nothing inherently WRONG with Debian and/or Ubuntu. They are just different. If I had to choose between the two to use as a stable server, I would pick Debian ... but both can be good distros.
However, if you are Fedora, RHEL, CentOS only with respect to what you have managed in the past, then there is a learning curve to get proficient at doing Debian/Ubuntu.
I believe the standard desktop uses Ubuntu's own installer. The Ubuntu server and the 'alternative' distribution use the debian installer. I fought with it at first, but it is much more flexible than the redhat installer. You can build arbitrary LVM/raid configurations with it and you can also go into the shell from the installer and customize things that you can't with the redhat installer.
Last time I tried, you could not do lvm on raid and it was acknowledged as such on the ubuntu-installer/ubuntu-devel-discuss list. Arbitrary lvm/raid and lvm on raid has been possible on anaconda for quite a while.
3- I don't know about having a server being forced to connect to the internet before you can even begin to secure it up. But the only way to really install it is to do that. Wait til you see the insecure firewall setup if gave me too..
I've not experienced any distribution to provide a great default firewall setup. What I do notice about Ubuntu server is there are very few services running in the default install, so if you probe a newly installed machine, it's not very vulnerable. I usually run new installs behind my Internet firewall anyway. I like doing a basic install and then adding the services that I want to enable, rather then a server install that comes up with dozens of services that you may not need and you have to turn them all off to secure the machine.
Nobody said anything about any distribution providing a 'great' default setup. Someone said something about dozens of firewall management tools but in reality, they were all solutions that drive you insane.
Redhat/Centos = service iptables save. End of story.
I agree with this too.
4- I picked the virtual host package, as the machine will hold guest OS's (presumably ubuntu).
I do like CentOS/Redhat 6 better as a virtualization server. Thing to realize here is that Redhat is leading the development effort for KVM, libvirt etc, so Ubuntu's code lags behind redhat. For the current stable Ubuntu 10.04 LTS release Ubuntu lags behind redhat 6 and since 10.04 LTS is a stable release it doesn't just get arbitrary updates unless they are security fixes.
Sometimes stuff don't get updates at all. Even when working patches have been provided. Maybe only some Canonical maintained packages get backports.
This is one thing I have noticed as well. They do not NECESSARILY backport all security (or otherwise) updates.
One thing I like about Ubuntu/debian is the /etc/network/interfaces file over /etc/sysconfig/network-scripts /etc/sysconfig/network.
I must say that that is one thing among others nice in Debian. Just like runparts is from Debian.
I like the Red Hat way now ... but that is because it is what I know now, not because it is necessarily better or worse.
Just another flavor of linux. There are various packages that can be installed to do this for you. ufw is one of them. I prefer to use my own scripts though.
Using your own scripts is the only sane way to do things...ufw, fwbuilder, even shorewall are just either inadequate, inflexible or way too complicated to trace/optimize things.
Agreed. ======================================================================
The bottom line is this. Debian is a solid Linux distribution and it can be used to do anything you want to do. Ubuntu is also a solid Linux distribution. They are both quite good. If either of them work better for "YOU" (meaning a generic you and not specifically anyone in this thread) then by all means use them.
Fedora is also a solid (and cutting edge) distribution ... test it and use it if it meets "YOUR" requirements.
Scientific Linux is a very good distribution. If "YOU" like it, use it. If I was not using CentOS, I would be using Scientific Linux.
Heck ... some people even like SUSE.
We provide CentOS for people who want to use it ... for people who don't want too ... GREAT ... use what you want to use.
That said, this list is for CentOS general discussions. Lets try to keep the discussion sane and somewhat on topic to the purpose of the list ... which, in case someone may not know .. is this:
"This is a General discussion list for all issues CentOS. Security updates are currently announced on this list once daily."
On Sat, 2011-11-12 at 09:25 -0600, Johnny Hughes wrote:
However, if you are Fedora, RHEL, CentOS only with respect to what you have managed in the past, then there is a learning curve to get proficient at doing Debian/Ubuntu.
---- the discussion of which distribution is better is a fool's game - much like KDE vs. GNOME or vi vs. emacs. There's only what you know, how you can adapt what you know and how well you can make it work for you and how much time you are willing to give to learning something new.
Craig
On Saturday, November 12, 2011 11:51:42 AM Craig White wrote:
On Sat, 2011-11-12 at 09:25 -0600, Johnny Hughes wrote:
... there is a learning curve to get proficient at doing Debian/Ubuntu.
... There's only what you know, how you can adapt what you know and how well you can make it work for you and how much time you are willing to give to learning something new.
If I may expound a tad, and I will endeavor to keep this brief, it goes one step farther than this. It becomes a balance of "how much time and effort will it take to adapt what you know to your task?" against "how steep is the learning curve for something you aren't proficient in, but is already known to do your desired task?" And sometimes, if not most of the time, it's a three-way balance with "what is the cost, monetary or otherwise, to get someone else to do it?"
As an example, I have four relatively nice SGI Altix IA64 systems here. I would prefer to run CentOS on them, since I can't afford RHEL for them, nor is RHEL 6 available for them. I have the knowledge to rebuild EL6 on the boxes, but I honestly don't have the time to work through all the details, even though the geek packager in me desperately wants to try. The latest Debian Stable works quite well on the boxen, but my knowledge of Debian is somewhat limited. So, I have a three-way balance between:
1.) Pay the cost of RHEL, with the knowledge that RHEL 5 is the last for IA64; 2.) Maintain my own private or semiprivate rebuild for IA64 of EL 6; 3.) Install Debian and get the boxen doing something (and potentially generating revenue), and climb yet another learning curve.
I chose 3 at the moment. It was not an easy choice.
Vreme: 11/12/2011 03:08 PM, Christopher Chan piše:
Using your own scripts is the only sane way to do things...ufw, fwbuilder, even shorewall are just either inadequate, inflexible or way too complicated to trace/optimize things.
I use shorewall for several years now. It is very flexible and manageable system. Especially if you use Webmin to manage it as I do. It is then fairly ease to setup even complicated stuff like multiple outgoing interfaces based on the rules. There are also templates most used. Shorewall is also able to configure "tc" or bandwidth control.
On Thu, Nov 10, 2011 at 8:44 AM, Bob Hoffman bob@bobhoffman.com wrote:
This is a continuation of the thread about redhat vs centos and the thought of moving from centos due to redhats new business model.
Can someone fill me in on this new business model? Is there a thread here on the list about it already?
Vreme: 11/14/2011 09:34 PM, Alan McKay piše:
On Thu, Nov 10, 2011 at 8:44 AM, Bob Hoffmanbob@bobhoffman.com wrote:
This is a continuation of the thread about redhat vs centos and the thought of moving from centos due to redhats new business model.
Can someone fill me in on this new business model? Is there a thread here on the list about it already?
There are at least 10-20 posts writing about it.
Use this link to Mailing list Archive: http://lists.centos.org/pipermail/centos/
And search for it. I hope nobody will start at it again, but AFTER you read the Archives and have *specific* questions feel free to ask.
And search for it. I hope nobody will start at it again, but AFTER you read the Archives and have *specific* questions feel free to ask.
OK, I"ll do some googling. I have the last several years of this list in my gmail so away I go ...
Vreme: 11/14/2011 11:18 PM, Alan McKay piše:
And search for it. I hope nobody will start at it again, but AFTER you read the Archives and have *specific* questions feel free to ask.
OK, I"ll do some googling. I have the last several years of this list in my gmail so away I go ...
Topic is in several threads and part of threads in this mailing list in last 1(-2) months. With details about impact on CentOS. But it is too spread out for providing links and you would miss possible info.
On Mon, Nov 14, 2011 at 4:39 PM, Ljubomir Ljubojevic office@plnet.rs wrote:
Vreme: 11/14/2011 11:18 PM, Alan McKay piše:
And search for it. I hope nobody will start at it again, but AFTER you read the Archives and have *specific* questions feel free to ask.
OK, I"ll do some googling. I have the last several years of this list in my gmail so away I go ...
Topic is in several threads and part of threads in this mailing list in last 1(-2) months. With details about impact on CentOS. But it is too spread out for providing links and you would miss possible info.
Don't expect much useful information, though... As I recall it was someone mentioning a problem with no details and assorted rants about off topic postings.
On 11/14/11 14:18, Alan McKay wrote:
And search for it. I hope nobody will start at it again, but AFTER you read the Archives and have *specific* questions feel free to ask.
OK, I"ll do some googling. I have the last several years of this list in my gmail so away I go ...
it's close to 200 replies. I'm new to centos so i had plenty of emails to read;-)
http://lists.centos.org/pipermail/centos/2011-November/subject.html
On 11/14/11 16:05, Alan McKay wrote:
it's close to 200 replies. I'm new to centos so i had plenty ofemails to read;-)
Which thread is it, I poked around but have not found it.
What is the subject?
scroll all the way down until you come to the first "redhat vs centos" email:
http://lists.centos.org/pipermail/centos/2011-November/subject.html
I think this was the first:
http://lists.centos.org/pipermail/centos/2011-November/119238.html
Vreme: 11/15/2011 02:39 AM, Edward Martinez piše:
On 11/14/11 16:05, Alan McKay wrote:
it's close to 200 replies. I'm new to centos so i had plenty ofemails to read;-)
Which thread is it, I poked around but have not found it.
What is the subject?
scroll all the way down until you come to the first "redhat vscentos" email:
http://lists.centos.org/pipermail/centos/2011-November/subject.html I think this was the first: http://lists.centos.org/pipermail/centos/2011-November/119238.html
That thread is only ~100 mails strong. But there are (I think) more important posts in 'What happened to 6.1" thread (also ~100 mails strong).
-
Alain Péan -
Alan McKay -
Bob Hoffman -
Christopher Chan -
Craig White -
Craig White -
Dhivan Djaganu -
Edward Martinez -
James A. Peltier -
John Hodrien -
John R. Dennison -
Johnny Hughes -
Lamar Owen -
Les Mikesell -
Ljubomir Ljubojevic -
m.roth@5-cent.us -
Marko Vojinovic -
Nataraj -
R P Herrold -
Reindl Harald -
Scott Robbins -
Steve Clark -
Thomas Johansson -
Timothy Murphy -
Warriner, Benjamin -
Yves Bellefeuille