[CentOS] Transition test report going from CentOS8 to Debian 10.

Fri Feb 5 19:03:29 UTC 2021
Warren Young <warren at etr-usa.com>

On Feb 5, 2021, at 9:03 AM, Lamar Owen <lowen at pari.edu> wrote:
> 
>> 1. The package names are often different, and not always differing by an obvious translation rule.  ...
> 
> I consider this to be very minor in comparison to other items.

If you’re making a wholesale transition, sure, but when you’re maintaining a mix of systems and you know what you’re trying to accomplish but can’t remember the exact one of six different incantations for accomplishing that on the platforms you maintain, it’s enough to frost one’s cookies.

It’s gotten bad enough for me that I now maintain a private wiki listing instructions for how to set up a new system, alternate top-level sections giving translations of the primary platform’s instructions for each platform I have to manage.  Bleah!

(I mined that wiki to compose my prior reply.  Real-world experience here.)

>> 2. Some packages simply won’t be available.  Most often this happens in the Debian → CentOS direction, but I’ve run into cases going the other way. ...
> 
> Yes, true.  True going from C7 to C8, too, especially if you rely on third-party repositories for packages.

Yes, I lost many packages moving from C7 to C8, too.  However, I’d prefer to hold tight to *one* bag of problems rather than gather several bags of problems unto my bosom. :)

>> 3. Debian adopted systemd, but it didn’t adopt the rest of the Red Hat userland tooling.  For instance, it’s firewalld on CentOS, UFW on Ubuntu, and raw kernel firewall manipulation on Debian unless you install one of those two.  And then, which?
> 
> That one is more serious for the server than the other two, for sure.

And realize that firewalld is just an example, not the full scope of the problem.  Solve that one across platforms, and you’ve got several more to deal with next.

> If migrating from CentOS I would probably go with firewalld.  I haven't decided yet in my evaluations.  But I put an ACL on the Cisco 7609's here

How does fobbing the problem off on Cisco help in today’s “deny everything by default” world?  Unless you’re lucky enough to be using binary packages that take care of all of this for you, you’re still going to have to manually punch a hole in the firewall for some service or other, which means you’ve now got to learn to do that on every platform you’re supporting, because it probably won’t be the same way on any two of them.

> I have one of the most maxxed-out Pentium III-S systems you'll find

Good in winter for an under-desk system, exhaust fan pointed at your frozies toesies. :)