On 1/10/19 10:43 AM, John Harris wrote: > On Thursday, January 10, 2019 1:16:11 PM EST Rick Stevens wrote: >> If I may offer my $0.02, Fedora on production systems is not a great >> idea. We manage well over 2000 servers each in two data centers. The >> vast majority (>85%) are CentOS-based because of its relative stability. >> The remainder are generally Ubuntu LTS-based, again because of its >> relative stability. > > Fedora is great for production systems. I think it's wild that people keep > saying otherwise, and they consistently list CentOS as being the better > option. The only major difference is that Fedora has more frequent updates. > That does not make it unstable, for sure. Fedora is always in a stable > condition at release. It's compatibility with _existing_ software that's in question here. Is Fedora stable? Well, most of the time. Not always. Upgrades sometimes screw the boot environment or corrupt the initrd or any of may other issues. Kernel changes (even minor ones) can wreak havoc with some software. When clients are dependent on the systems remaining up, you have to give them something that doesn't change constantly or at the very least stays in the same "family". If it's just YOUR stuff, then fine, have at it. I'm the one that gets poked with pointy sticks if a client's software isn't compatible with new OSes and it's not pleasant. >> Fedora changes every 6 months--sometimes in major ways that are not >> necessarily backwards compatible with existing systems. > > Oh, never mind, there it is. You never meant stable, you meant "It updates too > often for me to figure out how to manage." You're being silly. There are MANY cases where existing software simply will not farking work on newer OSes due to lack of backwards compatibility, structure changes, default parameters, whatever. When F26 abandoned webkit1, a lot of user-level web stuff broke. The switch from PHP3 to PHP4/5 caused grief. Switching from Java 7 to Java 8 broke many things. Python changes have always been painful. When the kernel went from 3 to 4, a HUGE amount of lower-level things broke (some hardware was no longer supported, drivers couldn't be compiled, etc., etc.). Even minor upgrades can cause massive grief. Look at the issues that occurred when OpenSSH devalued certain ciphers so suddenly you couldn't log into certain devices that used those ciphers without buggering your openssh.conf file or re-enabling the ciphers on the command line. >> It is very cumbersome to update 3000+ servers every 6 months and >> deal with the compatibility issues that crop up. We have to deal with >> those when CentOS or Ubuntu gets a major upgrade (such as CentOS6 >> -> CentOS7), but that happens every couple of years and is far more >> manageable. As far as security is concerned, any significant security >> patches are generally backported to CentOS and Ubuntu and applied >> when they come out. The few cases where a patch can't be applied, >> well, those are fairly rare and dealt with as what they are...exceptions >> to the general rule. > > Not at all. This is, in fact, why we have deterministic tools to manage > systems. I personally manage well over 1.5k production servers, and a few > hundred on-premises servers, all running the latest release of Fedora, with > the exception being that I run them with Freed-ora-freedom. Again, if they're running YOUR code and programs, you have much more freedom. The vast majority of us aren't in the same position. I must supply platforms that support existing code and programs that neither we nor our customers wrote and that just flat aren't compatible with newer OSes. I've been in this game >40 years. I know of which I'm speaking. On top of that, if what you're saying is true then Red Hat should adopt every single Fedora release as the latest RHEL. Using your criteria, F29 should be Red Hat 8. It's stable, why not? F30 should become Red Hat 9 by the same reasoning. So, why does Red Hat wait for major changes to Fedora to accumulate and stabilize for a year or two before adopting it? Because they, as I, have to support old stuff and they know (as I do) that it's not feasible to do so. How well do your non-upgraded Windows 7 apps run on Windows 10, eh? >> At the network level, our VPNs and core routers are Cisco, our edge >> switches are Foundry. We have two 10Gbps uplinks to the Internet so >> smaller hardware is not an option. Fortunately, I'm well versed in these >> beasties as Cisco IOS isn't a particularly intuitive system. > > This is common, and I personally believe that we need to fix this. Then talk to Cisco. I can pretty much guarantee it's not going to happen. IOS does what it does well and they offer CSE status if you're willing to pay for the training and testing process. I'm not a CSE, just a poor bloke who was handed the network keys and was told to "keep it running." Any certification I have is via UHK (the University of Hard Knocks), from which I've graduated summa cum laude. >> For a router/VPN gateway in a SOHO environment (even some medium-sized >> cases), I'd go along with those who recommended using OpenWRT on >> inexpensive router hardware. It is Linux-based and optimized for use on >> such devices. It is relatively easy to manage via its web-based GUI and >> does its job quite well. Fedora or any full-up Linux system, is (IMHO) >> overkill in such cases. > > A complete Fedora installation would be an excellent, incredibly flexible > router. I agree, but it's massive overkill for what the OP wanted and the hardware is going to be oversized and expensive. OpenWRT on an Asus (or similar) router with five gigabit NICs will serve the needs for 100 normal business users or so in an office and it'd cost <$150 USD. Ok, I'm getting off my soapbox now. Yaaaaaaaaa-hhhhhhh! (thump!) Ow! ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks@xxxxxxxxxxxxxx - - AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 - - - - "Swap memory error: You lose your mind" - ---------------------------------------------------------------------- _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
