Forgot your password?
typodupeerror
Operating Systems Software Linux

Gentoo On Server Considered Harmful 372

Posted by kdawson
from the not-a-desktop dept.
Siker writes in to point out his blog post — Why Gentoo Shouldn't Be On Your Server — which seems to have stirred up a lot of discussion, including a thread on the Gentoo forums. From the post: "I firmly believe in updating server software only when you need to. If you don't need new features, and things are working, why change anything? If you update anything you will undoubtedly need to update configuration files. You will need to fix things that break in the upgrade process... This is hard with Gentoo. Gentoo wants you to change a lot of stuff. It wants to be bleeding edge."
This discussion has been archived. No new comments can be posted.

Gentoo On Server Considered Harmful

Comments Filter:
  • by suso (153703) * on Sunday January 28, 2007 @11:27PM (#17795014) Homepage Journal
    At the same time, the "your system is always approaching the bleeding edge" way of doing things solves one problem that I've always been bothered by with running user servers for suso.org [suso.org]. Eventually, the OS on the server reaches the age where it is no longer supported and updates are no longer coming out for it. This isn't always X years where X is the number of years that a distribution claims to provide package updates for. Its usually X-1. This is because you'd be foolish to use the very latest hasn't been available for more than a day version of Linux. Usually you wait for 6-12 months for it to be mature and have special packages of whatever available for it. Then you spend another month or two setting up the machine and getting it ready for production. By that time, you've already burned over a year of support time. Then you get users onto it and now you only have X-1.5 years of support. On Fedora, this means practically no time is left. Upgrading such a system to the latest version of whatever distro means taking the server down for several hours to upgrade, hope to hell that special packages you've built and configurations aren't broken and in nightmare situations, roll back because something is broken and can't be fixed.

    The promise of Gentoo for me is being able to continually upgrade and never get outside of that window of support.

    I actually have a new shared user system that is running Gentoo that is kinda in beta right now. This article was very useful for me because it brings up those points about stability that concern me. Its kinda an experiment.

    I think I may try Debian next.
  • by Ash-Fox (726320) on Sunday January 28, 2007 @11:37PM (#17795112)
    Of course some distributions like Debian/Ubuntu/Mandriva let you build the packages if you really want to.

    With Debian/Ubuntu it's easily done with apt-build. Mandriva on the other hand, things get a bit more complicated.
  • by mattdev121 (727783) on Sunday January 28, 2007 @11:41PM (#17795154) Homepage
    The problem with Gentoo Linux is not the system itself, it's the stereotypes that people put against it.

    Gentoo is only good for ricers, Gentoo is bleeding edge and unstable, Gentoo is only good for X deployment

    The truth about Gentoo is that it is not really a distribution. Gentoo Linux does not make "releases" and it does not aim to cover one area of the market alone.

    In Gentoo's packaging system, called portage, the aim is not only to provide up-to-the-minute packages (which it does) but also to provide a wide variety of both tested and verified "stable" packages as well as more bleeding-edge, testing packages.

    This, along with a properly configured make.conf and /etc/portage file system, allows you to pull down the packages you want that have been verified as stable (and are also under watch by the Gentoo security project) and keep track of their libraries with revdep-rebuild.

    Stop branding Gentoo with stereotypes that label it as X distribution, the project even calls itself a "metadistribution" capable of dropping into multiple roles.

  • *sigh* (Score:5, Insightful)

    by Ant P. (974313) on Sunday January 28, 2007 @11:45PM (#17795188) Homepage
    The article makes it sound as if gentoo installs the ~unstable profile by default. The stable one's no more bleeding-edge than Ubuntu.
  • by ePhil_One (634771) on Sunday January 28, 2007 @11:48PM (#17795228) Journal
    Then you get users onto it and now you only have X-1.5 years of support. On Fedora, this means practically no time is left.


    Which is why IT Pros prefer Red Hat Linux or its unencumbered variants link CentOS, White Box, and Scientific. Better testing up front thanks to the Red Hat gang, and longer shelf life. Which is why most commercial software chooses to support it first, it provides a stable base.

  • by Anonymous Coward on Sunday January 28, 2007 @11:51PM (#17795254)
    You are essentially describing a Slackware system after 20 minutes of install.
  • by God of Lemmings (455435) on Monday January 29, 2007 @12:00AM (#17795318)
    There is NOTHING forcing you to "emerge world", "emerge system", and "emerge --sync" every single time Gentoo
    updates portage... Emerge flags include "--pretend", "--ask" and "--fetchonly" among several others, learn to
    use them.
  • Re:Redhat 6.2 (Score:3, Insightful)

    by suso (153703) * on Monday January 29, 2007 @12:07AM (#17795372) Homepage Journal
    I ran RedHat 6.2....... 8 years ago. Dude, that's not too cool. IMHO, that was back when there were some more serious remote exploits.
  • Re:*sigh* (Score:2, Insightful)

    by notamisfit (995619) on Monday January 29, 2007 @12:08AM (#17795380)
    While stable may not be particularly bleeding-edge, it is still very dynamic, which is the point of the author's grief.
  • to each their own (Score:4, Insightful)

    by siddesu (698447) on Monday January 29, 2007 @12:15AM (#17795424)
    i didn't read TF blog post, but since i saw a radical view and the word "server" in the same summary, i'll add my 2 yen here. Since we see the word "server", we assume we're talking competent system administrators here. A competent system administrator usually reads and understands the documentation of a software package before making a decision. Having read the documentation of gentoo, I can suggest at least the following ways to ensure a stable distribution:

    - one can create a copy of the source files repository
    - one can create a repository for self-compiled binary packages and install from there
    - one can use the global repositories, and still get a stable version by restricting available packages by version
    - finally, as others say, one can use the stable version.

    Since the blogger seems to have missed these obvious ways, he hasn't read the documentation, and hence is not a competent administrator, hence his opinion is not very valuable.
  • Re:*sigh* (Score:3, Insightful)

    by chamont (25273) * <montyNO@SPAMfullmonty.org> on Monday January 29, 2007 @12:22AM (#17795472) Homepage
    It's even worse than that.

    Incidentally, I've run Gentoo for years on laptops, servers, you name it. I switched to Ubuntu about a year ago for desktops, but still use Gentoo on a server.

    What I like about Ubuntu in particular is that every six months you can pretty much EXPECT all your packages, for the most part, to be updated to the most current stable versions. With Gentoo it's so much more haphazard. Yeah, Linux itself is haphazard...right, I know. With Gentoo, however, you're tied to the maintainer of the package deciding when a new version of application X is stable. Maybe there's some formalized internal process for this, but I don't know of one. So I remember waiting for MONTHS for the latest version of KDE or Firefox when other distros were actually shipping these same versions.

    Yes, I know I can always just go unstable, but if you live on the unstable Gentoo crack too long, you'll OD sooner or later. No question about it. So I tried to stick stable, and wait and wait until finally a bug is fixed and our benevolent maintainer finally deems us worthy to receive. So even though it has a reputation of being bleeding edge, it's a lot more complicated than that.
  • by Anonymous Coward on Monday January 29, 2007 @12:23AM (#17795480)

    Then one day we had to upgrade some of the services.. which in turn required lots of libraries to be upgraded.

    In the end, we had to upgrade kernel.. cause libraries didnt support 2.4 kernel.
    Stuff change too much in gentoo

    How is it Gentoo's fault that the services you run require updated libraries? How is it Gentoo's fault that the libraries you use require a 2.6 kernel?

    Seems to me the blame lies with the services and the libraries respectively, and performing the same upgrade would require the same kernel update on other distros too.

  • by VGPowerlord (621254) on Monday January 29, 2007 @12:24AM (#17795486) Homepage
    Servers are not the place for bleeding tech. Servers are the place for stability.

    That is, unless you really dislike your customers that much, be they actual customers or other divisions in your business.
  • Nonsense (Score:5, Insightful)

    by loxosceles (580563) on Monday January 29, 2007 @12:30AM (#17795532)
    You say Gentoo wants to change a lot of stuff?

    Any binary distribution has two modes of updates. One is an updated package within the same release; the other is a mass-update from one release to another. Gentoo combines the two, since the distinction is artificial. What you call "changing a lot of stuff" is merely keeping packages reasonably current so that you never have to do a mass-update or complete reinstall.

    Anyone who considers the Gentoo update process too difficult either hasn't used Gentoo (upgrades are easy, and there aren't that many of them if you stick to stable x86) or has never dealt with package conflicts in binary distributions. That is the real horror I want to avoid, and I avoid it nicely by running Gentoo.
  • Updating (Score:3, Insightful)

    by MrEcho.net (632313) on Monday January 29, 2007 @12:34AM (#17795558)
    Gentoo gives you 100% control over your system and how things are built.
    It does NOT force you to do anything.

    "You will need to fix things that break in the upgrade process..." Like what?
    This past year there have been some major changes in the Linux world like:
    glibc, gcc, xorg, apache(Gentoo went to the standard) and mysql are some the things I can think off of the top of my head.
    Because of how Gentoo updates, big updates like these might break things if your not watching what your doing.
    And if your blindly updating your system and overwriting confings when you do etc-update, its your own damm fault.

    There comes a point in where a package is marked 'stable' for some distros, but if you look on the project site, its old and outdated.

    http://gentoo-install.com/ [gentoo-install.com]
  • Thats the thing.. (Score:1, Insightful)

    by Anonymous Coward on Monday January 29, 2007 @12:53AM (#17795678)
    In a production eviornment you don't have time for little things like that. RTFM on every little upgrade does'nt really matter when the mysql server suddenly goes down for no reason and thousands of users get pissed off. I reccomend fedora for beginners and slackware for seasoned veterans and people wanting to know what a true linux experience is (no flames please :).. They are very solid for production enviornments. Like previous posts have said, Gentoo is a good distro, but not suitable for production. development boxes, sure.
  • by Anonymous Coward on Monday January 29, 2007 @01:04AM (#17795738)
    This article is FUD. Nothing more.

    The stability of Gentoo on ANY system is user controlled. Period. Yes functioning hardware is first and foremost, but running a stable/unstable system is entirely set up by user config settings. Its THIS ability in Gentoo, that will determine just what software gets updated at what stage of their particular development.

    I keep reading posts in here about constant updates, and bleeding edge, which in turn produce broken Databases, unstable systems etc. If people don't know how to properly Administer their Linux distro's and the software and applications they are running on them, they have no right to complain about the stability/instability of the distros THEY CHOOSE TO RUN.

    If people want to complain about a particular program that is unstable or whose updates have caused instability on a system, there are places for that in the forums and on the dev lists. To write off an entire distro. because of individual user limitations and mismanagement is callous and juvenile. Proper Administration of Linux requires knowing each of your distro's limitations and benefits.

    I run gentoo on servers, desktops, and notebooks; at work, and at home. Gentoo is the EASIEST distro to control, IMO. It allows me to run stable or unstable designations for my arch-type if I prefer. It allows me to update WHAT I WANT, WHEN I WANT. There is no GREATER control of Linux than that. Is there?

    Gentoo is about one thing. Complete System Control. Every facet of it. If sys-admins aren't interested in THAT BENEFIT, I'd like to hear where you find it elsewhere.
  • Not anymore. (Score:5, Insightful)

    by a9db0 (31053) on Monday January 29, 2007 @01:19AM (#17795850)
    Gentoo on a server? No longer.

    I used Gentoo for several years. I learned an awful lot about Linux from it. And I appreciate the work that goes into it. But my servers run Debian now, for one reason - quick, reliable updates. I support several small businesses, I don't have the resources to maintain test environnments to check the impact of upgrades. And not having multiple powerful systems at many sites means distcc is not an option. And the recompiles occasionally necessary for apache or samba or postfix or mysql put an unreasonable strain on servers that are typically not high powered and are supporting multiple users. So for quick, reliable system updating apt-get beats emerge every time.

    I'm not knocking gentoo. It's a great system for testing stuff, and evaluating software. But in the 3 minutes it took me to type this post, I could update 5 servers that hadn't been updated in a week.
  • Re:Debian stable (Score:3, Insightful)

    by Schraegstrichpunkt (931443) on Monday January 29, 2007 @01:26AM (#17795910) Homepage

    [Debian stable] even still has SysV init which is a dying "Legacy UNIX" thing... so the OSX, Ubuntu, Slowlaris etc. crowds say..

    I'm a long-time Debian user, and I also think it's an ugly legacy UNIX thing. It's much better to have some sort of process supervisor that will restart crashed servers, and that will deal with dependencies in some sort of sane manner. The problem is that Debian is huge, and the amount of work required to switch to a new system would be almost equally as huge, but the benefits are comparatively small, so there's never been a push to change to something different.

    The bright side of it is, like most of the advances Debian has made, when it finally does get replaced, it'll probably be replaced with something substantially better, because anything less would be unlikely to win the support of Debian's army of volunteers.

  • by Anonymous Coward on Monday January 29, 2007 @01:29AM (#17795924)
    In the case of Red Hat, they'll backport changes for you so that you don't need to upgrade 50 other packages in order to get a security patch for Apache to work.

    So in a way, yes, it is Gentoo's fault. It's just the way the distro is designed. Everything at the latest revisions possible. Great for a home system, not good for a server you have to maintain.
  • by RzUpAnmsCwrds (262647) on Monday January 29, 2007 @01:47AM (#17796054)

    You should have masked mysql. If you are running a server with important things running you also need to consider every emerge when you do it. Learn to always emerge -av things.
    No, I should run a distro where I don't have to be on the defense against stupid design choices. I should choose a distro where stable really means stable.

    I know that apt-get update && apt-get dist-upgrade (on Debian Stable) is unlikely to break anything. Testing is still prudent, but you know that nothing so insanely stupid as an incompatible database upgrade is going to occur. PHP4 and PHP5, for example, are separate packages in Debian. So are MySQL 4 and MySQL 5, Apache and Apache2, and any other package with significantly different versions. Running updates doesn't drastically change your environment. That's a good thing.
  • by Opportunist (166417) on Monday January 29, 2007 @01:54AM (#17796096)
    Hello? Security anyone? Or maybe someone remember kernel 2.4.11? Don't wanna update that one either should you happen to have it installed back when it was considered stable?

    I do agree that there are certain things you needn't update. A local server without a connection to any user you do not trust your data with (i.e. nobody but you, if you're smart) running on rock stable software that gets feature adds rather than bugfixes in new versions is a candidate for this. And for this server (singular, probably worldwide), the setup is ok.

    Not updating a server connected to the internet is an invitation for hackers. No matter how "stable" or "solid" or "secure" a system is deemed to be at the moment of its compilation. Time and again there are bugs found in software that has been considered stable and safe for years. OpenSSH is hardly the most insecure application out there, and I would NOT want to see what happens to a server that does not update it.

    And, last but not least, when you don't want to update Gentoo, you don't have to. It's fine and satisfied if you don't do an update sync. Actually, you reduce the workload of the servers if you don't.

    So what the hell is this fuss about?
  • So? (Score:4, Insightful)

    by Enahs (1606) on Monday January 29, 2007 @02:22AM (#17796262) Journal
    Call me a jerk, but I found a lot of what was said to be totally accurate. I tried to love Gentoo, off and on, for three years. While it's true that you can start on a fairly complete base system, and while it's true that there are tools available such as glsa-check now and revdep-rebuild (to say nothing of the joys of being able to unmask only what you want to have as totally bleeding-edge) it's true that it's it's a major time sink.

    I'll be more than happy to let the folks at Canoical, Red Hat, Novell, or wherever be the ones to put in several hours of work; I simply can't, at home, put in the hours required to maintain a "stable" system. When I quit using Gentoo a couple of years ago, it was to the point where I'd search the forums before I'd ever install a piece of software. And you know what? That gets old. Real old. Especially if you're sitting in front of what should be a desktop machine and you're waiting for revdep-rebuild to rebuild a couple dozen packages because libpng applied a non-backwards-compatible patch that fixed a major security flaw.

    Sorry, kids, but although I can deal with running a Gentoo system, I choose to run Kubuntu 6.10. Not because I'm too much of a wuss to run Gentoo, or because I'm too stupid to run anything other than Ubuntu, but because I'd rather spend the hour or so of computer time I have at home some days getting pix and video of my adorable girl (now at toddler age) ready for the grandparents. Not glamorous, and doesn't help push the state of the art, but it's much more gratifying than, say (I'm making this one up), trying to chase down the ruby package maintainer to get him to apply a patch so that you can use Getopt::Long without having to edit files by hand. ;-)
  • by GnuDiff (705847) on Monday January 29, 2007 @02:26AM (#17796274) Journal

    So how many of the bleeding edge proponents have to support more than 50 systems?

    Package management, rpm, dpkg, all came out in response to the shortcomings of compile-yourself approach we can dearly remember from the days Slackware was about the only Linux distro.

    I was there. I was the young sysadmin who had to support 2 Linux servers and who was excited by the performance gain I was supposed to get from compiling stuff yourself. In truth, I never noticed it - and I bet 90% of others don't notice it either and 9% see the gain there because they believe in it.

    That was around 11 years ago. By the time Gentoo came out I was dealing with RPMs and blessing them.
    Nowadays package management software on SuSE, Ubuntu or others even lets you upgrade running system to next release while running.

    Do I want to spend hours of my time tweaking compile parameters and wondering why some of them don't work? Do I need "bleeding edge" or stability? For production systems my answer is clear. Yes, there will cases when you want to squeeze the top speed out of the system, so it is good that something like Gentoo is there, too. But I am fairly certain those cases are rare, and in majority of them an upgraded piece of hardware is usually required in the end.
  • by sugarmotor (621907) on Monday January 29, 2007 @02:39AM (#17796346) Homepage
    Where I come from, deployments to production are first validated in a QA environment. OS stuff, application updates belong there too.

    What happened to backups anyway?
  • by Siker (851331) on Monday January 29, 2007 @02:43AM (#17796374) Homepage

    This has been a fairly common response, and I agree in principle - I'd love never having to run that command. But like others [gentoo.org] have pointed out [slashdot.org], this proves to be hard in the long run.

    I don't disagree with the opinion that had I known much more about Gentoo, perhaps I would have been able to eliminate more things from the system and thus update fewer packages. But do keep in mind that the intended audience of the article is people who are considering to use Gentoo for a server - not people who are already professional Gentoo users.

    These new users will only be able to rely on what the manual tells them. Here's what the manual [gentoo.org] has to say about it:

    Code Listing 14: Updating your entire system # emerge --update --deep world Since security updates also happen in packages you have not explicitly installed on your system (but that are pulled in as dependencies of other programs), it is recommended to run this command once in a while.

    If this doesn't mean what it says, I apologize, but do consider that every other new Gentoo administrator may be liable to think the same thing I did.

  • by bnomis (97482) on Monday January 29, 2007 @03:06AM (#17796504) Homepage
    To summarize:

    Quote: "If you don't need new features, and things are working, why change anything?"
    Translation: "Never change a working system."

    Quote: "...I ran the dreaded but most needed "emerge world"..."
    Translation: "My system worked but I updated everything"

    Quote: "I had nearly no idea of what I was updating..."
    Translation: "I didn't bother to check what was going to change"

    Quote: "I tried to read the enormous emerge log file..."
    Translation: "I didn't bother to read the log file about what had changed"

    Quote: "...the machine had to be resuscitated..."
    Translation: "I changed it, it doesn't work anymore and I can't be bother to read the documentation"

    Basically, he made a bad choice for his environment. Horses for courses.

  • Not at all (Score:5, Insightful)

    by vandan (151516) on Monday January 29, 2007 @03:30AM (#17796612) Homepage
    I've been using Gentoo on our database / web / email / many-other-goodies server since August 2003 ( I keep emerge --sync logs ). I'm running the stable branch on our server, and the unstable ( ~x86 ) branch on desktops. I certainly agree that updates on the unstable branch have to be done thoughtfully, but building binary packages when emerging helps a great deal with disaster recovery. It's nothing that can't be fixed with a little searching.

    But on the stable branch, I've actually been very surprised with how ... stable ... it is ( coming from the ~x86 branch ). I keep a separate binary packages repository for the server ... just in case ... but haven't actually had to back-track to anything yet. I do updates outside of work hours, and revdep-rebuild when upgrading major parts. I haven't had any catastrophes yet. Actually I haven't even had any mishaps yet. What can I say? If you are confident enough to run Linux on a server, I say you can handle the stable branch of Gentoo.

    As for the points the author raised against Gentoo:

    1) Too long to do initial install.

    This one gives it away from the start. You only install once. But this is at the top of the list. I can't remember how long it took me to install Gentoo on this server, but it was probably 2 days or something. Who cares? That's what time I take installing *any* server. You don't just whack it together and put it into production. You install, you read, you test, you frig around some more. What's wrong with that? The author is no server administrator.

    2) Same as point one, just repeated

    WTF? Seriously, this author has his head up his arse. On the one hand, he later says that you shouldn't update willy-nilly on servers, and yet then says that it takes ages to update everything. So what, exactly, is he trying to achieve? It takes me about 10 - 15 minutes to update MySQL, which is the most common package I update. What's wrong with that? I back things up, shut down MySQL, emerge the new MySQL package, test, and import form backups if required. No problem? Where is this guy's problem, seriously?

    3) Don't like updates, even if they are to more stable packages

    Nothing forces you to update packages. Also, no-one claims that packages updates *won't* break things ( though my experience is that in the stable branch, updates *don't* break things ). But if you don't want to update, don't. No problem. If you do want to update, the tools are there to update easily. Sure you should pay attention to what you're doing. It goes without saying.

    4) Same as point 3, but with the update impetus being security instead of stablity

    Doesn't deserve a response really.

    I challenge this author to prove that he's actually used Gentoo Linux for more than 7 days without running crying back to Linspire.
  • by toadlife (301863) on Monday January 29, 2007 @04:01AM (#17796738) Journal
    That would have had around 900 days uptime if my reboot-happy Windows-only-admin coworkers wouldn't have reset it in a panic on multiple occasions to "troubleshoot" (no it was never a problem with my OpenBSD box) mail problems.

    I don't know what the hell it is with Windows-only admins and rebooting. The kind of instability that required reboots all the time was reduced drastically with Win2k and win2k3, yet that insatiable urge to reboot first and ask questions later still plauges my Windows-only counterparts.
  • by zokum (650994) on Monday January 29, 2007 @04:26AM (#17796858) Homepage
    So, you upgraded from the old 1.x branch to a radically different 2.x branch, known to be a substantial partial rewrite, and expect everything to work out ok all by magic? You also seem to failed the "sentient sys-admin test" by not using 'google' to do some research. Things like say "http://www.gentoo.org/doc/en/apache-upgrading.xml " perhaps?

    I run Gentoo on my own machine, and most of my users WANT bleeding edge versions, a lot of custom options here and there. The system is using a hardened kernel, stack protection and everything is compiled for 64bit (k8). I don't know of any distros that can do that for every package. So far I have had 1 package problem, and that was resolved by 'uncaching' some stuff and redo the emerge of that package. In general, gentoo is easy to maintain, provided you update regularly. As for the people whining about compile times, this is a server, using it at 100% cpu now and then, provided the compilation has a low priority impacts noone. Compiler time is a non-issue, i'm not running X, soundcards, usb, video drivers, gui-browsers etc, there's not all that much to upgrade.

    It should be noted that I sync the portage tree from a euro-mirror to a local mirror 6 times a day, and having 3-4 meg a sec to the files-repository makes downloads take an average of 2-3 seconds. Coupled with two beefy processors and lots of ram, Gentoo is brilliant for me. And yes, I have permission from the rsync-maintainer to synch that often.
  • by Goeland86 (741690) <goeland_86.yahoo@fr> on Monday January 29, 2007 @04:40AM (#17796930)
    It's not. The issue here is not which distro is better than the other in some very personal sense, it's whether or not it makes sense to update all the time. I personally feel that, yes, gentoo does require lots of time to update constantly, but it's meant for a park of desktops, not specifically servers, or else you'd better have a number of machines you have a servers + 1 to run updates and then just use packages compiled on your external machine.
    Yes new patches come out all the time, but the real question is whether you trust developers to improve their code over time, or to destroy it. We've seen one end of the spectrum with what MS did between 98 and ME, and I believe that gentoo shows us the other end. While you theoretically always ARE at the bleeding edge with Gentoo, it does have a "safe window" built in, the way it handles portage with the keyword system. New packages are usually in CVS within 48 hours of release. If they compile and run, they get thrown into the ~arch (testing) rapidly. Then, depending on what kind of update has been done on it, you'll have to wait anywhere from 2 days to 5 months to see it come down into the actual arch repository, which is deemed the "stable" gentoo. I personally run ~arch, yet I can't seem to recall a problem that portage couldn't solve with minimum input on my part.
    Yes, I'm a gentoo fanboy, but I'm not so glued down into distro patriotism to refuse to see flaws where they are.
    Some people seem to want to spend time in maintenance to keep a system up to date and continually tinker and let their knowledge grow by frequent maintenance, and other people seem more interested in setting something up and being lazy about having to deal with updates/upgrades. I personally trust that most open source coders, and especially the ones for the big projects like apache, ssh, mysql and others of that caliber, usually improve the code from release to release, not damage it. Security fixes, bug fixes, and plain new features are usually the goal of coders, and I trust that they do that.
  • by Des Herriott (6508) on Monday January 29, 2007 @04:45AM (#17796954)
    A major mysql update should certainly not be done without planning. However, the OP's point was that a standard stabe update included a major mysql upgrade which broke his functionality. If that's indeed the case, there is something very wrong with the way Gentoo manages its packages, and exactly why you wouldn't want it running on any kind of production system.
  • by jimicus (737525) on Monday January 29, 2007 @05:34AM (#17797156)
    See, this is where things are slightly different with Gentoo versus any other Linux distribution.

    There's no such thing as "Gentoo Version 3" or whatever. A package is marked stable after it is deemed to be... well, stable. Gentoo does have a mechanism whereby you can ask it to tell you what it proposes to update before it actually goes away and does it (emerge -p), and on any system this is exactly what you should use to make sure you're not trying to do a major update on your database.

    The one issue here (and it's open to debate whether or not it's an issue) is that portage is designed with a more traditional Unix mindset - a mindset which says "the operator knows best, if they're telling the computer to do something then the computer should do it unless it's physically impossible, regardless of how silly it may seem".
  • ametures. (Score:2, Insightful)

    by siezer (223508) on Monday January 29, 2007 @05:40AM (#17797192)

    Gentoo is great.
    Gentoo is wonderful.
    *IF* you're only administrating a small handful of servers.

    When you have to look out for a few HUNDRED machines at a time, you **reaaaally** start to appreciate things like calendar based release cycles, binary packages, uniformity, hardware compatibility lists, repository mirroring, etc.

    Gentoo is far too schizophrenic to be a reliable environment for n servers, especially in a "real" scenario.

    Academically, Gentoo is a wonderful system.... but its one of those things that works "great on paper" but sucks a lot of ass in Real Life. Trust me, you have better things to do than worry about than whether or not upgrading one package for a minor security fix will drag along your system libs and userland utils with it. If this is the sort of thing you concern yourself with on a day to day basis, you're doing something WRONG.

    Large environment management is a constant battle with entropy.
    Hard drives die, switches fail, nics go bad, boards burn out, storage space fills up, and all this has to be dealt with. Using predictable, understandable, documented, tested and supported systems creates One Less Thing to worry about.

    An entire IT staff should not have to be briefed on a daily basis about what the Gentoo Administrator decided to include in his(her?) build flags. /rant // I hate computers.

    -s

  • mysqldump, stop mysql, unmerge it, emerge new version, and restore?

    Anyway, it sounds like you're blaming Gentoo for something that is MySQL's fault. (Assuming that the format was changed, and not just the db dir location). It's probably because you went from 3.x to 4.x or similar.
  • by caitriona81 (1032126) <sdaugherty&gmail,com> on Monday January 29, 2007 @07:42AM (#17797788) Journal
    It still begs the question... Should you really have to build software for a production server environment? (Yes, I know that Gentoo has the ability for binary packages, but their use seems to be actively discouraged by the culture, if not the documentation and the support channels as well.)
    Real production environments, at least at the enterprise level, are built around stable, well tested binary packages that just work, change control processes, updates that can be applied safely with minimal technical skill and minimal configuration work, environments which may have one sysadmin for every 500 servers. Server builds should be able to be left to operations staff instead of sysadmins without fear of things going wrong.
    Gentoo's strategy of bleeding edge continuous upgrades also doesn't fly in the enterprise world, which insists, for good reason, that functionality shouldn't change at all in production environments except as dictated by the organization's needs. This means that patches have to be back ported, release cycles are a requirement, and product support lifecycles are expected to be measured at least in months, preferably years. Functionality changes require a different kind of risk assessment and planning mentality in the business datacenter world than they do in the workstation world, and this is even more so with laws on the books regulating IT controls such as section 404 of the Sarbanes-Oxley act. [wikipedia.org]and HIPPA [wikipedia.org] in the US alone, and extensive data protection laws in other countries.
    Not to mention, the difficulty of one person rolling back changes to 500 servers in an environment built on everything compiled from source is a huge drawback.
    While I think that Gentoo is a tremendous technical achievement, it's design places it firmly in the hobbyist and developer workstation realm, and I strongly agree with the article that this leaves it no place in the datacenter for anything other than development work.
  • by ajs318 (655362) <sd_resp2@NOspAm.earthshod.co.uk> on Monday January 29, 2007 @07:44AM (#17797808)
    Yeah, but you have to admit ..... that's getting on for as much effort as it takes to be a Distributor!

    If you want something that you know isn't going to change much, and certainly never in a way that breaks anything, use Debian Stable -- and be prepared to build the odd package from source {it really isn't as bad as it's made out to be} if you have to have a massively up-to-date version of something. They have a more-than-King-size package repository.
  • by FreeUser (11483) on Monday January 29, 2007 @08:30AM (#17798080)
    The whole argument of "Gentoo 'wants' you to update a lot of things" is trivially debunked. Gentoo isn't a distro per se, it is a meta-distribution. I have worked in environments where Gentoo was used on servers, desktops, and what have you. The "solution" to Gentoo's frequent changes is simple: maintain your own portage tree mirror, which you keep frozen until you are good and ready to roll out the next major update (which of course you only do after extensive testing, like any Suse, Red Hat, or debian update). You define your own in-house releases, not Gentoo (and you graft security updates to your own tree as they come out--this isn't difficult, as each security update is announced by package).

    This is trivial to do, and leads me to suspect the person putting forward the argument against using Gentoo (or any other well-engineered distribution) on servers either has an agenda, hasn't taken much time to ponder the issue, or doesn't understand the technology.
  • Re:So? (Score:3, Insightful)

    by Mordaximus (566304) on Monday January 29, 2007 @08:34AM (#17798100)

    OK, you're a jerk ;)

    Sure, kubuntu is great on a desktop, but how does that relate to the article, running Gentoo on a sever? Gentoo lends itself quite nicely to a server environment. Personally any server I've run in the past 4 years has run Gentoo. I've run others before and I've tired others since. I've come to realize that the initial time you spend building a Gentoo server (minus compile time) is about equivalent to the amount of time I've had to spend going back to customize things I didn't like about default install from other, binary based, distros. Even if it does take longer, setting up a sever should.

  • by thesandbender (911391) on Monday January 29, 2007 @08:41AM (#17798148)
    Seriously the "if it ain't broke don't fix mentality" is what pays my bills.

    There are two kinds of "broke", there are gaps in functionality ... e.g. migrating from Apache 1.x to 2.x... and then there are bugs that haven't affected you yet but are still in the code base. Just because you haven't experienced any problems yet does not mean there aren't any underlying problems in the packages you're using.

    Case in point. The company I work for is in a mad dash to upgrade for the DST time change. And for those of you thinking "duh, you just upgrade your timezone files"... no it's not that easy. Some Sun systems require firmware upgrades, almost all of the systems prior to 2005 require binary updates because they can't handle a timezone that has two rulesets (e.g. they would apply the new 2007 rules to timestamps from 2005), most JVM's have to be patched or upgraded and some applications inexplicably do their own calculations and have to be update as well.

    The majority of the company has the "if it ain't broke" mentality and were running everything from NT 4.0 on DEC Alpha's and Sun 2.4 to Windows 2003 64-bit and Solaris 10. Upgrading the older machines is an absolute nightmare because the vendor patches are built one, two even three years worth of patches that we haven't applied. What should be a relatively simple upgrade task has broken applications all over the place and has our QA and Engineering staff bleary eyed and ready for it all to just end.

    The answer is controlled refresh. Twice a year you sync up your servers with a certain patchset. You don't go crazy... you just get vendor required patches and include them in your dev and qa cycles. And you DO NOT USE EOL OS' in an enterprise environment. Ever. This includes commercial and FOSS packages.

    Full Disclosure : I run two gentoo boxes at my house my workstation and my mythtv box. I patch them about once a week because I like to tinker. My web/file/mysql server is running on a stripped down Debian system that only gets patched every few months or if there is an advisory that comes out.
  • by arivanov (12034) on Monday January 29, 2007 @09:24AM (#17798446) Homepage
    Which is exactly the way I like my infrastructure. 3-6 months freeze with all bugs known, worked around or fixed in the meantime. Once I have gotten it to this point I build on top of that for the actual services which can run something very bleeding edge if necessary, but this is as I pointed out "your daily bread". For the stuff that is not, you need to be sure that it works and if you are a manager to be severely anal about it. So debian stable + 2-3 unavoidable backports and local builds is about right. This is also the reason corporations buy RedHat ES/AS/WS like hot bread. They finally see a model where the base has been frozen long enough to be relied on for building your own services.

    Many itadmins and most developers have a problem with understanding of the "establish a platform and build on it" and "platform freeze before development" ideas. They think that everything is a fair game and the results (in man hours wasted on piecing everything together for release) are usually quite obvious.
  • by neersign (956437) on Monday January 29, 2007 @10:20AM (#17799060)

    on the contrary, this article makes NO good points. First of all, he is using old hardware and then he complains about the time it takes to compile packages. Duh. Slow computer + large packages like Apache and MySQL = a lot of time spent compiling. The writer talks about the inital install taking a long time. Yes, my first time installing Gentoo using the CLI took a long time, too, because I was spending more time reading the documentation than performing the steps. The documentation is stupendous, btw. Now that I have gone through a few installs, I can pretty much do it all on my own, but I still refer to the Quick Install Guide [gentoo.org] for reference. He then complains about the Stage 3 install losing the "compile everything" mentality. Wrong again, because the nature of Gentoo is that as you change USE flags and packages get updated, then the base system will naturally update itself. So, the Stage 3 install simply removes a lot of initial compiling to get you in to a base system quicker. The author then complains about Gentoo wanting you to upgrade everything all of the time and not being stable. Wrong again. You perform an initial `emerge -vauDN world` to update the base system to your new, custom USE flags. Once you install packages and you only want to keep specfic packages up to date, you only need to update that package using `emerge -vau package` (v is verbose, a is ask, both are good so you know exactly what is going on, but not essential). And, as a lot of other people have pointed out, if you do not use the unstable keywords, you will be on a very stable system. Also, no config files will be overwritten unless you tell them to be. The `etc-update` program shows you what needs to be updated, and allows you to merge, overwrite, or ignore the updates. He then says "Gentoo wants you to change a lot of stuff. It wants to be bleeding edge." This is also false. Gentoo wants you to do whatever you want to on your own system. It wants to be as current as you want it to be. Gentoo is all about control and knowing your system.

    Obviously, the author has used Gentoo once and now believes he is an expert on the subject. If he had used it more than once, he would see that all of his arguments hold no weight. Every distribution has their own way of doing things, and when you change from one to the other, it takes time to learn the new procedures.

    and for the record, I tried to install Debian Woody on my pentium 133 laptop. It took an entire 7 days to download and update the base system. And that was a full 7 days of straight work. Thus, I decided to pick a distribution that was more appropriate for the system and settled on DSL. Also, I switched to Gentoo from Slackware on my server because I always found my self reading the Gentoo documentation for help in setting things up on Slackware, and I like the FreeBSD-esque package manager (Portage is based on Ports). Personally, I would always choose a BSD in a production environment. "BSD on the server; Linux on the desktop," as the old addage goes.

  • by drmerope (771119) on Monday January 29, 2007 @11:53AM (#17800296)
    Having run both FreeBSD and Gentoo systems, I think you're missing the obvious reason for why people are more satisified with FreeBSD: it is precisely because it doesn't have: "slots and masking and multiple supported versions". Okay, wait. It does have multiple supported versions, although rarely.

    The problem with USE flags is that every Gentoo build environment is __too__ unique. With FreeBSD, everyone is running, debugging, and fixing the same stuff. Consequently, most of the ports build & work together out of the box.

    I've come to the conclusion that Gentoo is solving a problem that plagued the OSS community in the '90s.

    Major 'server' software is usually known stable within a month of its release and is usually incorporated into FreeBSD ports with a corresponding lag--except when driven by security issues. The mentality is that everything in ports should 'work'. Instability and brokenness is frowned upon and not excused by allowing somethings to be classified as unstable. When differences of opinion exist about versions (e.g., firefox15 and firefox2) the name space is split, but this is only tolerated when people genuinely disagree as to which is better.

    In the end: FreeBSD => less choice. Less choice => more consistency. More consistency => easier administration.

    Obviously there can be too little choice at some extreme, but generally FreeBSD saves admin time by adopting some degree of simplicity and uniformity.
  • by wolf31o2 (778801) on Monday January 29, 2007 @04:54PM (#17804636)

    It's just not trendy to knock on Slackware, so everyone targets Gentoo.

    Some people also love to ignore advances that are made. The article mentions how long it took to install Gentoo. He claims that there was not an installer when he performed his installation more than a year ago. This is false. There was an installer, but it was considered experimental. Since then, the installer has become the de facto installation method on x86/amd64 and will be the default method on other architectures as support is added for them.

    As for updates, who in the world out there has a ton of servers, then compiles on all of them? What is this guy smoking and where can I get some? Does he not realize that you can upgrade only what you want? There's nothing forcing you to upgrade the entire system. Hell, there's nothing forcing you to ever update the portage tree on your servers.

    Any place where I'm ending up with more than one or two Gentoo boxes, I setup a local "master" server. This server will host my portage tree, which I don't update. It will also host my overlay. I update packages and add my own packages in this overlay. I build binary packages on this "master" server and distribute them to my servers. This really isn't a hard concept. It also isn't much different than the sort of thing that any sane administrator would do with any distribution. You don't just blindly run Red Hat updates, do you?

    I think the biggest problem here is one of perception. People seem to ignore that when you buy Red Hat/SuSE, you are buying a product. You're buying support and service. With Gentoo, you're "buying" a toolset and nothing more. It's the difference between buying a car, and getting a bunch of parts and tools. They simply aren't comparable. If you want a nice Gentoo server infrastructure, you have to build it!

    Gentoo has projects, such as the Scire project [gentoo.org], which are designed to create a more enterprise-ready management set for Gentoo. However, this will not be a default for Gentoo, since few of our users would need it. Like everything else with Gentoo, you pick what you want from the tools provided, and you customize and tailor it to fit your needs. This entire article reads like a rant from someone who chose a tool because of its properties, then complained about those exact properties. You don't get to bitch when the "do-it-yourself" distribution asks you to do it yourself. ;]

  • by wolf31o2 (778801) on Monday January 29, 2007 @05:13PM (#17804866)

    The problem with Gentoo is that Gentoo users assume that most people care about configuration options. They assume that people want the most up-to-date packages. They assume that there's no reason to have stable, long-term supported releases.

    Huh? We assume no such thing. In fact, we really don't care what "most people" want, at all. We make no assumptions about support. It is Gentoo detractors who tend to claim that we do. We don't. What we care about is making Gentoo. If Gentoo doesn't fit your needs, don't friggin' use it! Trust me, you won't hurt our feelings. If you think Debian is better, use it. If you think Windows is better, use it. You aren't harming us in any way by using what you feel is the best tool for the job. In fact, that is exactly what we try to give to our users. We give them a set of tools to allow them to build what they want.

    I think the biggest issue is that people seem to have this closed-minded view of software and Gentoo. They're stuck in this way of thinking that lends towards doing what the vendor tells you to do. They run Red Hat. They run Debian. They don't think that you can build what you want. Gentoo provides the tools to do just that. For many of my clients, I have built custom Gentoo-based distributions. What they get themselves is slightly different than Gentoo. They get pre-compiled packages. They get a very nice Internet-based update system for these packages. They don't jump into make.conf, at all. They don't need to make these kind of changes. Instead, I have built a custom distribution with the software that the customer wants on it. They install it from CD, and it has exactly what they want on it and nothing else. Gentoo is the tool that builds this system. I am using Gentoo as it was intended, to build exactly what I want. People tend to forget that it is impossible to make something that fits every need. Rather than try to do so, like other distributions do, we instead provide the tools to allow you to build it on your own. It's a completely different philosophy, which is why I understand that so many people simply don't get it.

To do nothing is to be nothing.

Working...