[ale] Red Hat upgrades?

Tue Jul 5 12:08:55 EDT 2011

On Tue, 2011-07-05 at 11:17 -0400, scott mcbrien wrote: 
> Really?  You run your production boxes on Fedora?  Don't get me wrong,
> I like Fedora, but I don't believe it's place is in the production
> operations DC.  As a hobby box or desktop, I think that's it's niche.

Seriously.  I won't run anything less.

In one case, I have a host engine (actually, I have three of them - two
in a colo data center) running LXC container style virtual machines and
close to 3 dozen VM's running various versions of Fedora and CentOS and
supporting close to a dozen different domain names and a /20 subnetwork.
You can not get LXC on RHEL 5, period, end of discussion (no support for
namespaces and cgroups in the kernel).  But I've had these running for
well over a couple of years now, having migrated from OpenVZ ages ago
when OpenVZ could no longer keep up on kernel revs when I needed them.
And let's not loose sight of KVM hardware virtualization while were at
it.  RHEL 6, sure, finally.  RHEL 5?  Really?

I actively advertise IPv4 and IPv6 routes in BGP using Quagga and my ISP
requires I use MD5 signatures (a wise move on their part) for the IPv4
side of the house.  Guess what.  MD5 signatures do not even exist in the
RHEL 5 kernel IP stack (way too old - 2.6.18 for Pete's sake) and that
version of quagga does not have the code to support it (I know, I wrote
the code).  RHEL 6 is fine there but I've been running this for well
over 3 years like this!  How long has RHEL 6 been out?  I'm suppose to
wait?  Really?  Really.

I'm also the author of some of the code to enable the Openswan IPsec
package to talk with the Cisco ASA concentrators similar to the vpnc vpn
client.  RHEL 5?  For-get-it.  RHEL 6 - well, I think we finally did
browbeat them into back porting my patches into RHEL 6 even though the
Openswan version in RHEL 6 looks to be too early by one or two revs and,
IMNSHO, is out-of-date and it's tough luck chuck.  If you would like
support for XAUTH Domains in that flavor of Openswan, wait for RHEL 7.
You want it in Fedora, as soon as I'm done writing it and get it into a
release.  It's hard enough getting them to backport non-critical,
non-security bug fixes back into a release but we've been told flat out
that "new features do not get backported".

So, lets review...  LXC virtualization, KVM virtualization, BGP MD5
signatures, Cisco ASA vpn compatibility.  Hmmm...  Those are not hobby
features.  Those are some serious data center features.

Fedora is NOT alpha code and is not beta code.  It gets alpha tested and
beta tested and released.  In many ways Fedora and RHEL are similar in
concept to Ubuntu 6 month and Ubuntu LTS.  Except Ubuntu got it right
and you really can do upgrades between their LTS clicks even if they did
get a lot of other things wrong (like Unity).

With Fedora, I get every bit of the stability I could expect from RHEL
but I also get new and valuable features in a timely manner and I get
on-line hot upgradibility which simply is impossible in RHEL with a
minimal amount of down time merely reboot to the new kernels.  Been
doing this in a continuous line from FC1 all the way to F15 now and I've
never had to put up with the kinds of downtime and upgrade angst my IT
peers have to put up with.  Why should I settle for anything less? 

As a rule, my "production" machines typically run one click back.  So my
colocated production servers are now running F14 and when F16 comes out
they'll be upgraded to F15.  If I really need some new and hot package
(like the latest LXC patches) I just hassle the package maintainer or I
build the new rpms myself but that's so rare it's not funny.  My
research and test machines, I'll run on the latest, so the ones that are
not already will be on F15 before long.  Occasionally, I will run true
bleeding edge and load up Rawhide on a development machine, but that's
also very rare and only when I'm testing new features.

> -Scott

Regards,
Mike

> On Tue, Jul 5, 2011 at 11:09 AM, Michael H. Warfield <mhw at wittsend.com> wrote:
> > On Tue, 2011-07-05 at 09:17 -0400, James Sumners wrote:
> >> On Fri, Jul 1, 2011 at 3:34 PM, James Sumners <james.sumners at gmail.com> wrote:
> >> > On Fri, Jul 1, 2011 at 3:29 PM, Geoffrey Myers
> >> > <lists at serioustechnology.com> wrote:
> >> >> I had RHEL 5.5 running and contacted RH to find out how to upgrade.  I
> >> >> was told you couldn't do an upgrade from 5 to 6, it had to be a new
> >> >> install.  Could be I was told wrong, but that is what I was told and
> >> >> didn't pursue the matter further.
> >> >
> >> > http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Installation_Guide/sn-upgrading-system-x86.html
> >>
> >>
> >> I contacted them myself when the DVD kept refusing to find the
> >> installed OS. Here is the response:
> >>
> >> "An upgrade from RHEL 4.9 to RHEL 5.6 is not happening due to the fact
> >> that there is a change in Major number between the 2 releases.
> >>
> >> Inserting a DVD of RHEL 5.6 would provide you an option to Upgrade if
> >> your Operating system were to be : RHEL 5.5.
> >> This is possible because there is just a minor change in these versions.
> >>
> >> RHEL 5.5 ==> RHEL 5.6 : Using RHEL 5.6 DVD : Up-gradable
> >> RHEL 4.9 ==> RHEL 5.6 : Using RHEL 5.6 DVD : Not Up-gradable
> >
> >> Also,
> >
> >> RHEL 4.9 ==> RHEL 5.0 : Using RHEL 5.0 DVD : Not Up-gradable.
> >
> >> Every Major Release for example 4.x, 5.x, 6.x can be upgraded within
> >> its range of minor releases i.e: 0-9.
> >> However, to upgrade from a 4.x ==> 5.x, a fresh installation is needed
> >> due to a platform change."
> >
> > That's been my understanding all along and is the "A number 1" reason
> > why I will stick to Fedora.  It's stable and you can do these kinds of
> > upgrades on the fly while the server is running.
> >
> > I don't even use "preupgrade" under Fedora, although I continue to test
> > preupgrade but was recently burned by preupgrade when it left one of my
> > machines totally unbootable after preupgrade attempted to upgrade it
> > from F14 to F15 and could not deal with an irreconcilable dependency
> > issue.
> >
> > For me, the "yum upgrade" has always worked the best.  They've improved
> > that to the point where it's almost trivial.  Now you just update the
> > system and check for config changes, import the pgp key, flush yum's
> > cache, then do a distsync to the new release version (yum clean all ;
> > yum --releasever=15 distsync) and a groupupdate on base.  I don't skip
> > major vers though.  To go from F12 to F15, you have to do F13 and F14 as
> > stops along the way.
> >
> > http://fedoraproject.org/wiki/YumUpgradeFaq
> >
> > Regards,
> > Mike
> > --
> > Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
> >   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
> >   NIC whois: MHW9          | An optimist believes we live in the best of all
> >  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
> >
> >
> 

-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20110705/3e7ab166/attachment.bin 