AppCove

by

Update [1] on Fedora vs Redhat Enterprise Linux

This is in reference to https://blog.gahooa.com/2009/01/18/fedora-or-redhat-enterprise-linux-in-a-production-environment/.

After the excellent comment by Sergio Olivo, I did some heavy looking into the Extra Packages for Enterprise Linux project (EPEL for short).  On a brand-spanking-new RHEL 5 box, I installed the YUM repository for EPEL, and quite immediately had access to tons of extra packages.  Erlang is there.  Git is there.  Memcached is there.  Sweet!

However, EPEL does not update or replace the version of any packages provided by RHEL.

So the problem of having out of date versions of PHP and Python still remain.  Next I looked into using a third party RPM repository (provided by RackSpace).  They provide updated versions of PHP and a number of PHP modules.  But alas, this created incompatibilities with the EPEL packages for PHP.  This is because EPEL packages are targeted for RHEL versions. Bla…

So here is what I decided to do (haven’t done it yet, but will soon).  We will build and package our own custom set of RPMs for RHEL 5, and publish them in an RPM repository.  Then we will simply point each server to that repository in addition to the main RHEL repository, and poof, problem solved.  We may also use EPEL for things like Erlang and git.  Or we may compile from source.  Not sure.

For those of you who are not familiar with YUM RPM repositories, they can be as simple as a specail directory structure served by a webserver.

There are a few items remaining to be concluded, but they should fall into place fairly quickly.

by

Fedora or RedHat Enterprise Linux in a production environment?

[UPDATE AT https://blog.gahooa.com/2009/02/08/update-on-fedora-vs-redhat-enterprise-linux/]

At AppCove, we run RedHat Enterprise Linux on all of our servers.  RHEL is great, because:

  1. It works
  2. It still works
  3. Automatic security updates
  4. Did I mention, it just works?

RedHat, as far as I know, takes a very serious perspective on patching all of their RPM’s and automatically pushing them out via the update agent (up2date).  They are very conservative on the versions of packages that they publish.  RHEL 4, for example, is still running PHP 4.x.  Python 2.3.  MySQL 4.x…  I believe that they do this to maintain stability and long term support.

However, for a company like AppCove, those versions are simply too old. For years we have hand-compiled about a dozen packages on RHEL 4 in order to be able to take advantage of relevant features in newer software.  PHP, Python, MySQL (from mysql.com supplied RPM), python-mysql, git, erlang, memcached, libmcrypt, and others are part of the growing list of software that we have to install manually.

With this growing list comes a growing issue of security updates and maintainability.  More complicated packages need more updated libraries, creating a chain-reaction of additional packages.  Etc…


Recently I signed up with a “slice” at SliceHost.  (SliceHost provides virtualized machines for a great price, with lots of scalability available).  I chose Fedora Core 10 for the OS.  I must say I have been very impressed.

All of the packages that I have needed were right there, available by yum install.  PHP, Python, python-mysql, erlang, memcached, php-memcached, python-memcached, git, etc…, etc…, and did I mention that tree was even there?  And it has all “just worked”.


In summary, here are the items that I need to resolve:

  1. Is fedora considered as “secure” as RHEL?  Is there a team dedicated to getting security patches our fast when identified?
  2. Are continuous upgrades in fedora an issue?  Do software packages abruptly get updated without notice?  (this has at times been an issue with RHEL).
  3. Is it possible to run RHEL while also connecting to fedora package repositories to install specific packages?  Desirable?  Undesirable?  Conflicts?

The most secure computer is one that is locked in a vault and turned off.  Since that won’t work for most needs, one must find the appropriate balance between functionality and security.

Comments welcome…

by

New Blog Started

Hi, my name is Jason Garber.

(Not to be confused with the other Jason Garber in MD, or the other one in DC, I am the one from PA.)

Being born and raised by good parents in central Pennsylvania has given me a great appericiation for life, family, and nature. I currently live in Altoona with my wife and all of our children (>= plural^2).

All of my life I have been very interested in creating. Creating falls into a number of categories which I will outline here…

Please read more on the About Me page…