On Thursday, January 10, 2019 1:16:11 PM EST Rick Stevens wrote:
If I may offer my $0.02, Fedora on production systems is not a great
idea. We manage well over 2000 servers each in two data centers. The
vast majority (>85%) are CentOS-based because of its relative stability.
The remainder are generally Ubuntu LTS-based, again because of its
relative stability.
Fedora is great for production systems. I think it's wild that people keep
saying otherwise, and they consistently list CentOS as being the better
option. The only major difference is that Fedora has more frequent updates.
That does not make it unstable, for sure. Fedora is always in a stable
condition at release.
Fedora changes every 6 months--sometimes in major ways that are not
necessarily backwards compatible with existing systems.
Oh, never mind, there it is. You never meant stable, you meant "It updates too
often for me to figure out how to manage."
It is very cumbersome to update 3000+ servers every 6 months and
deal with the compatibility issues that crop up. We have to deal with
those when CentOS or Ubuntu gets a major upgrade (such as CentOS6
-> CentOS7), but that happens every couple of years and is far more
manageable. As far as security is concerned, any significant security
patches are generally backported to CentOS and Ubuntu and applied
when they come out. The few cases where a patch can't be applied,
well, those are fairly rare and dealt with as what they are...exceptions
to the general rule.
Not at all. This is, in fact, why we have deterministic tools to manage
systems. I personally manage well over 1.5k production servers, and a few
hundred on-premises servers, all running the latest release of Fedora, with
the exception being that I run them with Freed-ora-freedom.
At the network level, our VPNs and core routers are Cisco, our edge
switches are Foundry. We have two 10Gbps uplinks to the Internet so
smaller hardware is not an option. Fortunately, I'm well versed in these
beasties as Cisco IOS isn't a particularly intuitive system.
This is common, and I personally believe that we need to fix this.
For a router/VPN gateway in a SOHO environment (even some
medium-sized
cases), I'd go along with those who recommended using OpenWRT on
inexpensive router hardware. It is Linux-based and optimized for use on
such devices. It is relatively easy to manage via its web-based GUI and
does its job quite well. Fedora or any full-up Linux system, is (IMHO)
overkill in such cases.
A complete Fedora installation would be an excellent, incredibly flexible
router.
--
John M. Harris, Jr. <johnmh(a)splentity.com>
Splentity
https://splentity.com/