i was wondering why Fedora (and openSUSE) still use "apache" for the php user (and "nginx" user for nginx) instead of using a generic "http" or "www" user for php, apache and nginx like some other distros? When running php under the "nginx" user, the session gets broken every time php is updated, because the package has the "apache" user hardcoded [2] and those dir/file perms get set back to apache. This is annoying and confusing when using nginx and being new to Fedora and doesn't happen on Arch, and i'm guessing not on Ubuntu/(Debian?) either. Now i've made my own session and opcache directories, as mentioned here [1], but i'd rather not have to make these special config adjustments for different distros, especially when it seems like a workaround for something that should be fixed in the packaging. Maybe i'm wrong?
Am i missing something about how people are using nginx and php together, or is this just legacy packaging defaults from a time when there was only apache, which haven't been reconsidered since then? If the latter, it would be nice if Fedora would reconsider the way these packages' users are handled.
thanks
1) https://askbot.fedoraproject.org/en/question/111334/permissions-on-folders-i...
On 9/1/20 8:05 AM, ITwrx wrote:
Am i missing something about how people are using nginx and php together, or is this just legacy packaging defaults from a time when there was only apache, which haven't been reconsidered since then? If the latter, it would be nice if Fedora would reconsider the way these packages' users are handled.
TL;DR -- can end up pushing rocks uphill.
Fedora pkgs' can make some ... interesting ... assumptions. apache deps are just one. for 'fun', install composer from pkgs, and see what comes along for the ride! no thanks.
A lot of it comes from pkg-ers trying to build swiss-army-knife pkgs -- all-things-to-all-people. IMO, ends up fitting no one's needs really well. Well, not mine, anyway.
Re: "Fedora would reconsider", note that _many_ pkgs are not 'official', but COPR. Maintainers' whims rule; they configure/build at their discretion. Only.
_Some_ maintainers are quite responsive/interested & willing to give-/get-help; others, not at all.
Alternative options are, generally,
(1) live with all of the distro's assumptions & crowbar your infrastructure to fit (2) override init system configs to point to own service configs, including uid/gid (3) roll your own rpms, or build from source, with options as you prefer
*my* rule of thumb is to _never_ depend on distros' configs for production use. sure, it's usually 'safe' -- but, often, not-so-much ... for reasons such as you mention.
for me (1)'s out. i've had far too many 'config surprises' over the years -- both within distros' upgrade & across distros
instead, i typically use a mix of (2) & (3)
in my case, for php-fpm, the available distro-rpms' build config's to my liking, so I use (2).
i install the rpms, simply ignore the (admittedly annoying) installed apache dependencies, and then override the systemd unit,
cat /etc/systemd/system/php-fpm.service.d/override.conf [Service] Environment=PHPRC=/usr/local/etc/php Environment=PHP_INI_SCAN_DIR=/usr/local/etc/php/conf.d
Type=forking PIDFile=/run/nginx/php-fpm.pid ExecStart= ExecStart=/usr/sbin/php-fpm \ --pid /run/nginx/php-fpm.pid \ --fpm-config /usr/local/etc/php/php-fpm.conf
to point to my own php-fpm config, which includes, in my case
... [www] listen = /run/nginx/php-fpm.sock listen.allowed_clients = 127.0.0.1 listen.owner = wwwrun listen.group = www listen.mode = 0660 user = wwwrun group = www ...
and, as per the Environment=, points to my own php configs.
otoh, for nginx, i'm not a fan of available distro builds, so I build my own rpms. i install *my* rpms, 'mask' default units in the /usr/lib/systemd/system location (just in case, again to avoid surprses), & create my own full .service/.target/tmpfile
the units et al set uid:gid to my liking; in my case, wwwrun:www.
i then rinse-n-repeat similarly for any/all other production services.
On 9/1/20 11:38 AM, PGNet Dev wrote:
for 'fun', install composer from pkgs, and see what comes along for the ride! no thanks.
i think i remember that. :)
i install the rpms, simply ignore the (admittedly annoying) installed apache dependencies, and then override the systemd unit,
Yes, the apache dep(s) was another thing that rubbed me the wrong way.
i then rinse-n-repeat similarly for any/all other production services.
Thanks for the detailed answer. Very useful. I've come to some of the same conclusions/solutions.
I wanted to mention this source of friction since Fedora targets devs/ops people and they will expect that something as prevalent as a LEMP stack is a very smooth experience.
Thanks for the detailed answer. Very useful. I've come to some of the same conclusions/solutions.
I wanted to mention this source of friction since Fedora targets devs/ops people and they will expect that something as prevalent as a LEMP stack is a very smooth experience.
It shows up quickly @LEMP, cuz "we all" use it. But, it's a bigger discussion.
To be very fair, Fedora's packages are generally in far better @distro shape than other distros ... in large part because they're built _on_ Fedora.
Which are among the primary reasons I've recently finished distro-migration of a _lot_ of boxes TO Fedora.
Re: the 'smooth experience' ...
For my tastes, Fedora's end-user pkg build experience -- specifically, the lack of smooth integration 'tween Pagure & COPR, as well as some missing capabilities (compared to what I was used to on other-distro) -- has room to grow. The devs seem amenable, but are vastly under-resourced IMO. For my money, better Fedora support ==> more Redhat support contract adoption.
But that's a corporate Redhat/IBM issue that they've yet to come to terms with and focus on. Unless you're a bank, airline, government, etc :-/
Afaict (and I'm still kinda new 'here'), projects -- at COPR typically, and at 'official' repos, frequently -- are 'owned' by single users. And those single-users wear the maintainer & bug-wrangler hat & any other hats lying around.
Risk-and-effort-mitigating 'teams' of maintainers, bug-owners, etc are not easily found -- at least by me so far. Again, different than what I'm used to.
Another source of tension/concern is that there are clearly some super-committers -- folks that 'maintain' scads of packages, &/or key infrastructure packages, and have become invaluable. And for the very same reasons, a primary/significant source of risk. Add to that the occasional meltdown from stress, lack of support, etc and ... it's challenging.
IMO, though it'd be great to have Fedora 'guarantee' a "very smooth experience", it seems that that's not tenable (see again resources^^) today.
Groups of similarly-interested users seems a better option, but that's hard -- not impossible -- to organize inside the project. That's part of the "rocks uphill" bit ...
On 9/1/20 1:31 PM, PGNet Dev wrote:
The devs seem amenable, but are vastly under-resourced IMO. For my money, better Fedora support ==> more Redhat support contract adoption.
But that's a corporate Redhat/IBM issue that they've yet to come to terms with and focus on. Unless you're a bank, airline, government, etc :-/
it's funny you said that because i almost included something similar in my original mail. At roughly a billion $ a quarter in gross revenue(IIRC), i think Red Hat should double/triple down on Fedora and CentOS. What would happen to RH revenue (down the line) if Fedora and CentOS started to completely dominate market share for smaller institutions? Why would enterprises use another OS/distro if all the users, admins and devs only/mainly know Fedora/CentOS b/c that's what they use at school and work. i.e. The Windows Effect. Fedora and CentOS are doing a lot of things right (that's why i'm in the process of moving to them for various things), but just imagine if it were all really well funded, and got to all the people doing the work.
On 9/1/20 12:28 PM, ITwrx wrote:
At roughly a billion $ a quarter in gross revenue(IIRC), i think Red Hat should double/triple down on Fedora and CentOS
it's a head-scratcher sometimes.
particularly when you _talk_ to really interested & capable devs in Fedora-land -- many of whom _are_ RH/IBM employees -- and get the "Absolutely! Wish we could! But we don't have the <mandate|time|money|hardware> to do that" chat.
it's a problem as old as the hills. or at least as old as Vulture Capital investment ;-)
imagine if it were all really well
funded, and got to all the people doing the work.
Couldn't agree more.
But. Sisyphus.
completely dominate market share for smaller
institutions?
Could. Not sure it's on their radar; remains to be seen after the acquisition by IBM, and the repositioning of CoreOS for cloud, etc.
But IME, unless it's *big* revenue _added_ to the bottom line -- which is what sales are generally incented for -- it's a case tone-deafness.
Revenue lost, let alone not considered in the 1st place, is not a priority ... particularly if any one deal is 'small'.
Why would enterprises use another OS/distro if all the
users, admins and devs only/mainly know Fedora/CentOS b/c that's what
they use at school and work.
Fedora distro's positioning & point-release schedule sites nicely IMO between Rawhide & Centos. Mostly (I've a _few_ bones to pick ;-) ).
And the FOSS ecosystem is a great -- and necessary -- gateway to RHEL support & licensing.
Personally, I hope they continue to leverage it, and grow to recognize better Fedora $$support floats all their boats.
But there's no guarantee 'big corps' make sane decisions about their feeder tech & communities.
There are more than a few reasons that we switched production & dev distros ... costly as it's been. And, that I'm keeping my internal DIY-LFS distro production alive and at-the-ready. Just in case ;-)
On Tue, 1 Sep 2020 at 16:29, ITwrx info@itwrx.org wrote:
On 9/1/20 1:31 PM, PGNet Dev wrote:
The devs seem amenable, but are vastly under-resourced IMO. For my
money,
better Fedora support ==> more Redhat support contract adoption.
But that's a corporate Redhat/IBM issue that they've yet to come to
terms
with and focus on. Unless you're a bank, airline, government, etc :-/
it's funny you said that because i almost included something similar in my original mail. At roughly a billion $ a quarter in gross revenue(IIRC), i think Red Hat should double/triple down on Fedora and CentOS. What would happen to RH revenue (down the line) if Fedora and CentOS started to completely dominate market share for smaller institutions? Why would enterprises use another OS/distro if all the users, admins and devs only/mainly know Fedora/CentOS b/c that's what they use at school and work. i.e. The Windows Effect. Fedora and CentOS are doing a lot of things right (that's why i'm in the process of moving to them for various things), but just imagine if it were all really well funded, and got to all the people doing the work.
Open source is suffering from the growth in variety and complexity of both hardware and software vastly greater than the growth in the number of developers.
In this forum and others, a lot of time and effort goes to dealing with hardware support. When you buy a macOS or Windows system, you don't expect problems getting the hardware to work. Linux on laptops often has issues with power management, graphics, touchpad, wifi, and sound. RedHat and Lenovo Thinkpad Fedora Laptops https://www.forbes.com/sites/jasonevangelho/2020/09/01/red-hat-and-lenovo-thinkpad-linux-fedora-laptop-os/#14b735fd4127 mentions the effort Lenovo made to get linux driver support.
I assume a big part of the developer effort behind Fedora is consumed by the need to support a wide variety of hardware, yet there are still many problems.
I assume that many Fedora users work in a shop where RHEL or CentOS is used for "production" systems. In happen to work in a field (remote sensing) where you have many individual users from governments or universities where Windows is the "enterprise standard", but the software they need runs on macOS and linux. MacOS and Ubuntu are by far the most common platforms for small workgroups. I expect this pattern can be found in other fields.
Both Microsoft and Apple have created problems for users with windows backgrounds but who need linux applications. Windows has had a string of problems with updates, while Apple's focus on security has created problems for users whose past practices are now out of bounds. Many of these users come with a mindset that others will fix problems for them. I've been involved with a number of remote-sensing workshops where we took a couple afternoons to introduce linux and some command-line basics. This helped the students with their remote sensing projects, and also proved helpful in modules on numerical modelling.
The linux community needs to encourage users to spend time learning fundamentals, solving simple problems and making useful bug reports.
RedHat is going to do their thing. If we want linux to prosper, it is up to us to reverse the dynamics that currently have complexity outstripping developer resources by doing everything we can to help ourselves and others use linux effectively.
On Wed, 2020-09-02 at 09:16 -0300, George N. White III wrote:
In this forum and others, a lot of time and effort goes to dealing with hardware support. When you buy a macOS or Windows system, you don't expect problems getting the hardware to work.
I do... I expect problems with Windows systems, because that's what I'd always experienced.
Macs are designed as a whole. PCs are not. You've a plethora of manufacturers all doing their own thing, your PC is a construct of parts that were never designed together. It's no surprise that some of them aren't compatible. And with peripheral manufacturers releasing things that aren't complete, because they want to sell it quickly, then shortly abandoning the product, never fixing the bugs, because they want to sell the next thing.
I've had far more luck with Linux. Because if *someone* can find out how to drive the hardware, and can find out how to deal with bugs, they *will*, *and* they release the software.
Going back to the original poster's comments; it always struck me as odd how Apache is "httpd" on Fedora, not "apache." It struck me as the height of conceit that Apache thinks they are *the* one and only HTTP daemon.
On Wed, 2 Sep 2020 at 12:41, Tim via users users@lists.fedoraproject.org wrote:
On Wed, 2020-09-02 at 09:16 -0300, George N. White III wrote:
In this forum and others, a lot of time and effort goes to dealing with hardware support. When you buy a macOS or Windows system, you don't expect problems getting the hardware to work.
I do... I expect problems with Windows systems, because that's what I'd always experienced.
Most of my Windows experience has been with enterprise level gear from big-name vendors (Compac, Dell, HP, IBM, Lenovo) either provided by IT or obtained through a standing-offer arrangement.
Windows has had plenty of problems, but very few have been due to unsupported hardware. Installing linux on the same systems when new often encountered hardware that didn't have linux drivers, but most of the missing drivers appeared within a year or two.
Macs are designed as a whole. PCs are not. You've a plethora of manufacturers all doing their own thing, your PC is a construct of parts that were never designed together. It's no surprise that some of them aren't compatible. And with peripheral manufacturers releasing things that aren't complete, because they want to sell it quickly, then shortly abandoning the product, never fixing the bugs, because they want to sell the next thing.
Google has done interesting things to streamline the process of building and testing drivers.
I've had far more luck with Linux. Because if *someone* can find out how to drive the hardware, and can find out how to deal with bugs, they *will*, *and* they release the software.
Linux has been very useful with gear that is considered too old for the current version of Windows. Government and University labs often have piles of these unloved and unwanted machines that make very useful linux workstations.
Going back to the original poster's comments; it always struck me as odd how Apache is "httpd" on Fedora, not "apache." It struck me as the height of conceit that Apache thinks they are *the* one and only HTTP daemon.
One of the problems with open source is that you have to work with decisions made by the authors of software you use. Debian has put a lot of effort into policies that smooth out some of the rough edges in upstream packages. I assume RHEL has similar policies, but Fedora isn't as tightly controlled.
Underlying this discussion is the idea that improving Fedora will lead to wider adoption in schools and universities that will ultimately benefit Red Hat (e.g., IBM). Meanwhile, How Google took over the classroom https://www.nytimes.com/2017/05/13/technology/google-education-chromebooks-schools.html with chromebooks in 2017. One side effect of this is that users no longer assume that MS Office is essential for doing real work on PC's. By 2019 there were many articles telling users how to run linux apps on higher end chromebooks, and Chrome OS Systems Supporting Linux https://sites.google.com/a/chromium.org/dev/chromium-os/chrome-os-systems-supporting-linux says "Unless otherwise specified, all devices launched in 2019 will support Linux (Beta)." Note that Google says Wayland is the preferred graphics system.
Outside large enterprises, ChromeOS is hurting Windows adoption by younger users, and providing a gateway to Linux as a way to run specialized apps not available as native ChromOS apps.