[SATLUG] OS Longevity

[Thomas Cameron]

----- Original Message ----- 
From: "Sean Carolan" <scarolan at gmail.com>
To: "The San Antonio Linux User's Group Mailing List" <satlug at satlug.org>
Sent: Sunday, September 26, 2004 11:02 PM
Subject: [SATLUG] OS Longevity


> This would be directed at the sysadmins on the list - what is a
> reasonable upgrade cycle for a production server, running Fedora Core
> 2 with 20-30 users who connect via LTSP or a remote X windows session.
> I use Yum to keep the rpm packages up to date.

Keep in mind that FC has an incredibly rapid life cycle - it goes to 
"legacy" status in something silly like 6 months...  If you want to be on 
the bleeding edge, that's definitely the way to go.  For me as an admin who 
deals with about 1600 servers it doesn't make sense.  Too hard to keep all 
the boxes upgraded.

> My specific concerns are:
>
> *  Keeping OS and software current with security patches

You should REALLY have a development environment that you test updates on 
before rolling them to production.  On your dev box you would do "yum -y 
update" and then do real world tests (i.e. test every single service like 
e-mail, ftp, web, SQL or whatever else you are running) to make sure that 
you aren't going to step in something that won't wash off.  Once those tests 
have run successfully, then and only then should you update your production 
server.

> *  Desktop software such as Open Office and Gaim must keep up with
> current protocols and file formats.

This kind of thing is pretty easy with yum.  Just test, test, test or you're 
going to get bitten and your customers are going to be unhappy.

> *  Stability is the most important factor.  This server needs to have
> 99.99% or better uptime.

I hope that you have good UPSs.  It also depends on how you define that 
99.99%.  Do you count scheduled downtime (i.e. kernel upgrades) against it? 
Do you have hardware spares?  You are only giving yourself about 52 and a 
half minutes of downtime per year.  Again, make sure that you test 
extensively in development before rolling to production.

> Any thoughts on these issues are welcome.  I am looking for tips on
> which packages you would upgrade and how often, when would you
> recommend moving to a newer version of Fedora Core, or going to
> another flavor of Linux, etc.

Wow - you aren't asking much, are you?  :-)

As to what to upgrade and how often, that is totally up to you and your 
customers.  I have a RH 6.2 (Sparc) box that is running just fine.  All it 
does is really basic ISP type stuff like DNS.  As long as I keep my BIND and 
SSHD packages up to date and filter everything else at the firewall, there 
is no real reason to upgrade.  Now, for a desktop machine, that is not 
realistic - apps change quickly and you will want to keep up.

If you want long-term support, Red Hat Enterprise Linux is supported for at 
least 5 years from release.  Fedora Core is "supported" - i.e. packages are 
released for it - for a fraction of that.  If you want to spend the time and 
are capable of updating and upgrading then do FC - you will learn a Hell of 
a lot more that way (albeit typically in the School of Hard Knocks).  If you 
need vendor-released patches, then go with RHEL or SUSE.

> We are looking to have this system of a
> similar version of it working at least 10 years from now, with
> backwards compabilbility of our data and files.

Wow - good luck.

Regards,
-- 
Thomas Cameron, RHCE, CNE, MCSE, MCT