Greetings everyone. I am here to start my research on migrating from Linux to FreeBSD in the environments I admin at work. I recently left my position because my manager was pushing forward with RHEL7. I absolutely refused to do so and took another admin position on a different campus at the same university.
Hi,
I work for the medium size lab at the major research university with essentially unlimited freedom to do whatever I want in the terms of the software and hardware. Even thought I am first and foremost OpenBSD users (the only OS I use at home) at work I use (besides OpenBSD of course) FreeBSD and RHEL including infamous 7.1. I will be glad to share my opinions with you.
First unless you had some other reasons for changing the job, leaving your current work just because your superior
asked you to investigate a tool seem like a very odd thing too me. Actually it raises some red flags about you as an employee IMHO but lets leave that part out.
This is not about politics or anything having to do with what has been going on in the Linux community. I really don't care about Pottering, Linux, RHEL, Debian, Ubuntu, etc.
This statement is contradicted by your actions. You left a job because somebody asked you about RHEL 7.1. That to me appears to be an emotional reaction.
I am an admin and I have always loved UNIX. They are changing Linux into something that isn't UNIX like. I don't use Linux as a desktop and really don't care about Linux on the desktop. I care about a stable UNIX like system that doesn't wake me up at 3am or cause me to have a horrible review because of service outages.
I very reluctantly deployed by first RHEL 7.1 computing node. While the OS appear to be very alien (this is the post I made after the first installation)
In our lab we took a leap of faith and put Red Hat 7.1 on one of new computing nodes (we run Red Hat on computing nodes and desktops while using combination of Open/Free on all other servers). So far so good. System feel completely alien not just because of systemd. My jaws dropped when I realized that there is no ifconfig and that the Red Hat has new strange firewall. First thing I did was to install network tools. Disable firewall and install iptables. All in all system seems very snappy (Having 32 cores and 384 GB or RAM as well as OS on the 600 MB/s SSD helps too). MATLAB, R, Python work as expected. Soft RAID looks the same as well configuring LDAP authentication and authorization via SSSD. I am using my old monitoring tools (monit, collectd, SNMP, rsyslog) to monitor the machine even that I heard that systemd could be used for that. As long as I am getting paid to run this shit I have no problems with it. It still feels more controllable than Windows. Once they replace broken again shell (bash for short) with Windows cmd I will be out.
New installer sucks but I tested that thing earlier so I was not trying to do anything serious with it. It is nice having root on old trusted Silicon Graphics XFS instead of that funny ext2 file system.
system appear to be generally stable and doesn't keep me up in the night. As a matter of fact I already made decision to deploy RHEL 7.1 on all new computing nodes. One may argue that I don't use Linux on the core infrastructure machines (true) and that could alter my opinion but the same could be said about FreeBSD except for the file servers. All my critical mission machines run OpenBSD. We run FreeBSD on all file servers. RHEL 6.6 on all desktops and computing nodes. Our web applications run in mixture of all sorts of crap including RHEL 6.6, Ubuntu, and Windows 7.
FreeBSD is the Linux I always wanted anyway. I want a txt installer and love how simple it is. I installed FreeBSD in about 10 minutes on an optiplex 990 last night. The documentation is excellent and the people in this forum seem to be very knowledgeable.
I thought you are UNIX/Linux system admin by profession. While I would not expect you to start switching your servers to Windows just because manager asked you to do that as you were hired as UNIX/Linux system admin not Windows system admin I personally would not have problem to switch everything in my lab to Ubuntu if the management wants that as long as they pay me well to do so.
In the last 10 years of running RHEL in production, I have called support once (manager was pushing me to do so). They were of no help and I was able to fix the problem myself. I am not really worried about having a support contract.
We generally run Springdale Linux Princeton University free clone of RHEL in our lab and could not be happier. I could give here detailed summary of the major differences between Springdale Linux, CentOS and Scientific Linux.
The new environment I need to upgrade has older RHEL4/5 systems. They are running vanilla stuff like MySQL, Apache, etc. I don't think I will have any problem moving those to FreeBSD.
No you will not have any problem moving that to FreeBSD. Between that infrastructure appear to me to be totally neglected. Did that place have system admin last couple of years? What she/he was doing with RHEL4/5? In particular RHEL4 is a dead OS for several years already.
Do you have a permission to move things to FreeBSD? The organization my have OS preferences which are not entirely technically based. I will just give you few examples.
- We run a clone of RHEL due to the fact that many of our government clients run RHEL. While personally I prefer RHEL over Ubuntu our university is very much Ubuntu centric and running Ubuntu would have made my life easier.
- RHEL is more or less standard platform heavy scientific computing. ROCKS cluster distribution as well as things which require ROCKS like Hadoop or Spark is based on RHEL 6.6.
- Having diverse hardware and OSs in generally increases complexity of any organization and adversely affects the productivity.
- A particular OS might be inapt for your user base or applications you need to run. For example most of my users don't feel comfortable on FreeBSD on the desktop/computing nodes. We also need MATLAB (please don't even thing about giving me a lecture on free alternatives or alternative languages as that is not how the real world work).
These are the areas that I will be doing my research:
1. Install and automation of install.
2. Java and tomcat.
3. Opensource stuff like railo/mura (They still run cold fusion, they currently have a wamp stack for these things... It brought warm vomit to the back of my throat!).
4. Automation with Ansible.
5. Git worflows.
6. MySQL/database stuff. Oracle on FreeBSD?
7. Jails and other security features of FreeBSD ( I spent about an hour with SELinux before disabling and never even thinking about it on all of the servers I manage.)
8. FreeBSD as a VM in VMware ESX. I have run one, but need to really test.
9. Running Nagios for monitoring.
10. Security updates/system updates. (Ease of use and roll backs.)
That is the short list so far. I will be really playing and testing FreeBSD as well as absorbing as much as I can from the handbook over the next few weeks. Luckily my other gig has no problem using FreeBSD.
1. Neither RHEL nor FreeBSD have good installer IMHO comparing to OpenBSD for example. When it comes to FreeBSD I actually prefer to use TrueOS/PCBSD installer. RHEL installer went from bad to worse between 6.6 and 7.1. When it comes to automation of installation RHEL (Kickstart) is the industry leader. OpenBSD got last year automated installer (previously had only siteXX.tgz and install.site option). It is getting close to Kickstart. I am not aware that FreeBSD has anything similar in particularly something which supports ZFS on the root (that is why I prefer TrueOS installer). TrueOS has something but I never tested it
http://iso.cdn.pcbsd.org/10.1-RELEA...anced.html#creating-an-automated-installation
2. If you need Oracle Java and tomcat RHEL is no briner. That is another reason besides MATLAB we use a clone of RHEL in our lab. I heard rumours that FreeBSD foundation strike a deal with Oracle to release Java for FreeBSD. I don't know where the things stand now. In our lab we are actually trying to get off Java but it is like getting of heroin.
3. First time I heard of it. Are you talking about this
http://www.getrailo.org/index.cfm/extensions/browse-extensions/mura-cms/
4. I use Ansible. It is OS agnostic. You only need running ssh on client machines. "Server" can run of anything (my actually runs on my RHEL desktop at work.
5. Not following. Git runs well on any *nix/*nix-like system. Not that I like it. My favourite version control system for a small/medium research group is Fossil but my users don't like it and I am running thing for them not for my own sake.
6. RHEL no briner for anything Oracle related.
7. Jails and SELinux are unrelated technologies. Jails is OS level virtualization. SELinux is mandatory access control (MAC for short) for Linux. FreeBSD has its own MAC with strong following. MAC is flawed security concept as demonstrated by OpenBSD
systrace project. It is often a nuisance as you found out, useless at best.
Linux containers (LXC) are joke comparing to Jails. I am not sure what Docker (I thought it was Warden for LXC). Docer no longer use LXC as backend and serves no security purpose. Docker is more like an application sandbox. Linux people should look at things like DragonFly vkernel to see how sandboxes are done properly.
8. I am not using VMware ESX so I can't say anything.
9. Nagios runs fine on any *nix/*nix-like system. I personally prefer M/Monit for quick up and down view of the system. I concur that Nagios might be better choose for larger organization. It is more complex to set up than M/Monit.
We use combination of
LibreNMS and
net-mgmt/collectd for metric monitoring. LibreNMS free fork of Observium is not ported yet to FreeBSD. It works like a champ on OpenBSD current (to be 5.8 release in November). Original application Observium supported only Ubuntu and Debian as a second tier. I am not sure how well LibreNMS works on Red Hat. Speaking of monitoring. Linux uses rsyslog which is pitta IMHO. OpenBSD has its own stellar syslogd. FreeBSD syslogd is best replaced by syslog-ng. Syslog-ng server runs well on FreeBSD just like entire ELK stack
http://www.networkassassin.com/elk-for-network-operations/
I would not use native FreeBSD bsnmpd because it appears to be buggy and abandon-ware. net-snmp is a can of warms but only OpenBSD has better alternative. OpenBSD has its own snmpd which is really stellar.
FreeBSD native sensoring frameworks are abandon-ware so you are stuck with security/bug ridden IPMI just like on the RHEL. Again OpenBSD has its own stellar sensoring framework.
10. The major claims to fame of TrueOS/PCBSD comparing to FreeBSD are:
- Installer (ZFS on the root)
- boot environments/snapshots (beadm)
- update manager
- Life Preserver (management tool for ZFS snapshots and replication)
- the Warden (Jail management)
beadm is the one you will need for easy roll back in the case of disaster during the update. So the answer to your question 10 is that FreeBSD is superior to
RHEL and if you like OpenBSD (which uses altroot) for roll back and disaster recovery. I think that beadm idea originated in Solaris.
I hope this answers your questions [1-10].
Few other random thoughts.
FreeBSD has ZFS. While RHEL support ZFS via kernel modules it is not in par with FreeBSD. ZFS is no briner comparing to soft RAID. I am OK with hardware RAID but if you go that route you might want to use more modern file system (read HAMMER DF) which support journalling than XFS.
I am have a very strong preference for OpenBSD/PF as a firewall solution over anything else. Linux (IPTables or even worse this new RHEL fwall crap is useless). FreeBSD uses obsolete version of PF but it has its own IPFW. You might want to stick to PF on FreeBSD like me because you are familiar with the tool. There are also to nice turnkey FreeBSD firewall appliances. I like better
OPNsense than
pfSense . Linux has nothing comparable. Hack Linux has no usable firewall.
Unfortunate FreeBSD opted for security flawed PAM module when it comes to LDAP authorization just like RHEL. It works fine just like SSSD used for multiple domains authorization. The correct approach adopted from commercial UNIX-es is ypldap as demonstrated by OpenBSD project. OpenBSD includes its own basic LDAP server which is very useful for smaller organizations like mine. OpenLDAP works fine on any *nix/*nix-like system but it is a can of warms.
We use LDAP also for authentication. For more complex set up Kerberos might be necessary. I have never set up Kerberos authentication server or even client for that matter on FreeBSD so I am not sure how well it works. Kerberos is as you know little abandon-ware but there are no better alternatives. For the record OpenBSD removed kerberos from the base due to security problems and lack of interest among developers.
FreeBSD does include both NFSv3 and NFSv4 server. I have a strong preference for NFSv3. Depends on the clients you might prefer v4. Works fine I could give you performance comparison with RHEL NFSv4. I think FreeBSD version also supports Kerberos just like RHEL. As you probably know ZFS is NFS/Samba aware so FreeBSD wins hands down comparing to RHEL in this category. If you wan to see an example of NAS applicants done right have a look at FreeNAS. On the long run my advise if you have time to learn would be to stick to TrueOS.
I have yet to use bhyve. We use extensively Linux KVM in the lab (I have Free/Open guests besides Linux guests RHEL, Ubunutu and even few Windows 7 guests). We are happy with it. We also have few VirtualBox instances on desktop for testing web applications with Internet Explorer. I tried running VirtualBox on FreeBSD in the past and was not too happy with it. A completely tangential but a valid approach to vitualization is Xen Dom0 and neither RHEL nor FreeBSD are right hosts for Dom0.
The hardware was old and had been used for 5-7 years already running Windows Server. Everything built from source with build/compile/link options very optimal to the Dual Xeons it was running. I believe it was a 1650 though I could be wrong on that. The Linux junky tech at the data center was amazed at how it outperformed some of his state of the art builds, and that I had it easy getting the source in the first place. Central and complete on the download.
). Creating a unit for it to work well with isn't that bad when custom software needs to run and have fail-over. There are ports that do some of this already when setup right, though something more solid that can install from pkg and not be a base system requirement in FreeBSD will definitely aid some of my builds. And from a DIY perspective, if needed; will go much better then stripping down a Centos installation and bastardizing it to the point that there is major learning curve to get it back up well, un-reproducable.