Why I am Leaning Toward CentOS

I am looking at various options for a Linux distribution these days. Some of them I discussed in my previous post on how to choose a Linux distribution. Here I would like to point out some factors why I am leaning toward CentOS.

Repackaged Red Hat Enterprise Linux

The biggest benefit of CentOS is that it has all the benefits of Red Hat Enterprise Linux (RHEL). You get support from many independent and third-party entities, such as hardware and software vendors. If it says it support RHEL, you can be pretty sure it supports CentOS. This is a big deal in the business world. If you need to have a certain application and it only officially supports RHEL, CentOS gives you the option to use it without too much trouble. Of course, the reason you would use CentOS instead of RHEL is to save on support subscription offered by Red Hat.

We all can see how much good work Red Hat is doing. I would like to support it with my (or my company’s) money. On the other hand, CentOS is doing some good work of making Red Hat’s work available to the masses. They also deserve our support. My compromise, to keep me and the bigwigs happy would be to use CentOS on development and testing servers. Then move to RHEL for production. The boss is happy to pay someone (Red Hat) for production support and you can maybe provide some of that support money to CentOS. Such workflow could keep most people happy.

SELinux

I am interested in learning more about SELinux and how to best use it to secure computers. CentOS comes with it and gives everyone a chance to utilize its benefits. But why choose SELinux? Well, if it helps me learn more about security while also keeping my computers secure, I am all for it. I am not such a philosophical freak to take sides. Best tool for the job, is what I believe in.

EPEL

Extra Packages for Enterprise Linux (EPEL) is a repository of software for RHEL which is not “officially” included in RHEL. It gives CentOS the best of both worlds: officially supported packages along with some other packages you may need to get your job done.

RPM Repositories

You can combine CentOS with repositories other than EPEL and get even more packages. These include, but are not limited to, rpmforge and atrpms.

Fedora

If you are running CentOS, then Fedora compliments your choice on the desktop. So if in my ideal compromise you have CentOS running on development and testing servers, then maybe your desktops could be running Fedora. According to Fedora website, “Fedora now forms the basis for derivative distributions such as Red Hat Enterprise Linux”. In effect, you are trying out a possibly future version of CentOS before it even comes out.

Fedora on its own is a very good distribution. It has quick releases and the newest technology around. What more could you want from a Linux distribution?

Conclusion

If you are in a business environment where you need RHEL, CentOS can be a great resource. If you are not, then CentOS gives you all the benefit of RHEL without the cost. It is a great distribution for different purposes. Combine it with the RHEL-environment, such as Fedora, and you may not need another Linux distribution. Of course, if CentOS is your choice, maybe Scientific Linux deserves some love as well.

Choosing a Linux Distribution

Recently I have had more time to work with Linux. I had been using Ubuntu in some way for two years when I needed to set up Linux on a few years old server. Since I was comfortable with Ubuntu, I thought I might as well go ahead and use it. But then I found out that there were other alternatives as well. This caused a headache which still isn’t resolved to this day. Which distribution is the best to get hands-on, real world experience with?

Comfort

You have to look at your comfort level when choosing a distribution. If you are familiar with something, even in passing, it would be an easier path to go with what you know. On the other hand, all distributions may be different but they have more in common than there are differences. So learning another distribution style is not as difficult as one might expect.

Hardware Support

If the distribution you choose is not able to function on the hardware you have available, you should not choose it. If you can get it to work, with or without a lot of effort, all the power to you. If, however, you can’t get it to work, you might as well look for another option. I went ahead with Ubuntu on the server because it supported all its hardware out of the box. I did not have to tweak anything or waste a lot of time. On the same server I was unable to install CentOS because Red Hat had dropped support for server’s RAID card in its current distribution.

Purpose

For what purpose are you using a distribution? Is it going to be for starting out, testing, development, or deployment? For all these scenarios, there are many distributions fitting them just fine. For starting out, a friendly distribution like Ubuntu could work. If you are testing Linux for its feasibility in your environment, just about any distribution would work. A distribution for doing development work should be fast moving with new technology so that you can use it to its fullest extent. If it’s for production deployment, being conservative in your selection is recommended.

Cutting Edge Technology

Some distributions strive to be on the cutting-edge. I count Fedora, openSUSE, and Ubuntu in this category. They release new stuff every few months. So you get to work with what’s new. For example, on Ubuntu, I found Django packages ready to install and work. Since I wanted a package and I found it, I was able to start working. I did not have to jump through hoops just to get to the point where I would be able to work.

Enterprise

Yes, an enterprise version would be more stable and maybe more secure. But it is also less likely to include new technology in an easily accessible format. Taking the example of Django, I have not found any tutorial on the web to install it on CentOS using an RPM package. All tutorials I have read ask you to download and install from source. Yes, it’s the traditional way to do things but if package management is the future, we should look for packages first and source code later. Now if I am developing and deploying an application developed with Django, I want to have the peace of mind that I installed a package that had been tested to work well with the whole operating system, and not something I installed without knowing how it would turn out.

To me this is the most important point after hardware support. I am willing to learn a whole another distribution if it is enterprise level with great hardware support but also keeps up with new technology. Since not one distribution will always fill these requirements, we have to look at the best tool for the job at hand.

Security

I was shocked to learn a few days ago that Ubuntu server’s default firewall policy was to accept all traffic. CentOS, on the other hand, has a pretty aggressive firewall policy. Combined with recent scandal of Debian and OpenSSL, it has dented my confidence in Ubuntu. It’s not that Ubuntu is insecure, it’s just the appearance of security in the ecosystem is absent (to me, at least). It’s also not that these things cannot be rectified by me, it’s that why would I need to take an extra step when a prudent decision could do it for me in the first place.

Another aspect I look to is being root. Does one have to actually be root or would sudo do? I like the sudo model better since it forces you to actually type your permission when doing critical work. Yes, if you are careful su and su - would work as well as sudo. But I like the added carefulness of sudo. So the first thing I do after installing a distribution is to see if it has sudo and then enable it for at least one user.

Support

Support is a very important part of decision-making process. Support may be of three kinds: distribution creator, third-party professional, and community and friends. Support includes help as well as software updates. One can get help from many sources, and community is an essential part of this support ecosystem. It can get you started and get you out of trouble. Almost all (ok, maybe all) distributions provide software updates. Then there is an extra level of support which we know as enterprise or corporate support (think Red Hat). It is provided by either the creators and maintainer of the distribution or from third-party entities.

For a home user, software updates and community support should be sufficient. For a business, however, ‘corporate’ support is essential on production systems. Businesses like to pay someone to get extra insurance in case it is needed. If a server is essential to business operations, it is very important that the team running the server knows what it is doing, has community support for minor issues, and corporate support when things go really bad.

Red Hat, Novell, and Canonical provide this kind of support as they create their distributions. Of course, if you have a good team running your servers, you may not need to get corporate support. But if your manager is a non-technical person, she will most probably require it. And if it’s not your money being spent, why argue?

Conclusion

This was meant to be a discussion of factors I would look into when choosing a distribution. Nothing more, nothing less.

Disclaimer: I have edited, and will edit, this post as new arguments come up.

Set MAC Address

Ubuntu

In Ubuntu, you can explicitly set a MAC address for your network card. You can either do it manually (Working with MAC Addresses) or use a package called macchanger (GNU MAC Changer).

To manually change your MAC address, for example, for eth0, you do the following:

sudo vim /etc/network/interfaces

And then you add following line to end of interface being configured (eth0 in this example):

hwaddress xx:xx:xx:xx:xx:xx

where xx:xx:xx:xx:xx:xx is the MAC address.

So now your interfaces file may look like this:

auto eth0 static
iface eth0 inet static
address 10.10.1.5
netmask 255.255.255.0
gateway 10.10.1.1
broadcast 10.10.1.255
hwaddress ether 02:01:02:03:04:08

Do the following to make sure all changes are applied:
sudo ifdown eth0 (warning: you will lose connectivity on this interface when you run this command, so make sure you are able to access your computer either via console or through another interface to run the rest of the commands)
sudo ifup eth0
sudo /etc/init.d/network restart

CentOS

Open the file of the network interface you want to modify and add the following:

HWADDR=xx:xx:xx:xx:xx:xx
MACADDR=xx:xx:xx:xx:xx:xx

For example, if you want to explicitly specify a MAC address for eth0, you do the following:

vim /etc/sysconfig/network-scripts/ifcfg-eth0

And then you add following line to end of file:
HWADDR=xx:xx:xx:xx:xx:xx
MACADDR=xx:xx:xx:xx:xx:xx
where xx:xx:xx:xx:xx:xx is the MAC address.

So now your ifcfg-eth0 file may look like:

DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
DHCP_HOSTNAME=localhost.localdomain
IPADDR=10.10.1.5
NETMASK=255.255.255.0
GATEWAY=10.10.1.1
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
PEERDNS=yes
HWADDR=02:01:02:03:04:08
MACADDR=02:01:02:03:04:08

Do the following to make sure all changes are applied:
sudo ifdown eth0 (warning: you will lose connectivity on this interface when you run this command, so make sure you are able to access your computer either via console or through another interface to run the rest of the commands)
sudo ifup eth0
sudo service network restart

Little Linux Commands

In this post I shall add little commands that one may forget but could be very useful. My goal is to collect commands for as many distributions are possible. Following distributions are very closely related to each other and, unless otherwise noted, commands specified for one may be run on all of them without modification.

Red Hat: CentOS, Fedora
Ubuntu: Debian

So, for example, if a command is given for Red Hat, it may be run on CentOS and Fedora. If, however, a command is given explicitly for CentOS, it may or may not run on Red Hat and Fedora. If no distribution is given, it is very likely that the command runs on all distributions.

Find Distribution Release Version

If you want to know the release version of a distribution, you may use following commands.

Red Hat, Ubuntu: tail /etc/issue
Red Hat: tail /etc/redhat-release
SUSE: tail /etc/SuSE-release
Ubuntu (gives more detail): tail /etc/lsb-release

Find Gateway of Network Interface

All:netstat -rn

Runlevel

A runlevel determines what services are started when computer boots up. To find at what runlevel your computer is running at this moment, type the following.

All: runlevel

Output should look something like

N 5

Where N is the previous runlevel and 5 is current runlevel.

Packages Installed

Red Hat: yum list installed
Ubuntu: dpkg -l

Split Files

If you want to split a file into many smaller parts, use this (hat tip: How do I open a 2.5 gig .xml file?):

split -l 50 myfile.txt mynewfile

Show All Users

If you want to list all users of the system, whether they are logged in or not, run the following command. It uses the cut command on the /etc/passwd file.

All: cut -d: -f 1 /etc/passwd

Hat tip for this trick: How to list all your users; man cut.

Lock root

If you want to lock or disable root user, or any other user for that matter, do the following (replace root with the user you want to lock):

All: sudo passwd -l root

Another way to lock a user is to do the following:

All: sudo usermod -L root

Similarly, to unlock a user:

All: sudo usermod -U root

Securely Copy Directory from Remote Server

If you want to use SCP to copy a whole directory from a remote server to your current directory on local machine, do the following:

All: scp -r user@host:/home/me/mydir/. .

The first dot in the path of the remote server tells it to copy all files and folders in the /home/me/ directory, even hidden files and directories. If you use asterisk instead of dot, it will not copy hidden stuff. The second dot means copy everything to the current directory on local machine.

Hat tip for this trick: Moving /home data from old system to new Linux system.

Support for Virtualization in Processor

To see whether your current processor supports Intel-VT (vmx) or AMD-V (svm) virtualization, run the following:

All: egrep -e 'vmx|svm' /proc/cpuinfo

Thanks to CentOS 5 Xen Virtualization.

What packages are in package group

In Debian, tasksel has various groups of packages, such as Standard, Laptop, etc. But what do these groups contain? Thanks to a post by yankovic_yeah, we know.

Ubuntu: aptitude search $(tasksel --task-packages standard)

CentOS 5 Post Install Customization

I have collected these tips after testing them on Fedora or CentOS, but not necessarily on both. I have actually merged the article ‘Fedora 7 Post Install Customization’ with this one since CentOS and Fedora share many, many things. The Fedora article has been removed from the site. So you may want to update your bookmarks. These tips may be used as is or with some modification on almost all Red Hat-based distributions.

Remote Desktop Through VNC

This tutorial deals with setting up a machine for remote access. That is, other machines are able to access this machine through VNC. First, install a VNC server using the following command:

yum install vnc-server

To install VNC client,

yum install vnc

Open ports 5900 and 5901 on the firewall. If you want more than one VNC sessions to occur simultaneously, then open ports for those in your firewall. Say you want four simultaneous sessions. Then you would want to open ports 5901, 5902, 5903, and 5904. You may open ports in GUI or via command line.

Now make sure all users have their own .vnc directory in their home directory. For example, ‘testuser’ should have a /home/testuser/.vnc/ directory. If not, create one using

mkdir /home/testuser/.vnc/

Now setup VNC passwords for each user you want to allow VNC for. For example. if you want user ‘testuser’ to be able to VNC, log in as ‘testuser’ and run command

vncpasswd

It will ask you to enter and verify your password. Remember, each user needs to set up their own password with this command. It will store password in /home/testuser/.vnc/passwd file.

Check to see if you have xstartup file in /home/testuser/.vnc/ and if not, create one using

vim /home/testuser/.vnc/xstartup

And make sure it looks like this:

#!/bin/sh
# Uncomment the following two lines for normal desktop:
unset SESSION_MANAGER
exec /etc/X11/xinit/xinitrc
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &

xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
startx &
exec gnome-session &

I chose GNOME because I use it on CentOS. If you prefer KDE, just change gnome-session to kde-session. Also, you have to make this file executable, using the following

chmod u+x /home/testuser/.vnc/xstartup

If you do not make this executable, and once VNC is all setup, you may only get a gray screen with a big black mouse pointer. If you make this file executable, this problem should not occur.

Another reason you may get this gray screen is when the character encoding of the file may not be what the scripts are expecting. To remedy this situation, make sure you use files created and modified on Linux. I had the same problem when I created a file on Windows and downloaded it in Linux. When I created the file in Linux, the problem went away.

Now, as root, you need to edit one file

vim /etc/sysconfig/vncservers

And make sure it has the following lines:

VNCSERVERS="1:testuser 2:otheruser 3:moreuser"
VNCSERVERARGS[1]="-geometry 1024×768 -depth 16"
VNCSERVERARGS[2]="-geometry 800×600 -depth 16"
VNCSERVERARGS[3]="-geometry 1024×768 -depth 16"

What we are doing here is setting up three VNC sessions for three users: testuser, otheruser, and moreuser. Add as many users as you want here. Remember, also open ports in firewall for each VNC session you open.

Be careful. After first installing VNC server, VNCSERVERARGS[1] will not look like this and would probably have flags set so that it doesn’t listen on network. You have to make sure your file looks like what has been shown above. Be careful that -depth is at least 16, not 8. Otherwise it may not work properly. Of course, you may set an appropriate screen resolution, not necessarily what has been set above.

Now you are ready to start VNC server as root.

service vncserver start

To make sure VNC starts up whenever the computer starts, do the following

chkconfig vncserver on

It should give you an OK for all VNC sessions you added in /etc/sysconf/vncservers. You will connect using your VNC client using the following address:

yourhostname :1

or you could use an IP address

192.168.168.100 :1

Where :1 is the number chosen for the user in /etc/sysconf/vncservers. When asked, enter password for that user. The benefit of this method is you do not need to enable auto login to be able to use VNC.

I have to thank the following for helping me learn and also write about this issue: Tutorial: VNC; Set up the VNC server in Fedora;

Change Hostname

To change hostname to another, you need to take care of two things: change the /etc/hostname file and the /etc/sysconfig/network file.

sudo vim /etc/hostname

If there is already a name, replace it with the new one. Or if the file is empty, just add the new name.

sudo vim /etc/sysconfig/network

Change your old hostname to the new one.

sudo /bin/hostname -F /etc/hostname

Although you should not need to reboot, even if you do, the new hostname should show up every time. You may even logout and then login to see the new hostname in effect.

I had to learn these things the hard way but now I am able to share them with you.

Unable to Access Internet

If you are using static IP address and are unable to access the Internet while LAN access is going smoothly, try this: add a routing rule using the Network GUI with the following values. Of course, you would need to change the gateway’s IP to whatever IP your own gateway is using.

address: 0.0.0.0
netmask: 0.0.0.0
gateway: 192.168.1.0

Allow a User to SUDO

I took this step as root, using instructions found in a good tutorial: Configuring SUDO.

su --login -c 'visudo'

Then I uncommented the line saying

# %wheel ALL=(ALL) ALL

and changed it to

%wheel ALL=(ALL) ALL

Also, I added the user I wanted to allow to use sudo by adding the following line below the line root ALL=(ALL) ALL. So now the file read

root ALL=(ALL) ALL
newuser ALL=(ALL) ALL

The user ‘newuser’ was then able to use sudo and it asked for a password every time.

Useful Resources

If you are looking to trim your CentOS install, you may find Building a Tiny CentOS Installation to be very useful.

Hardware RAID 1 on Ubuntu

The system I was trying to install RAID 1 had an Adaptec 2500S hardware RAID card installed on it. Therefore, I did not need to deal with software RAID. The system had two Pentium III processors, 3 GB memory, and two SCSI hard drives with approximately 20 GB on each of them. Since it was a hand-me-down system, the hardware card had been installed and configured already. Let’s call this computer ‘raidtest‘.

RAID Setup

When raidtest boots up, the user gets an option to hit Control+A to enter the RAID setup utility. There I deleted the previous configuration and created a new one. This one now had two drives and these were set up for RAID 1. The process was quite simple and without any fuss. However, I was unable to set up the option of drives being removable because I could see no way how to. I would have liked to set this option and test what it did and how it did. If you can help us out here, it would be appreciated.

RAID on CentOS

I intended to install CentOS on it because I wanted to learn to use it as well. However, CentOS 5 was unable to recognize the RAID at all. It just said ‘no’. So I downloaded CentOS 3.9 server and popped it in. It was able to recognize the hardware and said it was going to load the driver. But this is where the installation just hung up and would not get out of its stuck state. Even CTRL+ALT+DEL would not work. So I just gave up CentOS.

RAID on Ubuntu Server

I also did an installation of the Ubuntu 6.06.1 Server LTS on the same machine. However, upon successful installation, the boot up process would hang up saying that I2O was already in use. Research (wrong /etc/fstab when installing on RAID using Adaptec 2100S) showed that this problem existed in Debian where installation and boot names for the same devices were different. I even tried out the install image but it did not work for me. So I gave up the thought of either Debian or Ubuntu Server.

RAID on Ubuntu Desktop

I used the ‘alternate’ installation CD for Ubuntu 7.10 (Gutsy Gibbon) since the ‘desktop’ version would not boot properly. I have no idea why. Ubuntu not only recognized the RAID hardware as a single disk, but also installed fine. I installed it as if it was a single disk as well using guided partitioning.

During the first boot process after the installation, I saw some weird error messages saying I2O could not be configured (or something like that) but the computer worked fine. I restarted the machine a few times and everything was working.

Failure Simulation

I knew that the BIOS (?) setup of the RAID did not enable drives to be ‘removable’. However, I needed to test what would happen if one of the drives failed. So I took one drive out while the system was running. The system ran fine so I put the drive back in. However, the drive I had pulled out would not work. All reads and writes on the disk were being done on the drive which had been left untouched. I expected the RAID controller to rebuild the failed drive automatically but could see no evidence of it.

I then turned off the computer, took out the working drive, put in the ‘failed’ drive, and booted up. No luck. Ubuntu would not boot. So I put in the working drive, took out the ‘failed’ drive, and booted up. Ubuntu worked flawlessly. Even now the RAID array was not being rebuilt. I had to do something.

Cold-Boot RAID Array Rebuild

I rebooted the computer and hit CTRL+A at boot time to enter the Adaptec RAID configuration utility. There I saw that the ‘untouched’ drive’s status was ‘optimal’ while the ‘failed’ drive said something else (I forgot what it was but it indicated that there was some problem). So from one of the menus of the configuration utility I chose to rebuild the array. Suddenly activity lights for both drives began to blink in unison and the status on the configuration utility showed a progress bar of the rebuild process. Once it was done, the computer worked well off both drives, together or individually.

Online RAID Array Rebuild Using raidutil

I came across an Ubuntu package called raidutils. It contains I2O RAID management utilities. So I installed it by

sudo apt-get install raidutils

Once it was installed, I had no idea how to use it. So a few web pages helped me out. Manpage of RAIDUTIL was the first. This showed me that although the package is named raidutils, the command actually is raidutil; notice the absence of ‘s’ from the name of the command. So I ran the following

raidutil -L physical

But I got an error; Engine connect failed: Open. So I tried the following

sudo raidutil -L physical

Which produced a whole new error; Engine connect failed: COMPATIBILITY number. This is where I2O on Linux – FAQ was very helpful. I ran the following two commands

sudo mknod /dev/i2o/ctl c 10 166

sudo modprobe i2o_config

And then I ran the first command again

sudo raidutil -L physical

Now I did not get any errors and saw the physical devices of the RAID system. However, I wanted to get a way to be able to rebuild an array while the system was running. Here again a web page was extremely helpful. Monitoring RAID with NetSaint had useful commands. I used them as follows:

sudo raidutil -L logical

The RAID was ‘optimal’. So I took one drive out of the system again and ran the command again.

sudo raitutil -L logical

This time the status was ‘degraded’. I put the drive back in and ran the command yet again.

sudo raitutil -L logical

Alas, the status was still degraded. To reconstruct RAID, all I had to do was run the following command

sudo raidutil -a rebuild d0b0t0d0

Where d0b0t0d0 was the Address of the RAID system. Yours could be different. But how did I get this piece of information? From the command sudo raitutil -L logical. So I ran this command periodically and it showed the status of the RAID reconstruction. Once the process was completed, activity lights on both disks blinked together which I took to mean the process was successful.

Automatically Load i2o_config

I then restarted raidtest and what do I see? I am unable to run the raidutil command without getting the error: Engine connect failed: COMPATIBILITY number. So I look on the Internet and find a post (What directory to drivers go into) which tells me to modify the /etc/modules file. So I did just that, using the following process:

sudo vim /etc/modules

Add the following at the end of the file, on its own line, of course

i20_config

Then save the file. I restarted and ran the raidutil command. It gave me results immediately and successfully. What did I learn? You have to load the i2o_config module at startup to be able to use raidutil. Otherwise you have to manually do it every time your computer reboots.

Testing the RAID

It is a very unscientific test but BitTorrent is fairly disk-use intensive. So I just downloaded a BitTorrent client: Deluge.

sudo apt-get install deluge-torrent

And then I started a few torrents of Ubuntu and CentOS ISOs to make sure the drives were working together and working well. I intend to put the new system through its paces before trusting it enough for everyday use.

Conclusion

My experience with hardware-based RAID has shown that it is quite simple to use and troubleshoot. Whatever I have seen of software RAID looks simple enough. Maybe one day I will try that as well.

The following tips should help you out:

  • Make sure that the controller you use is well supported by Linux and also by the distribution of your choice.
  • Make sure that you know how to configure it at the BIOS level. This also includes reconstructing an array.
  • Find out what utilities are available from Linux to monitor and manage the RAID.
  • Test your system for failures and how to recover from them.
  • Once everything is working fine, test the whole system by doing some disk intensive tasks.
Follow

Get every new post delivered to your Inbox.

Join 34 other followers