View previous topic :: View next topic |
Author |
Message |
Rottweiler n00b
Joined: 19 May 2002 Posts: 13 Location: Heber Springs, Arkansas
|
Posted: Sat Jul 10, 2004 10:03 pm Post subject: Gentoo as server: questions |
|
|
I configure and support Linux servers for clients. I'm looking for a new server distro and there is much to like and respect about Gentoo. A few general questions please:
- Resources: I know there is lots of activity around using Gentoo in a server / production role? Are there specific resources available? A webpage? Documentation? (I've perused the Security and Hardened guides and they look good.)
- Installers: Are any of the alternative installers ready for primetime? I know there has been a fair bit of work with Anaconda. (I'm not knocking the Gentoo installation process - I just need to get the amount of time and heads-down work involved in installation down to a minimum.)
- Package Building: Is there a procedure somewhere on how to build packages on a staging system that could then be installed as binaries on a production system?
- Package Selection: Any documented thoughts on what packages ought to be added or removed on a fresh install of Gentoo for server use? (Not talking about big stuff like apache or samba, but common utilities that need to be there or things that perhaps shouldn't be on a server.)
Well, that's probably too many already. Thanks. |
|
Back to top |
|
|
agu5tin n00b
Joined: 11 Jun 2004 Posts: 9
|
Posted: Sat Jul 10, 2004 10:58 pm Post subject: |
|
|
i use gentoo in my box, but u should think into using Debian Stable for a server, is kindda the best sever distro around. |
|
Back to top |
|
|
xces Guru
Joined: 11 Oct 2002 Posts: 515
|
Posted: Sun Jul 11, 2004 11:14 am Post subject: Re: Gentoo as server: questions |
|
|
Rottweiler wrote: | Resources: I know there is lots of activity around using Gentoo in a server / production role? Are there specific resources available? A webpage? Documentation? (I've perused the Security and Hardened guides and they look good.) |
Try the Gentoo Server Project Wiki. Unfortunately it seems to be down right now or the server is at least slow as hell.
You should also subscribe to the gentoo-server mailinglist. |
|
Back to top |
|
|
ewan.paton Veteran
Joined: 29 Jul 2003 Posts: 1219 Location: glasgow, scotland
|
Posted: Sun Jul 11, 2004 2:48 pm Post subject: |
|
|
[1] these forums have as much info as you need, you just need to search for specific packages
[2] the normal installer is good enough for most folks, if your setiing up a server you realy shouldnt need a gui installer
[3] emerge -B on one machine to build them then emerge -k to install them after you copy the tarballs over
[4] just install all the stuff you need then possibly remove the gcc to prevent anyone compling progs you havent built and tested, anything more and youd have to check out stuff like the nsa server spec thing _________________ Giay tay nam | Giay nam cao cap | Giay luoi |
|
Back to top |
|
|
Suicidal l33t
Joined: 30 Jul 2003 Posts: 959 Location: /dev/null
|
Posted: Sun Jul 11, 2004 3:07 pm Post subject: Re: Gentoo as server: questions |
|
|
Rottweiler wrote: | I configure and support Linux servers for clients. I'm looking for a new server distro and there is much to like and respect about Gentoo. A few general questions please:
- Resources: I know there is lots of activity around using Gentoo in a server / production role? Are there specific resources available? A webpage? Documentation? (I've perused the Security and Hardened guides and they look good.)
- Installers: Are any of the alternative installers ready for primetime? I know there has been a fair bit of work with Anaconda. (I'm not knocking the Gentoo installation process - I just need to get the amount of time and heads-down work involved in installation down to a minimum.)
Try GRP using your own packages
- Package Building: Is there a procedure somewhere on how to build packages on a staging system that could then be installed as binaries on a production system?
Create another chroot enviroment inside your current installation for the arch you want and add buildpkg to the features in the chrooted make.conf note this will work for building i*86 on a p4 or athlon system but I doubt you can build amd64 ppc or arm on a x86 system.
- Package Selection: Any documented thoughts on what packages ought to be added or removed on a fresh install of Gentoo for server use? (Not talking about big stuff like apache or samba, but common utilities that need to be there or things that perhaps shouldn't be on a server.)
Well, that's probably too many already. Thanks. |
use = "-* " will cut most of the fat from a install you may want to add flags like chroot tcpd and ssl though. |
|
Back to top |
|
|
Rottweiler n00b
Joined: 19 May 2002 Posts: 13 Location: Heber Springs, Arkansas
|
Posted: Mon Jul 12, 2004 2:15 am Post subject: Re: Gentoo as server: questions |
|
|
xces wrote: | Try the Gentoo Server Project Wiki. Unfortunately it seems to be down right now or the server is at least slow as hell.
You should also subscribe to the gentoo-server mailinglist. | Thanks. I didn't know about either of those. |
|
Back to top |
|
|
Rottweiler n00b
Joined: 19 May 2002 Posts: 13 Location: Heber Springs, Arkansas
|
Posted: Mon Jul 12, 2004 2:24 am Post subject: |
|
|
ewan.paton wrote: | [1] these forums have as much info as you need, you just need to search for specific packages | My question wasn't so much about specific packages as general stuff about techniques, tips, tricks, guidelines, gotchas.
Quote: | [2] the normal installer is good enough for most folks, if your setiing up a server you realy shouldnt need a gui installer | I didn't ask for a graphical installer. I am looking for some way to reduce the amount of manual labor and heads-down work time required to get a server up and running in a basic configuration.
Quote: | [3] emerge -B on one machine to build them then emerge -k to install them after you copy the tarballs over | Is there some clever or programmatic way to deal with the difference in USE flags and processor and such? The staging/development machine won't necessarily be identical to the production machine. I thought I had seen a way somewhere to give the staging machine a "personality" identical to the production machine temporarily while building packages. |
|
Back to top |
|
|
cuerty Tux's lil' helper
Joined: 25 Jan 2003 Posts: 90 Location: Buenos Aires, Argentina
|
Posted: Mon Jul 12, 2004 5:50 am Post subject: |
|
|
Rottweiler wrote: | Is there some clever or programmatic way to deal with the difference in USE flags and processor and such? The staging/development machine won't necessarily be identical to the production machine. I thought I had seen a way somewhere to give the staging machine a "personality" identical to the production machine temporarily while building packages. |
Use safe CFLAGS flags
-mcpu=i686 should be enoght, and about the use flags, you can use the same for all the servers _________________ I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. if it makes a mistake, it's because I screwed it up. Not Because it doesn't like me... |
|
Back to top |
|
|
Rottweiler n00b
Joined: 19 May 2002 Posts: 13 Location: Heber Springs, Arkansas
|
Posted: Wed Jul 14, 2004 9:09 pm Post subject: Re: Gentoo as server: questions |
|
|
xces wrote: | Try the Gentoo Server Project Wiki. Unfortunately it seems to be down right now or the server is at least slow as hell. | Anyone know when this might be back up? It has been down at least since xces posted this. I'd really like to read it. Thanks. |
|
Back to top |
|
|
Kavika n00b
Joined: 07 Nov 2003 Posts: 53 Location: Seattle, WA
|
Posted: Thu Jul 15, 2004 6:57 am Post subject: |
|
|
Ahh that page WOULD be highly useful to me right now, too. Can't connect.
Here's a good question, along the same lines. If I simply emerge the (stable) ebuild of apache2, is it decently secure for use as a server by default, or are there things I should change in the config off the bat for a (toy) "production server"?
I never thought it would be as simple as "emerge apache," "/etc/init.d/apache2 start," but that seems to give me a running server! I can't help but feel like I'm not done yet...
BTW, I don't need more than one domain on my system, except for paranoia, the default setup _seems_ fine to me.
If I set it up for FTP access, is there anything I should look out for? (the directory permissions/ownership is gonna have to change from root:root, am I right?) _________________ If at first you don't succeed, RTFM
(advice I should take, myself =)
I'm a newb, I'm crunchy, and good with catsup! |
|
Back to top |
|
|
bonkalot n00b
Joined: 16 Jun 2002 Posts: 9
|
Posted: Sat Jul 17, 2004 3:53 am Post subject: |
|
|
yeah, Subverted.net which the GSP wiki is served from is down atm, due to the guy that hosts it, moving house and losing his cable connection....... but i hear theys are looking at getting it hosted at a dedicated hosting site. |
|
Back to top |
|
|
Mango n00b
Joined: 27 Aug 2003 Posts: 11 Location: Denmark
|
Posted: Sun Jul 18, 2004 12:58 pm Post subject: |
|
|
Rottweiler wrote: | Quote: | [2] the normal installer is good enough for most folks, if your setiing up a server you realy shouldnt need a gui installer | I didn't ask for a graphical installer. I am looking for some way to reduce the amount of manual labor and heads-down work time required to get a server up and running in a basic configuration.
|
You could try GLIS, 'Gentoo Linux Install Script'. I have not tried it my self and it is still in alpha stage, but it looks promising.
http://glis.sourceforge.net/
Just found out that the project is no longer being develop, but there is a Gentoo Installer project on the move.
http://www.gentoo.org/proj/en/releng/installer/index.xml |
|
Back to top |
|
|
neuron Advocate
Joined: 28 May 2002 Posts: 2371
|
Posted: Sun Jul 18, 2004 4:57 pm Post subject: |
|
|
if your building for many boxes look into rolling your own livecd (emerge -s catalyst), and put a custom install script on the cd.
so you can easily run a install script on a specific hd/partition and have it do most things for you.
also instead of removing gcc I'd chmod go-rwx the binaries. (if you want portage working I suppose you could make a compile group and chmod g+rx, keep in mind you also need to add the portage user to that grp). |
|
Back to top |
|
|
F.Ultra Apprentice
Joined: 17 Mar 2004 Posts: 169 Location: Sweden
|
Posted: Sun Jul 18, 2004 8:34 pm Post subject: |
|
|
Besides making a livecd there is also the choice of creating a tar archive of a confiured server and simply untar it to the new one after you have fdisked it. This is the way I enroll all my servers. |
|
Back to top |
|
|
Mango n00b
Joined: 27 Aug 2003 Posts: 11 Location: Denmark
|
Posted: Sun Jul 18, 2004 10:44 pm Post subject: |
|
|
F.Ultra wrote: | Besides making a livecd there is also the choice of creating a tar archive of a confiured server and simply untar it to the new one after you have fdisked it. This is the way I enroll all my servers. |
Q: This can only be done if the servers hardware are the same, right or
Q: Can this be done while the server is running, unlike Windows |
|
Back to top |
|
|
F.Ultra Apprentice
Joined: 17 Mar 2004 Posts: 169 Location: Sweden
|
Posted: Mon Jul 19, 2004 9:44 am Post subject: |
|
|
1. I have much different hardware. What I do is to set the USE flags to match the lowest spec, I have P3 and P4 so I always set "march=pentium3" in /etc/make.conf on the generic config. Then on my P4 servers I change to "march=pentium4" so that future emerges bets the highest optimization but it is really not needed as the difference should be quite small. I also recomile the kernel to support other nics or smp/up, but that does not take very long.
Since I know what kind of hardware my servers have I can always precompile a few kernels for the different hardware and copy them to \boot and then include \boot in the tar.
2. I havent found any problems with taring the whole computer while it is running (just make sure that you exclude /proc), as far as I know there are no hidden and locked files as in a Windows server (and of course no stupid registry).
A stage4 custom livecd might be a better solution, I don't really know since I have never tried that. For me it was quite simple to have one machine dedicated for this generic-server-config, keeping it up to date with the newest security pathces and kernels and taring the whole machine and when installing new servers simply fetch the tar archive via ftp from a livecd and untar to the new server, and reboot.
I use this to clone servers as well. For example our IPVS loadbalancers, there I configured the primary first and when it did work I simply tared it and untarred it to the secondary machine and changed only the ipaddresses and hostname and rebooted and it worked instantly.
On Windows I usually used Norton Ghost to create a complete image of the harddrive and thus cloned the whole disk, the drawback here was that it did take quite a while to do since it was many GB of data and that windows creates a unique key on each machine that uniqiely identifies them so RPC might not always work correctly between such machines, so the switch to Linux was very very welcome
edit: to clarify, I have a script called create_stage4 that creates the tar and it looks like this:
Code: | #!/bin/bash
mount /boot
tar -cjpf /stage4.tar.bz2 --exclude=/stage4.tar.bz2 --exclude=/create_stage4 --exclude=/proc/* --exclude=/tmp --exclude=/var/tmp /
umount /boot |
I figure that a livecd can be faster since there would be no need to fetch a 200-300 MB file over ftp |
|
Back to top |
|
|
|