View previous topic :: View next topic |
Author |
Message |
kittykat990 n00b
Joined: 03 Apr 2022 Posts: 15
|
Posted: Tue Apr 19, 2022 3:10 pm Post subject: Gentoo in production |
|
|
Hi Guys
New to Gentoo having used Debian and Centos. I am keen to find out about the challenges of running Gentoo in production. One of the concerns I read is of the time it takes to update. Are there any other challenges?
Thanks
Kitty |
|
Back to top |
|
|
eccerr0r Watchman
Joined: 01 Jul 2004 Posts: 9824 Location: almost Mile High in the USA
|
Posted: Tue Apr 19, 2022 5:20 pm Post subject: |
|
|
TBH the main problem is having to roll with the punches as it's a rolling release.
I suspect a lot of production servers rely on stability and if one has to keep on upgrading a piece of software, the maintenance issue becomes a problem.
Completely up to you to do. I run it on my home servers but I don't have mission critical apps, things can go down for a few hours/days while trying to come up with a different solution because the old solution is no longer supported, and it's fine for me. _________________ Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
Back to top |
|
|
pietinger Moderator
Joined: 17 Oct 2006 Posts: 5116 Location: Bavaria
|
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20485
|
Posted: Tue Apr 19, 2022 6:59 pm Post subject: |
|
|
I'll second the rolling release issue. In the case of Gentoo, that results in a lot more updates that need to be addressed. A binary distro generally has a fixed point from which updates occur. Commonly major version numbers. That allows for a smaller footprint of code that needs to change.
That brings up what I think is a bigger issue. Binary distros provide a lot of upfront work for you that becomes "your job" when running Gentoo. In addition to any dev/test environment upgrade evaluation that you would perform for a binary distro, you have to build the binaries and make sure they work (or be comfortable with the possibility that something might not). Well known binary distros that are commonly used or associated with use in enterprise environments also add a possible benefit of how many people use them and the number of installed system on which they are running. There are likely to be fewer differences between systems as well.
Regarding the time it takes to perform updates, I think that is somewhat exaggerated. If you're thinking of configuring each system uniquely and updating each one individually, then I have to believe you aren't an experienced administrator. Deciding how consistently things are built is now your decision. Are you going to modify compiler settings, rely on hardware uniqueness? That increases the variations you'll have to deal with when upgrading.
Gentoo does provide a feature to deploy binaries using a "binhost" (https://wiki.gentoo.org/wiki/Binary_package_guide). I remember a different document, but this may be the "current" format. Setting that up is an additional "one time" burden.
Another somewhat more complicated matter is in deciding if you don't want certain binaries deployed on certain systems. Portage the tool requires python. Compiling requires a compiler. Do you want a compiler or any dynamic languages on your web facing systems? Or any systems for that matter? If not, that's an additional complication in deploying and maintaining systems.
In my experience, I would not recommend Gentoo for the environments in which I have worked. That doesn't mean it isn't suitable for production / enterprise use, only that it wouldn't make sense for those environments. Two, but not the only factors to consider would be availability of Gentoo knowledge in the available candidate pool, and whether or not the additional burdens offer enough advantage. How difficult will it be for the organization to expand or replace its employees with Gentoo knowledge? Does the organization gain enough value in choosing Gentoo to outweigh the additional challenges that come with Gentoo?
Before I'd consider such a role, I'd want at least 2 fairly capable build hosts for redundancy (could have other roles without uptime requirements) and multiple hardware incompatible systems for use in a test lab. The more "weird" hardware the organization used, the more of that I'd want in the test lab. In my experience, organizations tend to put a low priority on systems administration testing environments. _________________ Quis separabit? Quo animo? |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54578 Location: 56N 3W
|
Posted: Tue Apr 19, 2022 8:40 pm Post subject: |
|
|
kittykat990,
For production use you separate building and deploying.
When you deploy, you use your snapshot of the portage tree that you used for building and the binary packages that you have built and tested.
It much like deploying any other binary distro. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
kittykat990 n00b
Joined: 03 Apr 2022 Posts: 15
|
Posted: Tue Apr 19, 2022 10:51 pm Post subject: |
|
|
Some really wonderful comments here, I am appreciating them. |
|
Back to top |
|
|
kittykat990 n00b
Joined: 03 Apr 2022 Posts: 15
|
Posted: Tue Apr 19, 2022 10:53 pm Post subject: |
|
|
NeddySeagoon wrote: |
For production use you separate building and deploying.
When you deploy, you use your snapshot of the portage tree that you used for building and the binary packages that you have built and tested.
It much like deploying any other binary distro. |
Is there a guide on how to accomplish this? |
|
Back to top |
|
|
figueroa Advocate
Joined: 14 Aug 2005 Posts: 3005 Location: Edge of marsh USA
|
Posted: Wed Apr 20, 2022 5:25 am Post subject: |
|
|
I run a remote Gentoo stable x86 server and maintain it with updates live. It's updated frequently, every 20-30 days or so. I haven't had any issues in at least five or six years. I reboot about once every couple of months for kernel updates. Once upon a time (8-9 years ago) I froze the kernel at a pretty good good version and had it running for something around 600 days, after which I became a bit paranoid over rebooting, so I don't do THAT anymore.
I get selected logs a couple of times every day by email for what amounts to a health check. I'm more confident in maintaining this box than any of the equivalent Debian stable machines that I've run. I like Debian stable, and that would be my second choice.
The OS is frequently backed up, automatically, in what amounts to stage4 equivalent tarballs. I anticipate problems. I'm careful. I have a couple of similar (one is identical) servers locally, one is usually updated daily, the other at the same frequent intervals as the remote server. These updates help me debug update problems in advance.
There is a helper at the remote location who can do hardware maintenance with my advice, and if necessary boot it from a flash drive for OS maintenance. Over the last 15 years we've had to replace the main hard drive, a power supply x2, a network card. Downtime has only occurred for broken hardware. I installed this machine around 2008-2009 to replace a much older machine that was also running Gentoo, doing mail, web, and file service.
Time to maintain isn't an issue. I don't watch packages compile. _________________ Andy Figueroa
hp pavilion hpe h8-1260t/2AB5; spinning rust x3
i7-2600 @ 3.40GHz; 16 gb; Radeon HD 7570
amd64/23.0/split-usr/desktop (stable), OpenRC, -systemd -pulseaudio -uefi |
|
Back to top |
|
|
kittykat990 n00b
Joined: 03 Apr 2022 Posts: 15
|
Posted: Wed Apr 20, 2022 2:14 pm Post subject: |
|
|
figueroa wrote: | I run a remote Gentoo stable x86 server and maintain it with updates live. It's updated frequently, every 20-30 days or so. I haven't had any issues in at least five or six years. I reboot about once every couple of months for kernel updates. Once upon a time (8-9 years ago) I froze the kernel at a pretty good good version and had it running for something around 600 days, after which I became a bit paranoid over rebooting, so I don't do THAT anymore.
I get selected logs a couple of times every day by email for what amounts to a health check. I'm more confident in maintaining this box than any of the equivalent Debian stable machines that I've run. I like Debian stable, and that would be my second choice.
The OS is frequently backed up, automatically, in what amounts to stage4 equivalent tarballs. I anticipate problems. I'm careful. I have a couple of similar (one is identical) servers locally, one is usually updated daily, the other at the same frequent intervals as the remote server. These updates help me debug update problems in advance.
There is a helper at the remote location who can do hardware maintenance with my advice, and if necessary boot it from a flash drive for OS maintenance. Over the last 15 years we've had to replace the main hard drive, a power supply x2, a network card. Downtime has only occurred for broken hardware. I installed this machine around 2008-2009 to replace a much older machine that was also running Gentoo, doing mail, web, and file service.
Time to maintain isn't an issue. I don't watch packages compile. |
Amazing! What is the server used for ? Are you a hosting on it ? |
|
Back to top |
|
|
figueroa Advocate
Joined: 14 Aug 2005 Posts: 3005 Location: Edge of marsh USA
|
Posted: Wed Apr 20, 2022 5:02 pm Post subject: |
|
|
kittykat990 wrote: |
...
Amazing! What is the server used for ? Are you a hosting on it ? |
Primarily now used as a file server. It receives copies of all desktop computers' nightly backup files (NFS host) and encrypts them for off-site backup. It's also a full mail server with up to 10 staff accounts, but now mainly just used by me for internal functions (courier/postfix/spamassassin/clamav). Was formerly a full blown LAMP server hosting our former school admin system. At one time it held the mail server and LAMP server in two different VirtualBox virtual machines, but VirtualBox has become 64-bit only. _________________ Andy Figueroa
hp pavilion hpe h8-1260t/2AB5; spinning rust x3
i7-2600 @ 3.40GHz; 16 gb; Radeon HD 7570
amd64/23.0/split-usr/desktop (stable), OpenRC, -systemd -pulseaudio -uefi |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54578 Location: 56N 3W
|
Posted: Wed Apr 20, 2022 5:04 pm Post subject: |
|
|
kittykat990,
I don't know of all the information collected in one place but here is a high level overview.
To keep it simple, lets assume your production fleet are all identical. If they are not, some fine tuning will be required but the concept is the same.
You build and test your potential deployment in a build/test system that is representative of production.
Its the normal gentoo install and update process with two exceptions.
1) You keep a snapshot of the the ::gentoo (and all other) repos that you use for building and testing.
2) As you go, you build binary packages of everything. That's FEATURES=buildpkg.
If you use rsync to update your repos, make a tarball when you ace happy its all built and tested.
If you use git, export a tarball.
You now have BINHOST that looks something like my arm64 binhost and the matching ebuilds, so that other systems can use them.
Distribute the repo tarball to the production systems to be updated.
Make the BINHOST available to production systems. That's a make.conf entry.
emerge -K on the production systems will install from the binhost or fail.
Play with it in a VM or two. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
kittykat990 n00b
Joined: 03 Apr 2022 Posts: 15
|
Posted: Wed Apr 20, 2022 5:42 pm Post subject: |
|
|
[quote="figueroa"] kittykat990 wrote: |
...
Primarily now used as a file server. It receives copies of all desktop computers' nightly backup files (NFS host) and encrypts them for off-site backup. |
Great, this is also one of the functions I want to achieve. Are you using an agent or a particular script on the Desktop side ? Are they Windows machines ? |
|
Back to top |
|
|
kittykat990 n00b
Joined: 03 Apr 2022 Posts: 15
|
Posted: Wed Apr 20, 2022 5:46 pm Post subject: |
|
|
NeddySeagoon wrote: | kittykat990,
I don't know of all the information collected in one place but here is a high level overview.
To keep it simple, lets assume your production fleet are all identical. If they are not, some fine tuning will be required but the concept is the same.
You build and test your potential deployment in a build/test system that is representative of production.
Its the normal gentoo install and update process with two exceptions.
1) You keep a snapshot of the the ::gentoo (and all other) repos that you use for building and testing.
2) As you go, you build binary packages of everything. That's FEATURES=buildpkg.
If you use rsync to update your repos, make a tarball when you ace happy its all built and tested.
If you use git, export a tarball.
You now have BINHOST that looks something like my arm64 binhost and the matching ebuilds, so that other systems can use them.
Distribute the repo tarball to the production systems to be updated.
Make the BINHOST available to production systems. That's a make.conf entry.
emerge -K on the production systems will install from the binhost or fail.
Play with it in a VM or two. |
Excellent, thank you, I am going to give it try. |
|
Back to top |
|
|
marduk Retired Dev
Joined: 20 Sep 2002 Posts: 78
|
Posted: Mon Aug 29, 2022 4:50 pm Post subject: |
|
|
kittykat990 wrote: | NeddySeagoon wrote: |
For production use you separate building and deploying.
When you deploy, you use your snapshot of the portage tree that you used for building and the binary packages that you have built and tested.
It much like deploying any other binary distro. |
Is there a guide on how to accomplish this? |
I think Gentoo Build Publisher can (now) do this. It keeps portage snapshots and binpkgs (and config) as a collective "snapshot" (what are called "published" or "tagged" builds). You can also roll back to a previous one when necessary. It will also support multiple machines (machine types). If you want to try it there is an install guide. Please get back with me with any feedback. |
|
Back to top |
|
|
sam_ Developer
Joined: 14 Aug 2020 Posts: 1970
|
Posted: Mon Aug 29, 2022 11:52 pm Post subject: |
|
|
marduk wrote: | kittykat990 wrote: | NeddySeagoon wrote: |
For production use you separate building and deploying.
When you deploy, you use your snapshot of the portage tree that you used for building and the binary packages that you have built and tested.
It much like deploying any other binary distro. |
Is there a guide on how to accomplish this? |
I think Gentoo Build Publisher can (now) do this. It keeps portage snapshots and binpkgs (and config) as a collective "snapshot" (what are called "published" or "tagged" builds). You can also roll back to a previous one when necessary. It will also support multiple machines (machine types). If you want to try it there is an install guide. Please get back with me with any feedback. |
That certainly does look interesting! Thanks for sharing.
I keep meaning to look at layercake which another forums user created.
I'd consider making a wiki page when you feel ready explaining some basic use cases? |
|
Back to top |
|
|
|