Over the last year I have run a server using the Linux flavor Gentoo. While most of the servers I deal with these days run FreeBSD (WireLoad’s servers included), I was curious about what speed I could get out of old hardware with Gentoo. Gentoo is a system built to make it easy to compile every little piece of software in the system with the biggest and baddest gcc flags imaginable for your particular hardware. In theory this should lead to a faster system.
The experience has been a bit of a mixed bag. There are things I really like about Gentoo: the package management, USE flags and the sophisticated dependencies system. But unfortunately the drawbacks are severe for a server setting.
The Good
The system is better than most Linux systems I have seen when it comes to general package management and installation. The emerge command is excellent. It makes it easy to update and install software together with the necessary dependencies. A well thought out system called USE flags complement this system well. Rather than having to tinker around with every program you compile, you can set some global USE flags. Most packages will take note and your system will be made into one harmonious whole of software agreeing with each other about what should be used and what should not.
The easiest way to describe the benefits of this is by comparison to a normal FreeBSD server and the installation process. Assume that you don’t have X11 and that you don’t want it. Now, you are installing PHP and you want to have support for graphical operations (image conversion, CAPTCHA generation, etc). So you find the make flags to do this and you add them to your make.conf. You hit ‘make install’. During the build process the ports system goes out to build the dependencies of your graphics library. The graphics library requires fonts. The fonts want a font manager. The font manager is by default configured for X11. Wait, X11? Suddenly, X11 becomes a dependency and you find yourself hitting Ctrl-C rapidly!
In Gentoo on the other hand you would have -x11 in your USE flags and everything would be cool. It’s a slick system.
Colorful Gentoo.
Gentoo also has an active community. As we have mentioned in this blog before, there is an excellent forum for Gentoo users. There are also little touches like how Gentoo uses colors by default, to improve clarity and to go easier on the eyes.
Disadvantages Expressed in Time
All of these things make it a pleasure to use Gentoo. I would love to use it for a desktop some day, should my Apple OS X machine fail me. But I really don’t see myself using Gentoo in a server setup again. Here’s why:
1. Gentoo is Time Consuming to Install
At least when I installed Gentoo there wasn’t really any installer. The documentation is excellent and describes exactly what you need to do, but it takes a while. In fact, it took me several hours to set up my first Gentoo system. And that was just the beginning.
2. Gentoo is Even More Time Consuming to Install
The strength of Gentoo is the compile everything mentality – at least that seems to be the main selling point. Unfortunately on my low-end test server it took about three days to compile even the base system with Apache, MySQL, Python and some other important software. My machine was working non stop compiling things during this time.
I understand that the latest recommendation is to not perform a so called ‘stage-1′ installation anymore. I would recommend following this suggestion. But then what happens to the compile everything advantage?
3. Gentoo’s Stability Strategy: Update Everything
Since it takes a long time to compile a program, you usually don’t want to have to do it too often. Unfortunately Gentoo encourages you to update software on a frequent basis, just for the sake of updating.
There is no ‘stable’ version of Gentoo. Gentoo is rather a moving target where emerge will forever cause your system to approach the cutting edge. From the Gentoo handbook:
From the beginning, Gentoo was designed around the concept of fast, incremental updates.
If all you’re concerned with is keeping your web server up, what you usually want to do is to set up a stable system and then forget about it. You install security updates as needed but that’s it. With Gentoo, this isn’t really feasible because there is no ‘stable’ Gentoo release.
What’s worse, there will on occasion be a sort of ‘system update’. This is called a new ‘profile’. The Gentoo documentation and the handbook will at this time encourage you to update to this new profile. A profile update will try to replace your basic system. If you are a system administrator, rather than a desktop user, this should be enough to scare the living daylights out of you!
A profile update will touch a very large number of configuration files, and it may even alter your startup process. Obviously this is not something you want to do to any server. It would be very difficult to verify that everything works as it used to afterwards, and you’d be fairly likely to end up with broken configuration files that may stop working the next time you reboot. This is in fact exactly what happened to me, despite a substantial time spent updating /etc files. The end result: the machine had to be resuscitated on-site with associated downtime.
For a more sensitive server than my test system, you’ll want to simply retire the system whenever a new profile comes out. Just start over fresh with a new Gentoo installation on an alternate machine and go through the setup process. This way you can be fairly sure it’ll work even after a reboot. Once you’ve verified that everything works, switch to the new system.
4. Gentoo’s Security Strategy: Update Everything
As you might be aware, FreeBSD has a nice little program called portaudit. This utility will alert you if you have any software installed with known security holes. Then you can go ahead and update that software with a simple ‘portupgrade‘ command. There’s rarely any problem with this process.
Now, Gentoo also has something like portupgrade. What it doesn’t have is portaudit.
In all fairness, Gentoo has an experimental command called ‘glsa-check’. This command automatically examines whether your system is affected by vulnerabilities described in Gentoo issued security advisories. It also knows what steps need to be taken to fix a given security issue. I really like this development, but I understand that this command is not considered production ready. The Gentoo manual page about it is filled with warnings that this is a tool under development.
In the meantime, Gentoo rather encourages you to update the whole system. And of course a system wide update tends to cause just the amount of havoc you would expect from it.
Gentoo too Time Consuming and too Risky for Servers
I firmly believe in updating server software only when you need to. If you don’t need new features, and things are working, why change anything? If you update anything you will doubtlessly need to update configuration files. You will need to fix things that break in the upgrade process. This is exactly what happened to me with Gentoo during its test year. I had nearly no idea of what I was updating as I ran the dreaded but most needed “emerge world” update. And once I was done I still no idea. I spent a long time working my way through updates in the /etc folder, using the built in ‘etc-update’ command. I tried to read the enormous emerge log file and take appropriate actions. And still things broke.
The best way to keep a system stable is to get it working and then not changing anything. This is hard with Gentoo. Gentoo wants you to change a lot of stuff. It wants to be bleeding edge.
And hence my conclusion. Gentoo is fun to play with, but oh is it time consuming. I guess that’s the cost of living with a hardcore compile everything attitude – you’ll be on the bleeding edge and you better make sure you can balance on such a thin edge. For a desktop system, Gentoo seems fabulous. Fun to work with, colorful, a beautiful ports like system for software. USE flags.
But for a server, especially a production server, Gentoo just isn’t time effective. It’s both the time it takes to put in security updates, and the time possible reinstalls will take. I believe there were three profile updates for Gentoo in 2006, and very little support for older profiles. If you’re like me you’d probably much rather not reinstall your servers three times a year!
In closing I want to quote something Gentoo told me recently:
* An update to portage is available. It is _highly_ recommended
* that you update portage now, before any other packages are updated.
* Please run ‘emerge portage’ and then update ALL of your
* configuration files.
Call me stressed out but I really can’t fit too many ‘update ALL of your configuration files’ into my schedule. :)
I accept for all what you write about gentoo
Totally true, came to the same conclusion myself; too bad most Gentooists are quite fanatical when it comes to their OS…
I’m a Gentoo user, though I don’t run a server. I’m not sure I’d run Gentoo on a server though. However, some misconceptions are in here.
“Gentoo is a system built to make it easy to compile every little piece of software in the system with the biggest and baddest gcc flags imaginable for your particular hardware. In theory this should lead to a faster system.”
Yes, there are Gentoo users who try to optimize cflags this way, but many do not. I spend no time fiddling with cflags. I doubt optimized cflags speed up a system much–definitely not enough to compensate for breakage that may result. I use Gentoo because of Portage and because it its configurability, not because of cflags.
“I understand that the latest recommendation is to not perform a so called ‘stage-1′ installation anymore. I would recommend following this suggestion. But then what happens to the compile everything advantage?”
Nothing. There really is no “compile everything advantage.” Stage 1 hasn’t been recommended for at least a year now. Again, custom cflags really aren’t going to do very much for the speed of your system.
“Unfortunately Gentoo encourages you to update software on a frequent basis, just for the sake of updating.”
Well, a lot of people do that, but Gentoo doesn’t necessarily encourage it. You don’t have to update all the time if you don’t want to. It is feasible to use glsa-check, though I understand why you wouldn’t want it on a server because of the warnings.
“A profile update will try to replace your basic system.”
First, you don’t need to update your profile every time a new one comes out. Wait until yours is deprecated. This typically takes at least a year. Second, a profile update will not try to replace your basic system. It might require you to update a few packages, like portage or gcc. But that’s it. It might not even require that. It depends on what changes are made to the profile.
“If you’re like me you’d probably much rather not reinstall your servers three times a year!”
There is no way you would have needed to reinstall a server three times a year, even with profile updates.
Again, I’m not sure I would put Gentoo on a server either, though many folks do. Servers often don’t need the vast collection of software that Gentoo offers, and other distros do handle security updates more smoothly. But many of your reasons stemmed from misconceptions rather than true weaknesses of Gentoo.
Dear anonymous,
Good comments. As I mentioned in the article I only tried Gentoo for about a year, and I’m far from an expert. I know there are some amazingly experienced Gentoo users, as I have seen on the forums, and I’m sure they’d have a smoother experience.
If I was swept away too much by the ‘compile everything’ attitude I apologize. It just stood out as the ‘right way’ to do Gentoo.
As I said, from the point of view of a desktop user Gentoo really impressed me. But for an administrator just trying to keep servers running, Gentoo did not feel optimal. I had a constant feeling I was updating a large number of packages every month, while on similar servers I could get away with one or two packages monthly.
“First, you don’t need to update your profile every time a new one comes out. Wait until yours is deprecated.”
Good advice which I will adhere if I try Gentoo for the server again. Nonetheless, apparently these profiles are deprecated in rather short order. Last I checked 2006.1 was the last supported version. By comparison, if you pick the right version of FreeBSD you’ll be good for at least 24 months without a reinstall. Check out the Estimated End-of-Life chart:
http://www.freebsd.org/security/
“Second, a profile update will not try to replace your basic system.”
My profile update in 2006 broke the network configuration files, causing one network card not to load on restart. This is what I mean with ‘basic system’. I don’t think my network setup files need to be replaced every year. They’re part of the basic system and should just quietly work.
I think there’s simply always a risk when you start updating things.
I’ve more experience with Gentoo than Alex (a couple of years). However, I’d say I mainly concur with Alex’s comments.
There are some advantages with Gentoo though that Alex failed to mention. Let’s say you have an internal production server, you’re probably not interested in updating softwares all the time (except for security updates). However, let’s say 2-3 years down the road you realize that you need the feature of the latest version of some software. If you’re running a system such as Slackware (which I did in a case just like this) and you decide to try to compile the software, you’re up for a bit of a challenge. You’re likely to find yourself needing to update about a gazillion of dependencies. Do you really want to compile and update all of these? Nope.
On Gentoo on the other hand, you just do you ‘emerge –sync’ and then you just ‘emerge’ the package with all it’s dependencies, let the box compile for a while and you’re done.
Simple.
You might run into problem with some etc-files, but at least you didn’t have to reboot your server to install the latest distribution of your distribution. In my point of view, the fact that Gentoo lacks real distribution version, is one of the biggest advantage of Gentoo.
I do ues gentoo for servers and workstations, and you are right that the install and forget strategy doesn’t work well with gentoo.
I did feel the pain of the falling you mention, still I stick with it because portage benefit are so great.
As anonymous said, many – me included – use gentto for Portage, not to tweak cflags.
On my servers, the way I try to mitigate the ‘moving target’ syndrome is to have a staging area. I have a local rsync mirror of the portage tree and I keep it up-to-date. I build stuff on that machine and test that the packages I need are not broken. when I’m happy with it, I sync other servers against this reference machine, which limit the ‘chances’ of a fumble on an upgrade of a production server.
for the workstations, I do pretty much the same, with the extra step of building binary package on the ‘reference’ workstation. most of the workstation are identical of very very similar, and since I don;t use any fancy CFLAGS, I can basically prepare my packages ‘offline’ on my reference workstation, and when things are ready I deploy using binary packages, which is very fast.
Hey guys,
I did not know where to post this really. But to be honest I lost you guys over 6 weeks ago as I bookmarked you on a PC at work, the only way I found you guys was checking for SEO backlinks to our blog. So you guys seriously need to set up a mailing list or contact details or something.
i totally agree with norbert. I run about 12 Internet-Servers with gentoo. I have my develop-machines where i compile and test all packages and the whole system. After that i usually take an image without the whole portage-tree and gcc and stuff. My Mailserver has about 250 Users and the System-Image is just a ~170Mb squashfs! I also administrate about 50 gentoo-pxe Workstations without any need of compiling on more than my 3-node distcc Hosts!
I would not recommend Gentoo for just one Internet-Server. But i would recommend it for a Home-Server, where you probably want to install a bit more software like mythtv or so… ;-)
Gentoo is just a very good Meta-Distributon not more and not less. If you just want to have your Desktop where everything works, try Ubuntu or something. If you want to do things that are not so usual, then go for Gentoo!
Gentoo makes impossible things so easy, but very easy things can cost you so much time with it!
– just another anonymous ;-)
I also agree with norbert. And while I don’t use Gentoo, I would think that for managing any type of production environment, (binary or source-based), you would want to do all your package updating/testing in a staging environment first. Only after validating that everything works as it should, you would ‘snapshot’ (and not even necessarily in the LVM-sense) the state of your staging environment, and rsync your production machines accordingly.
The edge in Gentoo’s favor as I see it, is the active community of experienced Linux enthusiasts who also happen enjoy living on the cutting edge. This means that you’ll not only find users who are willing to help you resolve your issues, but that they’ll probably have a good grip on how to do it as well.
As for the issue of compiling-related downtime, have you tried using ‘ccache’ (compiler cache-ing) and ‘distcc’ (distributed compilation)? From what I’ve read, they could reduce your compilation times significantly (>50% in time reduction isn’t unheard of).
At any rate, thanks for your article. I wish more people would publish their experiences with their chosen distros, as I think that would be a far better indicator of a distro’s true worth- rather than distrowatch’s popularity-contest chart.
The author is an idiot. I run three Gentoo servers for over three years. No problems whatsoever. You don’t have to “upgrade everything” lets say you did a simple emerge -uDav world. And you noticed that drupal has a upgrade but also there’s a kernel upgrade. If you want to just update drupal just do a emerge -u drupal. It’s that easy! Also, I’ve been using glsa-check for years now. I haven’t had a single issue with it. Just add glsa-check -t all to cron and have it mail you if there’s any security updates needed. Also, I do agree that it does take some time to compile everything. But, using tools like screen should take care of that issue. And finally may I quote….
“I had nearly no idea of what I was updating as I ran the dreaded but most needed “emerge world” update. And once I was done I still no idea. I spent a long time working my way through updates in the /etc folder, using the built in ‘etc-update’ command. I tried to read the enormous emerge log file and take appropriate actions. And still things broke.”
That’s not Gentoo’s fault. That’s your own fault for not reading up on the plethora of documentation Gentoo offers. Read the wiki http://gentoo-wiki.com/Main_Page or even the page on how to update http://gentoo-wiki.com/HOWTO_etc-update. No one is going to babysit you and hold your hand to make sure you don’t break anything. It’s your fault that you had a bad Gentoo experience. Next time RTFM before you criticize a distro. And “s I ran the dreaded but most needed “emerge world” update” GTFO. It’s up to you on when you need to update. Gentoo doesn’t force you to update your box. Hell, I still have 2.4 on one of my servers!
My response:
Some quick words on Gentoo GNU/Linux
agreed. stop using Gentoo even before emerge successfully finished. stickin’ with slackware. fast, easy and remains K.I.S.S
From our experience, the points made in the article are generally true (except, as has been pointed out, that I really don’t think Gentoo is all about aggressive USE flags.)
We have two Gentoo production servers, and while yes, we are afraid of trying to update them, it has to be said that for the last 3 years they have been incredibly stable.
I would say that running a Gentoo server farm by approaching updates in the ways the project recommends, with central compilation and testing followed by distribution of the updates, it’s actually a well thought-out and secure way of managing updates with confidence. But you must know what, and take responsibility for, you are doing.
There is one aspect of Gentoo though; you learn an incredible amount about Linux, incredibly quickly. And that’s not restricted to technical learning – your also learn the value of Community and the value of the gift economy.
I use it (Gentoo) on many production servers.
The install is fast, and then it’s just a case of install what you need.
I (as most people here have said) don’t tweak my use flags at all. I’d rather have a stable system that’s 2% slower.
I run a private sync server, and configure all my servers to sync from that (to save bandwidth).
At 5 am each morning, they each run:
glsa-check -l -nc | grep ‘[N]’
and email me the results.
I don’t upgrade anything unless it’s a security alert, or unless there is fantastic/critical new functionality.
Even then, I test the upgrade on a test box first to make sure it all works OK.
Result? Stable servers.
Yes. Gentoo is perfectly good for servers, as long as the sysadmin isn’t an upgrade everything all the time freak.
True, only a highly unexperienced administrator or idiot would keep the system up-to-date with “emerge world” without examining and picking the packages one-by-one…
…years of experience with Gentoo on production servers and I would never change back to other distros. (haven’t tried BSDs thou…)
Looks like just another idiot administrator failed to use gentoo properly. The post contains so many of misconceptions of gentoo. One thing is true, for unexperience user/administrator who does not really know what they are doing, gentoo is not for them.
I think my comments seem to stand quite well so far.
One commenter wrote, “If you want to just update drupal just do a emerge -u drupal. It’s that easy!”
I think this supports my argument further. This is one user who feels so confident about his or her abilities with Gentoo that they even called me ‘an idiot’. Yet even this user can’t resist the urge to upgrade more than what is necessary on Gentoo. From the emerge man page,
“–update (-u)
Updates packages to the best version available, which may not always be the highest version number due to masking for testing and development. This will also update direct dependencies which may not be what you want. In general, use this option only in combination with the world or system target.”
In other words, “emerge -u” does not ‘just update drupal’. It tries to update all its dependencies.
The fact that this command is the first thing on the mind of at least one experienced Gentoo user helps to illustrate my point. Gentoo wants to be bleeding edge. It wants to be updated often.
It is simply difficult to run a Gentoo system for more than half a year without having to update software you’d normally never touch on a production server. Certainly there are ways to mitigate these effects, as some of you have pointed out, but ultimately your profile will expire within 6-12 months.
I think the people who write that a profile update is “not a big deal” are actually the same people who update their whole system very frequently. If you already have the latest versions of everything, a profile update may be seen as minor. But if you have only been updating the bare minimum you’ve got your work cut out for you.
Writes one user in the Gentoo thread for this post,
“Well one day the ‘profile’ dropped out of portage… I was forced into a painful and broken upgrade, with stuff blocking left and right, requiring an awful lot of forum/google-digging.”
By the way, the correct way to update ‘just drupal’ is simply, “emerge drupal”.
If we talk about servers, please don’t talk about a toy…
There are better systems, like Solaris, Aix or HP-UX…
Linux? Ok it will be funny, but it still remain a toy used in a geekly environment.
Tell me about a nuclear reactor using gentoo… come on!
Re: speaking of a nuclear reactor, speak QNX, not AIX or Solaris.
IMHO the title of this aticle should be “Why I cannot run a Gentoo server”. If the author started with that, he might end up with a more usefull article “How to know that you cannot run a Gentoo server without trying that”.
Azzam,
You wanted contact information. You’ve got it. Every page now has an email link.
May we also suggest our RSS feed? You can find a link in the top right corner of the blog.
Good reading.
I uninstalled gentoo from my notebook when it failed to update because python couldn’t find a proper version of glibc.
My main system now is FreeBSD, though portupgrade crashed for quite a while. I would say, both emerge and portupgrade use wrong interpreter. Both ruby and python have a lot on dependencies on a base system.
Although I still use FreeBSD’s ports but I prefer pkgsrc. It lacks some cool features and may fail to compile some packages but once you get used to it, it works perfectly.
A well thought out system called USE flags complement this system well. Rather than having to tinker around with every program you compile, you can set some global USE flags.
FreeBSD’s ports offers “knobs” that do a similar job. There is a brief description of how knobs work in the Porter’s Handbook and the file “/usr/ports/KNOBS” lists popular knobs.
All distros have their problems, all can be overcome, so there no one single truth.
Wait, X11? Suddenly, X11 becomes a dependency and you find yourself hitting Ctrl-C rapidly!
In FreeBSD, just add WITHOUT_X11=yes in your /etc/make.conf file and now, it won’t install ports related to x11. You can do it for all other flags, but it’s not a good idea.
Yes, make.conf is definitely a way to control what goes into your system, and that’s what I use. I don’t feel that it’s as intuitive as Gentoo’s system though.
FreeBSD Without_X11=yes == Gentoo USE=”-X”
portage is intended to be like ports. You might be surprised at the similarities.
Bless you, sir, your sharing your comments. Six months ago I accepted a position as one of two administrators of a dozen gentoo boxes, and I am saddened and discouraged by what I have found.
At my last job I was the sole sysadmin of scores of Solaris hosts, and it just wasn’t an issue.
In ten years of being a sysadmin (solaris, freebsd, multiple linux distros) I am consistently dismayed by how much time gentoo requires.
As a previous poster said, I would rather have a stable system that runs 2% slower.
If you add up the extra time that I have wasted on gentoo (as compared to other unix flavors) I could have bought a second server by now – and that completely erases gentoo’s performance claims.
One of the more irritating things about Gentoo you didn’t mention, is that they like to move files into “non-standard” directories. Take a look at the current Tomcat 5.5 split up … and the Java handling in general is a bit frazzled.
Oh, I’ve used Gentoo for 3 years, both on a workstation and servers (prod & test).
As you mention, I really like the emerge / portage (when it works correctly) but I have been bit in the ass a couple of times with major config reorgs which were part of an upgrade.
Why would anyone run gentoo on a server? Unless it’s an experimental server.
The reason anyone would use gentoo is to have a cutting edge system, which is exactly what you DON’T want your server to be – a server should target maximum uptime, performance and security, with little or NO upgrades over time.
I fail to see your logic of running gentoo on a server at all. I’d go with something like Debian or Slackware.
I have 6 letters for the author: PEBKAC
I run an 11 machine gentoo production cluster, which I don’t have problems with (outside of hardware issues). If you’ve got a half a brain and you’re using ANY distro in production you’ve got your own frozen trees/packagesets which are thoroughly tested before being placed in production, Standardize your hardware, keep binpackages, keep backups, and try, above all, not to be an idiot. (oops, little too late for that, eh?)
This issue seems strangely polarizing: one chunk of the people who comment agree happily, and the other chunk is convinced I’m an idiot.
Remember that this is just an opinion folks. I gave Gentoo a chance on a server. Some of you have written I shouldn’t have. Other people write they love running Gentoo on their servers.
The point of my article is what Johnson expressed in a succinct way,
“The reason anyone would use gentoo is to have a cutting edge system, which is exactly what you DON’T want your server to be – a server should target maximum uptime, performance and security, with little or NO upgrades over time.”
When I started using Gentoo I had only heard the hype. When I was done, there were things I quite liked, but ultimately I realized that Gentoo was not the right tool for the job I was trying to do.
I understand your points, although I have to say that I run my desktop at work with lots of software (including apache and MySQL) and for three years now, I have never needed to reinstall it. I even installed and uninstalled gnome without breaking it. And I do emerge world only every two, three months, if that. I think it is perfectly feasible to keep a server with Gentoo, even if I have not tried yet. The only drawbacks of Gentoo, I think, are the long compile times for installation and some upgrades and
the slowness of portage, because it’s written in Python.
I have to whole heartedly agree. I spent a couple of years dealing with Gentoo systems, both on my laptop as a dev machine and as a server admin. Let me tell you, Gentoo was such a moving target during that time that I had to reinstall things at least every 6 months. This was during 2004-2006, and when a major profile change hit, you had to update. If you didn’t you missed out on many many other updates. During that time server configurations changed drastically. For example, the default apache configuration location / strategy on Gentoo shifted sometime during that span.
The other problem is that it is very easy to tweak a system to your liking… however, that may not be the same way that another admin would have done things, and there isn’t really a standard to follow. So, I’m stuck dealing with a system where I still have problems finding things.
During my Gentoo times, I really liked it. I liked the bleeding edge nature of it. I liked the feeling of total system control. I liked compiling things for my exact system. But, like more than a few have mentioned, it bit my ass more than once, and after that I just couldn’t take it any more. I moved my Linux boxes to Ubuntu, and have been very happy.
I fell for the allure of a “finely tuned” system. Unfortunately that also means a pain in the ass to keep up to date and finely tuned.
Having a profile be stable for a minimum of a year does not cut it in a production environment.
I’m not sure what the problem is here. You can leave a Gentoo system alone if you want to. Nobody is forcing you to upgrade.
That being said, I run a lot of servers on Gentoo and wouldn’t have it any other way – Gentoo tells you what config files you need to check. It’s really no big deal.
“In other words,
Psst…hey…yeah you… your ignorance is showing. You are right about one thing though… YOU shouldn’t be using Gentoo. You obviously don’t have knowledge on its proper administration seeing the issues you had. For any distro (including Windows) in a production environment… if you are the one administering it and you don’t have an understanding of its administrative tools, you shouldn’t be the one administering it. I was going to go through each point one by one and explain where your ignorance lay, but no…if I could RTFM, so can you. As far as your post talking about you being an idiot, well, I don’t know you but I am inclined (on a hunch) to agree.
Jonathan,
Thanks for the comment. Updating dependencies just as needed is excellent. The man page seems to disagree with you though, and even explicitly states that –update should not be used in general. I suppose there might be an error in the man page, in which case I retract my previous statement and thank you for the heads up.
Frank,
I am not alone about experiencing the problems described, as you can see from other comments in this thread. Maybe you live in a world where an update never fails. In my experience though, no matter how well you prepare for something, there is always a chance that something will go wrong.
While the author raises some valid points, there are workarounds that may help alleviate most of the concerns, while keeping the flexibility of a source-based system:
1) use a staging server to build and test new packages. emerge can build binary packages that can be shipped to the production server and installed there without the need for redundant compiling.
2) use quickpkg to create binary packages of software you’re about to upgrade. This will give you an immediate rollback path.
3) use dispatch-conf instead of etc-update. Dispatch-conf is somewhat similar to the FreeBSD-based mergemaster, in that it lets you find out which configuration files are being modified, as well as exercise control over the modifications. It also keeps the old versions of the modified files in /etc/config-archive, so undoing changes is relatively easy.
4) use glsa-check for security updates
5) use emerge -tuvD(N) (world|system) before compiling anything. It’ll show you what is about to be updated, and, more importantly, the dependency tree.
Having said that, I fully agree with the author’s gripe about the evanescent profiles. Perhaps there is a market for a source-based distro that has a longer maintenance cycle, truly giving you the best of both worlds.
Hey Alexander, you are absolutely correct. Gentoo is not a great production environment, only Gentoo fanatics would want to run it.
While Gentoo’s package manager shares some similarities with ports, that’s all it shares. In fact, the BSDs (which are perfect for production environments IMHO) are about as close to the polar opposite to Gentoo as your can get.
The BSDs have exactly what a sysadmin wants:
1) Regular and predicable release cycle
2) Binary package manager
3) Backported security updates for several past releases
4) A software stack that has been fully tested to work together (ex: a complete system, rather than a bunch of customizable components which are glued together during a system build)
#4 is an important point, I can login to a OpenBSD machine owned by a client and be confident that all the network services can be configured in exactly the same way as on my home machine. With Gentoo I remember that I had choices for nearly everything, so logging into a client’s gentoo box may mean contending with a different version of cron for example. That’s the sort of thing that can lead to stupid mistakes if you’re not extra careful.
Production machines should be boring. Gentoo is not. Sorry fanboys, go back to playing with your fun toy servers.
A policy that an ECE roommate of years past held dear during a phone interview I overheard (which I’ve subsequently taken to use in conversation):
Breaking things often has a number of consequences beyond merely being a time-sink – namely that you are forced out of lethargy to consider API breakage, deprecation issues, new features, etc. I consider it a skewed analog to the Hunter S. Thompson tradeoff – more pain now for less pain later.
I’ve been using Gentoo for over a year now being my first linux distro to use I thought I’d start with one of the more complex ones to emerse myself into the linux world and I must admit using emerge makes installing really easy. But I have found it annoying the directory differences between other distro’s I now look after.
Gentoo is my favorite Linux-Distribution. Allthough I can realize the problems you point out, even if I think that it’s enough to say Gentoo is time consuming once.
For the part of the config files, you may take in account, that there is etc-update, which lets you decide wheter to update or not and exactly how. I don’t how this is on other Distributions.
As a desktop user, I still prefer using Gentoo, as you have the chance to set it up without being afraid, that you break something like in SUSE or so. For the server I will rather take Debian.
I’ve always found that the ones who call people idiots for not knowing everything are also the ones who fail to offer any kind of constructive advice. Linux is about wanting to learn from others and those who Know and have nothing to give other than RTFM or whatever is what gives Linux such a bad name. That and the lack of a universal packaging system.
As someone who has been using Linux since ’99, I’ve found it to be a pain in the @ss on many occasions, but I wouldn’t trade that for the bugs/viruses/SPAM/adware/etc that I am constantly asked to remove from my friend’s conputers Ex: I remove something like Webshots Desktop and Weatherbug. Now, don’t use these because they are system hogs, and run Firefox instead of Exploder. Then I get a call to help, and what do I find? All that garbage and Exploder on the screen. Then I say, well, good luck.
I played with Gentoo once. However, I’ve always stuck with SuSE on my main machines because it’s predictable and YaST is something that has no comparable option on any other distro. Other than dependency hell(I can’t run FireFox on an old P-166MMX laptop running SuSE v8.1 because it wants me to upgrade the X11 to v4.3 from v4.2) on an occasion, it just works. I run v9.2 on my main desktop and while I even did a fresh install of v10.1, I pulled it because of v10.1’s issues. v10.2 is much more stable. Configuring a Samba server and NFS took no time at all on a fresh install and I had a production server for my house up and running very quickly. Other than security updates, it will never get messed with. That’s stability.
Yes Grandpa, you told me about how back in 1993 it was a bad idea to update your system “just for the sake of updating”. Here, take your pill now and go to sleep, Grandpa. Sleep, yes, sleep.
I agree with you. I was a long time gentoo user myself. I loved the portage package manager. But there have been one too many times when I home server wouldn’t boot up after an update. On further investigation the reason would turn out to be a minor one.
I recently switched to FreeBSD 6 and absolutely love it. I did a upgrade from 6.1 to 6.2 and it came back up after a reboot without any problem. For now I am sticking with FreeBSD.
I agree with with the article.. I used to run gentoo on my computers for a couple of years, and when you don’t update for say half a year updating becomes quite a pain.
I just don’t have that kind of time. Ubuntu is my choice now.
I once had the very annoying experience to not have a system package updated on one of my machines. The update was important as it fixed a security hole. But rsync managed to wipe out the file responsible for emerge to recognise the system packages and therefore it just didn’t update the package. BTW: this wasn’t considered a bug, but a feature :-((
This and some other problems made me rethink using gentoo on a server and using gentoo at all. Eventually I changed to a better solution.
I’m not going to make any stupid comments about the author, but I will say that this is simply another user stating the same problems with gentoo. I am really surprised it made slashdot. Everyone….EVERYONE says that gentoo takes too long to install. Deal with it, it’s very worth it once it’s installed (portage not cflags…). EVERYONE has the update everything opinion. With a little effort…that never….EVER…needs to happen. Users of gentoo know they will be dealing with the overhead of a compiled system. However, users of gentoo also are dedicated enough to deal with whatever “update everything” halucinations others have. By no means should there be an article stating Why Gentoo Shouldn’t e on Your Server. There should be an article stating Why I did not like Gentoo on My Server….give me and the rest of the gentoo community a break and allow our users to make their own decisions.
Gentoo does have a stable package tree. Updates are tested, sometimes for months, before making it into the stable branch. It’s an easy option to set, otherwise Gentoo will default to bleeding edge.
I’ve always believed that non-developers should stay the hell away from source code. Gentoo, deceptively, makes compilation easy enough that anyone can get by. It’s really not for end-users. To compare this distribution to Red Hat or Ubuntu is to compare a formula racer to a Dodge Charger.
I think that one thing is not considered when talking about “enterprise” or “stable” Distributions. They get fixed when an security hole or an error is found.
They will NOT get a fix, if there is a security problem, but it is not known to the public (Zero day exploit). Now there is the problem that all users of the particular distribution are using exactly the same program version which is most likley (as this is the idea of the stable Distribution) an older version of the Software. So in this case all are vulnerable (of couse a fix will comne fast if the problem is known).
If you use a distribution with the gentoo aproach then is is unlikeley that all have the same version of that software, so some Zzero day explits will not work on the complete base. Additionally newer versions sometimes fixed (without intention) that security problem in the development process.
Another problem of the stable linuxes is that you have everything working but when the distribution goes on to the new version there are numerous changes leading to a quite complex upgrade process of the distribution and the services of the user. Inccompatibilitys, etc are only found at this update and will cause a lot of work, and thus will lead to a lot of errors.
On a moving distribution you are forced to do this step more often, but with only very small changes.
My personal favourite is the moving distribution idea and i have good experience with this model, on the other hand i have plenty of very bad experiences with the forced major upgrades of “stable” Linux distributions.