My two cents on "the new Linux" -> RedHat EL7 / CentOS 7.

I start this thread because CentOS 7 leaved a strange disappointment on me and because I am going to stay on the train for 6 hours.

7 is a huge step forward over previous releases and I was ready for big changes.

Let's start to summarize only few new things.

  • Kernel 3.1x

  • FirewallD

  • SystemD

  • mariaDB

  • wait… someone saied in place upgrade.

There are dozens of other changes but this ones cought my attention.

I use Linux since years and every time I need to switch to a major version I know that I need to spend

a lot of time to reconfigure all the stuff and learn what's new to configure them on their best.

In place upgrade is a "miracle feature" that doesn't exist and that cannot work on a real life server.

I have spent 7 days to switch from CentOS 6.5 to CentOS 7, no automatic tool can do this automatically.

My server is quite simple, I have:

  • Apache (PHP), some vhost, ipv6

  • Tomcat (Java)

  • iptables

  • Various init.d scripts

  • various cron

  • fail2ban

  • custom logrotate

  • Postfix

  • Sieve filtering

  • Amavisd

  • Dovecot

  • Roundcubemail

  • A multiplexer to "workaround" hotel/company firewalls while offering service from 443

  • snmpd

  • Cacti for statistics + mailgraph and pflogsumm

  • SVN server

  • OpenSSL for web servers and for emails

No tools can port this software on centos 7.

Kernel 3.1 is nothing more than the core that feeds all the new features, its head is Linus Torvalds, so no need to argue on it,

one of the best piece of software ever written.

Let's start analyzing the other new cool features.

SystemD is so fast and so asynchronous that it breaks more than it fix.

Changing scripts from initd to systemd is quite easy and it requires small effort.

The real problem is in the asynchronous start.

It took me a day to understand why postfix doesn't start with systemd while IPV6 networking is enabled.

In few words postfix started before the system got an IP and this breaked all.

Systemctl is no way good as ntsysv, ntsysv give you all the info you need with small effort,

it gives you what services are present, what are enabled, what are disabled and give you info on the service by pressing F1.

systemctl bla bla bla bla to do all this things

systemctl start postfix.service

service postfix start

I absolutely prefer the initd style.

FirewallD refresh the way you use iptables and it's good and bad at the same time.

It is useful if using IPV4+IPV6 since it can manage both IP version with the same configuration, no needs for two config files and two different rules.

The bad is that you need to study a new style to do always the same things.

FirewallD brings "the concept of zones", ok, I like it on my windows pc, I don't need it on my server.

EL7 repository lacks too much packages, EPEL is quite empty and this is not good.

PHP is compiled with a more restrictive policy, it blocks the use of TLS socket while using self signed certificate.

The switch from MySQL to MariaDB is completely painless.

Never spent so much time to switch from a major version to another, in place upgrade? ahahah

0 Replies

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct