| Subject | Re: Firebird, PHP on CentOS 5 again |
|---|---|
| Author | Myles Wakeham |
| Post date | 2009-05-04T16:07:27Z |
We just started switching all of our deployed Linux production servers
(about 12 in all) over to CentOS from Fedora. Since I've just gone
through this exercise, I'd thought I'd chime in with reasons and
experiences from this that might help others, to add to this thread.
Firstly, why switch to CentOS?
The problem is due to the 'production' nature of our Linux servers. We
had originally been using Fedora since it was really quite
straightforward to install and get running. However I don't think we
really 'got it' when it came to 'enterprise' installations vs.
'hobbyist' installs. Nothing wrong with hobbyist installs, but about 4
years after putting a bunch of Fedora Linux servers in, with PHP5,
Apache2 and Firebird 1.5, we were faced with a big issue...
The Fedora Core 5 standard installs we had been doing were 'end of
lifed' on us and yum just plain stopped working. This means no
repositories were being maintained for this version, so we were forced
to upgrade. Well if you have ever tried upgrading Fedora, its like
upgrading a Windows installation. Good luck. You need to go
incrementally through the versions (ie. 5->6, 6->7, etc.) and the
current version in production was 10. So you could imagine that
upgrading 12 production servers through a 5 version upgrade process each
isn't something that we were looking forward to.
At this point, I realized that there must be a better way and remembered
the words of wisdom years ago that suggested CentOS in the first place
because it doesn't rev as fast and is likely to have a far more stable
and longer term lifespan for YUM updates, etc.
So we started with installing one server (CentOS 5.3). Went perfectly
well. Very similar to a Fedora installation, which is no surprise since
they both fork'd from RedHat distro roots.
As for compiling PHP, Apache, etc.... For me, its a given. I would
think this would be the case for most other serious PHP developers since
the modules that you will want to have (ie. openssl, image handling,
multi-byte strings, database stuff, extra security, etc.) is typically
not provided by default. A custom config is normal for us. Since I've
never had any issue with PHP after compilation, and the same being true
for Apache, it wasn't hard to run the same config scripts on PHP and
Apache on CentOS as we had done for Fedora. Also if you are assuming
that a 'default' PHP installation will work just fine, you also need to
think about security a bit. The PHP.INI standards for things like
basedir, etc. are a hackers favorite so I don't believe there is any
'easy way out' with a solid PHP5 installation on Linux - you kinda have
to go through the process of being hacked in order to toughen up your
stance on the installation. At that point, compiling custom configs,
etc. becomes something you WANT to do, rather than a burden you feel you
have to do. Also for people coming from a Windows server world, yes -
Linux offers far better security out of the box. But out of the box is
exactly the reason you had all those problems on Windows... remember? :)
Anyway the result is that CentOS has been a rock, stable, fast and low
hardware requirements. Updates through YUM work perfectly.
Now the only thing I have found is an issue with Linux Kernels. Due to
the hardware and routers that we have on our production servers, 2.6.18
kernel has issues with large file download packet size for us, and won't
work. So we have to be on at least 2.6.20 kernel (ideally later) and
the conservative nature of CentOS is to be a large number of kernel revs
behind other distros. This means that I have to custom build a kernel
for my CentOS distro by default to cater for this. Not a big deal, but
another step that has to be done for us. Your mileage may vary.
Oh, and I forgot to mention. All of our production servers run VMWare
ESXi 3.5, and they were brilliantly with CentOS 5.3 on them.
Hope this helps someone.
Myles
--
=======================
Myles Wakeham
Director of Engineering
Tech Solutions USA, Inc.
Scottsdale, Arizona USA
http://www.techsolusa.com
Phone +1-480-451-7440
(about 12 in all) over to CentOS from Fedora. Since I've just gone
through this exercise, I'd thought I'd chime in with reasons and
experiences from this that might help others, to add to this thread.
Firstly, why switch to CentOS?
The problem is due to the 'production' nature of our Linux servers. We
had originally been using Fedora since it was really quite
straightforward to install and get running. However I don't think we
really 'got it' when it came to 'enterprise' installations vs.
'hobbyist' installs. Nothing wrong with hobbyist installs, but about 4
years after putting a bunch of Fedora Linux servers in, with PHP5,
Apache2 and Firebird 1.5, we were faced with a big issue...
The Fedora Core 5 standard installs we had been doing were 'end of
lifed' on us and yum just plain stopped working. This means no
repositories were being maintained for this version, so we were forced
to upgrade. Well if you have ever tried upgrading Fedora, its like
upgrading a Windows installation. Good luck. You need to go
incrementally through the versions (ie. 5->6, 6->7, etc.) and the
current version in production was 10. So you could imagine that
upgrading 12 production servers through a 5 version upgrade process each
isn't something that we were looking forward to.
At this point, I realized that there must be a better way and remembered
the words of wisdom years ago that suggested CentOS in the first place
because it doesn't rev as fast and is likely to have a far more stable
and longer term lifespan for YUM updates, etc.
So we started with installing one server (CentOS 5.3). Went perfectly
well. Very similar to a Fedora installation, which is no surprise since
they both fork'd from RedHat distro roots.
As for compiling PHP, Apache, etc.... For me, its a given. I would
think this would be the case for most other serious PHP developers since
the modules that you will want to have (ie. openssl, image handling,
multi-byte strings, database stuff, extra security, etc.) is typically
not provided by default. A custom config is normal for us. Since I've
never had any issue with PHP after compilation, and the same being true
for Apache, it wasn't hard to run the same config scripts on PHP and
Apache on CentOS as we had done for Fedora. Also if you are assuming
that a 'default' PHP installation will work just fine, you also need to
think about security a bit. The PHP.INI standards for things like
basedir, etc. are a hackers favorite so I don't believe there is any
'easy way out' with a solid PHP5 installation on Linux - you kinda have
to go through the process of being hacked in order to toughen up your
stance on the installation. At that point, compiling custom configs,
etc. becomes something you WANT to do, rather than a burden you feel you
have to do. Also for people coming from a Windows server world, yes -
Linux offers far better security out of the box. But out of the box is
exactly the reason you had all those problems on Windows... remember? :)
Anyway the result is that CentOS has been a rock, stable, fast and low
hardware requirements. Updates through YUM work perfectly.
Now the only thing I have found is an issue with Linux Kernels. Due to
the hardware and routers that we have on our production servers, 2.6.18
kernel has issues with large file download packet size for us, and won't
work. So we have to be on at least 2.6.20 kernel (ideally later) and
the conservative nature of CentOS is to be a large number of kernel revs
behind other distros. This means that I have to custom build a kernel
for my CentOS distro by default to cater for this. Not a big deal, but
another step that has to be done for us. Your mileage may vary.
Oh, and I forgot to mention. All of our production servers run VMWare
ESXi 3.5, and they were brilliantly with CentOS 5.3 on them.
Hope this helps someone.
Myles
--
=======================
Myles Wakeham
Director of Engineering
Tech Solutions USA, Inc.
Scottsdale, Arizona USA
http://www.techsolusa.com
Phone +1-480-451-7440