You might think of Gentoo as a bleeding-edge distribution for development workstations, but the simple packaging system can make it a good choice for any production system that needs to stay up to date.
Gentoo for All the Unusual Reasons
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
Nice to see an article which puts a different slant on the distro; I’ve used Gentoo in production for over 2 years and am very satisfied with my choice. For further reading, there’s an interesting thread on the gentoo-server list about using Gentoo in production here: http://article.gmane.org/gmane.linux.gentoo.server/1629. Anyone seriously interested in this aspect of Gentoo usage is cordially invited to drop into the #gentoo-server channel at irc.eu.freenode.net or subscribe to the list at [email protected].
Other links that may be of interest:
* http://www.gentoo.org/proj/en/glep/glep-0019.html
* http://www.gentoo.org/proj/en/hardened/index.xml
* http://www.gentoo.org/proj/en/security/index.xml
My apologies, the list link should have been: [email protected].
I’ve been a hardcore Mandrake user for a couple of years now, mainly due to its great package management and HUGE repository of RPM’s. However, my need for bleeding edge and constant distro restlessness led me to try Gentoo. Though the install is a little tough, once you get your system going, you will be pleasantly suprised how well portage works. I also have some comfort knowing that my packages are always optimized just how I want them.
To check out two or three of my screenshots including one with Fluxbox using Xorg 6.8 composite rendering see my webpage: http://mint.homelinux.org
I’ve been using Gentoo for about 2 or 3 years now. The hardest part of showing/eplaining it to somebody is that your system is just an example, but that’s it. There’s could be completely different. Want to use grub? fine. Lilo? fine. X? no X?
I’ve run it on a fileserver, just running the basic system and samba. I never upgraded packages unless a security concern motivated me too. I’ve also run it on a laptop, with several dev kernel’s configured in grub, using it for everything from games to cd burning and programming.
I came from freeBSD, and portage was the closest package manager to what I had been using.
-b
I’ve been on gentoo for nearly 2 years now, and no regrets. It basically just works, I haven’t had any disasters, and it’s wonderful not having to do a major “upgrade” every 6 months or whatever.
Disclaimer: I’ve used gentoo for 2 years on my laptop. I think it is a very cool distribution.
However, its *not* ready for prime-time. If you use it in a production environment, more power to you. But, what are your gains vs what are your risk?
Is Portage cool? Yes. Is Gentoo fast? Yes. Is there good QA of newly released packages? No, plain and simple.
Gentoo *really* needs to adopt a channel system similar to Debian if it wants to make serious in-roads to the corporate world (ie. stable, unstable, etc). As it stands now, some updates add new features, some fix security problems, some do both. Pretty hard to manage a complex infrastructure with such a moving target.
As a Gentoo user who uses Gentoo, but not because it’s (supposedly) faster and ‘more optimized’, this article was a pleasure to read. I love using Gentoo because it’s so so flexible and easy to work with. The real strength of Gentoo lies in the tools it gives you to be a better admin, and people rarely point out (or notice) how good Gentoo is in that regard.
That said — I agree with Bryan S as well. Gentoo needs a ‘stable’ version of portage. I’ve been toying for months with the idea of rebuilding a small Linux cluster I put together at my university using Gentoo. It would make the thing much easier to take care of. But the thing that always holds me back is my worry about stability. Creating a working image and pushing it out to all my nodes would be fairly easy — but what happens when I update a package and the system breaks while one of my users (with my luck, a professor!) needs to run something? I don’t want to give the impression that Gentoo is terribly unstable, but there are occasional problems — occasional but too frequent for me to feel completely safe running it in this particular situation.
Point is make your one PC as portage server and you can control what and how to install updates
Since you’re going to have a customised environment for your production system anyway, it is helpful to have tools to allow you to manage this. You could view Gentoo as being the tools to build a environment and the distribution as an example.
When you argue that Gentoo has insufficient QA for your environment, that’s because CM and QA are most assuredly YOUR problem… otherwise you have no control over what you’re doing and all you can do is shrug and blame the supplier if something goes wrong.
At the beginning of each cycle of testbed to production, you fix your own problems because many only show up when software interacts with each other, and nothing will test your exact environment other than an exact replica (and deployment itself).
Once that production system is installed, you can choose to keep everything up to date, update only those parts you’re interested in, only do bug upgrades to the active packages, and security upgrades that affect the packages you’ve installed.
Production use means real production use, along with all the ISO9001, CM and QA processes that implies, teams of professionals co-ordinating activities across a range of projects. Gentoo is receiving attention for being the tools, not a Linux distribution.
But hey, it’s a pretty good distro too!
Again, it’s what you make of it. If you want to put a cron job in that runs “emerge -sync && emerge -u world” and run on reiser4 beta1, then yes, you will have an unstable system.
But, if you install and test your system. Then keep up to date with security postings, and only upgrade when you _have_ to, won’t you have a pretty stable system?
The point in gentoo is it’s CUSTOMIZABLE. If your system is too bleeding edge, you made it that way.
-b
I enjoy using Gentoo, and I have for a while, but my main gripe is the amount of time it takes to do an emerge -u world when something major has to be rebuilt. This isn’t a big deal on my machine at home that I just use for surfing and email, but it can be a pain in the ass upgrading gcc, openoffice or KDE at the office when I have real work to get done. I use Debian on all my servers because their QA is excellent, and binary upgrades are so much faster.
Is it possible and can someone guide me to place where I can find the way to do this ?
Haven’t tried it, but I’d check out:
http://forums.gentoo.org/viewtopic.php?t=275185&highlight=usb
USB drives are setup as USB mass storage devices. Usually, it’s as simple as loading the UHCI or OHCI module and usb-storage module. After that you mount the USB drive using SCSI emulation, and use it like any other drive. I have a storejet USB 20 gig drive, and it works great. Just make sure that your BIOS supports booting from a USB device because otherwise, you won’t be able to boot after you finish your install.
This should help:
http://www.hackorama.com/pages/usb.shtml
Go to http://forums.gentoo.org for expert help if you need to.
I don’t disagree in principle, but not all of us are in environments in which that kind of QA is possible. As an unpaid volunteer on this particular project, I don’t have the time to do that kind of testing — but even if I did, or could recruit people who did, I don’t have the hardware to do it. I’m in a department that’s suffered funding cuts several years running (like many departments at public universities in the US these days); it was hard enough to scrounge the hardware to build our cluster in the first place. That’s what’s nice about — for example — Debian stable. While it certainly isn’t a guarantee, the amount of testing that packages have received before making it into stable is at least reassuring.
I’d have to say that gentoo does work very nicely on servers given the following:
– You don’t need X
– You have no Qt/KDE apps
There IS a stable and unstable branch, I keep my server on the stable branch and my desktops on the unstable.
Packages that have the most problems are the X and multimedia ones. Those cause the most grief. However gentoo makes life soooo easy for specialty drivers like madwifi-driver, ATI, NVidia, playing wma/quicktime/real video files.
The biggest annoyance I’ve run into is that *something* has caused my server to decide that it *MUST* compile X. I’m disturbed that this dependency just “appeared” and I’m not sure how to track it down.
I played with Gentoo for a while and up until a few months ago I kept it on one of my machines.
I like the concept behind Gentoo but truthfully I felt it was more bother than it was worth. Also I had a few small problems that I just couldn’t fully resolve; I had workarounds but they still demonstrated lack of polish.
I switched to Vector Linux. To me Vector seems just as quick as Gentoo without all the hassle. Portage is way cool; wish that tool was universal.
i tried using gentoo for servers, and got fed up with one important thing:
i can’t set it into ‘security only’ mode, like you can with debian’s apt by merely commenting out other apt repos, and only leaving the deb security server uncommented.
that and compilation is a big downside on a machine that has high load already. it makes updating painfully slow.
brian : to check how the X dependency appear, you can use the flags -tvp on emerge, it shows the dependencies as a tree, and it allows to find what is the package that ask for X. v for verbose so you can see if some USE flags are responsible for it.
And for the long upgrade time complain, just start it at night…
My take on main subject, same as many, I use Gentoo not for speed, but for easy to maintain aspect. I have 4 machines at work to maintain now, all Gentoo, all up-to-date. We have also 15 RedHat still at 7.1 and I told my boss I am not taking care of those…
I first installed Gentoo when the devfs init scripts were added in version 1.0-rc5 (late 2001) and have been using Gentoo on multiple machines ever since. I thought that by this time, there would be several commercial linux distributions based on the Gentoo engine. It seemed that the Catalyst release tool and the Gentoo Reference Platform, along with the new time-driven release schedule, were moving Gentoo in that direction. The fact that the tiny Vidalinux distribution is the most notable Gentoo-based distribution continues to baffle me. Why would you add to the growing pile of Debian and Red Hat based distributions when there is a community project that is so focused on making the process of “rolling your own distro” so painless for sub-guru-level linux users. A simple package.mask and package.keywords file would lock down the stable and testing branches for production use, and a subscription model could be used to access distribution-specific value-add packages from the rsync servers. Other good features to add include better meta-packages (i.e. like the ubuntu-desktop meta-package) and USE-groups.
i can’t set it into ‘security only’ mode, like you can with debian’s apt by merely commenting out other apt repos, and only leaving the deb security server uncommented.
This is somewhat available, but it currently has some bugs. It comes in the form of the app called gsla-check included in the gentoolkit package. You can read more about it here:
http://www.gentoo.org/proj/en/portage/glsa-integration.xml
I don’t know if a lot of people have tried it, but it should be possible to install portage on for example debian.
Furthermore, I really like the portage system. You always have the most up to date system
I love gentoo, the thing that’s a showstopper for me is that you have to run ~x86 (the unstable branch) to get security updates! After a few days, the security updates are then rolled over to the stable branch.
I find this absolutely ridiculous and feel that the stable branch should get timely security updates as well, how can it be stable if it has a ~3 day window of vulnerability?
In many scenarios, running the unstable branch of software (especially gentoo) is completely unacceptable. And in any scenario, running unpatched software is completely unacceptable.
Have a look at FlashLinux:
http://www.encryptec.net/flashlinux
It’s a Gentoo based system that allows you to install a full desktop on a 250MB USB key.
for some reason some genius decided that the FLAC compression tools depend on XMMS.
So nice bug report required
“This is somewhat available, but it currently has some bugs. It comes in the form of the app called gsla-check included in the gentoolkit package.”
That still doesn’t classify as “security only” updates. Rather than backporting the fixes as e.g. Debian Stable and RHEL do, the Gentoo devs just bump up to the latest version of the software.
I use Gentoo for two reasons- 1. Because that’s what the local linux geek also used, and blathered on about for two years, and 2.) because it’s easy to add and remove software. Yeah, it takes forever but generally only requires input from you if things go wrong.
I’m very sure my system isn’t “lightening fast”, but this system is the result of the second time I tried installing.
The only times I’ve gone wrong with stable software have been 1.) due to enthusiastically setting “maketest” in my build options as soon as I read about it, when few packages supported it (and the rest failed because they didn’t know what to do with it)
2.) getting the nvidia graphics drivers to work right. Apparently you NEED the latest drivers (unstable) if you want to run them on a recent kernel and vice versa, and sometimes the unstable ones don’t work right (of course). I may look up a way to not include them in updates.
3.) Switching to ntpl, since that requires 2.6 headers, but portage thought it needed to install 2.4 headers as well for some bizzare reasons.
That’s about the extent of the problems I’ve had, and searching the forums helped me. The only thing I think they need is a way to remove dependencies as soon as the only thing that depends on them is gone.
I don’t think I would switch to another distribution like SuSE, because I have a friend with SuSE who has problems with dependencies on nearly all recent software (upgrading to 9.2 ought to help). Mandrake and Red Hat are probably better with software, and Debian has a package manager very similar to Gentoo, but I think I’ll stay with the working system I have for now.
> for some reason some genius decided that the FLAC compression tools depend on XMMS.
Utter nonsence. They depend upon xmms if the USE flag “xmms” is defined (presumably in order to install an xmms plugin). That can be resolved either globally (-xmms) or on a per-package basis by inserting the following line into /etc/portage/package.use:
media-libs/flac -xmms
Havent seen a better distro so far…
On the other hand, practically every fix or mention here (or that I’ve run into with my problems) seems to require a lot of hunting down and changing configuration files- be it xorg.conf, make.conf, package.mask, package.keywords, or some filtering function. That can be a bit of a pain, such that I determined the minimum of flags I need way back when that weren’t in make.globals and haven’t really modified make.conf since.
RE: Same here
I wish there was a way to find out what adding certain flags to a package would do- such as, why lame has a gtk flag…
> I wish there was a way to find out what adding certain flags to a package would do- such as, why lame has a gtk flag…
I definitely agree that it would be nice if the effect of a USE flag *per* package were specifically documented (any volunteers?
. However, in most cases it’s fairly clear cut (surely it’s not too hard to work out that USE=”gtk” for lame builds a gtk-based frontend for the lame command). Right now, if you don’t know what a USE flag does for a given package then you either (1) refer to the documentation for the build process of the software concerned (2) simply don’t make use of the USE flag.
My approach is to define USE=”-*” in make.conf immediately after installation (which unsets every single USE flag in the make profile), augmented by flags that I *know* that I want globally. When installing packages thereafter I decide which ones I absolutely must have and develop package.use as such, thus building a “profile” that suits me. A reasonable bare-bones configuration for USE is:
USE=”-* ncurses ssl crypt berkdb tcpd pam readline nls zlib slang perl python”
In fact, that could be reduced even further if you know what you’re doing.
Nice post. I have a whole bunch of -pkg ‘s list in my use flag. Your way is slick and clean.
> Pretty hard to manage a complex infrastructure with such a moving target.
Well, it depends upon your requirements. It’s possible to lock down and customise one’s profile just about any way you please (your system can practically be put into stasis) but I would certainly acknowledge that there is a problem in terms of maintaining a long lifespan for packages for those who need it. That is precisely what GLEP 19 is intended for. In fact, I’ve discovered recently that an experimental overlay is available for the GLEP 19 proposal (see bottom of this post). The point is that it is something that people are working on to address.
> Is there good QA of newly released packages? No, plain and simple.
I personally don’t agree with that at all – I think the QA of Gentoo packages gets a bad rap (often without detailed factual corroboration). However, Debian is a very hard act to follow in these respects. Consider that Debian has been around for a lot longer and has many more developers and volunteers; it clearly has a richer infrastructure and more formalised processes … no-one could reasonably deny that. However, as a notable Gentoo developer once put it:
“Being a community-based distro, we rely on each other to make Gentoo a better distribution. We don’t wait for “them” to fix problems. Instead, we roll up our sleeves and become part of the solution.”
Obviously if Gentoo doesn’t meet your requirements then you are under no obligation to use it
But if you do use it or want to use it then, while discussion of these matters on forums such as these is always healthy, it pays to get involved.
Links:
http://www.gentoo.org/proj/en/glep/glep-0019.html (GLEP19 proposal)
http://dev.gentoo.org/~baz/glep19-profile/ (GLEP19 profile available for testing purposes)
http://article.gmane.org/gmane.linux.gentoo.server/355 (interesting discussion pertaining to the topic)
I definitely agree that it would be nice if the effect of a USE flag *per* package were specifically documented (any volunteers?
.
etcat, I believe, from the gentoolkit package. It lists all the USE flags from a package and what they are there for.
“I definitely agree that it would be nice if the effect of a USE flag *per* package were specifically documented (any volunteers?
. However, in most cases it’s fairly clear cut (surely it’s not too hard to work out that USE=”gtk” for lame builds a gtk-based frontend for the lame command). Right now, if you don’t know what a USE flag does for a given package then you either (1) refer to the documentation for the build process of the software concerned (2) simply don’t make use of the USE flag.”
How about using etcat ? It’s in the gentoolkit package.
etcat -u package_name
The biggest annoyance I’ve run into is that *something* has caused my server to decide that it *MUST* compile X. I’m disturbed that this dependency just “appeared” and I’m not sure how to track it down.
Try “emerge -pet world” to get a full listing of all the packages on your system sorted into a dependancy tree. Or instead of using the world target try naming packages individually to get a breakdown of dependancies for a single package.
but it can be a pain in the ass upgrading gcc, openoffice or KDE at the office when I have real work to get done.
Can’t you run the ’emerge -u world’ at night?
That’s not what I (and, I suspect, Crusader) meant. There are two files that maintain descriptions of USE flags, /usr/portage/profiles/use.desc and /usr/portage/profiles/use.local.desc. The flags contained in the latter file describe flags which are unique to a given package in which case the description should be quite sufficient to determine the exact effect. However, that doesn’t address the fact that the global flags (described in the former file) can have quite different consequences on different packages. In those cases, sometimes you must be quite familiar with the software concerned in order to determine the effect i.e. you want to know exactly how it adjusts the parameters passed to the ./configure script stage, effects thereof, dependency implications etc.
For example, the “java” USE flag for net-www/mozilla will simply bring in a dependency on a Java runtime (one can just as easily avoid it and build Java later for a working Java plugin). However, for sys-libs/berkdb that very same flag will actually result in Java language bindings being built into the Berkeley DB library and consequently requirs a JDK to build them. There is little commonality between the effects other than the fact that they both pertain to Java, and just because you might be interested in Java doesn’t mean you’d want both. Perhaps that’s a somewhat frivolous example, but dig deeper and one can easily find more situations where the differentials are somewhat more radical.
That’s not to say that there is anything wrong with the system itself – after all, USE flags (generally speaking) are merely simplified abstractions for possible configuration directives supplied to the package build process. And it’s a superb system. However, it would indeed by useful to some if the effects of a *global* USE flag could be described on a per-package basis.
I’ve been using Gentoo for 12 years now for servers and with no doubt it’s production-ready.
Hee… my way was just to work out what packages I needed (on a big ol’ piece of scrap paper, as I recall), look at what was in make.globals, and specify flags that weren’t already in make.globals.
As for etcat… no, I mean like “if I pass it a flag of oggvorbis does that mean it will play ogg vorbis audio? or just recognize it? or make a kioslave to automatically rip CDs into Ogg Vorbis?”
Probably not the place to ask, but since everyone is discussing Gentoo…
I have it installed on my computer and works extremely well (using distcc to my Debian server to speed up compile times). However, I have several packages that I wanted to use a masked version. Now when I do emerge -u world, it wants to downgrade the installed packages to previous versions. Any ways around this? Right now I keep running emerge -up world to see what next to compile.
Thanks, and sorry if it is the wrong place to post.
Here’s why I run Gentoo:
1. It doesn’t use the Sys-V init system. I’ve come to dislike the Sys-V init system with its system of links into multiple rc?.d directories. I much prefer Gentoo’s rc-update command to maintain init scripts. I find system administration on Gentoo in general much easier than most Linux distros.
2. I can control how packages get built with the “USE” variable in /etc/make.conf. If I don’t want something built with X support, for example, I can build it using ‘USE=”-X” emerge whatever’.
3. I like building packages from source. I come from the FreeBSD world, where building packages from source is also the norm. To all those who complain about how long it takes to compile big packages (KDE, Xorg, etc.) from source, all I can say is to start the build right before bed, or before dinner, or even get a life and go out with friends. Getting a faster machine also helps.
4. Gentoo has good support for AMD64. I’ve got all of my most commonly used applications compiled as 64-bit binaries and I’ve had nary a problem with any of them.
5. I can find answers to just about any problem I have on the Gentoo forums, usually within minutes of posting a question.
6. The Gentoo mascot looks much better than the usual dopey looking Linux penguin. 😉
7. The initial install is more spartan than most distros and gives you more choice in system utilities such as system loggers and cron utilities.
There are two ways:
1. Use the _U_pgradeonly flag. Apparently this is a very bad idea.
2. a. Find the name of the file you want (ex: x11-base/xorg-x11 )
b. su to root or whatever in a console window
c. open up the file /etc/portage/package.keywords
d. add: x11-base/xorg-x11 ~x86 (or whatever it was)
to the file, save it and close.
http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=3&chap=…
Gentoo have a powerfull support forum, and give me freedom to manage my system the way i want.
I use Gentoo hardened-sources in a Compaq proliant 3000 Dual Pentium II 512Ram with Raid, Pentium IV 128Ram. It’s very stable and have not give me many problem’s.
I use Gentoo gentoo-dev-sources in a targa Visionary 811A amd64 3000+ , and even wireless works. (I have 2 problems, ati mobile and flash native 64b), work’s fine and is my default option, i forgot to use other OS’s.
the emerge system it’s like drugs, it addicted us.
emerge, support and give the freedom that give us is the strong point’s of this distribution.
for a laugh,
http://funroll-loops.org/
eerrr, forgive my ignorance but can anybody tell me what does QA mean?
Quality Assurance.
Thanks
I’ve been using gentoo on production servers and workstations for about 2 years and have no regrets.
Gentoo’s “QA” process is great. Potentially unstable packages are masked until bugs are worked out. The pace at which packages are patched and updated is stunning.
It’s interesting how the Gentoo community has built momentum without attracting big press coverage. I kind of hope it stays that way..
Completely agree with you. I love my Gentoo box and have no plans to change the distro in the near future.
I’ve been playing with Gentoo for a year or so now and I’m most impressed. I love that I can fix it when something breaks; I really had enough of other OS’s where everything is hidden from me. In Gentoo I know it can be fixed given some work.
It really gives the impression of having been put together by a sane human being; the rc-update/init.d system is just so straightforward, especially compared to the /etc/rc.d system in most other distros.
Named runlevels are a neat feature too.
And Portage… well that’s pretty much been covered already. We know how good it is.
Quick one at Charles here: Gentoo hasn’t been around for even close to 12 years (IIRC it first apppeared about 2001). If you’re going to post something silly like that, you could at least make it believable.
That article was really worth reading. It’s also nice to see a comment section without the speed-trash-talking for and against gentoo. Finally
Since I’m a gentoo-dev, I would like to point out one thing:
There are plans to have a stable branch, which are frozen for a period of time and only have security updates backported. It’s still being worked out how to implement, but the idea is there and it will be done afaik.
cool.. a stable branch could be useful in many situations.
gentoo really is a high-level meta-distribution. it’s variations mirror the landscape of linux as a whole.
http://packages.gentoo.org/
http://www.gentoo.org/proj/en/index.xml
why not use something more geared toward being a server? like debian woody. gentoo is good and all, but it has alwas appeared a bleeding edge desktop distro to me.
> why not use something more geared toward being a server?
> like debian woody.
To be honest, the point of the article is largely answering that very question.
The demands of the Newer Version Problem are why Gentoo’s packaging infrastructure is so surprisingly well suited to the server problem.
While Debian woody has unquestioned stability, “stability” is not the only requirement to be “suitible as a server” There are regrettably a large number of circumstances where unfortunately it’s just not suitable to run – like every single production environment I’ve seen yet. The sys admins may well be happy and justified in wanting to roll out Deb stable, but it’s usually your software developers who end up forcing you to push the curve – they end up using some new feature that’s not available in the n month old stable, and bam your done.
Even Red Hat Enterprise do a better job of getting new software out on a “stable” platform, but they are still prone to the same issues of “what do I do when I need to upgrade”. Frankly, RHEL is ideal as a certified base platform upon which to run major enterprise software like Oracle, SAP, etc – you know it’s going to work, and that’s a good quality for the core of your enterprise architecture. That said, I’ve never found vendor support to be worth much, so you’re often just as well off running your major software on systems you can control.
In the end, that’s what it’s about. Control. If you can achieve your goals with the environment and tools you have, then terrific! If you find yourself fighting the issues I describe in the article, well, then you might have a look at Gentoo’s rather unusual approach to the problem.
Cheers,
AfC
Sydney
yeah, those guys are nuts.
As for all these discussions of stable, I guess it all depends on your tolerance for stable. If you need something that will continue to work after an idiot goes after it with a sledgehammer (well, metaphorically) then you’d need something like Debian stable. If you just require a system that works and stays fast for months, then Gentoo stable should work.