Role Specific Distributions? 27
An Anonymous Coward asks:
"I'll start off by saying that I'm a Windows 2000 MCSE, but in our
mostly-Windows business, I've managed to sneak a few Linux servers in
here and there. For example, our primary DNS server runs Linux, but
the secondary is a Windows box, to keep the boss happy. He's scared
of Linux due to the massive configuration needed, not to mention the
lack of checkboxes and 'Are you sure?' dialog boxes. I think something
that would help him (and probably others) accept Linux more in a server
role would be a custom-made distribution dependent on the role of the
server. Does such an animal exist (something like 'Linux -- DNS
Server edition') where all services except BIND are disabled, and
BIND is already setup securely with just a few site-specific things
left to configure (like the specific hostnames and zones)? How about
something like this for web, email, and news too?" While we all
know that any Linux distribution can be tweaked for a wide variety of
services, might this make some kind of sense in an odd, PHB kinda way?
There are tons... (Score:3, Informative)
As a fellow MCSE (NT 4.0 + Internet), I can't see how linux is a "massive" configuration any more than NT is. Most distros give you a nice GUI interface for configuration -- if you want it.
Personally, I've never understood the need to drive a VGA monitor for a server OS. All I need is terminal access and vi.
Seriously, though, there quite a few floppy-based specailized linux distros (router, firewall, etc.). I haven't come across much more.
Try this (Score:3, Informative)
Freesco (Score:1)
It runs a 1.8 kernel though, but its enough to get the Job done.
DHCP, DNS, HTTP, Router, and many many more.
Re:Freesco (Score:3, Informative)
Are you *sure* about that one? Stable Linux kernel versions were 1.0, 1.2, 2.0, 2.2, 2.4. I don't know what exactly Freesco runs on (never tired it), but since it seems to use masquerading, I'd guess it's probably one of the later 2.0 series.
Re:Freesco (Score:1)
I can say from experience that it is VERY stable. Six months (at least) up time. It is a floppy distro, but it can installed on a HD, and has a large selection of packages [freescosoft.com] that it can run.
PHB-Linux? (Score:3, Informative)
I think the problem here is that MS has got a lot of people into the "one service, one server" mentality because under NT different services tend to 'leak' and interact with each other causing problems. And perhaps also because it suits them financially (one more server, one more NT license).
Linux doesn't work that way. Most of us are quite happy to run dns+http+smtp+imap+sql all on one box and if the load average gets too high we get a faster box. The only real exception to this is firewalls; it's usually a good idea to run a separate firewall box with as little as possible installed on it, and a lot of people use an otherwise-obsolete PC for the job which is why there are one-disk-firewall distro's.
If you really want to install just one service most distributions will happily let you do it, for example with RedHat select a custom install and uncheck all but the "DNS server" option, and you'll get a very minimal GUI install with a DNS server and the tools you need to admin it, and not much else. If you want a really light install you can even select individual packages and remove the GUI too, but then you have to set up stuff in textmode which will make your PHB unhappy again..
Re:PHB-Linux? (Score:2)
I've got an "old" (was it really *that* long ago??) 486 running sendmail + apache + samba + nfs + mysql + imap, and also doing some ip masquerading for the dsl. This is using a Redhat 7.0 install (with all updates, of course!) and some fairly anal ipmasq rules. On my home network here it performs beautifully, and the price certainly is right!
Re:PHB-Linux? (Score:1)
In case a service has a nasty buffer overflow (did somebody say WU-ftpd or sendmail ?), and there's only this service running on this machine, then only this service gets compromised.
Specially when setting a firewall, the golden rule is: Do not run any services.
Re:PHB-Linux? (Score:2)
Take a look at djbdns [cr.yp.to], from the guy who wrote qmail. It's very different than BIND, but has the same security guarantee [cr.yp.to] as qmail.
Re:PHB-Linux? (Score:1)
Re:PHB-Linux? (Score:2)
You seperate services to maximize uptime & security. DNS has no business running on a database server. A database has no business running on a webserver.
What happens if your DNS box goes down? Whoops, everything is on that box!
Re:PHB-Linux? (Score:2)
Re:PHB-Linux? (Score:1)
DB server
Mail server
DHCP, NAT server
Firewall
File Server
HTTP server
Its alot easier on your users when ONE machine is down, instead of all 5 or 10.
The old consulting company had everything loaded on one box, so when one thing had to be updated, changed, or restarted, it fucked everything else up.
Now, if the accounting software company shows up in the middle of the day, wanting to install an update, we don't have to knock mail etc offline also.
Sun Cobalt (Score:1)
SuSE (Score:1)
Re:SuSE (Score:1)
Not Just PHB (Score:2)
Unfortunately it seems the single-purpose distros are almost always commercial. Cobalt produces a very nice www-only distro, with easy-to-use FORMs based configuration, and so on. But you have to buy their Cobalt hardware to get their software. Similarly you can get a nicely packaged caching proxy server built upon Squid from Swelltech, but it only comes bundled with Swelltech's hardware.
Debian was making some progress towards creating a single distribution that could be "tasked" into a single purpose. It was almost at the point where you could go "apt-get install task-mail-server" followed by "apt-get install harden" and you would have a sufficiently locked down mail server. Sadly it seems this progress has slowed. I daresay the sheer size of Debian makes it difficult to build integrated environments of comparable quality to the Cobalts of the world.
I honestly look forward to the day when there is a good range of free single-purpose distros. I won't complain if my DNS server doesn't have a C compiler or if my SMTP server can't run X clients. I've already got access to dozens of general-purpose distros that can do 100s of tasks. What I want is a server that doesn't occupy my time to administer: I want to set it and forget it. I'm not getting that level of ease-of-use from the Gotta Do It All distros.
Commercial Distributions (Score:3, Informative)
Hope this helps you sell a linux solution
Great business opportunity! (Score:1)
Build your own little homemade distro with a custom kernel, strip it down to the bare minimum drivers for whatever hardware the ibm, compaq, and dell servers have, call it "DNS-OS for Dell PowerEdge 1200", FTP-OS for
Your clueless PHB will no longer be frightened and confused by running ftp and http servers on the same machine! (THE SECRET IS CALL IT ANYTHING BUT LINUX BECAUSE THEY ARE SCARED OF SUPPOSEDLY UNSUPPORTED SYSTEMS)
Also have a mini x window system running
a gui for shutting down and configuring the system. (ie instead of gnomestart or kdestart run mydnsconfig or whatever on x startup) no bloat!
or just use microwindows.
And of course, use that graphic program that covers up the horrifying kernel boot messages that people are scared of.
Oh yeah, and if you use my ideas, I have them Patented^TM
Great idea (Score:1)
I don't know if general release special distro's are the way to go for hardware complexity reasons. It might be better to go with custom installs that are sold only with bundled hardware, but that hardware needs to be cheap.
Also, I'd like to see more attention paid to getting good specialty distros for SBUS based Sparcstations. These machines tend to be very cheap. A Sparc2 maxs a great low volume server, and a relatively maxed out configuration will only set you back $75. A max out IPX is even less. A midrange Sparc10 (with dual or quad processors) is only going to cost you a little over $100. Don't be fooled by low CPU clocks, most Sparc based Suns can play MP3s (although a lot of the lowend ones also only have 8bit audio). But, old intel stuff is cheap also. What really makes old Suns appropriate for small server tasks is the fact that so much hardware is supported by firmware drivers (Intel people think bios calls, except this isn't super slow like Intel bioses), so hardware configuration consists of plugging in your new card (for SCSI and network cards at least) and having the kernel automatically notice it. That's it. No messy IRQs. No PnP that works badly. No wierd addressline problems. Nothing. It just works.
I think that PCI suns are going to be more problematic here, mainly because Sun specific PCI cards cost a fortune, and if you use PC PCI cards you start running into the same old wierd hardware problems (but not as severely at least).
hmm duh what does Cobalt run? (Score:1)
I believe the name is Chili by Sun of all places..
Remember A certified MS person is like a Testing Students or Teachers with leading questions..doesn't add to the US GNP or add to our intellignece
The mkserv command (Score:1)
It seems like mainstream GNU/Linux could really use a command like this, the services equivalent of apt-get. This would seem to make much more sense than having a different distribution of the operating system for every service, especially since mkserv allows you to configure multiple services.