CentOS - Oct 2014 - Centos7 Annoyances

Folks

I'm sure the Centos team has done a yeoman's job getting Centos7 
ready, and that the Redhat team has done marvels in creating rhel7, 
but here's a little voice from a personal hobbyist user.

Background:
  ('ve been maintaining several remote servers since Redhat 6 days, 
migrating from that to Whitebox, then Centos, and things have been 
running as expected including the current version of Centos6.  As an 
experiment, I've tried to play with Centos7 on an in-house virtual 
machine (VMWare on Win7), and have encountered a collection of 
annoyances greater than I've even seen.  Below is a note about 
them.  If someone has some elegant solution, I'd love to try, but 
Centos7 is still unusable for me.

1:  Firewall changes
  The change in firewall technology forced a complete re-do of my 
scripts which maintain firewalls, respond to attacks, etc.  I think 
I've programmed my way around the issues, but it wasn't easy.

2:  Apache changes
  These were subtle, but again were solved.

3:  Service -> systemd
  The change from object-oriented view of service:  (service httpd 
restart) to function-oriented (systemctl restart firewall) seems to 
be unnecessary, and counter to the way stuff is generally done in the 
modern world.  Nonetheless, it was possible to solve that with some 
adaptive script programming.

4) Something with Unknown lvalue 'ControlGroup' in section
'Service'
  I don't know what to do with this.  I constantly get the diagnostic:
    [/usr/lib/systemd/system/rtkit-daemon.service:32] Unknown lvalue 
'ControlGroup' in section 'Service'
  and attempts to browse the internet for solutions come across 
barriers that require some paid subscription to view.  This is 
currently a progress-stopper.  The messages I see deal with boinc, 
which does not show up on my system using "rpm -qa | grep -i boinc".

5) Sendmail is out, postfix is in.
  This is a huge change, since I had lots of scripts that tailored 
the Sendmail system for spam protection, dealing with SmartHosts that 
required SMTP-AUTH and others required weird configurations, 
etc.  Whether this is working yet I don't quite know, but it seems 
the scripts can accommodate the change.

6) Installation
  I have no idea why, when using the net-install, one must explicitly 
turn on the network.  It seems unnecessary.

7) Lack of 32-bit support
  I think I understand this.  After all, 32-bit machines may become 
"unusable" when the clock overflows, but isn't that a few years
away,
and couldn't some solution be found, even if kludgy?  Some of the 
32-bit hardware was of very high quality, and still runs 
perfectly.  I'd hate to spend a few hundred dollars each to replace 
all those systems.

8) And more
  ...



I haven't got a server or desktop running to my satisfaction yet, so 
I don't yet know what pitfalls await.  Any advice would be appreciated.

David in San Francisco

On 10/31/2014 01:45 AM, david wrote:
> Folks
>
> I'm sure the Centos team has done a yeoman's job getting Centos7
ready,
> and that the Redhat team has done marvels in creating rhel7, but here's
> a little voice from a personal hobbyist user.
>
> Background:
>   ('ve been maintaining several remote servers since Redhat 6 days,
> migrating from that to Whitebox, then Centos, and things have been
> running as expected including the current version of Centos6.  As an
> experiment, I've tried to play with Centos7 on an in-house virtual
> machine (VMWare on Win7), and have encountered a collection of
> annoyances greater than I've even seen.  Below is a note about them. 
If
> someone has some elegant solution, I'd love to try, but Centos7 is
still
> unusable for me.
>
> 1:  Firewall changes
>   The change in firewall technology forced a complete re-do of my
> scripts which maintain firewalls, respond to attacks, etc.  I think
I've
> programmed my way around the issues, but it wasn't easy.
I used Shorewall on 5.x and 6.x so on 7.x I just disabled firewalld and 
installed shorewall. Btw. I haven't even tried to learn firewalld, to 
confusing and too lite time to waste.
>
> 2:  Apache changes
>   These were subtle, but again were solved.
>
> 3:  Service -> systemd
>   The change from object-oriented view of service:  (service httpd
> restart) to function-oriented (systemctl restart firewall) seems to be
> unnecessary, and counter to the way stuff is generally done in the
> modern world.  Nonetheless, it was possible to solve that with some
> adaptive script programming.
For me "service httpd restart" works just fine, automatic conversion 
works like a charm. I do get informed what command was run, but it DOES 
it's job.

>
> 4) Something with Unknown lvalue 'ControlGroup' in section
'Service'
>   I don't know what to do with this.  I constantly get the diagnostic:
>     [/usr/lib/systemd/system/rtkit-daemon.service:32] Unknown lvalue
> 'ControlGroup' in section 'Service'
>   and attempts to browse the internet for solutions come across barriers
> that require some paid subscription to view.  This is currently a
> progress-stopper.  The messages I see deal with boinc, which does not
> show up on my system using "rpm -qa | grep -i boinc".
>
> 5) Sendmail is out, postfix is in.
>   This is a huge change, since I had lots of scripts that tailored the
> Sendmail system for spam protection, dealing with SmartHosts that
> required SMTP-AUTH and others required weird configurations, etc.
> Whether this is working yet I don't quite know, but it seems the
scripts
> can accommodate the change.
I have been using Postfix from 5.x. The fact that you chose to use 
obsolete (from Red Hat's point of view) software should be on no one but 
you.
>
> 6) Installation
>   I have no idea why, when using the net-install, one must explicitly
> turn on the network.  It seems unnecessary.
>
> 7) Lack of 32-bit support
>   I think I understand this.  After all, 32-bit machines may become
> "unusable" when the clock overflows, but isn't that a few
years away,
> and couldn't some solution be found, even if kludgy?  Some of the
32-bit
> hardware was of very high quality, and still runs perfectly.  I'd hate
> to spend a few hundred dollars each to replace all those systems.
>
> 8) And more
I would add idiotic Gnome 3 that does not have right click menu for 
creating launchers (copying .desktop files from /usr/share/applications? 
works like a charm but you need to create them manually for every 
launcher) and inability to place launchers and icons on top panel as 
infuriating.

Gnome extensions from Tweak Tool are very helpful in making Gnome 3 like 
home. I use about 10 of them. Adding Start Launcher tool is one of them.
>   ...
>
>
>
> I haven't got a server or desktop running to my satisfaction yet, so I
> don't yet know what pitfalls await.  Any advice would be appreciated.
>
> David in San Francisco
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

-- 

Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe

Google is the Mother, Google is the Father, and traceroute is your
trusty Spiderman...
StarOS, Mikrotik and CentOS/RHEL/Linux consultant

On 10/31/2014 01:45 PM, david wrote:
> 1:  Firewall changes
>  The change in firewall technology forced a complete re-do of my scripts
> which maintain firewalls, respond to attacks, etc.  I think I've
> programmed my way around the issues, but it wasn't easy.
It's trivial to disable firewalld then all your old scripts will work
just fine with iptables, just like they always have.
> 2:  Apache changes
>  These were subtle, but again were solved.
New version of apache, there have always been config changes between
versions.
> 3:  Service -> systemd
>  The change from object-oriented view of service:  (service httpd
> restart) to function-oriented (systemctl restart firewall) seems to be
> unnecessary, and counter to the way stuff is generally done in the
> modern world.  Nonetheless, it was possible to solve that with some
> adaptive script programming.
The service command still works as a wrapper around systemctl.
chkconfig won't work, but you probably won't be scripting that anyways.
 Other than that, I don't like systemd much either, but that topic has
been talked to death.
> 4) Something with Unknown lvalue 'ControlGroup' in section
'Service'
>  I don't know what to do with this.  I constantly get the diagnostic:
>    [/usr/lib/systemd/system/rtkit-daemon.service:32] Unknown lvalue
> 'ControlGroup' in section 'Service'
>  and attempts to browse the internet for solutions come across barriers
> that require some paid subscription to view.  This is currently a
> progress-stopper.  The messages I see deal with boinc, which does not
> show up on my system using "rpm -qa | grep -i boinc".
I have no idea bout this.  Feel free to check bugzilla, and/or file a
bug report.
> 5) Sendmail is out, postfix is in.
>  This is a huge change, since I had lots of scripts that tailored the
> Sendmail system for spam protection, dealing with SmartHosts that
> required SMTP-AUTH and others required weird configurations, etc. 
> Whether this is working yet I don't quite know, but it seems the
scripts
> can accommodate the change.
yum remove postfix && yum install sendmail

Sendmail is still there, it's just not the default.  If you prefer
sendmail then by all means use it.
> 7) Lack of 32-bit support
>  I think I understand this.  After all, 32-bit machines may become
> "unusable" when the clock overflows, but isn't that a few
years away,
> and couldn't some solution be found, even if kludgy?  Some of the
32-bit
> hardware was of very high quality, and still runs perfectly.  I'd hate
> to spend a few hundred dollars each to replace all those systems.
I can understand this from RedHat's perspective, CentOS is workign on a
32 bit build, but it takes time.


Peter

On Thu, Oct 30, 2014 at 05:45:58PM -0700, david wrote:
> Folks
> 
> I'm sure the Centos team has done a yeoman's job getting Centos7
> ready, and that the Redhat team has done marvels in creating rhel7,
> but here's a little voice from a personal hobbyist user.
> 
> Background:
>  ('ve been maintaining several remote servers since Redhat 6 days,
> migrating from that to Whitebox, then Centos, and things have been
> running as expected including the current version of Centos6.  As an
> experiment, I've tried to play with Centos7 on an in-house virtual
> machine (VMWare on Win7), and have encountered a collection of
> annoyances greater than I've even seen.  Below is a note about them.
> If someone has some elegant solution, I'd love to try, but Centos7
> is still unusable for me.
> 
<snip>
> 5) Sendmail is out, postfix is in.
>  This is a huge change, since I had lots of scripts that tailored
> the Sendmail system for spam protection, dealing with SmartHosts
> that required SMTP-AUTH and others required weird configurations,
> etc.  Whether this is working yet I don't quite know, but it seems
> the scripts can accommodate the change.
FYI, you can install sendmail, it's still available if you want it,
it is just no longer the default:

	yum install sendmail

someday when I move my home system (combined workstation, play-on-it
system, and server) to EL7 I'll be installing Sendmail, simply because
I want to "leverage" all the pain I went through over the years to
create my own sendmail.mc file, and don't feel like going thru it
again with another MTA.
> 
> 6) Installation
>  I have no idea why, when using the net-install, one must explicitly
> turn on the network.  It seems unnecessary.
I have quibbles with the new installer, and that's only a small-ish
one. I think a "guided" install (like the old Anaconda) is much better
because you don't have to guess what should be done next.
> 
> 7) Lack of 32-bit support
>  I think I understand this.  After all, 32-bit machines may become
> "unusable" when the clock overflows, but isn't that a few
years
> away, and couldn't some solution be found, even if kludgy?  Some of
> the 32-bit hardware was of very high quality, and still runs
> perfectly.  I'd hate to spend a few hundred dollars each to replace
> all those systems.
I believe there are people working on this, it's just not yet ready
for prime time. It's probably harder than it would have been simply
becauase RH did not provide the info/scripts/tools for doing a 32-bit
build.

<snip>

-- 
---- Fred Smith -- fredex at fcshome.stoneham.ma.us
-----------------------------
                    The Lord detests the way of the wicked 
                  but he loves those who pursue righteousness.
----------------------------- Proverbs 15:9 (niv) -----------------------------

On Thu, Oct 30, 2014 at 05:45:58PM -0700, david wrote:
> 1:  Firewall changes
Remove firewalld; install iptables.  Problem solved.  This has been
discussed ad nauseum on this list recently.
> 2:  Apache changes
Not RedHat specific issues; that's just progress from upstream.
> 3:  Service -> systemd
This one _is_ nasty; it means you didn't properly use upstart in RH6,
but then again who did?  We all stuck with standard init scripts :-)
> 5) Sendmail is out, postfix is in.
Only a default; sendmail is still there to install if you need it.
> 7) Lack of 32-bit support
>  I think I understand this.  After all, 32-bit machines may become 
> "unusable" when the clock overflows, but isn't that a few
years away,
You've misunderstood kernel support and "type" support.  We've
had 64bit
filesizes for many years on 32bit kernels.  Changing time_t to 64bits
is independent of the hardware being 32 or 64 bit.

Basically, RHEL is Enterprise (the E); very very few enterprises have
32bit machines any more.

-- 

rgds
Stephen

On 10/30/2014 07:45 PM, david wrote:
> Folks
> 
> I'm sure the Centos team has done a yeoman's job getting Centos7
ready,
> and that the Redhat team has done marvels in creating rhel7, but here's
> a little voice from a personal hobbyist user.
> 
> Background:
>  ('ve been maintaining several remote servers since Redhat 6 days,
> migrating from that to Whitebox, then Centos, and things have been
> running as expected including the current version of Centos6.  As an
> experiment, I've tried to play with Centos7 on an in-house virtual
> machine (VMWare on Win7), and have encountered a collection of
> annoyances greater than I've even seen.  Below is a note about them. 
If
> someone has some elegant solution, I'd love to try, but Centos7 is
still
> unusable for me.
> 
> 1:  Firewall changes
>  The change in firewall technology forced a complete re-do of my scripts
> which maintain firewalls, respond to attacks, etc.  I think I've
> programmed my way around the issues, but it wasn't easy.
> 
> 2:  Apache changes
>  These were subtle, but again were solved.
> 
> 3:  Service -> systemd
>  The change from object-oriented view of service:  (service httpd
> restart) to function-oriented (systemctl restart firewall) seems to be
> unnecessary, and counter to the way stuff is generally done in the
> modern world.  Nonetheless, it was possible to solve that with some
> adaptive script programming.
> 
> 4) Something with Unknown lvalue 'ControlGroup' in section
'Service'
>  I don't know what to do with this.  I constantly get the diagnostic:
>    [/usr/lib/systemd/system/rtkit-daemon.service:32] Unknown lvalue
> 'ControlGroup' in section 'Service'
>  and attempts to browse the internet for solutions come across barriers
> that require some paid subscription to view.  This is currently a
> progress-stopper.  The messages I see deal with boinc, which does not
> show up on my system using "rpm -qa | grep -i boinc".
> 
> 5) Sendmail is out, postfix is in.
>  This is a huge change, since I had lots of scripts that tailored the
> Sendmail system for spam protection, dealing with SmartHosts that
> required SMTP-AUTH and others required weird configurations, etc. 
> Whether this is working yet I don't quite know, but it seems the
scripts
> can accommodate the change.
> 
> 6) Installation
>  I have no idea why, when using the net-install, one must explicitly
> turn on the network.  It seems unnecessary.
> 
> 7) Lack of 32-bit support
>  I think I understand this.  After all, 32-bit machines may become
> "unusable" when the clock overflows, but isn't that a few
years away,
> and couldn't some solution be found, even if kludgy?  Some of the
32-bit
> hardware was of very high quality, and still runs perfectly.  I'd hate
> to spend a few hundred dollars each to replace all those systems.
> 
> 8) And more
NOTE:

You can continue to use CentOS-6 until 2020 ... CentOS-7 is an option,
not at all required for 6 more years.




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.centos.org/pipermail/centos/attachments/20141031/c20f8785/attachment-0002.sig>

david <david at daku.org> writes:
> I'm sure the Centos team has done a yeoman's job getting Centos7
> ready, and that the Redhat team has done marvels in creating rhel7,
> but here's a little voice from a personal hobbyist user.
I'm not sure why you're voicing these here.  Since CentOS matches RHEL
bug-for-bug, you'd stand a better chance of getting your voice heard by
talking to Red Hat.
> If someone has some elegant solution, I'd love to try, but Centos7 is
> still unusable for me.
Define "unusable".  Clearly it's objectively untrue that it's
"unusable"
because many people are in fact using it.
> 1:  Firewall changes
>  The change in firewall technology forced a complete re-do of my
> scripts which maintain firewalls, respond to attacks, etc.  I think
> I've programmed my way around the issues, but it wasn't easy.
So...you've already done the work to adapt your current setup.  
> 2:  Apache changes
>  These were subtle, but again were solved.
Not sure what you're referring to here, but again, you've already done
the work.
> 3:  Service -> systemd
>  The change from object-oriented view of service:  (service httpd
> restart) to function-oriented (systemctl restart firewall) seems to be
> unnecessary, and counter to the way stuff is generally done in the
> modern world.  Nonetheless, it was possible to solve that with some
> adaptive script programming.
systemd, like it or not, appears to be the current future of Linux, with
essentially every distribution adopting it.  I can't say I'm a huge fan
of this trend, but it is what it is.  And again, you've already done the
work.
> 4) Something with Unknown lvalue 'ControlGroup' in section
'Service'
>  I don't know what to do with this.  I constantly get the diagnostic:
>    [/usr/lib/systemd/system/rtkit-daemon.service:32] Unknown lvalue
> ControlGroup' in section 'Service'
>  and attempts to browse the internet for solutions come across
> barriers that require some paid subscription to view.  This is
> currently a progress-stopper.  The messages I see deal with boinc,
> which does not show up on my system using "rpm -qa | grep -i
boinc".
A quick glance at https://bugzilla.redhat.com/show_bug.cgi?id=999986
makes this look to be primarily a logging issue.  Obviously it should
get fixed, since it's a bug, but I don't understand why this is a
"progress-stopper".  Or am I misreading?
> 5) Sendmail is out, postfix is in.
>  This is a huge change, since I had lots of scripts that tailored the
> Sendmail system for spam protection, dealing with SmartHosts that
> required SMTP-AUTH and others required weird configurations, etc.
> Whether this is working yet I don't quite know, but it seems the
> scripts can accommodate the change.
# yum install sendmail{,-cf,-doc}
> 6) Installation
>  I have no idea why, when using the net-install, one must explicitly
> turn on the network.  It seems unnecessary.
That's a fair point, but presumably one Red Hat would have to answer.
> 7) Lack of 32-bit support
>  I think I understand this.  After all, 32-bit machines may become
> "unusable" when the clock overflows, but isn't that a few
years away,
> and couldn't some solution be found, even if kludgy?  Some of the
> 32-bit hardware was of very high quality, and still runs perfectly.
> I'd hate to spend a few hundred dollars each to replace all those
> systems.
As far as I know, there's no solution to be found.  The 32-bit address
space is just too small.  Wikipedia says that 64-bit processors have
been around since 1961, though for most uses (i.e., Intel/AMD) they only
became practical starting in 2003, which is still over a decade ago.

Practically speaking, at some point you'll inevitably have to replace
those systems anyway.  Wouldn't you rather do it on a planned schedule
than as disaster recovery when something fails?  When doing so, you
might as well go to 64-bit.
> 8) And more
Don't know what this means.
> I haven't got a server or desktop running to my satisfaction yet, so I
> don't yet know what pitfalls await.  Any advice would be appreciated.
My advice is to read the documentation.