Nevis Linux Distribution Status

What's changing

I received an e-mail from the Fedora Legacy project; here's the key paragraph from that message. Basically, the Fedora Legacy project is shutting down.

The way things worked before this: Redhat (and later Fedora) would release a free version of their Linux, and would support it for about 18 months. The Fedora Legacy project would pick up the release at that point, and would supply security patches and critical bug fixes for another 18 months. This would give each release a "lifetime" of about 3 years.

With Fedora Legacy shutting down, this gives each new Fedora Core release a lifetime of 18 months. My impression is that this may be too short a lifetime for our work at Nevis; every new release brings issues with library incompatibilities, new GCC versions, etc. (Misha Leltchouk can tell you about all the problems we've had getting the ATLAS Athena software to work on Fedora Core 3.)

Why Fedora Core?

I chose the Fedora Core distribution for use at Nevis for the following reasons:

The ATLAS folks would be content with CERN Scentific Linux; the D0 group might prefer Scientific Linux Fermi; I'm not sure which flavors the DOE or Auger groups would like. Fedora Core seemed a reasonable compromise between the needs of the different research groups.
The Scientific Linux distributions seemed slow to include drivers for the latest hardware. I once tried to install CERN Scientific Linux 3 on a laptop, and got into problems with the screen drivers; Fedora Core 1 worked just fine. The Fedora Core distribution seemed ideal for those folks who'd first buy a desktop/laptop with all the latest hardware, and then ask me to install Linux on it.

What to do?

Short term

In past month or so, I've worked on upgrading all the remaining systems running Redhat 9 to Fedora Core 4 or 6. It will take another few days to finish up. I plan to finish this work.

Long term

Here are some alternatives:

Move to Scientific Linux (the base distribution, not the FNAL- or CERN-specific ones). When I look at their roadmap, I see that Scientific Linux 5 will be released in the first quarter of 2007, and will be supported until Oct-2010.
The advantages:
- It means that we don't rush into anything. A lot can happen in three months; perhaps someone else will pick up the Fedora Legacy work.
- We'd be working with a distribution that's fairly close to what at least two big labs use: FNAL and CERN.
The disadvantages:
- It may be pushing it to rush to SL5; e.g., the ATLAS Athena group probably doesn't want to think about SLC5 until after the beam turns on. SL4, with a little less than two more years of support, may be enough.
- There still may be support issues for the latest hardware; e.g., SL4 may not be able to handle 802.11n wireless cards in laptops (or maybe it can; I don't know).
We continue to work with the supported versions of Fedora Core, which means relatively frequent OS upgrades; every box would be upgraded at least once every 18 months.
The assumption here is that the standardized compilers and other tools I try to maintain would be enough to keep us from revising our code and scripts for every OS upgrade.
The primary reason for active OS support is security patches. We can reduce the risk and the need for active security patches by moving the Nevis systems behind a gateway (the "BNL" approach). To access most systems from outside Nevis, you'd have to ssh to the gateway, then ssh to the system you wanted.
A few Nevis systems (the gateway, the web server, the mail server) that were "visible" to the outside world would require frequest Fedora Core upgrades; the rest could stay as they are.
This is the option that the Auger chose for a couple of their boxes that had to remain at Redhat 9.
The advantage of this approach is that "things don't change"; there's a value to stability.
The disadvantages: It's a pain to have to login twice (although there are ways to work around this with scripts). File transfers and other activities all have to go through the gateway computer. If the gateway computer were to go off-line (e.g., for an OS upgrade), no one could login to Nevis from the outside (we could solve this issue by having more than one gateway).
We spend the money and buy licenses for Redhat Enterprise Linux. This gets us up to seven years of support for whatever distribution we pick.
The only advantage I see to this approach is the relative stability it would provide for our systems.
The disadvantages: It could wind up costing a lot of money; my last estimate ranged from $1000-$7000. The hardware support issue would remain, and would grow worse over the years if we stuck with one release. I'm not happy with Redhat's model for applying patches, which requires someone to sit at the box and click on an icon; the existing Nevis cluster has patches applied automatically.

My own preference keeps wavering between options 1 and 2. Let me know what you think.