[gentoo-server] Wanted: Gentoo Enterprise Server success stories

[gentoo-server] Wanted: Gentoo Enterprise Server success stories

[Pandu Poluan]

Hello!

Does anyone in this list has a 'Gentoo server success story'?
Especially Gentoo in the Enterprise.

C'mon, let's see some love for ol' Gentoo :)

(If your story is particularly great, I'll contact you personally to
put your story in a blog of mine)

Rgds,


-- 
--
Pandu E Poluan - IT Optimizer
My website: http://pandu.poluan.info/

Re: [gentoo-server] Wanted: Gentoo Enterprise Server success stories

[Mark Shields]

[-- Attachment #1: Type: text/plain, Size: 1344 bytes --]

At my former place of employment as a field technician/server admin, I
convinced my boss to sell Gentoo-based servers.  I built just two before I
left:  both operated as a samba server, with one of them also doubling as an
OpenVPN server.

Both were running Gentoo 64-bit on dual-core Athlon II X250 with 4 GB of
RAM.  One of the servers had dual 3 TB drives running RAID 1 (using dmraid)
for the extra storage the company needed.  The one doubled that also was
OpenVPN (opposite of the dual 3 TB drives) was setup for a
lawyer/congresswoman to be able to securely work wherever they were.

I also successfully use Gentoo (32-bit) for hosting two VPS with Linode; one
runs a motorcycle enthuasist site (http://zzrbikes.com), the other runs my
personal site and my girlfriend's photo blog.

I've been using Gentoo for six years now on servers, and I would rather use
nothing else.

- Mark Shields


On Sun, Aug 21, 2011 at 1:24 AM, Pandu Poluan <pandu@poluan.info> wrote:

> Hello!
>
> Does anyone in this list has a 'Gentoo server success story'?
> Especially Gentoo in the Enterprise.
>
> C'mon, let's see some love for ol' Gentoo :)
>
> (If your story is particularly great, I'll contact you personally to
> put your story in a blog of mine)
>
> Rgds,
>
>
> --
> --
> Pandu E Poluan - IT Optimizer
> My website: http://pandu.poluan.info/
>
>

[-- Attachment #2: Type: text/html, Size: 1900 bytes --]

Re: [gentoo-server] Wanted: Gentoo Enterprise Server success stories

[Vladimir Rusinov]

[-- Attachment #1: Type: text/plain, Size: 532 bytes --]

On Sun, Aug 21, 2011 at 10:24 AM, Pandu Poluan <pandu@poluan.info> wrote:

> Hello!
>
> Does anyone in this list has a 'Gentoo server success story'?
> Especially Gentoo in the Enterprise.
>
> C'mon, let's see some love for ol' Gentoo :)
>
> (If your story is particularly great, I'll contact you personally to
> put your story in a blog of mine)
>

NASDAQ uses Gentoo or something Gentoo-based.

Personally, I've been working with social game project running on several
gentoo servers.

-- 
Vladimir Rusinov
http://greenmice.info/

[-- Attachment #2: Type: text/html, Size: 936 bytes --]

Re: [gentoo-server] Wanted: Gentoo Enterprise Server success stories

[Alessandro Storti Gajani]

Hi!

I run the network and the servers in a departement of Politecnico di
Milano (an university for engineers and architects).
All my servers are Gentoo based.
I have 4 Xen servers with Gentoo on Dom0 and many other Gentoo DomUs.
I also installed Gentoo on barebone hardware for my firewall, mail
server and Nagios, recycling for the latter some old hardware I had.

Well, it's working like a charm and I seldom have ditribution-related
issues. Ok, unless I mess up ;)

regards



On 08/21/2011 08:24 AM, Pandu Poluan wrote:
> Hello!
> 
> Does anyone in this list has a 'Gentoo server success story'?
> Especially Gentoo in the Enterprise.
> 
> C'mon, let's see some love for ol' Gentoo :)
> 
> (If your story is particularly great, I'll contact you personally to
> put your story in a blog of mine)
> 
> Rgds,
> 
> 

-- 
Alessandro Storti Gajani
Politecnico di Milano - Dipartimento di Ingegneria Strutturale

E-Mail: alex@stru.polimi.it
	alessandro.stortigajani@polimi.it

Tel. +39 02 2399 4313

		Marching down the left hand path...

RE: [gentoo-server] Wanted: Gentoo Enterprise Server success stories

[Wilkins, Vern W]

[-- Attachment #1: Type: text/plain, Size: 1551 bytes --]

Used for my personal website.  I run Piwigo (photogallery) and Wordpress on Lighttpd/PHP/MySQL.  In the past I’ve also run Gallery, Drupal, and Apache.  Wouldn’t consider anything else for my own site.  I work in a large enterprise and Red Hat is pretty much a standard here.  We have an enterprise contract so that levels the playing field somewhat, as we don’t pay for anything at the department level.  Also, many of the enterprise applications that we run only come as rpm’s or debs that are only supported on specific distributions.  The vast majority of our servers also run in a virtual environment now.  None of those factors preclude using Gentoo, but they definitely make it more difficult to justify its use.

Vern


From: vladimir@greenmice.info [mailto:vladimir@greenmice.info] On Behalf Of Vladimir Rusinov
Sent: Sunday, October 09, 2011 7:38 AM
To: gentoo-server@lists.gentoo.org
Subject: Re: [gentoo-server] Wanted: Gentoo Enterprise Server success stories


On Sun, Aug 21, 2011 at 10:24 AM, Pandu Poluan <pandu@poluan.info<mailto:pandu@poluan.info>> wrote:
Hello!

Does anyone in this list has a 'Gentoo server success story'?
Especially Gentoo in the Enterprise.

C'mon, let's see some love for ol' Gentoo :)

(If your story is particularly great, I'll contact you personally to
put your story in a blog of mine)

NASDAQ uses Gentoo or something Gentoo-based.

Personally, I've been working with social game project running on several gentoo servers.

--
Vladimir Rusinov
http://greenmice.info/

[-- Attachment #2: Type: text/html, Size: 4790 bytes --]

AW: [gentoo-server] Wanted: Gentoo Enterprise Server success stories

[Zemke, Kai]

Hi there,

Currently every server we run in our datacenter is gentoo driven.
From our Bind nameservers ( one of the has a uptime of 897 days by now ) to several mysql database servers, xen cluster with livemigration, ietd iscsi targets, apache webserver, radius, postfix mailservers with pop3 and imap postboxes for several hundred clients and syslog server.
Everyone single one of them is running in mission critical under enterprise circumstances. A lot is virtualized with xen and its pure joy being able to livemigrate several virtual hosts from A to B without any service disturbance. Maintaining these server is pure fun. Im just convinced that Gentoo is made for datacenters ;) Well of course managing all these portage trees and keeping software up to date can keep you busy for some time but I assume that this is not different to any other distri. 

Especially the fact that I was able to turn off 5 physical servers because their tasks are now managed on the xen cluster was impressive.
I'm also using Gentoo on my companies workstation. I just feel that I can't work as nearly as effective with windows as I do with Gentoo Linux.

Larry the cow is happy ;) 

With kind regards
Kai Zemke

-----Ursprüngliche Nachricht-----
Von: Pandu Poluan [mailto:pandu@poluan.info] 
Gesendet: Sonntag, 21. August 2011 08:25
An: Gentoo-server@lists.gentoo.org
Betreff: [gentoo-server] Wanted: Gentoo Enterprise Server success stories

Hello!

Does anyone in this list has a 'Gentoo server success story'?
Especially Gentoo in the Enterprise.

C'mon, let's see some love for ol' Gentoo :)

(If your story is particularly great, I'll contact you personally to put your story in a blog of mine)

Rgds,


--
--
Pandu E Poluan - IT Optimizer
My website: http://pandu.poluan.info/

Re: [gentoo-server] Wanted: Gentoo Enterprise Server success stories

[Jonny Kent]

[-- Attachment #1: Type: text/plain, Size: 1195 bytes --]

On Sat, Aug 20, 2011 at 11:24 PM, Pandu Poluan <pandu@poluan.info> wrote:

> Hello!
>
> Does anyone in this list has a 'Gentoo server success story'?
> Especially Gentoo in the Enterprise.
>
> C'mon, let's see some love for ol' Gentoo :)
>
> (If your story is particularly great, I'll contact you personally to
> put your story in a blog of mine)
>
> Rgds,
>
>
> --
> --
> Pandu E Poluan - IT Optimizer
> My website: http://pandu.poluan.info/
>
> We have been using gentoo hardened  server successfully since 2007 for our
LAMP web server which serves 25 web sites at an educational institution.
Most of the sites are fairly low traffic but one of the student sites that
advertises an annual music festival gets around 2 million hits per day when
the festival is on. The great advantage of Gentoo for  our situation is that
the install is minimal with only what is needed being installed, customized
to the needs. This reduces upgrades for packages that aren't required but
sometimes come without asking on other distros.  The other great thing is
package management. dispatch-config is a really great tool to prevent
breakages on upgrades. Thanks to all the gentoo team for a great
distibution!

[-- Attachment #2: Type: text/html, Size: 1595 bytes --]

Re: AW: [gentoo-server] Wanted: Gentoo Enterprise Server success stories

[Norman Rieß]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

sorry to interrupt this thread, but this probably means, you did not
perform any kernel updates on that machine for over two years and
therefore the system is vulnarable to some kernel bugs which where
discovered during this time. On a DNS machine a privilege escalation bug
is even more severe. I strongly recommend to secure this machine.

Regards,
Norman




On 10/12/11 14:52, Zemke, Kai wrote:
> Hi there,
> 
> Currently every server we run in our datacenter is gentoo driven.
> From our Bind nameservers ( one of the has a uptime of 897 days by now ) to several mysql database servers, xen cluster with livemigration, ietd iscsi targets, apache webserver, radius, postfix mailservers with pop3 and imap postboxes for several hundred clients and syslog server.
> Everyone single one of them is running in mission critical under enterprise circumstances. A lot is virtualized with xen and its pure joy being able to livemigrate several virtual hosts from A to B without any service disturbance. Maintaining these server is pure fun. Im just convinced that Gentoo is made for datacenters ;) Well of course managing all these portage trees and keeping software up to date can keep you busy for some time but I assume that this is not different to any other distri. 
> 
> Especially the fact that I was able to turn off 5 physical servers because their tasks are now managed on the xen cluster was impressive.
> I'm also using Gentoo on my companies workstation. I just feel that I can't work as nearly as effective with windows as I do with Gentoo Linux.
> 
> Larry the cow is happy ;) 
> 
> With kind regards
> Kai Zemke
> 
> -----Ursprüngliche Nachricht-----
> Von: Pandu Poluan [mailto:pandu@poluan.info] 
> Gesendet: Sonntag, 21. August 2011 08:25
> An: Gentoo-server@lists.gentoo.org
> Betreff: [gentoo-server] Wanted: Gentoo Enterprise Server success stories
> 
> Hello!
> 
> Does anyone in this list has a 'Gentoo server success story'?
> Especially Gentoo in the Enterprise.
> 
> C'mon, let's see some love for ol' Gentoo :)
> 
> (If your story is particularly great, I'll contact you personally to put your story in a blog of mine)
> 
> Rgds,
> 
> 
> --
> --
> Pandu E Poluan - IT Optimizer
> My website: http://pandu.poluan.info/
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJOnBTVAAoJEMCA6frkLT6zvyYH/R7BR0pmBzB1E/RYivNYUqKy
gl/g40F4NC1PD/at8mKWsQ/JisbrJMjXEIJuWpAZj4U5TMVmGrJ5RkvOThN9/u+T
nWWhPuBWadMLdZYsrOQnIuGm4mc3qJT4W1l8cHsjua0AJN7Vohuw7/U4l5qgzwvU
JKlE8lZYRiCUpj5sPsi2Wzn5Ay1AFmbBxkNo3pKJ78MepPwJ4ap2ZDqVIQJS/IPG
M1Of0apiGHaTDGx/FVUsKWum6kGyRq/RpyNFRCHmIjDSDxaWJ1oBZRs8bU9HBu0c
IF/SbF0Eg2G7zJBOohMLWzVjwH4W+jsjEZMdLlGU9ayADQ38Mi391kzHbNB9JHA=
=4Txd
-----END PGP SIGNATURE-----

Re: AW: [gentoo-server] Wanted: Gentoo Enterprise Server success stories

[Pandu Poluan]

[-- Attachment #1: Type: text/plain, Size: 2969 bytes --]

A preface first:

Lots of love for Gentoo, it seems :-)

I'm now positive in pushing a full-fledged Gentoo infrastructure in my
office (complete with Gentoo maintenance support VMs)

And, as I promised, I'll publish your stories in my blog (currently
undergoing migration from b2evo to TikiWiki).

> On 10/12/11 14:52, Zemke, Kai wrote:
> > Hi there,
> >
> > Currently every server we run in our datacenter is gentoo driven.
> > From our Bind nameservers ( one of the has a uptime of 897 days by now )
to several mysql database servers, xen cluster with livemigration, ietd
iscsi targets, apache webserver, radius, postfix mailservers with pop3 and
imap postboxes for several hundred  clients and syslog server.

On Oct 17, 2011 6:44 PM, "Norman Rieß" <norman@smash-net.org> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello,
>
> sorry to interrupt this thread, but this probably means, you did not
> perform any kernel updates on that machine for over two years and
> therefore the system is vulnarable to some kernel bugs which where
> discovered during this time. On a DNS machine a privilege escalation bug
> is even more severe. I strongly recommend to secure this machine.

That depends on what Kai meant with "uptime". Maybe he meant the VMs (he's
using Xen, after all) never needs a restart, but the BIND service still gets
regular update and the consequent service-restart.

> > Everyone single one of them is running in mission critical under
enterprise circumstances. A lot is virtualized with xen and its pure joy
being able to livemigrate several virtual hosts from A to B without any
service disturbance.

Xen or XenServer? Well, they're both Xen, anyways :-)

In my office I use XenServer, and Gentoo VMs on Xen(Server) truly are the
epitomes of stability. I had had 2 'U' servers froze after restart, 1 'A'
server went wacky after installing a package, and a 'D' server consuming CPU
for reasons unknown.

(Well, one Gentoo server indeed consumed CPU, too, but not surprising since
it's the gateway/firewall handling 5 (five!) WAN connections)

>> Maintaining these server is pure fun. Im just convinced that Gentoo is
made for datacenters ;) Well of course managing all these portage trees and
keeping software up to date can keep you busy for some time but I assume
that this is not different to any other distri.
> >

Indeed! It's a battle trying to get other distro's to have a local support
infra.

> > Especially the fact that I was able to turn off 5 physical servers
because their tasks are now managed on the xen cluster was impressive.
> > I'm also using Gentoo on my companies workstation. I just feel that I
can't work as nearly as effective with windows as I do with Gentoo Linux.
> >

How I wish I can do that :-(

Currently I'm forced to use Windows on the workstation because there are
some custom-made apps that can run only on Windows... *sigh*

[-- Attachment #2: Type: text/html, Size: 3351 bytes --]

Re: [gentoo-server] Wanted: Gentoo Enterprise Server success stories

[Brian Kroth]

[-- Attachment #1: Type: text/plain, Size: 595 bytes --]

Pandu Poluan <pandu@poluan.info> 2011-10-18 01:06:
<snip/>
>   > > Especially the fact that I was able to turn off 5 physical servers
>   because their tasks are now managed on the xen cluster was impressive.
>   > > I'm also using Gentoo on my companies workstation. I just feel that I
>   can't work as nearly as effective with windows as I do with Gentoo Linux.
>   > >
>
>   How I wish I can do that :-(
>
>   Currently I'm forced to use Windows on the workstation because there are
>   some custom-made apps that can run only on Windows... *sigh*

That's what KVM (or Xen) is for :)

Brian

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 197 bytes --]

Re: AW: [gentoo-server] Wanted: Gentoo Enterprise Server success stories

[Norman Rieß]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/17/11 20:06, Pandu Poluan wrote:
> 
> On Oct 17, 2011 6:44 PM, "Norman Rieß" <norman@smash-net.org
> <mailto:norman@smash-net.org>> wrote:
>>
>>
>> Hello,
>>
>> sorry to interrupt this thread, but this probably means, you did not
>> perform any kernel updates on that machine for over two years and
>> therefore the system is vulnarable to some kernel bugs which where
>> discovered during this time. On a DNS machine a privilege escalation bug
>> is even more severe. I strongly recommend to secure this machine.
> 
> That depends on what Kai meant with "uptime". Maybe he meant the VMs
> (he's using Xen, after all) never needs a restart, but the BIND service
> still gets regular update and the consequent service-restart.
> 

Every Xen VM is running its own kernel and needs to be restarted or
kexec'ed when this kernel is updated. If this is not the case, the VM is
vulnerable to kernel bugs just as any other physical system, even if the
host on which the VM is running is secure.
I assume BIND is updated and restarted as needed, but that is not enough.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJOnQrQAAoJEMCA6frkLT6z4hoH/ArwyLiXD548fBo4XkWzqybE
ATBSl2UPnKEvk68wWjR0eYR1hNu0KmRUF40vhNW305/lnxIoNXb9KRYrTd3UkK7O
USvVqs0cYt/Eh+kmpsFp+atcQcLwksskdKHfmSaaGb+VE25MDMWMebJEpfdUPGvV
kuoXeAvt0U3ZLoFoT4+6U+wOFYBXz3Zqf/nA/nuJ7zH/RnGVt+2JSKhwqFsg/QoG
lXNrZxEi3LIM9/S6XNC/jpJFQUW1sNbrEeqzmBDCLWNuXRxXgMoF9kuj+HKsXAB9
bnJhhlJEn89/9V3dI474tzyfJCzZSyJXXChT0Rh1xE30rVoUi2DExWbEe6HkDOY=
=NlNZ
-----END PGP SIGNATURE-----

Re: AW: [gentoo-server] Wanted: Gentoo Enterprise Server success stories

[Matt Thode]

[-- Attachment #1: Type: text/plain, Size: 1887 bytes --]

I'd love to be able to kexec/kspliced from a xen host.

On Oct 18, 2011, at 12:12 AM, Norman Rieß wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 10/17/11 20:06, Pandu Poluan wrote:
>> 
>> On Oct 17, 2011 6:44 PM, "Norman Rieß" <norman@smash-net.org
>> <mailto:norman@smash-net.org>> wrote:
>>> 
>>> 
>>> Hello,
>>> 
>>> sorry to interrupt this thread, but this probably means, you did not
>>> perform any kernel updates on that machine for over two years and
>>> therefore the system is vulnarable to some kernel bugs which where
>>> discovered during this time. On a DNS machine a privilege escalation bug
>>> is even more severe. I strongly recommend to secure this machine.
>> 
>> That depends on what Kai meant with "uptime". Maybe he meant the VMs
>> (he's using Xen, after all) never needs a restart, but the BIND service
>> still gets regular update and the consequent service-restart.
>> 
> 
> Every Xen VM is running its own kernel and needs to be restarted or
> kexec'ed when this kernel is updated. If this is not the case, the VM is
> vulnerable to kernel bugs just as any other physical system, even if the
> host on which the VM is running is secure.
> I assume BIND is updated and restarted as needed, but that is not enough.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> 
> iQEcBAEBAgAGBQJOnQrQAAoJEMCA6frkLT6z4hoH/ArwyLiXD548fBo4XkWzqybE
> ATBSl2UPnKEvk68wWjR0eYR1hNu0KmRUF40vhNW305/lnxIoNXb9KRYrTd3UkK7O
> USvVqs0cYt/Eh+kmpsFp+atcQcLwksskdKHfmSaaGb+VE25MDMWMebJEpfdUPGvV
> kuoXeAvt0U3ZLoFoT4+6U+wOFYBXz3Zqf/nA/nuJ7zH/RnGVt+2JSKhwqFsg/QoG
> lXNrZxEi3LIM9/S6XNC/jpJFQUW1sNbrEeqzmBDCLWNuXRxXgMoF9kuj+HKsXAB9
> bnJhhlJEn89/9V3dI474tzyfJCzZSyJXXChT0Rh1xE30rVoUi2DExWbEe6HkDOY=
> =NlNZ
> -----END PGP SIGNATURE-----
> 


[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 881 bytes --]

Re: AW: [gentoo-server] Wanted: Gentoo Enterprise Server success stories

[Pandu Poluan]

[-- Attachment #1: Type: text/plain, Size: 1379 bytes --]

On Oct 18, 2011 12:14 PM, "Norman Rieß" <norman@smash-net.org> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 10/17/11 20:06, Pandu Poluan wrote:
> >
> > On Oct 17, 2011 6:44 PM, "Norman Rieß" <norman@smash-net.org
> > <mailto:norman@smash-net.org>> wrote:
> >>
> >>
> >> Hello,
> >>
> >> sorry to interrupt this thread, but this probably means, you did not
> >> perform any kernel updates on that machine for over two years and
> >> therefore the system is vulnarable to some kernel bugs which where
> >> discovered during this time. On a DNS machine a privilege escalation
bug
> >> is even more severe. I strongly recommend to secure this machine.
> >
> > That depends on what Kai meant with "uptime". Maybe he meant the VMs
> > (he's using Xen, after all) never needs a restart, but the BIND service
> > still gets regular update and the consequent service-restart.
> >
>
> Every Xen VM is running its own kernel and needs to be restarted or
> kexec'ed when this kernel is updated. If this is not the case, the VM is
> vulnerable to kernel bugs just as any other physical system, even if the
> host on which the VM is running is secure.
> I assume BIND is updated and restarted as needed, but that is not enough.

Does it matter if the DNS server is behind a firewall that allows only
TCP+UDP traffic to port 53?

Rgds,

[-- Attachment #2: Type: text/html, Size: 1862 bytes --]

Re: AW: [gentoo-server] Wanted: Gentoo Enterprise Server success stories

[Norman Rieß]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/18/11 09:37, Pandu Poluan wrote:
>> Every Xen VM is running its own kernel and needs to be restarted or
>> kexec'ed when this kernel is updated. If this is not the case, the VM is
>> vulnerable to kernel bugs just as any other physical system, even if the
>> host on which the VM is running is secure.
>> I assume BIND is updated and restarted as needed, but that is not enough.
> 
> Does it matter if the DNS server is behind a firewall that allows only
> TCP+UDP traffic to port 53?
> 
> Rgds,
> 

Maybe, depending on the vulnerability.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJOnUwWAAoJEMCA6frkLT6zBcIIAIs1bYzO5dqt0riYWcgld7Y1
GNv6MoXu0QhEA8HP4sNvpV932pebuc8U1vHaVLvRpb36HJEifj9MOtBLCdJR/Ne/
ZPelAHforaSSqePJF44yhg1dPhWe13IUyZCMEjZwNqlhXVR36y8wvkotE0Af7ddc
5SNYyJnjl2nY9DzgsEiT+IEu7c0fvry35sqqv7rEZ8hGwnZZbH8k76RrLtmt7RQs
gg+oWX2IwGyjjw42Y83dHdDaaP07vAUStCr//rYsFVo1TrPZEm5pBzdHM+8iDbho
YBKSW0G2I40QXgOqFBh77oH24J8+ETAK9ugMry15GldS/SCGGjIoHmwGWnoHN/Y=
=Fl/M
-----END PGP SIGNATURE-----