For how long are updates made?

[Scirious]

Well, friends, I'm not sure if this is the rigth place to ask such thing, but I couldn't guess a better one.

 

I'm considering using Mandriva 2006 as a server in my work to futurally substitute SUSE servers. For this reason I'd like to know for how long Mandriva supports updates for a specific version.

 

Can anyone give me this info?

 

Also, anyone here has experience how Mandriva behave as a server that could share?

 

Thanks in advance,

Scirious.

 

[moved from Software by spinynorman]

[spinynorman]

Mandriva Product Lifetime Policy. :)

[ianw1974]

I've built a mandriva server to act as a proxy server, and it works fine. I've also built a mandriva server for email, webmail and all related to that and works fine too.

 

What are you wanting to do with the server? What is your aim?

[Scirious]

Well, it is not really what I want, but what I have to achieve. And I have to build servers for doiong the followiong:

 

1. Sharing connection with firewall protection, content blocking and bandwith throttle with QoS;

 

2. Windows and Linux workstations authenticating in OpenLDAP. (All services that require username and password will have to use OpenLDAP for authemticanting);

 

3. CVS or SVN repositories authenticated;

 

4. A file server with samba;

 

5. Intrusion detection;

 

6. Webserver with support for JSP and PHP.

 

I think this is the most important things to do. And of course I wiant to have little maintance with it.

 

What do you think?

 

Thanks,

Scirious.

[ianw1974]

OK, let me break it down for some of them on what you'd need to use.

 

1. iptables for firewall using shorewall, squid proxy server for content management, i presume you mean blocking access to sites when you mention content management.

 

2. OpenLDAP can be used for this no problem. Not sure how you'd get the Windows machines to look at ldap.

 

3. Never used cvs or svn, but is possible I would have thought.

 

4. Samba, there is a howto in the FAQ section here on how to set it up.

 

5. Intrusion detection you might want to have on the firewall, since this would be where all the blocking, etc, would take place.

 

6. Apache should be able to service your needs for the webserver.

 

Have a think about each option, how much load it's likely to take, and figure out whether it requires a separate server. Also, make sure you set up more than just the basic file systems. By default, you get /, home and swap. For a webserver, but /var on a separate partition, that way if your website gets huge, plus log files, it won't drop your system by reducing the available disk space on / partition.

 

A simple cron job can be configured to apply all updates to your system each morning. Place a file in /etc/cron.daily, give it a name, maybe secupdate with contents of:

 

urpmi --update --auto-select --auto

 

chmod +x secupdate will make it executable, and that will run every morning and make sure all updates are applied to the system. Important!!!

 

There are many howtos on how to do what you're trying to achieve. First try the FAQ section here. Secondly, search the internet for howtos as well using google. Some of them can be adapted. Eg, some mention compiling packages, when in fact, with mandriva, you can just use urpmi packagename to install it, and not bother about compilation. Then edit the relevant config file to sort out what you need to do with it.

[scarecrow]

For server usage I can hardly think of anything better than Slackware 10.2, or CentOS... and even Debian sarge could be a candidate, although Debian's huge package base does not mean much for a server.

Just my $ .02 of course, you may get Mandy running great at your server machine, but as far as I'm concerned the main target is stability and reliability, not ease of use, and when coming to that Slack and CentOS (a direct RHEL opensource spinoff) are really hard to beat...

Oh yes, there's also FreeBSD, which is 100% reliable- but if you have only Linux experience, that one needs a wee bit of familiarization before setting up.

Edited February 9, 2006 by scarecrow

[ianw1974]

The only problem I find with Slack, is that it's still based on a 2.4 kernel using 10.2. Secondly, there is a 2.6 kernel, but I found that a lot of hardware wasn't installed, and then meant I couldn't get the network card running, etc, etc, without adding other stuff. Sure, I could have gotten around it somehow, but that's not really the point im my opinion.

 

Plus, software raid wouldn't work on it. In the end I dropped it and used Gentoo instead, which is by far much better, based on a 2.6 kernel, but if you've never used it before, can be very difficult to install without preparation and understanding Linux more.

 

I appreciate that Slack is good, fast and stable, providing you're not using very new hardware. But I'd use Gentoo now more instead, which is also stable. At the end of the day, it's distro preference as well as stability. Debian seems to be a bit behind still, and I had a lot of problems with apt not installing stuff I wanted.

 

We've now gone Red Hat in the office for our clients, because of the support options that are important to clients, but at home I'll still use Mandriva, and if I have to build a server, I'll use Gentoo or Mandriva depending on what I'm trying to achieve and how easily, etc.

[Scirious]

1. iptables for firewall using shorewall, squid proxy server for content management, i presume you mean blocking access to sites when you mention content management.

 

Yes, content management! I mean, blocking access to sex sites, to instant messengers and things alike.

 

2. OpenLDAP can be used for this no problem. Not sure how you'd get the Windows machines to look at ldap.

 

Well, I believe LDAP is able to authenticate Windows users as well as Linux ones. But if it isn't then I'll have to switch to Samba as a PDC.

 

3. Never used cvs or svn, but is possible I would have thought.

 

These are the easiest ones.

 

Have a think about each option, how much load it's likely to take, and figure out whether it requires a separate server. Also, make sure you set up more than just the basic file systems. By default, you get /, home and swap. For a webserver, but /var on a separate partition, that way if your website gets huge, plus log files, it won't drop your system by reducing the available disk space on / partition.

 

I haven't yet really thought about server load and partitioning scheme. I'm only sure of three things: 1. We're going to have three powerfull machines to act as servers; 2. the machine responsable for sharing internet connection is the one supposed to have the highest load; 3. for partitioning scheme I'm going to use LVM2, so I can alter partitions space as needed.

 

A simple cron job can be configured to apply all updates to your system each morning. Place a file in /etc/cron.daily, give it a name, maybe secupdate with contents of:

 

urpmi --update --auto-select --auto

 

chmod +x secupdate will make it executable, and that will run every morning and make sure all updates are applied to the system. Important!!!

 

Actually I desagree with this. I don't think server updates should be done automatically, but rether be execute by the server admin and watche closely. It is even better to have a test machine to test updates before they go into prodution servers.

 

I've been reading a lot and talking to a lot of people, but haven't yet decide. I've already chosen somethings that didn't work as expected and I don't want to make the same mistake again.

 

Thanks for your suppor;

Scirious.

[ianw1974]

You'll need to use squid with squidGuard or something like that to block sex sites, etc.

 

No worries about the updates, I tend to just put them on automatically, since I don't want any vulnerabilities. But I do understand the reason for testing etc :P

 

You say you have 3 machines, this is how i would do it.

 

Machine 1:

 

Firewall, squid, squidGuard and internet connection sharing with multiple nics and ip forwarding enabled. Intrusion detection here too.

 

Machine 2:

 

OpenLDAP, Samba and CVS/SVN here.

 

Machine 3:

 

Web Server.

 

Of course, this is my idea, but entirely up to you how you want to segregate everything. Ideally all security related stuff to one machine, and then Machine 2 for LDAP and/or SAMBA for the Windows stuff. SAMBA could do it well enough without having to set up a new LDAP directory on the Linux box. And is most likely to be easier to set-up and configure too. And the Web Server separate, since this could become highly loaded, and use a lot of space too. You can use Virtual Hosts so that you can run a main website, intranet, or any others too.

[Scirious]

Well, just one more question I forgot to ask. Is there a way to get DHCP server to update DNS server so every machine can be found by it's name? Something like Active Directory does with Windows Dynamic DHCP?

 

Thanks,

Scirious.

[ianw1974]

Never tried, and I don't see why not. I presume you mean have a Linux DNS Server running, using named/bind DNS?

 

If so, then you'd be wanting to ensure that bind is configured to allow updates to the DNS server, and hopefully the Windows DNS entries would then get sent over to the DNS Server running on Linux.

 

However, your best bet, would be to get the Linux machines to use the Windows DNS Server. That way, you don't have to worry about setting up another DNS server. That might actually work better for you, but I can't say for sure, you'd have to test pointing the Linux DNS entries in /etc/resolv.conf to your Windows DNS Server and then see if it can ping windows machines using the dns lookup.

[Scirious]

Well, my problem is we're not going to have a Windows server any more. Only Linux server. I just want DNS to resolve the names form the machines that will have dynamic IP.

 

Scirious.

[ianw1974]

Probably best way is to use samba for this then, and configure samba to handle all of this.