Re: Linux or FreeBSD ?

[Kobus Bensch]

On 30/09/2015 20:03, Rainer Duffner wrote:

Am 30.09.2015 um 16:25 schrieb Jeff Palmer :

Arnall,


This advice is less of an haproxy specific response, and more of
general information.

As someone who's tried to manage mixed infrastructure, I would push
back if possible, unles syour organization has decided to move to
freebsd entirely.



Very few do that.
FreeBSD fulfills its purposes, though.
Even if you try to standardize on one „flavor“ of Linux, you will still end up 
with other flavors - simply because not everything runs on your particular 
flavor.
And you’re not going to run all of your applications on all of your platforms 
anyway. So the QA-effort should be manageable.
But that doesn’t mean it’s wise to introduce a half dozen different platforms, 
either - unless you have enough people to handle all of it.

How many systems (with Debian) are we talking about anyway?
And how many HA-Proxies are supposed to be migrated?

What are the sysadmin’s technical points for moving?
Besides probably not wanting to deal with Debian’s head-ache-inducing idea of 
an OS - that’s a given ;-)

Unless OP is doing some *really fancy stuff*, there’s IMO no pure technical 
show-stopper for a switch.



Dont know about the last comment. I have standardised on Centos. We run 
everything on centos as it makes our whole environment a lot more 
manageable. We manage around 400 centos servers with no other linux in 
the mix, and we have yet to find something that will not run on centos. 
If a rpm package does not exist, we create it. As for just switching 
because someone had an idea, well, if it aint broke dont fix it. IMHO


--
Kobus Bensch Trustpay Global LTD email signature Kobus Bensch
Senior Systems Administrator
Address:  22 & 24 | Frederick Sanger Road | Guildford | Surrey | GU2 7YD
DDI:  0207 871 3958
Tel:  0207 871 3890
Email: kobus.ben...@trustpayglobal.com 



--


Trustpay Global Limited is an authorised Electronic Money Institution 
regulated by the Financial Conduct Authority registration number 900043. 
Company No 07427913 Registered in England and Wales with registered address 
130 Wood Street, London, EC2V 6DL, United Kingdom.


For further details please visit our website at www.trustpayglobal.com.

The information in this email and any attachments are confidential and 
remain the property of Trustpay Global Ltd unless agreed by contract. It is 
intended solely for the person to whom or the entity to which it is 
addressed. If you are not the intended recipient you may not use, disclose, 
copy, distribute, print or rely on the content of this email or its 
attachments. If this email has been received by you in error please advise 
the sender and delete the email from your system. Trustpay Global Ltd does 
not accept any liability for any personal view expressed in this message.

Re: Linux or FreeBSD ?

[joris dedieu]

2015-10-01 1:48 GMT+02:00 Rainer Duffner <rai...@ultra-secure.de>:
>
>> Am 01.10.2015 um 01:22 schrieb Willy Tarreau <w...@1wt.eu>:
>>
>>>
>>
>> I'd be tempted to place my judgement between yours and Jeff's. I'd say
>> that if the company is already using the target OS on any other place,
>> the cost of switching is low. If the load balancer is the opportunity
>> to introduce a new OS, it's a bad idea. By nature a load balancer is
>> very OS-dependant, and has bugs. Sometimes it's not trivial to tell
>> if a bug is in haproxy or the underlying OS until you get network
>> traces and/or strace output (BTW as far as I know, strace still doesn't
>> support amd64 on FreeBSD). Mixing the two can cast a bad image on the
>> new OS just because admins will initially not know well how to tune it
>> for the load and to ensure stability, will not easily troubleshoot
>> tricky issues, and a lot of frustration will result from this.
>>
>
>
>
> Probably.
> But OP’s admin will have his reasons for wanting FreeBSD in the picture.
> My guess would be that FreeBSD is the OS he’s more familiar with debugging.
> FreeBSD has ktrace - and dtrace (if you know how to use it, that is…)
>
> Here, most of our LBs run HAproxy on FreeBSD.
> Sometimes, they’re not. Because…reasons ;-)
>
> Why?
> Well, historically, most LBs and reverse-proxies ran FreeBSD (with NGINX).
> So it was more or less a „natural“ choice, with some pushing from my side 
> (cough).
>
> FreeBSD has CARP.
> Linux has keepalived.
> etc.

We are really lucky  to have almost 2 production grade open source
operating systems.

I am really happy with my mixed infrastructure even if I have to write
conditional code in my scripts. For heartbleed, all my Centos 6 were
affected, my FreeBSD 8 weren't. When a nightmarish 0day occur on
FreeBSD elf loader, Linux is not affected... and so on.

Sometimes on critical services diversity is good for uptime and security.

Joris

>
> I don’t think we’ll ever get so much traffic that either one will be superior 
> to the other. And I seriously doubt OP will.
>
> FreeBSD 10.1 has most of the optimizations that Netflix uses turned-on out of 
> the box - but they do file-serving with NGINX.
> In their (extreme) case, it works better.
> Proxying/load-balancing is a bit different.
>
> I like FreeBSD because I can get a very stable, simple, low overhead, 
> no-nonsense OS with a reasonable shelf-live and update-cycle while still 
> being able to get up-to-date packages directly from upstream.
>
>
>> You should expect roughly the same performance on both OS so that is
>> not a consideration for switching or not switching. Really keep in
>> mind the admin cost, the cost of it being the exception in all your
>> system and possibly different debugging tools. It's very likely that
>> it will not be a problem, but better be aware of this.
>>
>
>
> That’s what you get by hiring a FreeBSD guy.
> If OP had hired a CentOS guy, I bet he'd want to switch everything to CentOS 
> (or even Atomic Server…)
> ;-)
>
>
>
>
>
>
>

Re: Linux or FreeBSD ?

[Rainer Duffner]

> Am 30.09.2015 um 16:25 schrieb Jeff Palmer :
> 
> Arnall,
> 
> 
> This advice is less of an haproxy specific response, and more of
> general information.
> 
> As someone who's tried to manage mixed infrastructure, I would push
> back if possible, unles syour organization has decided to move to
> freebsd entirely.
> 


Very few do that.
FreeBSD fulfills its purposes, though.
Even if you try to standardize on one „flavor“ of Linux, you will still end up 
with other flavors - simply because not everything runs on your particular 
flavor.
And you’re not going to run all of your applications on all of your platforms 
anyway. So the QA-effort should be manageable.
But that doesn’t mean it’s wise to introduce a half dozen different platforms, 
either - unless you have enough people to handle all of it.

How many systems (with Debian) are we talking about anyway?
And how many HA-Proxies are supposed to be migrated?

What are the sysadmin’s technical points for moving?
Besides probably not wanting to deal with Debian’s head-ache-inducing idea of 
an OS - that’s a given ;-)

Unless OP is doing some *really fancy stuff*, there’s IMO no pure technical 
show-stopper for a switch.

Re: Linux or FreeBSD ?

[Kobus Bensch]

I dont think it matters really. I would respond with, if it ain't broke...

On 30/09/2015 14:05, Arnall wrote:

Hi Eveyone,

just a simple question, is FreeBSD a good choice for Haproxy ?
Our Haproxy runs under Debian for years, but the new IT want to put it 
under FreeBSD.

Any cons ?

Thanks.



--
Kobus Bensch Trustpay Global LTD email signature Kobus Bensch
Senior Systems Administrator
Address:  22 & 24 | Frederick Sanger Road | Guildford | Surrey | GU2 7YD
DDI:  0207 871 3958
Tel:  0207 871 3890
Email: kobus.ben...@trustpayglobal.com 



--


Trustpay Global Limited is an authorised Electronic Money Institution 
regulated by the Financial Conduct Authority registration number 900043. 
Company No 07427913 Registered in England and Wales with registered address 
130 Wood Street, London, EC2V 6DL, United Kingdom.


For further details please visit our website at www.trustpayglobal.com.

The information in this email and any attachments are confidential and 
remain the property of Trustpay Global Ltd unless agreed by contract. It is 
intended solely for the person to whom or the entity to which it is 
addressed. If you are not the intended recipient you may not use, disclose, 
copy, distribute, print or rely on the content of this email or its 
attachments. If this email has been received by you in error please advise 
the sender and delete the email from your system. Trustpay Global Ltd does 
not accept any liability for any personal view expressed in this message.

Linux or FreeBSD ?

[Arnall]

Hi Eveyone,

just a simple question, is FreeBSD a good choice for Haproxy ?
Our Haproxy runs under Debian for years, but the new IT want to put it 
under FreeBSD.

Any cons ?

Thanks.

Re: Linux or FreeBSD ?

[Dmitry Sivachenko]

> On 30 сент. 2015 г., at 16:05, Arnall  wrote:
> 
> Hi Eveyone,
> 
> just a simple question, is FreeBSD a good choice for Haproxy ?
> Our Haproxy runs under Debian for years, but the new IT want to put it under 
> FreeBSD.
> Any cons ?
> 
> Thanks.
> 



Should be roughly the same I think.

Re: Linux or FreeBSD ?

[Willy Tarreau]

On Wed, Sep 30, 2015 at 09:03:48PM +0200, Rainer Duffner wrote:
> 
> > Am 30.09.2015 um 16:25 schrieb Jeff Palmer :
> > 
> > Arnall,
> > 
> > 
> > This advice is less of an haproxy specific response, and more of
> > general information.
> > 
> > As someone who's tried to manage mixed infrastructure, I would push
> > back if possible, unles syour organization has decided to move to
> > freebsd entirely.
> > 
> 
> 
> Very few do that.
> FreeBSD fulfills its purposes, though.
> Even if you try to standardize on one ???flavor??? of Linux, you will still 
> end up with other flavors - simply because not everything runs on your 
> particular flavor.
> And you???re not going to run all of your applications on all of your 
> platforms anyway. So the QA-effort should be manageable.
> But that doesn???t mean it???s wise to introduce a half dozen different 
> platforms, either - unless you have enough people to handle all of it.
> 
> How many systems (with Debian) are we talking about anyway?
> And how many HA-Proxies are supposed to be migrated?
> 
> What are the sysadmin???s technical points for moving?
> Besides probably not wanting to deal with Debian???s head-ache-inducing idea 
> of an OS - that???s a given ;-)
> 
> Unless OP is doing some *really fancy stuff*, there???s IMO no pure technical
> show-stopper for a switch.

I'd be tempted to place my judgement between yours and Jeff's. I'd say
that if the company is already using the target OS on any other place,
the cost of switching is low. If the load balancer is the opportunity
to introduce a new OS, it's a bad idea. By nature a load balancer is
very OS-dependant, and has bugs. Sometimes it's not trivial to tell
if a bug is in haproxy or the underlying OS until you get network
traces and/or strace output (BTW as far as I know, strace still doesn't
support amd64 on FreeBSD). Mixing the two can cast a bad image on the
new OS just because admins will initially not know well how to tune it
for the load and to ensure stability, will not easily troubleshoot
tricky issues, and a lot of frustration will result from this.

You should expect roughly the same performance on both OS so that is
not a consideration for switching or not switching. Really keep in
mind the admin cost, the cost of it being the exception in all your
system and possibly different debugging tools. It's very likely that
it will not be a problem, but better be aware of this.

Willy

Re: Linux or FreeBSD ?

[Rainer Duffner]

> Am 01.10.2015 um 01:22 schrieb Willy Tarreau <w...@1wt.eu>:
> 
>> 
> 
> I'd be tempted to place my judgement between yours and Jeff's. I'd say
> that if the company is already using the target OS on any other place,
> the cost of switching is low. If the load balancer is the opportunity
> to introduce a new OS, it's a bad idea. By nature a load balancer is
> very OS-dependant, and has bugs. Sometimes it's not trivial to tell
> if a bug is in haproxy or the underlying OS until you get network
> traces and/or strace output (BTW as far as I know, strace still doesn't
> support amd64 on FreeBSD). Mixing the two can cast a bad image on the
> new OS just because admins will initially not know well how to tune it
> for the load and to ensure stability, will not easily troubleshoot
> tricky issues, and a lot of frustration will result from this.
> 



Probably.
But OP’s admin will have his reasons for wanting FreeBSD in the picture.
My guess would be that FreeBSD is the OS he’s more familiar with debugging.
FreeBSD has ktrace - and dtrace (if you know how to use it, that is…)

Here, most of our LBs run HAproxy on FreeBSD.
Sometimes, they’re not. Because…reasons ;-)

Why?
Well, historically, most LBs and reverse-proxies ran FreeBSD (with NGINX).
So it was more or less a „natural“ choice, with some pushing from my side 
(cough).

FreeBSD has CARP.
Linux has keepalived.
etc.

I don’t think we’ll ever get so much traffic that either one will be superior 
to the other. And I seriously doubt OP will.

FreeBSD 10.1 has most of the optimizations that Netflix uses turned-on out of 
the box - but they do file-serving with NGINX.
In their (extreme) case, it works better.
Proxying/load-balancing is a bit different.

I like FreeBSD because I can get a very stable, simple, low overhead, 
no-nonsense OS with a reasonable shelf-live and update-cycle while still being 
able to get up-to-date packages directly from upstream.


> You should expect roughly the same performance on both OS so that is
> not a consideration for switching or not switching. Really keep in
> mind the admin cost, the cost of it being the exception in all your
> system and possibly different debugging tools. It's very likely that
> it will not be a problem, but better be aware of this.
> 


That’s what you get by hiring a FreeBSD guy.
If OP had hired a CentOS guy, I bet he'd want to switch everything to CentOS 
(or even Atomic Server…)
;-)

Re: Linux or FreeBSD ?

[Jeff Palmer]

Arnall,


This advice is less of an haproxy specific response, and more of
general information.

As someone who's tried to manage mixed infrastructure, I would push
back if possible, unles syour organization has decided to move to
freebsd entirely.

Having more than one OS to maintain means writing all of your
management scripts,  configurations, etc at least once per OS flavor
(worse if you have different major versions of OS's too)   subscribing
to double the security mailing lists,  doubling up your lab and QA
environments,  etc.


I would try to stick with whatever OS the bulk of your infrastructure
runs on, unless your team has made the concious effort to move to
another OS en-masse.


(That said,  you may want to look at the dev mailing list the last
month or so, about freebsd specific issues and patches.  there have
been a couple in the last couple of weeks.)




On Wed, Sep 30, 2015 at 9:23 AM, Dmitry Sivachenko  wrote:
>
>> On 30 сент. 2015 г., at 16:05, Arnall  wrote:
>>
>> Hi Eveyone,
>>
>> just a simple question, is FreeBSD a good choice for Haproxy ?
>> Our Haproxy runs under Debian for years, but the new IT want to put it under 
>> FreeBSD.
>> Any cons ?
>>
>> Thanks.
>>
>
>
>
> Should be roughly the same I think.



-- 
Jeff Palmer
https://PalmerIT.net