# Linux 2 FreeBSD, the rubber meets the road



## usrslashpeople (Jun 12, 2015)

Greetings everyone. I am here to start my research on migrating from Linux to FreeBSD in the environments I admin at work. I recently left my position because my manager was pushing forward with RHEL7. I absolutely refused to do so and took another admin position on a different campus at the same university.

This is not about politics or anything having to do with what has been going on in the Linux community. I really don't care about Pottering, Linux, RHEL, Debian, Ubuntu, etc. I am an admin and I have always loved UNIX. They are changing Linux into something that isn't UNIX like. I don't use Linux as a desktop and really don't care about Linux on the desktop. I care about a stable UNIX like system that doesn't wake me up at 3am or cause me to have a horrible review because of service outages.

FreeBSD is the Linux I always wanted anyway. I want a txt installer and love how simple it is. I installed FreeBSD in about 10 minutes on an optiplex 990 last night. The documentation is excellent and the people in this forum seem to be very knowledgeable.

In the last 10 years of running RHEL in production, I have called support once (manager was pushing me to do so). They were of no help and I was able to fix the problem myself. I am not really worried about having a support contract.

The new environment I need to upgrade has older RHEL4/5 systems. They are running vanilla stuff like MySQL, Apache, etc. I don't think I will have any problem moving those to FreeBSD.

These are the areas that I will be doing my research:

1. Install and automation of install.
2. Java and tomcat.
3. Opensource stuff like railo/mura (They still run cold fusion, they currently have a wamp stack for these things... It brought warm vomit to the back of my throat!).
4. Automation with Ansible.
5. Git worflows.
6. MySQL/database stuff. Oracle on FreeBSD?
7. Jails and other security features of FreeBSD ( I spent about an hour with SELinux before disabling and never even thinking about it on all of the servers I manage.)
8. FreeBSD as a VM in VMware ESX. I have run one, but need to really test.
9. Running Nagios for monitoring.
10. Security updates/system updates. (Ease of use and roll backs.)

That is the short list so far. I will be really playing and testing FreeBSD as well as absorbing as much as I can from the handbook over the next few weeks. Luckily my other gig has no problem using FreeBSD.


----------



## drhowarddrfine (Jun 12, 2015)

Congratulations. Most of your list works on FreeBSD. I just finished converting one company to FreeBSD from Windows while diverting them from wanting to use Ubuntu. I'm now at another Windows shop that might be more of a struggle cause the CEO is a comp-sci graduate from long ago and knows PHP and other computer stuff. So far, though, he's been bending to my thoughts and I'm confident he'll break.


----------



## SirDice (Jun 12, 2015)

Almost everyone that uses RHEL is migrating to RHEL 6, not 7. Similar to you, they mostly have older 4 and 5 versions running. I have tried to push FreeBSD a little at the shop I'm currently contracted to but it's not going to happen. Not so much because of the stability or applications but it's a lot easier to get a RHEL certified admin than a FreeBSD one. That said, I'm of the opinion if you're a proper Linux/Unix admin you will have absolutely no problem working with FreeBSD. You just need to know what you're doing. But it's their company and systems, I'm just there to clean up the mess the old admins left behind. 

A few answers:

 You can automate bsdinstall(8). I've never done this but it can be done. I highly recommend setting up your own repository with ports-mgmt/poudriere for packages. The base OS is easily updated with freebsd-update(8) if you keep everything on a RELEASE version. 
 Those shouldn't be a problem although OpenJDK works a bit better than the Oracle/Sun one that runs on top of the Linux Compatibility layer. 
 Don't know them so I cannot comment.
 Didn't know this one. I have set up sysutils/puppet and it integrates really good. Others have successfully implemented sysutils/cfengine. 
 Git is definitely not an issue
 MySQL/MariaDB isn't an issue. Oracle is going to be tricky, you may get it working using the Linux Compatibility Layer. 
 Jails are brilliant. MAC is available but not enabled by default. 
 I have implemented several FreeBSD machines on VMWare vSphere, no problems there. You can even use virtio drivers.
 Nagios is no problem at all
 Base system is updated using freebsd-update(8) (can also be rolled back). Ports is best done using the aforementioned poudriere. That  will give you complete control over versions, options and features of ports and keeping  the benefits of pkg(8)

Definitely play with it, test the heck out of it. I'm quite sure you will not be disappointed.


----------



## usrslashpeople (Jun 12, 2015)

Thanks for the input guys. I had everything running on RHEL/CentOS 6.6 at my last place. I think support will run out for 6 in 2020. That seems like a far off date, but it will be here before you know it. If I can't convert everything to FreeBSD over the next few months as I modernize and fix the systems here, I will at least get FreeBSD in the door.


----------



## Oko (Jun 13, 2015)

usrslashpeople said:


> Greetings everyone. I am here to start my research on migrating from Linux to FreeBSD in the environments I admin at work. I recently left my position because my manager was pushing forward with RHEL7. I absolutely refused to do so and took another admin position on a different campus at the same university.


Hi,

I work for the medium size lab at the major research university with essentially unlimited freedom to do whatever I want in the terms of the software and hardware. Even thought I am first and foremost OpenBSD users (the only OS I use at home) at work I use (besides OpenBSD of course) FreeBSD and RHEL including infamous 7.1. I will be glad to share my opinions with you.

First unless you had some other reasons for changing the job, leaving your current work just because your superior
asked you to investigate a tool seem like a very odd thing too me. Actually it raises some red flags about you as an employee IMHO but lets leave that part out.



usrslashpeople said:


> This is not about politics or anything having to do with what has been going on in the Linux community. I really don't care about Pottering, Linux, RHEL, Debian, Ubuntu, etc.


This statement is contradicted by your actions. You left a job because somebody asked you about RHEL 7.1. That to me appears to be an emotional reaction.




usrslashpeople said:


> I am an admin and I have always loved UNIX. They are changing Linux into something that isn't UNIX like. I don't use Linux as a desktop and really don't care about Linux on the desktop. I care about a stable UNIX like system that doesn't wake me up at 3am or cause me to have a horrible review because of service outages.


I very reluctantly deployed by first RHEL 7.1 computing node. While the OS appear to be very alien (this is the post I made after the first installation)




> In our lab we took a leap of faith and put Red Hat 7.1 on one of new computing nodes (we run Red Hat on computing nodes and desktops while using combination of Open/Free on all other servers). So far so good. System feel completely alien not just because of systemd. My jaws dropped when I realized that there is no ifconfig and that the Red Hat has new strange firewall. First thing I did was to install network tools. Disable firewall and install iptables. All in all system seems very snappy (Having 32 cores and 384 GB or RAM as well as OS on the 600 MB/s SSD helps too). MATLAB, R, Python work as expected. Soft RAID looks the same as well configuring LDAP authentication and authorization via SSSD. I am using my old monitoring tools (monit, collectd, SNMP, rsyslog) to monitor the machine even that I heard that systemd could be used for that. As long as I am getting paid to run this shit I have no problems with it. It still feels more controllable than Windows. Once they replace broken again shell (bash for short) with Windows cmd I will be out.
> 
> New installer sucks but I tested that thing earlier so I was not trying to do anything serious with it. It is nice having root on old trusted Silicon Graphics XFS instead of that funny ext2 file system.



system appear to be generally stable and doesn't keep me up in the night. As a matter of fact I already made decision to deploy RHEL 7.1 on all new computing nodes. One may argue that I don't use Linux on the core infrastructure machines (true) and that could alter my opinion but the same could be said about FreeBSD except for the file servers. All my critical mission machines run OpenBSD. We run FreeBSD on all file servers. RHEL 6.6 on all desktops and computing nodes. Our web applications run in mixture of all sorts of crap including RHEL 6.6, Ubuntu, and Windows 7.



usrslashpeople said:


> FreeBSD is the Linux I always wanted anyway. I want a txt installer and love how simple it is. I installed FreeBSD in about 10 minutes on an optiplex 990 last night. The documentation is excellent and the people in this forum seem to be very knowledgeable.


I thought you are UNIX/Linux system admin by profession. While I would not expect you to start switching your servers to Windows just because manager asked you to do that as you were hired as UNIX/Linux system admin not Windows system admin I personally would not have problem to switch everything in my lab to Ubuntu if the management wants that as long as they pay me well to do so.



usrslashpeople said:


> In the last 10 years of running RHEL in production, I have called support once (manager was pushing me to do so). They were of no help and I was able to fix the problem myself. I am not really worried about having a support contract.


We generally run Springdale Linux Princeton University free clone of RHEL in our lab and could not be happier. I could give here detailed summary of the major differences between Springdale Linux, CentOS and Scientific Linux.



usrslashpeople said:


> The new environment I need to upgrade has older RHEL4/5 systems. They are running vanilla stuff like MySQL, Apache, etc. I don't think I will have any problem moving those to FreeBSD.


No you will not have any problem moving that to FreeBSD. Between that infrastructure appear to me to be totally neglected. Did that place have system admin last couple of years? What she/he was doing with RHEL4/5? In particular RHEL4 is a dead OS for several years already.
Do you have a permission to move things to FreeBSD? The organization my have OS preferences which are not entirely technically based. I will just give you few examples.


We run a clone of RHEL due to the fact that many of our government clients run RHEL. While personally I prefer RHEL over Ubuntu our university is very much Ubuntu centric and running Ubuntu would have made my life easier.
RHEL is more or less standard platform heavy scientific computing. ROCKS cluster distribution as well as things which require ROCKS like Hadoop or Spark is based on RHEL 6.6.

Having diverse hardware and OSs in generally increases complexity of any organization and adversely affects the productivity.
A particular OS might be inapt for your user base or applications you need to run. For example most of my users don't feel comfortable on FreeBSD on the desktop/computing nodes. We also need MATLAB (please don't even thing about giving me a lecture on free alternatives or alternative languages as that is not how the real world work).



usrslashpeople said:


> These are the areas that I will be doing my research:
> 
> 1. Install and automation of install.
> 2. Java and tomcat.
> ...



1. Neither RHEL nor FreeBSD have good installer IMHO comparing to OpenBSD for example. When it comes to FreeBSD I actually prefer to use TrueOS/PCBSD installer. RHEL installer went from bad to worse between 6.6 and 7.1. When it comes to automation of installation RHEL (Kickstart) is the industry leader. OpenBSD got last year automated installer (previously had only siteXX.tgz and install.site option). It is getting close to Kickstart. I am not aware that FreeBSD has anything similar in particularly something which supports ZFS on the root (that is why I prefer TrueOS installer). TrueOS has something but I never tested it

http://iso.cdn.pcbsd.org/10.1-RELEA...anced.html#creating-an-automated-installation

2. If you need Oracle Java and tomcat RHEL is no briner. That is another reason besides MATLAB we use a clone of RHEL in our lab. I heard rumours that FreeBSD foundation strike a deal with Oracle to release Java for FreeBSD. I don't know where the things stand now. In our lab we are actually trying to get off Java but  it is like getting of heroin.

3. First time I heard of it. Are you talking about this

http://www.getrailo.org/index.cfm/extensions/browse-extensions/mura-cms/

4. I use Ansible. It is OS agnostic. You only need running ssh on client machines. "Server" can run of anything (my actually runs on my RHEL desktop at work.

5. Not following. Git runs well on any *nix/*nix-like system. Not that I like it. My favourite version control system for a small/medium research group is Fossil but my users don't like it and I am running thing for them not for my own sake.

6. RHEL no briner for anything Oracle related.

7. Jails and SELinux are unrelated technologies. Jails is OS level virtualization. SELinux is mandatory access control (MAC for short) for Linux. FreeBSD has its own MAC with strong following. MAC is flawed security concept as demonstrated by OpenBSD *systrace *project. It is often a nuisance as you found out, useless at best.
Linux containers (LXC)  are joke comparing to Jails. I am not sure what Docker (I thought it was Warden for LXC).  Docer no longer use LXC as backend and serves no security purpose. Docker is more like an application sandbox.  Linux people should look at things like DragonFly vkernel to see how sandboxes are done properly.

8. I am not using VMware ESX so I can't say anything.

9. Nagios runs fine on any *nix/*nix-like system. I personally prefer M/Monit for quick up and down view of the system. I concur that Nagios might be better choose for larger organization. It is more complex to set up than M/Monit.

We use combination of  LibreNMS and net-mgmt/collectd for metric monitoring. LibreNMS free fork of Observium is not ported yet to FreeBSD. It works like a champ on OpenBSD current (to be 5.8 release in November). Original application Observium supported only Ubuntu and Debian as a second tier. I am not sure how well LibreNMS works on Red Hat. Speaking of monitoring. Linux uses rsyslog which is pitta IMHO. OpenBSD has its own stellar syslogd. FreeBSD syslogd is best replaced by syslog-ng. Syslog-ng server runs well on FreeBSD just like entire ELK stack

http://www.networkassassin.com/elk-for-network-operations/

I would not use native FreeBSD bsnmpd because it appears to be buggy and abandon-ware. net-snmp is a can of warms but only OpenBSD has better alternative. OpenBSD has its own snmpd which is really stellar.

FreeBSD native sensoring frameworks are abandon-ware so you are stuck with security/bug ridden IPMI just like on the RHEL. Again OpenBSD has its own stellar sensoring framework.

10. The major claims to fame of TrueOS/PCBSD comparing to FreeBSD are:

Installer (ZFS on the root)
boot environments/snapshots (beadm)
update manager
Life Preserver (management tool for ZFS snapshots and replication)

the Warden (Jail management)
beadm is the one you will need for easy roll back in the case of disaster during the update. So the answer to your question 10 is that FreeBSD is superior to
RHEL and if you like OpenBSD (which uses altroot) for roll back and disaster recovery. I think that beadm idea originated in Solaris.


I hope this answers your questions [1-10].

Few other random thoughts.

FreeBSD has ZFS. While RHEL support ZFS via kernel modules it is not in par with FreeBSD. ZFS is no briner comparing to soft RAID. I am OK with hardware RAID but if you go that route you might want to use more modern file system (read HAMMER DF) which support journalling than XFS.

I am have a very strong preference for OpenBSD/PF as a firewall solution over anything else. Linux (IPTables or even worse this new RHEL fwall crap is useless). FreeBSD uses obsolete version of PF but it has its own IPFW. You might want to stick to PF on FreeBSD like me because you are familiar with the tool. There are also to nice turnkey FreeBSD firewall appliances. I like better OPNsense than pfSense . Linux has nothing comparable. Hack Linux has no usable firewall.

Unfortunate FreeBSD opted for security flawed PAM module when it comes to LDAP authorization just like RHEL. It works fine just like SSSD used for multiple domains authorization. The correct approach adopted from commercial UNIX-es is ypldap as demonstrated by OpenBSD project. OpenBSD includes its own basic LDAP server which is very useful for smaller organizations like mine. OpenLDAP works fine on any *nix/*nix-like system but it is a can of warms.

We use LDAP also for authentication. For more complex set up Kerberos might be necessary. I have never set up Kerberos authentication server or even client for that matter on FreeBSD so I am not sure how well it works. Kerberos is as you know little abandon-ware but there are no better alternatives. For the record OpenBSD removed kerberos from the base due to security problems and lack of interest among developers.

FreeBSD does include both NFSv3 and NFSv4 server. I have  a strong preference for NFSv3. Depends on the clients you might prefer v4. Works fine I could give you performance comparison with RHEL NFSv4. I think FreeBSD version also supports Kerberos just like RHEL. As you probably know ZFS is NFS/Samba aware so FreeBSD wins hands down comparing to RHEL in this category. If you wan to see an example of NAS applicants done right have a look at FreeNAS. On the long run my advise if you have time to learn would be to stick to TrueOS.

I have yet to use bhyve. We use extensively Linux KVM in the lab (I have Free/Open guests besides Linux guests RHEL, Ubunutu and even few Windows 7 guests). We are happy with it. We also have few VirtualBox instances on desktop for testing web applications with Internet Explorer. I tried running VirtualBox on FreeBSD in the past and was not too happy with it. A completely tangential but a valid approach to vitualization is Xen Dom0 and neither RHEL nor FreeBSD are right hosts for Dom0.


----------



## setjmp (Jun 19, 2015)

usrslashpeople said:


> Greetings everyone. I am here to start my research on migrating from Linux to FreeBSD in the environments I admin at work. I recently left my position because my manager was pushing forward with RHEL7. I absolutely refused to do so and took another admin position on a different campus at the same university.



Hi, I have run/preferred FreeBSD since about 1.1 for a few reasons. The main one being the constant availability of a useful build system combined with the systematic ease of getting complete source. Along with the Time tested 4.3 BSD back then. The transition to 4.4 Lite wasn't too bad either and it stabilized pretty well in the 90s. It's not just `make world` anymore, but not too much different. And everything is there in source to find answers. `make buildworld; for i in KERN1 KERN2... ; do make buildkernel KERNCONF=$i ; done`  Then everything is ready for installs across the network using NFS without issues. Again, simple configurations, and very repeatable. pkg(8) has been handy, however I usually go from ports and do keep a few custom ones of my own for more specific situations that the mainstream doesn't need. Again repeatable/Automatable...

It's also a good base for specialized applications where a dedicated solution is needed without a lot of overbearing base system needs to be dismantled to focus in on what exactly is needed (and the source again is nice and handy for the buildup). Great for older rack units too, that will still outperform modern VPS or even dedicated hardware sometimes (well without customization to use that hardware optimally). Imagine what current hardware would do, when an old Dell PowerEdge from about 2004 delivered a 500,000 visitors a day with 2 striped raid SCSI arrays. Email, HTTP/PHP, MySQL, all on one machine (4G ram, software versions around 2011). Just one situation, one website, hosted in sprocket networks out of Dallas. I believe that was back in FreeBSD 9.1 or so. May have been 8 though it's been about 4 years now. There was an issue getting the box to install. But a PXE/tftp booting fixed that from a custom build too  The hardware was old and had been used for 5-7 years already running Windows Server. Everything built from source with build/compile/link options very optimal to the Dual Xeons it was running. I believe it was a 1650 though I could be wrong on that. The Linux junky tech at the data center was amazed at how it outperformed some of his state of the art builds, and that I had it easy getting the source in the first place. Central and complete on the download.



usrslashpeople said:


> In the last 10 years of running RHEL in production, I have called support once (manager was pushing me to do so). They were of no help and I was able to fix the problem myself.



Just saying, as of late on some of my custom setups, I have been looking at the usefulness of systemd+firewalld+journal logging, as well as some of the other tools in Centos 7/RHEL like. It does have it's uses, though on other fronts yes,  I noticed the base installs all have hints of workstation/user desktop too. The thoughts, migrating the useful into my local tree for FreeBSD. Though the few RH7/Centos7 I do admin give me few problems. Often the mistake of putting the program name before the command in systemctl (the biggest one ). Creating a unit for it to work well with isn't that bad when custom software needs to run and have fail-over. There are ports that do some of this already when setup right, though something more solid that can install from pkg and not be a base system requirement in FreeBSD will definitely aid some of my builds. And from a DIY perspective, if needed; will go much better then stripping down a Centos installation and bastardizing it to the point that there is major learning curve to get it back up well, un-reproducable.

For 7 though, I find the best support is just their website and a live box to get around on. For FreeBSD, the Handbook/FAQ/etc, /usr/src, /usr/ports all priceless. And the web isn't as self-fighting on it either.

setjmp


----------

