Since the RedHat announcement that CentOS8 ‘stable’ is becoming a test system on centOS8 ‘stream’ rather than being provided as a stable system anymore many people are looking for alternative operating systems.
I have already covered in the previous post how to successfully with minimal effort convert a CentOS8 system to Oracle Linux 8. This post is on whether for my use Debian can also be considered an alternative. The answer is yes, and these are my notes on that.
So this minimal post is on the steps needed to create a Debian server that provides all the functionality of one of my more complex servers.
Install a new bare Debian10 (buster) system, if you intend to use it as a web server select minimal webserver at this time as well to install apache2.
This entire post is based upon my evaluation of installing a Debian10 system to replace a CentOS8 one; that was running a puppet-agent, docker for container support, mariadb, a bacula-client for backups etc. Basically a rather complicated system.
Obviously you should set a static ip-address for the server.
Once the system is installed the below commands create an environment that is from initial testing a workable clone of my centOS8 system.
apt install net-tools # <=== for ifconfig apt update apt upgrade # # mariadb apt install mariadb-server # # nrpe # notes on nrpe # on CentOS as package nrpe managed with 'systemctl xx nrpe, use systemctl xx nagios-nrpe-server on debian # on centOs plugins were /usr/lib64/nagios/pluins, on Debian /usr/lib/nagios/plugins # on CentOS custom commands were defined in disrectory /etc/nrpe.d, on debian in disrectory /etc/nagios/nrpe.d # those notes are important as puppet rules for a rhel system cannot be resused on debian, in a mixed server # environment there will be a lot if if/else and evan template customisations to cope with rhel and debian # (this is the most incompatible application I have found in a conversion from rhel to debian) apt install nagios-nrpe-server # # Docker-ce apt-get remove docker docker-engine docker.io containerd runc apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" apt-update apt-get install docker-ce=5:20.10.1~3-0~debian-buster docker-ce-cli=5:20.10.1~3-0~debian-buster containerd.io # # puppet agent wget https://apt.puppetlabs.com/puppet7-release-buster.deb dpkg -i puppet7-release-buster.deb apt-get update apt install puppet-agent # # Modules I need for my website # note: centos used php-pecl-zip, not available in debian; so adding all available pecl and zip php modules apt install \ php-pdo \ php-opcache \ php-intl \ php-common \ php-soap \ php-mbstring \ php-gd \ php-json \ php-fpm \ php-xml \ php \ php-cli \ php-mysqlnd \ php-pecl-http \ php-bz2 \ php-zip \ php-pclzip a2enmod proxy_fcgi setenvif a2enconf php7.3-fpm systemctl restart apache2 # # bacula-client # notes: I let puppet do this and perform all configuration needed. # if not using a congig management tool you will have to customise # to define stoage and director servers apt install bacula-client # # Done
I also copied across a mariadb full database dump from my centOS8 server and loaded it into the Debian mariadb server with no issues.
I also tested containers built on Fedora33 that were running on my CentOS8 system in rather complex network configurations and they ran without issues on Debian.
The key things to note (mainly for automated configuration rules for software deployment) are
-
On CentOS8 NRPE is packaged as 'nrpe', service nrpe.service,
plugins were /usr/lib64/nagios/pluins, custom commands in /etc/nrpe.d
On Debian NRPE is pacaged as 'nagios-nrpe-server', service nagios-nrpe-server.service,
plugins are in /usr/lib/nagios/pluins, custom commands in /etc/nagios/nrpe.d -
On CentoS8 the webserver is package 'http' and service httpd.service.
On Debian the package is 'apache2' and service apache2.service - There is no 'wheel' group on Debian. If adding admin users probably best to put them in the 'sudo' group
-
Most of the changes I was able to implement in puppet fairly easily by wrapping the existing configurations
in a "if ( $facts['os']['family'] == "RedHat" ) { }" block follwed by
"elsif ( $facts['os']['family'] == "Debian" ) { }" and a default catchall else block for other operating systems I may test. It should be noted that the if/elsif/else block had to be implemented in quite a few rules
It should also be noted that neither iptables ot firewalld are installed by default; that suits me perfectly as I use iptables on almost all servers internet facing and firewalld on desktops and internal servers behind firewalls that do not need the explicit fine grained detail iptables provides; so not having to unistall either and just selcting the one I wish to use is an advantage.
I also have not actually run a full clone of any of my servers on Debian. While there should be no issues (tested to the point I should only need to copy over all the web directories) all my alternatives to CentOS evaluations are being done on minimally sized servers, a full test only when I have decided on which OS to move to.
Debian OS releases have shorter support cycles than Oracle Linux (which uses RHEL as a base so should have LTS until 2029). For the latest release of Debian (buster) it moves from debian support in 2022 to volumteers maintaining security support until 2024. Effectively a rhel based release can keep running for 7-8 years and a Debian based one 2-3 years before a major OS upgrade is needed (reference: https://wiki.debian.org/LTS.
So while Debian is a workable replacement for CentOS8 anyone looking for stability is still likely to move toward Oracle Linux.
I still intend to evaluate openSUSE in a later post also, as I wish to look at as many alternatives as possible. However openSUSE 'Leap' (the more stable release, there is also a 'tumbleweed' release for those wanting changes faster) seems to require upgrading between point releases at around 18 month intervals. The commercial release has support for 10 years with each release but of course for CentOS8 replacements I am only looking at the free alternatives. But I may correct that statement as I do more research into openSUSE in that later post.