2006-05-01 21:56:52

by Marcin Hlybin

[permalink] [raw]
Subject: Open Discussion, kernel in production environment

Hello,

I always configure and compile a kernel throwing out all unusable options and
I never use modules in production environment (especially for the router).
But my superior has got the other opinion - he claims that distribution
kernel is quite good and in these days optimization has no sense because of
powerful hadrware.
What do you think? I have few arguments for this discussion but I wonder what
you say. Please, try to substantiate your opinions.

And the second question: which kernel branch/version *and why* do you use in
production environment?

Regards

--
Marcin Hlybin, [email protected]
Sys/Net Administrator, tel. +48 12 2523 402


2006-05-01 22:36:06

by be-news06

[permalink] [raw]
Subject: Re: Open Discussion, kernel in production environment

Marcin Hlybin <[email protected]> wrote:
> I always configure and compile a kernel throwing out all unusable options and
> I never use modules in production environment (especially for the router).
> But my superior has got the other opinion - he claims that distribution
> kernel is quite good and in these days optimization has no sense because of
> powerful hadrware.

I think it is most often wasted time to optimize your kernels that way,
especially if you consider the ongoing work you have to put into maintenance
of it.

So unlike you plan to roll out hundreds of systems with the same image
(containing a hand made kernel) I would not suggest to do it.

Of course I am not talking about embedded systems here. For larger Servers
(NUMA, Terrayte Ram stuff like that) I also would think you might want to go
with the Vendor kernel, for better support.

For production use with things like Oracle or SAP, I would suggest to not
use uncertified kernels anyway.

Gruss
Bernd

2006-05-02 06:57:32

by Andi Kleen

[permalink] [raw]
Subject: Re: Open Discussion, kernel in production environment

Marcin Hlybin <[email protected]> writes:

> Hello,
>
> I always configure and compile a kernel throwing out all unusable options and
> I never use modules in production environment (especially for the router).
> But my superior has got the other opinion - he claims that distribution
> kernel is quite good and in these days optimization has no sense because of
> powerful hadrware.
> What do you think? I have few arguments for this discussion but I wonder what
> you say. Please, try to substantiate your opinions.

Try to benchmark the difference. If you can't it's wasted work.
Most likely you can't.

-Andi

2006-05-02 07:01:21

by Arjan van de Ven

[permalink] [raw]
Subject: Re: Open Discussion, kernel in production environment

On Mon, 2006-05-01 at 23:57 +0200, Marcin Hlybin wrote:
> Hello,
>
> I always configure and compile a kernel throwing out all unusable options and
> I never use modules in production environment (especially for the router).
> But my superior has got the other opinion - he claims that distribution
> kernel is quite good and in these days optimization has no sense because of
> powerful hadrware.


he's basically right; the gain you get by disabling the generic things a
distribution enabled is way down in the noise. There are some
compromises a distribution makes to keep the number of kernels they ship
down, and I suspect the worst possible case would add up to say 5%.

(on a Fedora / RHEL that would probably be a SMP system with less than
1Gb of ram)

On the plus side you get the maintenance, building and integration done
for you, including the security fixes.

There is a third "advantage" in using a distro kernel; there is less
chance of a mistake in the sense of picking a config option that turns
out to be really bad in hindsight.

Now that doesn't mean that I want to discourage people from building
their own kernel, far from that, but at the same time, the advantages
you get shouldn't be overstated and in a business environment it is
probably not a good use of time nowadays.

2006-05-02 11:29:39

by Jan Engelhardt

[permalink] [raw]
Subject: Re: Open Discussion, kernel in production environment

>> I always configure and compile a kernel throwing out all unusable options and
>> I never use modules in production environment (especially for the router).
>> But my superior has got the other opinion - he claims that distribution
>> kernel is quite good and in these days optimization has no sense because of
>> powerful hadrware.
>
>On the plus side you get the maintenance, building and integration done
>for you, including the security fixes.
>
>There is a third "advantage" in using a distro kernel; there is less
>chance of a mistake in the sense of picking a config option that turns
>out to be really bad in hindsight.
>
At best pick the distro kernel .src.rpm (or equivalent). If required, you
can still roll your own _and_ have the security fixes etc.


Jan Engelhardt
--

2006-05-03 01:06:40

by David Lang

[permalink] [raw]
Subject: Re: Open Discussion, kernel in production environment

On Mon, 1 May 2006, Marcin Hlybin wrote:

> Hello,
>
> I always configure and compile a kernel throwing out all unusable options and
> I never use modules in production environment (especially for the router).
> But my superior has got the other opinion - he claims that distribution
> kernel is quite good and in these days optimization has no sense because of
> powerful hadrware.
> What do you think? I have few arguments for this discussion but I wonder what
> you say. Please, try to substantiate your opinions.

At one point in the past I did some testing of stock 386 kernels (standard
at the time) vs K7 optimized kernels that were stripped down and saw a
substantial difference (30% IIRC). nowdays the distros are optimizing for
better chips so it makes less of a difference (and there's not a lot of
variation yet among the amd64 options)

however, by rolling your own you can avoid including features that you
don't need, and by eliminating those features you also eliminate any
bugs/vunerabilities that those features include (the trade-off is that
sometimes there are dependancies that require non-obvious features and/or
features are buggy and break things when turned off).

I got burned by distro kernels in the past, and the distro was not much
help (not everything in the system was on that distro's 'approved
hardware' list, and even the stuff that was hadn't been testing in that
particular combination). this makes me cynical about the testing that the
distro does (they can't possibly test every combination), so if I have to
test things myself why wait the extra time for the disto to do it's
release?

things are getting better with the distros staying close to the vanilla
kernel, but my memory is long enough to not really trust them yet ;-)

David Lang


--
There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies.
-- C.A.R. Hoare

2006-05-03 02:30:12

by Grant Coady

[permalink] [raw]
Subject: Re: Open Discussion, kernel in production environment

On Tue, 2 May 2006 18:06:27 -0700 (PDT), David Lang <[email protected]> wrote:

>things are getting better with the distros staying close to the vanilla
>kernel, but my memory is long enough to not really trust them yet ;-)

But the distro kernel is only there to boot the machine in order to
compile a custom kernel? And for reboot when one's shiny new custom
kernel falls over :o)

Grant.

2006-05-03 16:40:35

by Jan Engelhardt

[permalink] [raw]
Subject: Re: Open Discussion, kernel in production environment

>>things are getting better with the distros staying close to the vanilla
>>kernel, but my memory is long enough to not really trust them yet ;-)
>
>But the distro kernel is only there to boot the machine in order to
>compile a custom kernel? And for reboot when one's shiny new custom
>kernel falls over :o)
>
The best systems have that 'distro kernel' also replaced,
by a self-made 'working' one :>


Jan Engelhardt
--