[GTALUG] War Story: distro version upgrades can be dangerous

D. Hugh Redelmeier hugh at mimosa.com
Wed May 24 10:40:05 EDT 2023 

One of my gateway machines uses Fedora.
I used to use CentOS for that kind of purpose, but no longer.

When CentOS changed, I decided to try Fedora instead.

The first downside is the torrent of updates.  But that doesn't really 
seem to be a problem.

The second downside is that support for a release of Fedora is two and a 
bit 6-month release cycles.

An upside is that version upgrades are automated (unlike CentOS) and that 
automation generally works.  This upgrade takes the machine offline for 
perhaps an hour at a time of your choosing

(If one isn't diligent, one can fall way behind upgrading distro versions.  
This is particularly easy in systems like CentOS or debian where there is 
a combination of long support periods and no automated version update 
procedure.  Ubuntu LTS appears to get this right: long support and
update automation.)

Fedora has been working pretty well on my gateway for the last few
years.  I like it that the packages are up to date (CentOS packages
tend to be old).

I upgraded the gateway machine from Fedora 36 to 38 a couple of days ago.

It didn't go smoothly.  A couple of small-ish hangups caught me.  This
is not ideal in a gateway.  Luckily, I have more than one.

====

Problem 1: firewalld

firewalld had a new bug.  Or maybe it was iptables.  I don't need to
know which.

The firewalld settings could not be loaded.  So the firewall had default 
settings.  These were safe but not functional for a gateway machine.  I 
could manually install what I wanted in the running firewall but those 
settings would not persist.  I could not make persistent changes.

I reported the bug:  https://bugzilla.redhat.com/show_bug.cgi?id=2209199
Within a day or so, a work-around is suggested and a bug fix is initiated.

This shows outstanding support for which I pay nothing.  (Actually, I
have done free support for specifically for Red Hat as part of an
upstream project.  But there is no connection.)

====

Problem 2: GNOME now suspends the machine when it thinks nobody is using 
the console.  See
<https://discussion.fedoraproject.org/t/gnome-suspends-after-15-minutes-of-user-inactivity-even-on-ac-power/79801>

Guess how I found out?  No, not reading the Fedora 38 release notes.  I 
discovered it when my gateway suspended.  What the heck?!?

This is a disaster for any machine that has tasks that need to run all
the time.  Clearly this applies to a gateway machine, but even on my
desktop machine, this isn't correct:

- I want to be able to SSH into my desktop at any time

- I run Hexchat IRC client 24/7 on my desktop so that I can know of 
  activity while I'm not there.

- My desktop is an internal mail server and needs to handle mail at all times.

There is a "Fedora Server" version that gets this right.  I haven't 
figured out how to get Fedora Workstation to stop suspending generally.  
The work-around is that you can get each possible console user to turn 
this feature off.  And you have to do this for GDM (the login screen) too.

More information about the talk mailing list