Are Minimal installs really better?



  • Maybe I am just sick and tired of installing basic shit whenever I am on a minimal install, but here are some of reasons behind why I question if minimals are really any better.

    Configuration Drift
    This is the big one for me. With a full install, you get most of the tools you need for troubleshooting and doing various tasks across the board. With minimal systems you need to add packages one by one as you need them. Which means your image could vary quite a bit from system to system.

    Troubleshooting
    This takes longer as every set of servers has a different set of tools, and many times needed tools are missing

    Patching
    Vetting patches becomes more difficult because of the configuration drift.



  • A lot of these issues can be addressed with tools like Ansible or setup scripts, so I find your topic a bit awkward.



  • Wouldn't you just either keep an image with only the stuff you require and deploy that or just use config management to get the default minimal install to you what you require as well?



  • @DustinB3403 said in Are Minimal installs really better?:

    A lot of these issues can be addressed with tools like Ansible or setup scripts, so I find your topic a bit awkward.

    Whatever way you want to slice it, package management is more difficult for OS level packages.



  • @Romo said in Are Minimal installs really better?:

    Wouldn't you just either keep an image with only the stuff you require and deploy that or just use config management to get the default minimal install to you what you require as well?

    Creating a base image with everything you need is the actual solution here. The problem is how effectively can you do it.



  • @IRJ said in Are Minimal installs really better?:

    Maybe I am just sick and tired of installing basic shit whenever I am on a minimal install,

    Use Ansible or a script to add things to your baseline.



  • @IRJ said in Are Minimal installs really better?:

    Configuration Drift
    This is the big one for me. With a full install, you get most of the tools you need for troubleshooting and doing various tasks across the board. With minimal systems you need to add packages one by one as you need them. Which means your image could vary quite a bit from system to system.
    Troubleshooting
    This takes longer as every set of servers has a different set of tools, and many times needed tools are missing

    I don't have this with either. We don't get the drift because we use standards to do the setup. ANd we also find that the baseline is lacking things whether something simple like netstat or something complex like our Zabbix agent. But we have to add on to every box regardless.



  • @IRJ said in Are Minimal installs really better?:

    @DustinB3403 said in Are Minimal installs really better?:

    A lot of these issues can be addressed with tools like Ansible or setup scripts, so I find your topic a bit awkward.

    Whatever way you want to slice it, package management is more difficult for OS level packages.

    Not sure what you mean. Any tools that will come with the non-minimal install will be handled great by being installed only as desired by Ansible or whatever.



  • @IRJ said in Are Minimal installs really better?:

    @DustinB3403 said in Are Minimal installs really better?:

    A lot of these issues can be addressed with tools like Ansible or setup scripts, so I find your topic a bit awkward.

    Whatever way you want to slice it, package management is more difficult for OS level packages.

    Define OS level package, because I have no idea what you mean. I'm guessing it's something from Windows world, but even there I haven't heard about such thing.

    How is this any difficult when managing packages:

    - name: install some packages
      package:
        name: "{{ item }}"
        state: present
      with_items:
        - package 1
        - package 2
        - etc.......
    


  • With the full ISO for example, you'd find yourself wanting to uninstall a bunch of software you don't use.

    Do you really need a podcast player on your Fedora Server?



  • I prefer minimal in most cases. I'm tired of the bloat. Not because it takes up so much disk space, but that's where bad things happen. Tools having issues that I didn't need to have there at all.



  • @scottalanmiller said in Are Minimal installs really better?:

    I prefer minimal in most cases. I'm tired of the bloat. Not because it takes up so much disk space, but that's where bad things happen. Tools having issues that I didn't need to have there at all.

    Don’t you normally installed Fedora Server instead of minimal?



  • @scottalanmiller said in Are Minimal installs really better?:

    Tools having issues that I didn't need to have there at all.

    I dont know if that is true. If a tool lay dormant and/or a service isn't running what kind of affect will it have? I find myself needing additionally shit after a packer image has been created and all the supposedly needed stuff has already been added.



  • @IRJ
    I think it's best to start with the smallest most basic thing and then add what you think you always need. That becomes your personal or company's minimal install and that might be larger or smaller than someone's else because we all need different things.

    If we are talking Fedora Minimal Install then it's actually a pretty bloated affair compared to others like Debian for instance (only the base system, no extras). Even Fedora Custom Operating System option, which I assume is smaller than minimal, is bloated in comparison.

    I have both installed on my test host in the latest versions and looking at dmesg Debian boots in 2.7 secs compared to Fedora's minimal/custom 9.7 secs. After boot Debian uses ~80MB RAM while Fedora uses ~240MB RAM. Fedora of course has more services running by default and pulls in more packages during install. Even Fedora Server's netinstall disk image is about twice the size.



  • @black3dynamite said in Are Minimal installs really better?:

    @scottalanmiller said in Are Minimal installs really better?:

    I prefer minimal in most cases. I'm tired of the bloat. Not because it takes up so much disk space, but that's where bad things happen. Tools having issues that I didn't need to have there at all.

    Don’t you normally installed Fedora Server instead of minimal?

    I do on Fedora, but not on most things. I find that Fedora Server I use quite a lot of.



  • @IRJ

    Minimal but not to the point of reaching alpine linux minimal. If you consider what is driving containers and everything it is about being very small and launch in seconds.. and they told me crazy when I spend hours making Windows xp and 7 as lite as possible 10 years ago and trimming the fat just to run single app like a game, i was such visionary.



  • Also even when you install something bigger, what you need isn't always there anyway.

    I consider for instance screen to be a pretty basic tool. Not in Fedora Server.
    nmap ? Not in Fedora Server.
    tcpdump? Yes, it was there.
    iperf ? No, not in Fedora Server.
    smartctl ? Yes, it was there.

    I think whatever you distro/installation options you pick, you are going to need to add stuff anyway. If that is part of the post-installation process then it's going to be there when you need it.



  • @Pete-S said in Are Minimal installs really better?:

    Also even when you install something bigger, what you need isn't always there anyway.

    I consider for instance screen to be a pretty basic tool. Not in Fedora Server.
    nmap ? Not in Fedora Server.
    tcpdump? Yes, it was there.
    iperf ? No, not in Fedora Server.
    smartctl ? Yes, it was there.

    I think whatever you distro/installation options you pick, you are going to need to add stuff anyway. If that is part of the post-installation process then it's going to be there when you need it.

    The problem is that when you have many different admins that use different tools. You might use Nmap while some people just want to use netcat. If netcat isn't installed, I probably wouldn't even think to use Nmap just because Nmap isn't standard. Nmap will also trigger the hell out IDS systems

    Every admin is going to install their own shit and they will be configuration drift. If you had the full sever install there is arguably enough tools to do everything. Sure you are going to want to install a few packages, but not the amount you will add with minimal.



  • @IRJ said in Are Minimal installs really better?:

    If you had the full sever install there is arguably enough tools to do everything.

    The above stuff was from Fedora Server install, not minimal.



  • @Pete-S said in Are Minimal installs really better?:

    @IRJ said in Are Minimal installs really better?:

    If you had the full sever install there is arguably enough tools to do everything.

    The above stuff was from Fedora Server install, not minimal.

    You left out my next sentence

    If you had the full sever install there is arguably enough tools to do everything. Sure you are going to want to install a few packages, but not the amount you will add with minimal.



  • @IRJ said in Are Minimal installs really better?:

    Every admin is going to install their own shit and they will be configuration drift.

    That's a company standard problem, not an OS problem.

    If a couple of guys doing admin work on the same machines sit down and think through what they use, you could probably come up with a comprehensive list that makes everyone happy. Post-install those packages are added on every machine.

    On a regular basis you review the package list and add stuff or remove stuff and that becomes the new standard. Then push it out to all servers with automation.



  • @IRJ said in Are Minimal installs really better?:

    @Pete-S said in Are Minimal installs really better?:

    @IRJ said in Are Minimal installs really better?:

    If you had the full sever install there is arguably enough tools to do everything.

    The above stuff was from Fedora Server install, not minimal.

    You left out my next sentence

    If you had the full sever install there is arguably enough tools to do everything. Sure you are going to want to install a few packages, but not the amount you will add with minimal.

    OK, I get it now.

    Well, if you think Fedora Server is closer to what you want in a minimal install I don't see a problem using that instead. And then adding whatever is missing.

    You get stuff like cockpit too but maybe that is something you always want.

    I don't know if fedora has a list of packages that are added for each installation option.



  • @Pete-S said in Are Minimal installs really better?:

    @IRJ said in Are Minimal installs really better?:

    @Pete-S said in Are Minimal installs really better?:

    @IRJ said in Are Minimal installs really better?:

    If you had the full sever install there is arguably enough tools to do everything.

    The above stuff was from Fedora Server install, not minimal.

    You left out my next sentence

    If you had the full sever install there is arguably enough tools to do everything. Sure you are going to want to install a few packages, but not the amount you will add with minimal.

    OK, I get it now.

    Well, if you think Fedora Server is closer to what you want in a minimal install I don't see a problem using that instead. And then adding whatever is missing.

    You get stuff like cockpit too but maybe that is something you always want.

    I don't know if fedora has a list of packages that are added for each installation option.

    View group installs
    dnf grouplist

    View packages within group installs
    dnf groupinfo "Development Tools"



  • Fedora Server adds this over Minimal Install (in Fedora 30)
    I looked at:
    dnf group list
    and
    dnf group info "<groupname>"

    Difference between Minimal Install and Fedora Server Edition:

    It's not the whole truth though because some of these packages are installed in Minimal Install but they are listed as optional. I don't know when packages that are marked optional actually are installed or not. One example is the packages in the Standard group.

       Common NetworkManager Submodules
          NetworkManager-bluetooth
          NetworkManager-wifi
          NetworkManager-wwan
          dhcp-client
          dnsmasq
          iptables
    
       Fedora Server product core
          PackageKit
          chrony
          polkit
          realmd
          timedatex
          NetworkManager-team
          dhcp-client
          fedora-release-server
    
       Hardware Support
          atmel-firmware
          b43-fwcutter
          b43-openfwwf
          ipw2100-firmware
          ipw2200-firmware
          iwl100-firmware
          iwl1000-firmware
          iwl105-firmware
          iwl135-firmware
          iwl2000-firmware
          iwl2030-firmware
          iwl3160-firmware
          iwl3945-firmware
          iwl4965-firmware
          iwl5000-firmware
          iwl5150-firmware
          iwl6000-firmware
          iwl6000g2a-firmware
          iwl6000g2b-firmware
          iwl6050-firmware
          iwl7260-firmware
          libertas-usb8388-firmware
          usb_modeswitch
          zd1211-firmware
    
       Headless Management
          PackageKit
          cockpit
          openssh-server
          cockpit-networkmanager
          cockpit-packagekit
          cockpit-selinux
          cockpit-storaged
    
       Standard
          abrt-cli
          acl
          at
          attr
          bash-completion
          bc
          bind-utils
          bridge-utils
          btrfs-progs
          bzip2
          cifs-utils
          cpio
          crontabs
          cryptsetup
          cyrus-sasl-plain
          dbus
          deltarpm
          dos2unix
          dosfstools
          ed
          ethtool
          fedora-release-notes
          file
          fpaste
          fprintd-pam
          gnupg2
          grubby
          hunspell
          iptstate
          irqbalance
          jwhois
          logrotate
          lsof
          mailcap
          man-pages
          mcelog
          mdadm
          microcode_ctl
          mlocate
          mtr
          nano
          net-tools
          nfs-utils
          nmap-ncat
          ntfs-3g
          ntfsprogs
          opensc
          pam_krb5
          passwdqc
          pciutils
          pinfo
          plymouth
          psacct
          quota
          realmd
          rng-tools
          rsync
          rsyslog
          smartmontools
          sos
          sssd
          sudo
          symlinks
          systemd-udev
          tar
          tcpdump
          telnet
          time
          traceroute
          tree
          unzip
          usbutils
          util-linux-user
          vconfig
          wget
          which
          wireless-tools
          words
          zip
    


  • @black3dynamite said in Are Minimal installs really better?:

    I don't know if fedora has a list of packages that are added for each installation option.

    View group installs
    dnf grouplist

    View packages within group installs
    dnf groupinfo "Development Tools"

    Thanks, I managed to figure that out.



  • @Pete-S said in Are Minimal installs really better?:

    Fedora Server adds this over Minimal Install (in Fedora 30)
    I looked at:
    dnf group list
    and
    dnf group info "<groupname>"

    Difference between Minimal Install and Fedora Server Edition:

    It's not the whole truth though because some of these packages are installed in Minimal Install but they are listed as optional. I don't know when packages that are marked optional actually are installed or not. One example is the packages in the Standard group.

       Common NetworkManager Submodules
          NetworkManager-bluetooth
          NetworkManager-wifi
          NetworkManager-wwan
          dhcp-client
          dnsmasq
          iptables
    
       Fedora Server product core
          PackageKit
          chrony
          polkit
          realmd
          timedatex
          NetworkManager-team
          dhcp-client
          fedora-release-server
    
       Hardware Support
          atmel-firmware
          b43-fwcutter
          b43-openfwwf
          ipw2100-firmware
          ipw2200-firmware
          iwl100-firmware
          iwl1000-firmware
          iwl105-firmware
          iwl135-firmware
          iwl2000-firmware
          iwl2030-firmware
          iwl3160-firmware
          iwl3945-firmware
          iwl4965-firmware
          iwl5000-firmware
          iwl5150-firmware
          iwl6000-firmware
          iwl6000g2a-firmware
          iwl6000g2b-firmware
          iwl6050-firmware
          iwl7260-firmware
          libertas-usb8388-firmware
          usb_modeswitch
          zd1211-firmware
    
       Headless Management
          PackageKit
          cockpit
          openssh-server
          cockpit-networkmanager
          cockpit-packagekit
          cockpit-selinux
          cockpit-storaged
    
       Standard
          abrt-cli
          acl
          at
          attr
          bash-completion
          bc
          bind-utils
          bridge-utils
          btrfs-progs
          bzip2
          cifs-utils
          cpio
          crontabs
          cryptsetup
          cyrus-sasl-plain
          dbus
          deltarpm
          dos2unix
          dosfstools
          ed
          ethtool
          fedora-release-notes
          file
          fpaste
          fprintd-pam
          gnupg2
          grubby
          hunspell
          iptstate
          irqbalance
          jwhois
          logrotate
          lsof
          mailcap
          man-pages
          mcelog
          mdadm
          microcode_ctl
          mlocate
          mtr
          nano
          net-tools
          nfs-utils
          nmap-ncat
          ntfs-3g
          ntfsprogs
          opensc
          pam_krb5
          passwdqc
          pciutils
          pinfo
          plymouth
          psacct
          quota
          realmd
          rng-tools
          rsync
          rsyslog
          smartmontools
          sos
          sssd
          sudo
          symlinks
          systemd-udev
          tar
          tcpdump
          telnet
          time
          traceroute
          tree
          unzip
          usbutils
          util-linux-user
          vconfig
          wget
          which
          wireless-tools
          words
          zip
    

    I know if wanted to include the optional packages, I would use --with-optional



  • I know if wanted to include the optional packages, I would use --with-optional

    Ahh, good to know.

    Anyway if one wanted something between minimal and fedora server but without cockpit, bluetooth and such, you could install minimal and then run dnf install @standard to get the packages from the standard group, which is most of the utilities.

    BTW, it took less than 30 seconds to download and install the standard package on my test system. It's many packages total but they are small.



  • @Pete-S said in Are Minimal installs really better?:

    I know if wanted to include the optional packages, I would use --with-optional

    Ahh, good to know.

    Anyway if one wanted something between minimal and fedora server but without cockpit, bluetooth and such, you could install minimal and then run dnf install @standard to get the packages from the standard group, which is most of the utilities.

    BTW, it took less than 30 seconds to download and install the standard package on my test system. It's many packages total but they are small.

    And also can do this during the software selection screen too.
    5e7cda31-27f0-4b8b-9adc-ff8f78ec9659-image.png



  • Now there are some negative when installing standard groups. You end up having packages like these installed even though you are setting up a headless server.
    e298c44f-a9de-4bb2-876b-1e96b1c41631-image.png

    2f6562d5-e640-4332-9db7-b4f77e6aa993-image.png



  • @black3dynamite said in Are Minimal installs really better?:

    Now there are some negative when installing standard groups. You end up having packages like these installed even though you are setting up a headless server.

    Where was those? They were not in the standard group when I looked.


Log in to reply