The most recent version of Fedora, Red Hat’s cutting-edge Linux distribution, provides users of Red Hat’s more staid and stable Red Hat Enterprise Linux an early look at what’s to come in their operating system of choice.
In addition to serving as sort of a Linux technology preview, Fedora 11 can itself serve in a full gamut of Linux roles–as long as Fedora-embracing users are prepared for the upgrade and bug mitigation that can accompany the use of such a fast-paced distribution.
Organizations in search of a freely available Linux server for production roles would do best to steer toward CentOS, which tracks RHEL and benefits from the bug-squashing efforts of the Fedora vanguard.
In my tests of Fedora 11, the biggest improvements were in the area of virtualization, with the Red Hat-led toolset around creating, accessing and managing virtual machines across multiple hosts continuing to mature.
As a virtualization server, Fedora still lags behind proprietary options such as those from VMware in functionality and polish. However, the fast clip at which Fedora’s tools are progressing bodes well for the next major RHEL version.
Fedora 11 can also serve well in desktop roles, as it includes the latest and greatest of desktop-oriented open-source software, including Version 2.26.1 of the GNOME desktop environment, Version 3.1 of the OpenOffice.org productivity suite and Version 3.5 Beta 4 of the Firefox Web browser.
Again, though, Fedora 11 will fit best on the desktops of users who are prepared to give it a bit more love and attention than might be required with other Linux options. In particular, I found that the catalog of ready-to-install applications available for Fedora 11 doesn’t match what’s available to Ubuntu or OpenSUSE users.
The distribution is likely best suited for development-savvy desktop users who can take advantage of the various up-to-date integrated development environments and complementary tools that ship with the system. Fedora 11 comes with NetBeans 6.5 and Eclipse 3.4.2 (both of which depend on Sun’s open-sourced Java OpenJDK project), as well as Version 2.0 of the MonoDevelop C# IDE and Version 4.3.3 of the Eric Python IDE.
Fedora 11 is available for free download from http://fedoraproject.org/get-fedora, with separate versions that support the x86, x86-64 and PowerPC platforms. I tested the x86 version of Fedora 11 on a Lenovo ThinkPad T60 and on virtual machines running under Fedora 11’s implementation of the Linux KVM (Kernel Virtual Machine) facility.
The x86 and x86-64 versions are available as DVD or CD images that comprise the entire distributions, as well as in Live CD images that may be used to try out Fedora without modifying your hard drive.
Fedora’s default desktop environment is GNOME, but there are “respin” versions of Fedora based on the KDE desktop, among other custom versions centered on hardware design, scientific computing, games and other software themes.
Fedora 11 also includes a feature called Presto, which enables the system to consume software updates by fetching delta packages containing only changed bits. Novell’s SUSE Linux distributions have offered this feature, which can speed update operations significantly, for some time now, and I was pleased to see Fedora adopt it.
In Fedora 11, the VM viewer application that’s tied to the distribution’s virt-manager tool now supports guest consoles at display resolutions of up to 1,024 by 768, compared to 800 by 600 in previous versions. Also, the VM creation tool now configures guests with a virtual USB tablet as an input device, which results in improved–but not perfect–tracking between your host machine’s pointer and the cursor of the virtual machine you’re controlling. This isn’t much of a problem with the virtualization tools from VMware or VirtualBox, and it’s an area in which Fedora’s virtualization setup shows its immaturity.
Fedora’s virtualization implementation relies on the VNC remote desktop protocol for accessing the consoles of guest machines. While popular and supported by many clients, VNC has lacked secure authentication support, which the Fedora team has added in Version 11 by extending VNC with SASL (Simple Authentication and Security Layer) support.
When deployed alongside a Kerberos server, such as Red Hat’s FreeIPA server, this SASL functionality can allow for encrypted, authenticated, single-sign-on-enabled remote access to VMs.
Fedora 11 taps its SELinux security framework to enforce isolation of running VMs, using the framework’s MCS (Multi Category System) policy. This support builds on the MCS-based isolation between guest and host that debuted in Fedora 10.
During tests, I created a pair of VMs on my Fedora 11 test box, and could see in my process monitor that the security context information for each running VM process included unique category attributes, as did the virtual disk image files that corresponded to each VM.
Fedora’s SELinux support, which matures and spreads further through the distribution with each new release, is an important differentiator for Fedora and for Red Hat. With that said, SELinux can be a bit of pain to work with. For instance, I was having trouble creating new VMs in certain circumstances, and the error messages that virt-manager presented didn’t specify the problem.
After consulting some log files, I saw that SELinux labeling issues were to blame. In one case, I was trying to install from an iso image stored on an NTFS file system, on which SELinux couldn’t apply its labels. Fedora includes an SELinux troubleshooter tool that can prompt you about these sorts of errors, but during my tests, the troubleshooter didn’t appear until I opened it from Fedora’s Applications menu. This behavior may be related to to the fact that the service on which the troubleshooter relies has been switched to an “on-demand” service in Fedora 11 to speed boot time.
For the rest of my tests, I re-enabled the troubleshooting service and set SELinux to permissive mode, in which it would prompt me about errors but not block any operations.
Fedora 11’s KVM implementation adds support for assigning to VMs exclusive access to physical PCI devices on the host machine. This feature, which I did not test, requires processors with either Intel’s VT-d or AMD’s IOMMU functionality.
Executive Editor Jason Brooks can be reached at [email protected]