Page 1 of 1

Why I migrated a server from Stretch to Ubuntu Server...

PostPosted: 2020-01-13 02:59
by dwasi
...and my experiences in so doing. It's not what you think, so don't get the flaying knives out just yet. I just felt like I had to write this up somewhere.

I have an extremely low-utilization server on my personal network. It serves three functions: nginx to serve a couple of static webpages, ssh to be a back door into my network if needed, and a Unifi controller.

Since that's literally all it has to do, it's not real server hardware like my real servers. It's a repurposed laptop. It's been running Stretch for some time.

A few days ago I noticed that gnupg and a couple of other things were being held back when doing updates. I tried to resolve the holdbacks but I wound up in dependency hell. While poking around, I realized that due to a mistake I'd made in past setup, there were files throughout the system that should have been symlinks. So I decided the best thing would be to rebuild the server. Because this server is of low importance, out of curiosity I decided to experiment with Ubuntu Server this time around, installing 18.04.3 just to see how much different it would be from using Debian.

The answer is, somewhat more than I expected. Here's a list of things, in no particular order.

    - Installation prompted me for whether I wanted "Server snaps" (preconfigured server images). Nice idea but not what I needed.
    - Installation prompted me to set up the network interface for static or DHCP. I let it go to DHCP intending to change it later in /etc/network/interfaces. We'll return to this.
    - Installation enforces lowercase-only for hostnames. I guess that's customary but I've never seen it made a requirement before.
    - Shell login comes with almost a pageful of motd that I had to figure out how to disable.
    - Fail2ban is a version that doesn't add chains until it needs them. Good idea for efficiency but confusing when you start it and don't see anything change in iptables right away.
    - Also, installing Fail2ban brought in Postfix and a bunch of other stuff for some reason.
    - Network interface configuration doesn't happen in /etc/network/interfaces. They replaced ifupdown with netplan and use yaml files to define devices. On the surface a good idea except that the yaml files are stupidly sensitive to indentation, and even though it wants you to specify nameserver IPs per interface, it doesn't appear to use them.
    - Why doesn't it use them? Oh yeah, it's because it's caching everything and running the DNS through whatever's set up in the systemd resolv.conf stub. I had to disable that and replace it with an actual resolv.conf. That leaves the caching service active and doing nothing, I guess, but I don't care.
    - For some reason they have cloud configuration utilities enabled by default. I had to turn off something called cloud-init, and rename the netplan config file from 50-cloud-init.yaml. Note that installation never asked me if it's a cloud server, it just assumed.
    - There's apparently a pseudo random number generator enabled, so you don't have to install haveged if you want Unifi to start up right away after boot.
    - Things I installed that worked more or less the same as I'm used to: certbot, ipset, nginx (from the nginx repos, not Ubuntu's), smartmontools, sshd, iptables-persistent.

A couple of these things were advantages, but for the most part they were annoyances. I don't see a real advantage in having to relearn how to set up network interfaces, for example. I shouldn't have to pick cloud pieces out of a local server, and fighting with DNS to get the requests to go where I actually want them to go is frustrating and pointless. This being Ubuntu, there were plenty of online resources to get around the issues, but still, I would have had the server up faster if I'd used Buster. I'm not going to change it now, and it's good to have the experience, but I still prefer Debian.

Re: Why I migrated a server from Stretch to Ubuntu Server...

PostPosted: 2020-01-13 17:07
by Head_on_a_Stick
dwasi wrote:it's because it's caching everything and running the DNS through whatever's set up in the systemd resolv.conf stub.

Are they really using systemd's stub resolver as the default? It's completely broken...

And YAML for network configuration? *shudders*

Re: Why I migrated a server from Stretch to Ubuntu Server...

PostPosted: 2020-01-13 18:11
by n_hologram
I have no idea what the purpose of this thread is.

Re: Why I migrated a server from Stretch to Ubuntu Server...

PostPosted: 2020-01-14 01:26
by dwasi
n_hologram wrote:I have no idea what the purpose of this thread is.


Well, I have no idea what the purpose of your remark is, so I guess that makes us even. :roll:

Head_on_a_Stick wrote:
dwasi wrote:it's because it's caching everything and running the DNS through whatever's set up in the systemd resolv.conf stub.

Are they really using systemd's stub resolver as the default? It's completely broken...

And YAML for network configuration? *shudders*


Yes, they are. I haven't used Ubuntu proper for anything in many years, so I'd forgotten how aggressive it is about intercepting DNS. I don't know if that was because Canonical was trying to sell you things through the desktop for a while, or just someone's idea of how to make DNS more efficient, but it was one of the reasons I stopped using Ubuntu for desktops. (The other big one was Unity.)

Regarding netplan and yaml: They have a position paper out there on why they went to netplan over ifupdown. I can understand some of their arguments, but in the end it's one of those If It Ain't Broke things. And indentation-sensitive config files break convention. Indents are nice for human readability, but the system shouldn't care if your indenting is inconsistent.

Re: Why I migrated a server from Stretch to Ubuntu Server...

PostPosted: 2020-01-14 06:32
by sunrat
dwasi wrote:
n_hologram wrote:I have no idea what the purpose of this thread is.


Well, I have no idea what the purpose of your remark is, so I guess that makes us even. :roll:


It's serving well as a warning not to use Ubuntu. :mrgreen:

Re: Why I migrated a server from Stretch to Ubuntu Server...

PostPosted: 2020-01-14 12:17
by trinidad
It's serving well as a warning not to use Ubuntu


1) YAML is not secure when used with Ruby or ROR. It can operate in some use cases (python wrapper object injection) like a network facing/exposed XML segment. Bad choice unless you like manually writing security protocols for network applications which would have been fine to begin with. Actually seems like a stupid choice which makes me wonder why they are bothering with it.

2) Canonical is invested in cloud technology, and they just love to sneak in development software and tracking, so that is not surprising.

3) "Feature rich" "Cutting edge" Hmmmmm... I like STABLE.

TC

Re: Why I migrated a server from Stretch to Ubuntu Server...

PostPosted: 2020-01-14 19:39
by dwasi
Oh, also: I could swear I selected a time zone during installation, but the final system was on UTC.

Re: Why I migrated a server from Stretch to Ubuntu Server...

PostPosted: 2020-01-15 13:31
by n_hologram
trinidad wrote:
It's serving well as a warning not to use Ubuntu

---snip---
"Feature rich" "Cutting edge" Hmmmmm... I like STABLE.


Back in circa 2010, I set up an Ubuntu project server, only because it supported my drivers. Nowadays, I couldn't justify it. I do find it interesting that big, corporate projects, like Spotify, use it as the basis for their servers (unless this changed recently).

Re: Why I migrated a server from Stretch to Ubuntu Server...

PostPosted: 2020-01-15 19:19
by dwasi
n_hologram wrote:Back in circa 2010, I set up an Ubuntu project server, only because it supported my drivers. Nowadays, I couldn't justify it. I do find it interesting that big, corporate projects, like Spotify, use it as the basis for their servers (unless this changed recently).


Yeah, that was a little bit of the reason why I chose to try this. My company uses a lot of Ubuntu. I'm not directly involved with the teams that do, but it did make me curious about what they saw in it.

I think it's the corporate backing that drives it. If you break something in Ubuntu, Canonical will gladly take your money to help you fix it.

Re: Why I migrated a server from Stretch to Ubuntu Server...

PostPosted: 2020-01-15 21:39
by sunrat
dwasi wrote:I think it's the corporate backing that drives it. If you break something in Ubuntu, Canonical will gladly take your money to help you fix it.


Image