I’m setting up a new Linux server and using Ubuntu for it for the first time. I’ve been a Debian guy for a long time now (and before then, Red Hat), so Ubuntu is both new and old. I switched to it because it’s got a faster upgrade cycle than Debian, but I like all the extra tools they’ve added, too.
Here’s some of the new things in Ubuntu I’ve learned about. The Ubuntu server docs are an excellent place to start.
- upstart, a replacement for SysV init scripts that runs things in parallel. The configuration files live in /etc/init. There’s still old SysV stuff in /etc/rc2.d and /etc/init.d being run. The new service command is nice, ie “service –status-all”. There’s plans for upstart to replace cron and at, too. Docs: UbuntuBootupHowto, original rationale, upstart tutorial, and cookbook. (Ubuntu does not use systemd, another modern init replacement).
- plymouth, the graphic splash boot screen. For some reason this is complicated and intertwined with upstart.
- ureadahead (aka Über-readahead), a clever system to improve boot times by reading all necessary user files off of disk in one big transfer at the beginning of boot. The boot image is kept in /var/lib/ureadahead and there’s clever stuff to invalidate and re-write the files when new things are installed. It seems to save a few seconds on boot for me, not positive. More info here.
- ext4fs is the default filesystem. It has various incremental improvements to ext3fs, many of them aimed at efficiently handling big files and disks.
- AppArmor, a security mechanism. It lets the kernel restrict what access various programs have. For instance, ntpd is only allowed to write to certain log files so if there’s ever an exploit against ntpd it won’t go writing random files as root. It seems like a fairly limited security mechanism given how big the attack surface of Linux is, but also harmless and potentially useful.
- ufw, Uncomplicated Firewall, is a friendlier interface for firewall rules than iptables.
- Automatic software updates. The setup process is embarrassingly manual, but you can have Ubuntu install security updates (or all updates) automatically.
- pam_motd, the absurd thing that makes /etc/motd show current system stats. It seems to update on login. If it ever breaks I will be very angry if I can’t log into my system.
- JeOS is a stripped down Ubuntu server for running as a guest in a virtualization environment. I have no need for this now, but it’s a good idea.
- Bacula, a fancy backup system. I will probably stick with rsnapshot and rsync.
- Launchpad, a website where many Ubuntu projects are hosted. Bug tracking, etc.
One thing they haven’t improved is libresolv; it still queries nameservices serially, one at a time. Worse, the first entry in /etc/resolv.conf for me named 192.168.1.100 as the nameserver, a bogus entry from the initial setup in a different DHCP environment. So every DNS query was waiting 5 seconds for that to time out. I fixed it by putting Google’s 18.104.22.168 as the first nameserver.
My next project is to automate all my deployment of my own stuff to the server using Puppet or maybe Chef Solo. I’m trying to avoid the thing where my servers become an irreproducible rat’s nest of random crap I’ve collected over time. OTOH, I can tell already it’s going to be a lot of work for one little personal projects server.