12.04 Server Install Partition Questions

[Kmargo945]

Hello,

My background: Using Mac for a long time. Installed 12.04 desktop on a laptop to try out Gimp and Inkscape to see if they perform better than on a Mac. I never really mess with
OS' unless something's not working.

End Goal: I'd like to put together a multipurpose server for: Minecraft host, local file server, remote file server, and stuff. Stuff being anything that strikes me as something
I'd want to try.

Current Goal: Get the base server install done so I can start on the other things. This will be a bare metal install with LVM.

Hardware: 32 GB RAM, 256 GB SSD, 3 X 1 TB HDD

When I get to the partition portion of the install I get stuck. I want to minimize the SSD use since I may go dual-boot with Windows 7 at a later point or build another box with a smaller SSD (the build was originally going to be a gaming pc for my son but he has to come up with the video card(s), peripherals, and OS, and he hasn't so it's mine for now)

300 MB /boot ext4, noatime, primary, on the SSD. I'm not sure about the file system though I've read ext4 should be fine.

20 GB? /root lvm, logical, on the SSD. I'm not sure as to a reasonable initial size. Under lvm if the VG runs out of space I'd have to add a new partition to the drive and then add it to the VG. Is this right?

Everything else I was planning on putting on the HDDs. I think I'll be foregoing any RAID options. For the rest of the partitions, should I make each it's own PV or the whole drive as a PV and then break it down? I have seen both methods used and I'm not sure what the benefits are of either.

I'm new to servers and I understand the amount of users can be a factor in partition size and necessity. But I'm not sure what qualifies as a user. Minecraft will have a max of 10 people on it, local file server 2, remote file server 5, and ssh maybe 2.

??? GB /swap I've read 1 or 2 X RAM for swap. Do I really need 64 GB for swap? I was planning on allocating 8GB.

??? GB /home The sizes I've seen for the home partition vary a lot and I'm not sure what the determining factor is.

??? GB /var I know this is separated in order to keep the /root from getting too big, but that's about it.

??? GB /tmp This gets dumped at boot and rewritten so I don't want it on the SSD. I've seen it assigned to tmpfs and placed on RAM. Can this be done from within lvm? Should I go that route at all?

??? GB /usr I've no idea what to do with this one. I think it would be easier to create it now though and avoid possible complications from trying it later. The recommended partitioning scheme (https://help.ubuntu.com/12.04/instal...pc/apcs03.html) also recommends usr/local in certain instances which I'm not certain I fall under.

Thanks for your time,
Raul

[TheFu]

/root and / are different - most of the time it isn't worth splitting these onto different partitions. On almost all my servers, I only use LVM for the data partitions. It just isn't worth the hassles for partitions that don't grow all the time.

/boot - 500M
/ - 20G - this is for the OS and all apps
/usr - I almost never make this a separate partition - it just isn't needed
/tmp - I'd definitely want this on the SSD or in a RAMdisk. Avoid spinning HDDs if you can.
swap - 1-2x RAM was the old method. Since you have 32G of RAM - BTW, that seems like 28G too much for your needs, I'd create a 4G swap and be done. Swap is meant to extend real RAM and cause the machine to get slower gracefully.
/data - or whatever you want to call it is where I'd store all the data - size based on need. You don't need to use all the HDDs initially.
/home - if you don't allow user logins (as in ssh and remote desktops), this can be tiny - 1G per user.
/usr/local - makes sense if you will install software that is NOT from a package repository or PPA. Basically, if you install tar.gz files or lots of other source-code-only software (Java?), then this can make sense, but .... with a 20G /usr, then /usr/local will have plenty of storage for that already.

Ok, so just for clarification. When I setup servers without direct user logins, I use this partitioning:
/boot
/
/Data
That's it. Most things fall under / and are just fine. Having lots of partitions just means being stuck later when something changes.

Many years ago, I used LVM to merge file systems across 3 physical HDDs. 1 HDD failed and I was unable to access the data on the other HDDs. Basically, it behaved as a RAID0 setup, which we all know should only be used for scratch data on disk less than 24 hrs. At the time, I sucked at LVM. Perhaps there was a way to recover the other data - I couldn't. Just be warned. From that point, I've used RAID when I wanted a single file system across multiple HDDs. If I didn't, I'd have different file systems on each physical HDD and merge the storage using mounts and/or softlinks as needed. Call me old fashioned.

There is 1 really great thing about LVM - snapshots. If you can bring down the services for backups - just a few minutes every day - then why bother? I use LVM on my VM host systems, but never for the virtual machine clients. Backups are run at the VM-client level, so every server (just the processes, not the OS) here is brought down nightly to support backups. Most of the time, it is 1-3 minutes of downtime and nobody notices it at 2am.

You didn't mention any monitoring or alarming. This is a core idea for servers.You want to monitor RAM, disk, networking, open files, context swapping, and about 10 other things. Plus you want to harden the OS, log and alarm on break-in attempts.

I look forward to other comments. Every admin can always learn more. I know that I can.

[3L33T]

Call me old fashioned, but, I never used LVM. I have always created my partitions manually from the get-go (from way back in SCO Unix days!)

I create my partitions as follows:

/boot (170MB)
/swap (total RAM X 2)
/ (depends, my production server with 60 users has 20GB)
/home (size depends on a lot of factors)


/boot: still has 70% free space even after 4 years. This is the filesystem where new kernel images are saved and old ones kept.
/home: I usually place this filesystem as a partition on another disk. Do you anticipate your users having 2GB+ of data in their home folders or less than that?

[Kmargo945]

Thanks for the responses,

/root and / are different - most of the time it isn't worth splitting these onto different partitions. On almost all my servers, I only use LVM for the data partitions. It just isn't worth the hassles for partitions that don't grow all the time.

Thanks for clearing that up. I meant / and didn't realize there was a separate /root. I won't be separating those two.

/tmp - I'd definitely want this on the SSD or in a RAMdisk. Avoid spinning HDDs if you can.

I was planning on putting it on RAM, once I figure out how. The how-to's I've read all deal with it by editing fstab and that seems like a post-install fix. Is there a way to do it during install?

/home - if you don't allow user logins (as in ssh and remote desktops), this can be tiny - 1G per user.

This one I'm not sure about. I was planning on going with Samba or Netatalk/Avahi or both for the local file server (2 Macs, 1 Ubuntu, 1 Windows), and OwnCloud for remote file access, and a private Minecraft host, and I'm not sure if the people accessing the files are considered users? As far as the file servers go, any user files (mp3's, RAW, doc, PSD ...) would go in /data or /home/username?

/usr/local - makes sense if you will install software that is NOT from a package repository or PPA. Basically, if you install tar.gz files or lots of other source-code-only software (Java?), then this can make sense, but .... with a 20G /usr, then /usr/local will have plenty of storage for that already.

If there is a separate /usr partition, then do installed apps go there or do they still go to / ?

Do you anticipate your users having 2GB+ of data in their home folders or less than that?

Definitely 2GB+

You didn't mention any monitoring or alarming.

I am aware of the need but I haven't read enough to have questions at the moment. Any suggestions?

Neither of you see the need for /var, but I see it suggested in a lot of server partitioning guides. With my limited understanding of Linux, the only reason I see for it is to keep /var/log from filling / . I'm not sure if that's something I should be concerned with at the moment, but I'm guessing no (under normal operations).

@TheFu : How does /data differ from /home?

Is creating /minecraft at install (25GB, I think) the same as mkdir minecraft when installing the minecraft host?

Lastly, I'm leaning heavily towards the 3-4 partitions (or directories?) path. How hard is it to move things later, like if I decide I want (and am competent enough to) /var to be on its own?

Thanks for your time and experience,
Raul

[TheFu]

I was planning on putting it on RAM, once I figure out how. The how-to's I've read all deal with it by editing fstab and that seems like a post-install fix. Is there a way to do it during install?

/tmp and /var/tmp are dynamically created during boot, not during install. At least that has been my experience. Since HDDs became fast, I haven't bothered with ramdisks. I suppose any howto would be fine. It isn't like you don't have 20+G of excess RAM.

This one I'm not sure about. I was planning on going with Samba or Netatalk/Avahi or both for the local file server (2 Macs, 1 Ubuntu, 1 Windows), and OwnCloud for remote file access, and a private Minecraft host, and I'm not sure if the people accessing the files are considered users? As far as the file servers go, any user files (mp3's, RAW, doc, PSD ...) would go in /data or /home/username?

You can put the data anywhere you like, but the standard way would be for $HOME areas to be small, so users do not abuse the storage and have shared storage areas under /data/ for large files separated by group membership. Anyone in the specific group would be trusted with read-write and delete permissions.

I don't see the point of "owncloud" at all. Everything is available in Ubuntu already without the need to trust some 3rd party. Just learn to love ssh, scp, sftp with key-based authentication and you are covered. Heck, you can use sshfs through an ssh connection and remotely mount storage, if you need it. Because it is based on ssh, it is just about the most secure remote access method available AND trivial to setup. Running an ssh server is a basic skill for anyone using Linux. Be certain that you secure it ... http://blog.jdpfu.com/2011/08/23/sec...cking-failures explains.

I would run the mindcraft server inside a virtual machine. Heck, I'm surprised you aren't using a different virtual machine for much of the untrusted user needs. With a 32G server, there is no way that I'd dedicate the entire machine to a single OS instance, but I use virtualization for almost everything. Isn't mindcraft java - yep - NO CHANCE would I mix that with any system needs that allow end-users to login or modify storage outside Mindcraft. Java has too many security issues. Actually, I avoid anything with java unless it will make me money. Mindcraft would be segmented to a VM. DEFINITELY. I'm certain there are lots of how-to guides for this.

If there is a separate /usr partition, then do installed apps go there or do they still go to / ?
Definitely 2GB+

The installers don't know anything about partitions, so whatever partition is mounted down the path will get the programs. If you have only /, then that will get the data, if you have /usr, then that will get the programs, if you have /usr/whatever/whatever/whatever as a mount location, then any program that installs down that path will be placed on that partition. This isn't old-Windows with drive letters. You can mount a partition at any directory level. Whatever suits you. I think modern Windows has allowed that too, btw.

I am aware of the need but I haven't read enough to have questions at the moment. Any suggestions?

Neither of you see the need for /var, but I see it suggested in a lot of server partitioning guides. With my limited understanding of Linux, the only reason I see for it is to keep /var/log from filling / . I'm not sure if that's something I should be concerned with at the moment, but I'm guessing no (under normal operations).

Old systems would routinely have 100MB for the entire OS, temporary files AND user data, so partitioning off /var was critical. If your system has less than 5G for /, then I might bother with a different /var mount. Otherwise, it just isn't worth it. Filling even 1G with log data will take months. Just have a monitoring tool watch disk storage and don't worry about it.

@TheFu : How does /data differ from /home?

It differs anyway you like. /data is my own invention ... well, not really, but in the old days we used NFS and mounted non-local file systems under /export/{mnt_point}/ I use /Data or /data as a place to put large data files - usually video that doesn't need to be backed up nightly ... if ever. $HOME always needs daily backups, IMHO. You can have a completely different method, it doesn't matter. Just think about data you need backed up AND data that isn't worth it. If you have 3TB of videos, do you really want to back all that up nightly? OTOH, you probably WANT to backup anything important enough inside every /home/ directory - provided it doesn't get too large. At least, that's the way I think about it.

Is creating /minecraft at install (25GB, I think) the same as mkdir minecraft when installing the minecraft host?

I dno't know anything about mindcraft, but I won't put it at the top level under any situation. Perhaps /opt/mindcraft would be better or /usr/local/mindcraft? I dunno.

Lastly, I'm leaning heavily towards the 3-4 partitions (or directories?) path. How hard is it to move things later, like if I decide I want (and am competent enough to) /var to be on its own?

Moving data around is just a specific cp command, though you need to be cautious to maintain file permissions and ownership and grouping for those to continue working. Linux/UNIX is a multi-user OS, so file permissions are a huge part of the overall system security. Files and directories can also be special files - non-standard, so when you do want to move them, it is important to know which methods work for all sorts of files, permissions, ownerships and which don't. As an example, if you intend to drag and drop files/directories around, you will probably lose most of the permissions/groups and owner. OTOH, if the files to be moved are just large data and not programs or "devices", then almost any program can be used to move them.

I don't think I answered your question, but I definitely provided background. Let me try again.
If you want to move data onto a new partition later, then you'll
* create the partition on a new HDD
* mount it to a temporary location.
* shutdown any programs accessing the data in the old location.
* move the files, directories, special files over to the new partition in the temporary mount point.
* verify the old location is clean ... all files moved correctly.
* un-mount the new partition from the temp mount location
* mount the new partition into the "correct" location, so that all the data appears to be exactly where it was before starting this.
* add the new mount information to /etc/fstab so it comes up after a reboot.

That's it. It has more steps when written out than necessary, but you get the idea. Some things are easy to say, but harder to type.

Honestly, I think you are over-thinking all of this. Start with just 20G on / and let her rip. Add other partitions as needed later and move data over as needed to new partitions. Setting up quotas for users is probably a good idea to prevent someone from abusing your storage and harming other users or filling the HDD completely. Quotas happen on a per-partition level, I think, so if you add multiple partitions, you'll need to setup quotas on each. If it is just you and people you can trust, then I wouldn't bother.

I'd still setup monitoring, especially for storage filling up. Following the KISS principle is a good idea. Don't over complicate things until you need something more complicated. The only thing you haven't planned that I would strongly suggest is using virtualization for public facing services and splitting each service into a different VM so that a break-in through 1 method doesn't leave all your users' data exposed.

[Kmargo945]

I don't see the point of "owncloud" at all

Convenience. I don't feel like explaining ssh, scp, sftp with key-based authentication to my sister, daughter, mother so that they understand it. Could you tell me how it involves a third party? Thanks for suggesting I run Minecraft in a VM. I hadn't considered that.

Honestly, I think you are over-thinking all of this.

Yes I am. Mainly because I'm in over my head.

I think I'm just going to do it and see what happens.

Thanks for the help,

Raul

[TheFu]

Convenience. I don't feel like explaining ssh, scp, sftp with key-based authentication to my sister, daughter, mother so that they understand it. Could you tell me how it involves a third party? Thanks for suggesting I run Minecraft in a VM. I hadn't considered that.

VMs rock.
Your family doesn't need to understand key-based authentication, but it is much easier to use after it is setup. They can use passwords and WinSCP to access files easily. I did read up on OwnCloud a little. It is an intriguing project. Does it ever phone home? How do remote users locate your server? No 3rd party setup needed? I don't know, just asking.

I'll probably setup an OwnCloud server inside a VM and play with it to get a more complete understanding. The trade-off between useable, convenience and security is something each admin needs to determine on their own. However, many admins have learned the hard way that "easier" is often much, much, much less secure.

Yes I am. Mainly because I'm in over my head.

We are all in over our heads before we do something a few times. Completely normal.

I think I'm just going to do it and see what happens.

Great idea. Realize that just because something works, that doesn't mean it is working properly or securely.
WebDAV has been plagued with issues (some critical security ones too) since it was first introduced. Even if every one of those has been corrected, I'm positive there are others either unknown to the vendor or unfixed because WebDAV isn't very popular. Explaining how to use WebDAV isn't easy either, at least in my experience.

[Kmargo945]

http://blog.jdpfu.com/2011/08/23/sec...cking-failures

Thanks for the link. I'm mostly aware of security practices as a user. This is my first foray into the admin world and I'm learning as I go.
I finally partitioned it out. I went with /boot, /, /home, swap, /var, /usr. I was leaning towards leaving out /var but I finally found documentation regarding ssd's and linux at https://wiki.archlinux.org/index.php/Solid_State_Drives which recommended moving it to reduce the amount of writes. I would explain my use of /usr, but I'm not sure why I did it, probably lack of sleep. I agree that LVM for files that don't change doesn't make sense, but I'm still hazy as to which those are so I used LVM for everything besides /boot & /. Now I have to figure out how to get the command line to fit on my tv, but that's for another thread.

Thanks for the help/information,
Raul

[TheFu]

So, I setup an OwnCloud v5 server over the last few days. It took a little more effort than I would have expected for a packaged solution. Used MariaDB instead of MySQL. Did this inside a fresh VM with 1G of RAM, 1 CPU and 18G of HDD after installing a fresh Ubuntu 12.04 x64. It runs slower than expected. I dropped a few files into it, a few photos and music too. Using the web interface really isn't the best way to add content - seems that recursively dropping folders in doesn't work. Best to setup the client connection and get your dirs the way you want them for sync first.

The calendar and contact syncing is very intriguing - I have not found a way to create contacts in VCF yet - the **only** format OC supports. THAT would be interesting to me. Thunderbird will not export VCF contacts without a plugin and the plugin use is not intuitively obvious to me. I already run a Zimbra communications server, so calendar and contacts are shared with others on that system easily, but the calendar is not easily shared outside Zimbra to Android devices. It does work VERY well with TB/Lightning, however - as a complete replacement for MS-Outlook + MS-Exchange for me.

I watched the router logs and saw a few "phone home" things initially, but those stopped. Guess there isn't any 3rd party watching, which means OwnCloud isn't like Pogoplug or other similar "create-your-own-cloud" software. Nice.

On Ubuntu, the PPA is hosted by OpenSUSE servers which seem about 20x slower than Ubuntu repository servers. Don't know why, but "apt-get update" is really slow on those specific servers.

OwnCloud is built on LAMP with php - yuck. As a security oriented IT pro, I can't let php systems directly on the internet, but behind a VPN, is an option. Heck, just as an easy way to sync files to Android, this can be a wonderful thing. Clearly, the files stored need to be extremely limited so as not to overflow my 16G Android devices. I've been unable to get the Nexus4 to work with Ubuntu ... but that is another project.

BTW, my partitioning for the VM was simple ...

Code:

$ df
Filesystem     1K-blocks    Used Available Use% Mounted on
/dev/vda1       17319896 2303368  14147408  15% /

Using virtio drivers for both the disk and the networking. The VM sits on a fast "WD Black" HDD.

The basis of OwnCloud seems to be csync. http://www.csync.org/ It is a bidirectional rsync tool. The Windows and Android versions appear to be outside projects. Interesting. I've setup rsync in a bi-directional manner with --delete-after options, but never felt 100% comfortable that it could be used constantly, opting for a daily sync in both directions a few hours apart for each direction.

I had a reoccurring issue during the configuration on Ubuntu clients. Only 4 things are necessary to configure it, but I could never seem to get them all correct and the client would head off to sync even with incorrect connection data. One of the defaults is not likely to be setup for a trial install - SSL. Seems like it should come back immediately if the web server wasn't listening on the correct port. That didn't happen. I've had to wipe the settings and kill the sync processes a few times until finally getting the setup correct.

Used Apache for many years and I'm familiar with normal configurations, but I'm not an expert and definitely not used to php setups, though I am a perl, Ruby, C/C++ dev. The OwnCloud config isn't located inside the "sites-available/" directory. Huh? I'm still confused as to how OwnCloud is connected to Apache. I'd be happier with nginx, a future task.

The default URL is http://server/owncloud ... which wasn't stated clearly on the OwnCloud website, but the default configuration is for https://server/owncloud. Discovered the URL on page 20-something in the admin PDF ... 2 hrs into the install.

Ok, so I need to setup an OpenVPN before I can make this available for others. I should have gotten openvpn working years ago anyway for many reasons. OpenVPN is not too hard for 1 person, but when you are running it for a company, it becomes much more complex due to key management.

Anyway, OwnCloud does appear as an interesting tool for IT nerds to run. Thanks for pointing it out.

[Kmargo945]

OwnCloud does appear as an interesting tool for IT nerds to run. Thanks for pointing it out.

Thank you for trying it out and more importantly coming back to share your experience. It sounds like it'll be a bit more work than I initially thought. I blame all these years on a Mac. And I'm lazy. I'm not sure which came first.

It runs slower than expected

That's the complaint I've seen the most.

As a security oriented IT pro, I can't let php systems directly on the internet, but behind a VPN, is an option.

I guess I'll be adding VPN to my list of things to look into.

As a not IT pro I have to thank you for expanding my vocabulary. I now know what a vCard is and that most of the contact management apps will import it, but there isn't much said about exporting other than some data is omitted by some apps (I only looked for a couple of minutes). Since this is for personal use, I don't have too much concern for contact/calendar sync, at the moment.

In order to not feel like a so much of a mooch, I'll treat to a cup of coffee if you're ever in the New York City area.

Thanks,
Raul