New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Do you prefer install from an ISO or use Templates?
As the title says, do you prefer install from an ISO or use the provider template images for your OS?
I prefer install from the oficial ISO when possible.
ISO vs Template image
- What do you prefer?68 votes
- Install from ISO57.35%
- Use template images32.35%
- I prefer ISO, but my provider doesn't have that option10.29%
Comments
Hetzner always attach an USB for me when I need to install something they don't have
I always install via ISO. Templates sometimes have a lot of junk in them (eg Apache installed and running out-of-the-box), or questionable default settings. I've even seen some images where the SSH server keys were the same for each VPS created from the image! The ISO is guaranteed to be clean and minimal.
If your provider doesn't support ISOs, you can boot into netboot.xyz either via GRUB (I recently wrote this doc page about it: https://netboot.xyz/docs/booting/grub/) or iPXE (https://netboot.xyz/docs/booting/ipxe). As long as they have VNC, this should always work.
A provider that puts junk in the template doesn't sound like a very trustworthy provider
If provider has "he SSH server keys were the same for each VPS" then do you really trust them with your data and money? This is such a big red flag, it doesn't matter at all if they have ISO option if they cant figure out basic security stuff.
Not sketchy junk, just some have full installations of Apache, BIND, PHP, etc. Useful for some people, but I use Nginx and almost never use PHP.
Yeah I agree, and I've generally moved away from providers like this once my contract expires. They do exist though. Some providers use third-party images and don't properly vet them. Even official templates have had issues in the past (eg https://www.lowendtalk.com/discussion/169685/vulnerability-in-solusvm-debian-10-template-debianuser-backdoor-default-user/p1).
I have created my own template(s)
I see. I haven't encountered a provider like that yet. But imo, it still seems a bit sketchy to mess with the iso unless it's clearly stated.
I always use ISO custom, cause most provider doesnt provide Alpine Linux template (Im aware only @MannDude provided it, and love it so far).
Glad you're happy with the options. You're also free to bring your own ISO and upload it if there is one you'd like to try that we don't officially offer.
All my KVM servers, except Oracle Cloud, are installed from ISO or netboot.xyz.
OpenVZ and LXC have to use templates, but I have script to delete all the junk via
apt-mark auto
.NATVPS.net Debian 11 template for OpenVZ was caught to have the same SSH host keys on every container, because the person who created the template wasn't aware of this.
I only discovered because I bought a bundle and saw the same key digest showing up 5 times.
The provider corrected the problem swiftly.
My future setup after a template install shall include a step to regenerate SSH host keys.
i prefer netboot.xyz
For cases where I must use an image (like OpenVZ), I explicitly uninstall and reinstall openssh-server. If you do
apt remove --purge
, it'll remove a package and all its config, which for OpenSSH server includes the host keys. They'll be freshly generated on reinstall.You don't necessarily need to remove and re-install the whole openssh-server package.
It's enough to simply delete the host keys and regenerate them:
always install via Templates
I usually install via ISO so I can setup LUKS encryption for storage and have the peace of mind knowing the OS template is straight from the source (Debian, Alma, Ubuntu, etc)
I prefer ISO in most cases, but if the server is just for idling or very simple task, I won’t bother to install ISO
I've wasted so much time troubleshooting the oddest issues, only to find out it's because a provider's template was missing packages that would normally be included in a default installation.
After many such experiences, I've come to hate templates and use an ISO installation whenever possible, followed by an Ansible playlist to get everything set up to my default preferences.
I think the weirdest was when I couldn't find any log files being created on a system, only to find out that it didn't have rsyslog installed. Crazy.
Very helpful links!Thank you!
Template - but I trust my providers. If I need to install a custom ISO because their templates are messed up and it becomes a problem I'll migrate hosts when it's convenient
Nothing against custom ISOs mind you. Just not worth the work for me with a LET provider for how little I use my servers