New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
That change was made in 2011 or thereabouts (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639841), and Hetzner's Debian 7 image for dedicated servers that I installed a couple years ago didn't have this problem. I'll take a look at the sudoers file on a cloud instance. Thanks for the pointers!
Yes, let us know if you come up with anything! It's puzzling.
(Not that I'm personally affected at this time, because I haven't yet jumped onto Hetzner's cloud, :-) so it's more just my curiosity at this point.)
You know you want to though :P
I do feel the want but I'm doing my best to fight it. If I gave in, I'd feel like all of my grumbling in this thread would have had no purpose: you know, that Hetzner isn't -- despite initial appearances -- the LET-messiah after all. If I gave in, I'd feel like all of that would have had no purpose, and it would make my existence feel even more meaningless than it already feels.
I hope that you understand.
I checked and Hetzner's /etc/sudoers (installed by their cloud-init) is different than the usual one. The relevant missing lines are:
Can someone who installed Debian from an official .iso check whether those lines are there? If Hetzner changed it in a way that breaks user scripts, I'd say their template has a bug and they should fix it.
Shut up and give them your money!
Unfortunately, I'm not in front of Debian at the moment, but those lines should definitely be present in /etc/sudoers on a fresh install.
Ok, now it looks to me like they tried to fix it but instead broke it even more than before. I installed Debian 9 from the ISO and checked, there was no /etc/sudoers before installing sudo. Installing sudo used a debian.org pkg repo and used the normal sudoers file with those lines. After some other tests I spun up a fresh server and found there was now a default sudoers even before sudo was installed, so "apt-get install sudo" from the shell brought up a prompt asking whether to use the already-present one or the one from the package maintainer. This prompt broke my non-interactive (ansible playbook) installation. So that was not the right way to fix it.
Is Hetzner engineering reading this? If not, I can update my ticket. It looks like someone there is working on it, anyway. Thanks.
Added: I replied to the ticket with basically the above info.
Or you can forget legacy stuff and use IPv6. In that case you don't need to pay for IPv4 address.
For kicks I looked into it. You're right they are required by german law to delete the data. However they are also required to transmit the data via encrypted means. Their request to reply to an email with an attachment of the passport or other ID leaves me less than confident in their adherence to government mandates to delete the data.
And no offense I don't think their systems are as secure as EQUIFAX. I have looked into it, their flaw was sharing/allowing access to the data from too many locations. But just replying via email with this data? Come on man that's just bad practices.
Frankly not even responding to my request for alternative forms to tell me to scuff off also is a sign of bad customer relations. I suppose I'll need to contact netcup to see if they'll atleast respond to me.
But that can also be a bad thing.
It has happened to me that the "limited stock" server didn't start so I tried again, and again but it still failed. Each time I deleted the server but the IPs and storages weren't deleted with it, so I got billed for those, luckily only a few hours...
50GB storage would be nice, but I think I'll give Hetzner a try.
Anyone using rclone and plex/wmby with them?
You can pay per use. https://wiki.hetzner.de/index.php/CloudServer/en#How_do_you_bill_your_servers.3F (See also "When will I get my invoice?" here.)
However, some customers who use our other control panels (Robot/konsoleH) prefer to pay in advance via PayPal because they may live in countries with unreliable banking systems, or because they don't have access to a credit card and don't want to pay bank transfer fees every month. We will allow Cloud Console customers to do the same. To set up this payment option, please write a support ticket via Cloud Console. --Katie, Marketing
Intel Skylake Xeon CPUs with 2.1 GHz --Katie, Marketing
By the way, good to know that Hetzner Cloud also offers original ISOs. I was under the impression that they only offered templates.
What do you mean by "now it looks to me like they tried to fix it but instead broke it even more than before"?
What I gather from what you've said is that /etc/sudoers as installed by their Debian template is old in the sense that those lines are missing. In fact, it sounds like /etc/sudoers shouldn't even be present if sudo isn't also installed by their template. When you tried to install sudo, Debian did the right thing by asking whether /etc/sudoers should be overwritten, but you missed this because of your non-interactive script.
In sum, based on what you've said, it seems as though /etc/sudoers as installed by Hetzner's Debian template is a leftover from an earlier time and shouldn't even be present if sudo isn't also installed. Would you agree?
Yes, that's true. I'm also the company English teacher. I'm a bit of a jack of all trades.
--Katie, Marketing (and English teacher)
Hi Willie, Thanks again for communicating with us about this. We have reproduced the problem and identified the cause. We are working to resolve the issue and will roll out a fix shortly. We'll keep everyone informed via LET. --Katie, Marketing
Old situation (not certain of this and can no longer check): base installation had no /etc/sudoers. Installing sudo with apt-get created an /etc/sudoers with nonstandard contents including a header saying it was made by cloud-init. That was missing the secure path line, so "sudo apt-get install whatever" failed because of missing directories on the path. You could fix this by patching sudoers or putting /sbin on your path. I don't know if the nonstandard sudoers file was from an old release or just from some editing error or what.
New situation: base installation contains a /etc/sudoers with some lines to read in stuff from sudoers.d. Running apt-get install sudoers finds this file, which conflicts with the one that it wants to install from the repo. So it tries to interactively prompt you asking whether you want to use the existing version or the repo version. Since ansible-playbook doesn't know what to do with the interactive prompt, the playbook fails. You have to manually login as root and fix stuff, when the idea of ansible is to automate that. My next hack was going to be to add a playbook task to delete the pre-existing sudoers file before installing sudo, but now I don't need to do that (see below).
My current setup is quite nice after all of this. I started a vm, fixed everything the way I wanted, then made a snapshot. So now when I launch a new server, I initialize it from the snapshot instead of from the base template. That means I don't even have to run ansible any more. The server comes up with my packages already there.
But, I still think they should fix the sudoers situation. I guess they will figure it out.
Added: cross-posted with Katie, so saw her post after finishing mine. OK, they are fixing it, a pretty minor glitch in the scheme of things and I'm sure they'll take care of it. Thanks Katie.
I can't give you any specifics there. We tend to announce things once they are ready to go. The construction on the first DC in Finland is nearing completion. We will make announcements as our different product lines become available in Finland. --Katie, Marketing
Thanks for the suggestions regarding floating IPs. When a server is deleted, the IP stays reserved for some time (currently 48h) for the customer in that location. --Katie, Marketing
Yes, they should, it seems messy at the moment, although installing from an ISO should be okay, if I've understood well.
Hi sureiam, Could you please send me your order number via PM? I can send my colleagues the number and ask them to check on it since I don't have access to that system myself.
I missed that you had not gotten a response at all from our team in your previous post. I'm sorry about that. As you can imagine, our team has been trying to process as many order requests as possible since the launch. So it's possible that your request was lost amongst the fray. If that's what happened, I apologize in advance. --Katie, Marketing
@Hetzner_OL a few other suggestions:
1) By going to the management screen for a VM and clicking "Mount ISO" or something like that, you can see a nice list of isos to select from. But if you don't have any active servers, there's no way to see this list. It would be nice if it was still accessible somehow.
2) I think others have suggested it but it would be nice to be able to upload your own isos, or supply a url at launch time pointing to an iso image, etc. You usually wouldn't have to do that on every reboot or launch, since you'd do your installation and save an image.
3) Starting a new server from a standard template is amazingly fast, like 10 seconds or so from clicking "buy" to being able to login to the server. I suspect that process is optimized somehow, like by clearing out disk space in the background so it's already available for new servers, and template unpacking knows about this. But installing from an image is much slower since it seems to write out the whole disk partition, a minute or so for a 20gb partition (2gb server). That would be awful for a 32gb server with its much larger disk. So I hope it can be optimized like the standard template installs are, when the image content is much smaller than the disk partition.
4) It would be nice if uploading an ssh key let you mark it as a default key to use in all new instances unless you select something different. Otherwise you have to keep selecting it from the web console, a slight nuisance, and something I missed completely at first (your support rep had to tell me about it).
This is actually a slight nuisance, since ssh'ing to the new server results in the ssh client finding a mismatched key for that IP address and barfing an obnoxious error message. You have to edit .ssh/known_hosts to get rid of the old key before you can connect to the new server. So I'd rather just get new IP's. That's also better in the case of using the server as a VPN, where you want to rotate addresses every so often.
You don't need to install from an ISO (a significant hassle) just to deal with the sudoers problem. Just fix the sudoers file after launching from the template, either by deleting the initial one or choosing "use the package maintainer's version" at the interactive prompt. Anyway this will stop being an issue soon.
Hi sureiam, Could you please send me your order number via PM? I can send my colleagues the number and ask them to check on it since I don't have access to that system myself.
I missed that you had not gotten a response at all from our team in your previous post. I'm sorry about that. As you can imagine, our team has been trying to process as many order requests as possible since the launch. So it's possible that your request was lost amongst the fray. If that's what happened, I apologize in advance. --Katie, Marketing
If a customer made a request by ticket that a (publicly available) ISO be added to the collection of ISOs, do we know for sure that Hetzner would say no? I mean, perhaps they would consider adding a (publicly available) ISO if requested by ticket. (Naturally, being able to upload one's own ISOs would be the best, but short of this, the need to make a request by ticket would be okay.)
Seem to have missed this in the website/here, but is the Hetzner DDoS protection included on these Cloud plans too ? like the dedicated servers have? could be quite useful as a reverse-proxy that way.
DDoS protection included in all Cloud plans.
Hi @Hetzner_OL, I have been using your Cloud for a few hours now but hasn't been required to pay for anything yet.
How long does it take to send me the invoice?
Not sure what I did wrong. But my account got deactivated after I sent them my proof.
After reviewing your updated customer information, we have decided to deactivate your account because of some concerns we have regarding this information. Therefore, we have cancelled all your existing products and orders with us.
In the coming weeks we plan to offer the ability to add (private) ISO images upon request. We will keep you updated about this topic. --Katie, Marketing