I feel left behind

LayLow · March 22, 2024, 5:45am

That’s really funny!

capote · March 22, 2024, 7:49am

I’m sorry, but your answer reads like this to me: “The ball is in your court.”

I am really surprised at the response my belly rumbling has triggered. Even if it doesn’t change anything about the current situation, it’s good to feel that I’m not alone in this.

What interests me now is what conclusions do the core development team draw from this? @stephdl @davidep @alefattorini Have you ever discussed internally which deficits in the community make acceptance more difficult? Can you not only understand the problems, but do you actively address them?
Do you have a plan for improving the user experience?
I hardly read anything about this in the announcements for NS8.1.

Or is it unfortunately our concern how to deal with it?

Perhaps it would be helpful to ask about the individual wishes and arguments expressed here separately, in order to measure the intensity of the pain and enable solutions to be prioritized?

pike · March 22, 2024, 8:44am

As stated before…

checked all boxes for the hardware requirements.
Never read you writing “NethSec should support only multicore CPUs because 1 core is simply not enough.”
Anyway, i will understand if the 100mbit realm will be cut off for sake of more compact image, less clutter, lesser degree of complication. However… still not at that point.

alefattorini · March 22, 2024, 9:02am

@capote I feel you and I’d like to summarize for everyone

We extensively discussed the choice of NethServer 8 in the past. If you want, I can link here all the countless discussions we had, about whether it was the right choice and how to proceed. It wasn’t decided elsewhere; it was done here in the community. Perhaps some may not remember, or maybe they were distracted or had other things to do, which is normal. But saying that it wasn’t discussed with the community is untrue and unfair.

For those who don’t recall, below are the reasons that drove us (in some cases, forced us) to transition to NethServer 8:

Need to be independent of the distribution (does anyone remember the CentOS EOL and the instability of Stream?)
Having an updated technology stack
Ease in creating new apps (e.g., containers)
Ability to easily manage hybrid on-premise cloud situations
Greater versatility compared to an all-in-one distribution, such as the ability to install the same app on a single node

NethSecurity

The choice of a similar technological stack compelled us to review the firewall aspect and separate it into a separate project (always open source), as many of you have requested over time and as similar firewalls already exist (e.g., pfSense, OPNsense), meaning a project that focuses solely on the firewall.

Bugs

We rebuilt everything from scratch with a completely new technology, so, naturally, there may still be some rough edges. However, I assure you that there are already many systems in production, and many more will be coming in the next few months. NethServer and NethSecurity are not toys but services for businesses.

I got you.

Over time, we will improve certain aspects related to LAN integration: we have added local destinations for backups, and with version 8.1, the DNS and DHCP services will be introduced. This seems to me to be in line with what you want, and it’s worth emphasizing.

Andy_Wismer · March 22, 2024, 9:06am

I think we can both agree on:

Still a lot of work to do for NS8…
Even more work to be done for NethSecurity.

I will test drive NethSecurity, but at the moment, OPNsense works excellently!

I hardly ever use Suricata, as it eats up CPU, mostly for nothing.
However, Threat Shield seems popular on NS7 and therefore Suricata. And this seems the case here too.
So I will need more testing myself…
But this does not mean i will use either.

My 2 cents
Andy

pike · March 22, 2024, 10:58am

X for doubt…

That is correct, was discussed…

hybrid on-premise hosting… situations…

Introduced a feature that was in NethService, NS6, NS7?
Such a novelty.

alefattorini · March 22, 2024, 1:54pm

I’m sorry man but your sarcasm is useless and counterproductive for the atmosphere of this community and even more so since you hold the role of community padawan in the title. I hope this is the last time I read it.

pike · March 22, 2024, 8:02pm

Sugarcoating the lacking of functionalities won’t make them appear. Marketing coating the unfinished status and growing pants and pains of the container orchestrator won’t make disappear the problems.

Community might become customers, that’s fair, however it’s not knowledge-free enough forn not perceive the difformity of the declarations to the status. Both projects are growing and need improvement: UI, UX, processes, documentation, system requirements.

It’s gonna be allright? I don’t know. Repeating “everything is fine” is way too much distant from the status, but repeating countless times makes me ask "Why is so important to say that? It’s an ad?

Please, remove the title.

oneitonitram · March 23, 2024, 4:14am

@pike whats the issue really exactly. it cant be that everything is just bad and that’'s period.

pike · March 23, 2024, 7:29am

Apparently I’m the issue…

robb · March 23, 2024, 11:37am

I would consider a different root cause.
The old libraries come from the conservative approach of RH and thus CentOS.
And the main reason for choosing CentOS is the legacy of NethServer and the knowledgebase of the main devopers at that time.

I must admit I am in a state of confusement and fear for the transition to a next distro. Besides several “default” modules I have a lot of “non module” applications running on my server.
I have absolutely no clue how to get those available on ns8.
To be honest, i feel as lost as @capote

Andy_Wismer · March 23, 2024, 11:50am

Hi Rob

and In so far true, as the predecessor of NethServer, SME Server, also used Centos as base, and at the time there were no issues with Centos 7 - or Centos 8 even. Then Red Hat began singing the “Blues”, and Centos had it’s plug pulled, and Red Hat had a credibility problem bigger than their Egos!

For those apps that fall between the old and new, (like you also have) I plan on using a plain vanilla Debian Container or VM just to run such apps / stuff, until I figure out the best way to integrate them in NS8 - or simply connect the Apps to AD / LDAP of NS8…

Some stuff are even best left completly independant of NS8, as they are intended to be a fallback / spare. One such example would be Citadel, as backup mail server…

My 2 cents
Andy

oneitonitram · March 23, 2024, 12:13pm

@robb perhaps if you could share those non module applications you are running on your server. Me and my time could dedicate some. Time to help you build them into Nethserver 8 apps, would this help your case.

Similar to you, I also faced the same challenge, most of the software I was running on my Nethserver instance are not modules in NS and with ns7 transition to NS8. Because we could, we embarked on building them into NS8 apps.

Not all have been accounted so, mostly dev tools, and am not sure if community members are using them, while for those we were able to port to other systems, I would love for them to be NS8 apps.

oneitonitram · March 23, 2024, 12:16pm

Andy, what apps are these.

We are working on implementing ldap for dolibarr which I understand you are using.

oneitonitram · March 23, 2024, 12:17pm

@pike no one is saying this, all we are saying is, your way of articulating these issues is not really the best.

Equally you must admit that alot of progress is being made to align on matters you are having problems with.

dnutan · March 23, 2024, 1:35pm

I don’t think @pike is the problem. You cannot expect to change how people are and how they express themselves (possible to some degree but unlikely in a broader sense).

Could have him worded it differently? YES. (again, @pike would say sugarcoating it even if it’s not what I mean). But let’s not make a fuss of it!

From my POV, it has declined in making new users feel welcome regardless of their background (experienced sysadmins, casual “sysadmin”, DIY/home users). But that’s off topic.

Some people in the team may feel hurt by the wording or feel unappreciated by other comments and posts. In both sports and work, team morale is important. Not talking about this or that comment in specific but of a growing burden to carry.

Generalizing, workers are only called/frown upon when something goes south but barely appreciated when they do good, as some people think that’s implied and goes with the payroll. But workers (in this case, developers) carry the burden not only at work but at home (difficult to disconnect thoughts from mind). Sometimes a hurt-felt comment weights more than 10 appreciative ones (call it human nature). Just saying mood, motivation… plays a role and people DO appreciate the work done so far. But maybe I’m derailing a bit.

There’s a saying that goes like this: “You cannot teach an old dog new tricks”; on IT field it does not apply but neither makes it less challenging.

Most probably, developers had to learn a new coding language, read thousands of docs, program/test/fix/repeat cycles…

It’s not the job of the developers to teach us how new stacks, containerization et al works. They can provide some minimal guidance for us to embrace NS8.

I think we expect from them to make complex things simple or easy. In the sense that we are presented with a server manager from where we can do our tasks without having to know each and every detail of the underlying technology. What I gather from comments is that we are not there yet neither from UI side nor from documentation and that official NS8 release was considered stable too soon.

Path was set a long time ago, discussed in the community although decision making not completely on their hands. Lacking some background knowledge it’s difficult to make educated decisions, and in everyone’s mind the interpretation on what NS8 would become could differ. Difficult to see the real picture without a tangible product.

Current NS7 users fear proximity of EOL. New users unsure or uncomfortable with NS8 stability. Both weighing upsides/downsides of embracing NS8 or looking elsewhere.

Not the most experienced/tech-savy user of the bunch, but will try to do a recap:

Hardware requirements (on-premises / VPS)

more cores
more storage space
additional hardware:
- firewall (if not virtualized)
- additional server (if not virtualized; no in-place upgrade (risky), no restore from NS7 backup to NS8 —I hear you!, Andy)

It also relates on how people working in this field has to present it to customers.

Server Manager

Not feature-par with old NS7 ways. NS8 more focused on App Stack than whole server (development freed from some OS and networking side of things that now falls entirely on the sysadmin side, if had ever left that side)
Apps operational (could be a few exceptions) but lacking some advanced options

Migration

Not stable enough
Reporting of progress: progress bar is not that meaningful for long tasks as there is no context of what is being done: no way to tell if it is really progressing or it’s stale, current migration stage…

Notifications / Error messages

cryptic without an straight comprehensible message of what has caused the problem (usually at the last line of the log excerpt).

Bugs

We, as users, have to distinguish the severity of bugs to put them in context with the current state of NS8, so a bunch of red dots doesn’t mean it’s chaos.

Few operational bugs
more cosmetic/UX bugs

Developers should consider priorities (both for bugs and feature requests). Maybe focus more on better migration, bring missing features back, and less with cosmetic side of things and new features. I’m not the one to tell.
Remember it’s not only community users but current customers (although some of them play both roles).

New Stack

people not opposed to it
bring new scenarios to the table
more current versions of apps as opposed to LTS CentOS/Redhat (if maintainers keep it current)
less limitation regarding dependencies

Knowledge / Documentation

BIG ISSUE! Users unaware of how to deal with problems on their own without asking for help. (could I do something about the problem from the UI, or have look at OS level, container level, enter the instance user, use some command provided by the devs like api-cli, runagent, or use some podman command…)
Users unaware of where things are (data, config file, etc… although some of this information is in some way in the documentation)
Mixing of paths when thinking at OS level vs container level or symlinks… what is presented by apps to the user and how to find it.

Security

NS8, with containerization, user isolation, apparmor/selinux… brings more security
more security implies more restrictions (data inter operation, etc.)

And I let it hear (be it with errors or not, with lack of interpretation/understanding and some things missing) as now have to deal with other things.

danb35 · March 23, 2024, 2:26pm

I know this isn’t directly responsive to your question, but…

I need to dig into how to build these things myself, but haven’t yet spent any real time on it. I’ve built modules for:

acme-dns
automx
LemonLDAP::NG
Self-service Password

(and I thought there were others, but these are the only ones I see in my repo).

Self-service Password has been superseded in later releases of NS7, and is present out of the gate in NS8–no need to duplicate it. LLNG can readily be replaced by Authentik, which you’re already working on–and Authentik frankly seems like a better choice at this time (though I still want to see the Neth folks pick a SSO solution and make it official).

Automx has been superseded by automx2. It’s something that, IMO, really ought to be part of the base Mail server–automating email client configuration shouldn’t be limited to the likes of GMail and Outlook.com.

I’d consider acme-dns to be the highest priority. There is a Docker image available for it, and it seems that if we’re using Traefik anyway, the odd port I used for the API in my module wouldn’t be necessary any more.

Other than that, I’m running a Joplin server on my NS7 box using docker-compose, and I see you’re working on an app for that. At some point I’ll need to figure out how to migrate my data from my current installation to yours.

I’d really love to have Horde webmail, but as their last release was over six years ago I think I have to consider that project dead.

LayLow · March 23, 2024, 5:21pm

Indeed, everybody is welcomed and invited to participate, whatever their use case, whatever their experience and whatever their interest. https://www.nethserver.org/

oneitonitram · March 24, 2024, 11:26am

i think the core should work on automx for ns8, its highly needed, and i loved how it worked in ns7. saved me lots of trouble

Acme DNS as well is something that the core should work one, seeing that there are so many moving parts in getting tools like DNS work in container environment in ns8. maybe @Tbaile since he was working dns module for v8.1 could figure acme dns as well.

alefattorini · March 28, 2024, 3:23pm

I always appreciate your thinking, and thanks for the complete recap about the situation.

How can we consider UI/documentation/release stable? Which kind of goal should we aim for? Could you be more specific?"
We are managing two different projects NethServer 7 very stable with a lot of howto/use case/support cases and NethServer 8 very new instead. It’s difficult to compare them

As I said we can do something in this direction but we won’t manage the entire OS as in NethServer 7.
Can we draw up a list of minimal things to manage the underlying OS without stressing the sysadmin?
I am not sure that we’re going to implement them but it’s just to know