Upgrade Nethserver 6.9 to 7 study case

Hello,

Actually, I’ve got a well tuned NethServer 6.9 instance on my Microserver Gen8 configured as Firewall, router.
It’s the guardian of my home network, and it a Time Machine Network Backup too…

I’m studying a way to upgrade to Nethserver 7 in a rapid and sure way to do this.

I looked the with MacOS Sierra, the Time Machine can be naturally done over the SMB protocol… The Time Machine software don’t need AFP anymore.
https://support.apple.com/kb/PH25585?locale=en_US

And I ask myself, and ask you too: :wink:
Can I install a Nethserver instance with the SMB share without the LDAP stuff?

Yes, you can have shared folders with guest access only (from LAN)

The backup is only for lan… Perhaps it’s suficient.

Is it possible to make a user in the unix way, and make a share only for this user?

You need a Samba user and - optionally - a Unix user named after it.

Then add samba tdb files to config backup…

I think it could work (like ns6 :grinning:)!

Thank you…

I think it’s the only point that could eventually slowing the upgrade process…
Because make a Ldap for one shere, for one user for one computer… it’s over :blush:

1 Like

Hello,

I’m back again here with my Nethserver 7.3 instance.

I would like to say it was easy and I’m now very happy… But it wasn’t and I’m relatively disappointing.

Let’s me explain why… Not to criticise, or devalue all the mount of work done.
But to think about a way to do better, a way to improve the “user experience”

I choose to install Nethserver over a minimal CentOS 7 installation…
The minimal CentOS installation is not complicate, install Nethserver over it isn’t too, but at the end of the Nethserver installation, I think it’s lack a tool to choose what rule for what connection, or in other word, a tool to attribut the rule for each NIC.
By default, the Nethserver install choose the green rule for the first NIC ( with by extension this NIC connected to internet )… Is something absurd!!!
Why not make a tool to let the user choose, or perhaps configure all the NIC in the RED rules ( close all) and let the user choose what open when login for the first time?
This way, I was obliged to jungle with my to NICs to make, and a client to configure one by one each nNIC, apply the change… until having success.

My second thought when I login for the first time was a great deception:


One the left bar, there’s four useless menu entry!!!
Applications, for a minimal install there’s normally nothing, the users and groups, the account provider entry, and the domain account entry…
It’s a bare minimum installation and I have already useless menu left entries :scream:

When clicking in the domain account, users and groups, I systematically go to the Configuration/account provider entry…

So, Let me ask this: Why theses items, this stuff already exist on a bare minimum installation?

The final though is certainly a little bug… I don’t know how it’s happen… But I loose something in the CSS of the interface( difference between the first screenshot and the others)… look the upper bar, and take a look in my dashboard:


What’s happen? How to “reset” and come back to the normal dashboard?

Edit: For the last question, I flushed all the safari caches… It’s now okay :blush:

1 Like

IIRC both the ISO procedure and the nethserver-install command set the green role to all network interfaces configured by Anaconda (CentOS installer)…

…You can then switch to red one of them, or tweak individual services access in “Network services” page. NethServer must always have a green interface at least; the red role is NATed.

I agree with you: too much entries. Let’s see them one by one:

  • Accounts provider must be there
  • Users and groups are not available on a fresh install, however we decided to keep it and make a redirect to Accounts provider because people looks for users and groups and don’t know what an accounts provider is.
  • Domain accounts is redundant and is not clear what’s its purpose. I’d like to merge it with Accounts provider. At least make it visible only if a local accounts provider is present.

No…I didn’t made a screenshot, but I can affirm that the first NIC is configured as GREEN, and the second NIC was without attributed rules…

When connecting for the first time, on the first green NIC, I had the message than there’s a NIC without rule.
And when I gone to configure this second NIC, to attribute a green rule too… I had the little windows "configuring shorewall "… until loosing the connection:
Apparently, Nethserver, don’t like configuring 2 GREEN NICs, with 2 different subnet and without RED.

I was stuck, three time in this exact ste I had to doing three time the installation until thinking a way to dribble this point !!! :grin:

What I do to bypass this step:
I made the same install, but the first time I go to configure this NIC, I change the first GREEN NIC, to the RED rules…
When it was done, after this, and only after this, I was able to configure the second NIC as GREEN without the annoying NethGUI lost of connection. :grin:

For this reason, I make the suggestion to have the possibility to attribute the rule before going to the Nethgui for the first time, or make all the NICs RED ( by default, the access to the GUI on the RED side is authorised)…
That can resolve lot off issues… I think.
And close all by default is better, in the security point of view…

If you are aware of this fact… that’s ok.
You are probably thinking about a solution :wink:
But please, think about the case when Nethserver is configured only as Firewall Gateway :grinning:

I would like to continue and to make some comments about the Nethserver 7…
I’m continuing to be surprise with the ergonomic and the (poor) logic in the NethGUI.

One exemple:
There’s the “applications” entry in the left menu bar, here’s there’s Lightsquid and Ntop.


Clicking in the LightSquid open bottom

So, I really can’t understand why there’s an “Web Proxy Stat” left menu entry?

Why not use the same logic, and use the “Application” entry, and put the “web Proxy Stat” here?

It’s exactly this lack of logic, this lack of ergonomy that let a not so good feeling about the NethGUI.
Actually, the “Application” menu is not well exploited… Is not entirely exploited.
I did you understand what I mean?

Yes, of course!

The reason for having such behavior is the following.

In early ns6 release there was no integration with Server Manager for such applications. They are accessible with a randomly generated URL only because it could be useful to share their URL with someone that is not an admin (your customer, for example).

Then came the Server Manager integrated view. But the sharing URL remains and is still available from “Applications”, as in origin.

Thank you for the explanation @davidep.
I understand better the reasons of what look like inconsistency.

There’s no way to conciliate these left entries with the Application entry ? or is it really difficult?

In the applications panel you could have other apps too, like NextCloud. In fact It doesn’t have its own entry on the left menu

To talk about this, I will re-open the “Organise left menu bar” :wink:

For now I’m stuck the account provider choice!!
I read the doc and these two discussions… And I continue don’t own what to choose.

I actually mount my 1gb drive in /opt.
I want this /opt shared via SMB as Time Machine for backup the Mac.

What I actually understand is:

  • LDAP: Easy to configure, does not support authenticated access to shared folders
    So it’s seem it not this one …( but not sure )

  • Active Directory: Enables all shared folders features, requires advanced configuration options…
    For 1, only share directory !!!:fearful:

I must admit I know the SMB share in a Windows environment, but I don’t know in a mixed environment, and here in a non-Windows environment

I finally install an AD…
But I continue to be stuck the next step…

After creating a user tmbackup, set the password.
Going to the shared folders, I don’t see the information “what to share”

The shared folder are subdirs of

/var/lib/nethserver/ibay/

You have to move your contents there, or bind-mount them.

Arf… my 1tb disk is in /opt.

How to bind-mount? What is it? It’s the first time I hear that…

Is a symbolic link can help here?

If possible, move it to the new destination. It’s the simplest thing to do!

I’m not sure Samba follows symbolic links outside of the share path.

I didn’t experiment it, but I bet it works

From mount manpage:

The bind mounts.
Since Linux 2.4.0 it is possible to remount part of the file hierarchy somewhere else. The call is
mount --bind olddir newdir

or shortoption
mount -B olddir newdir

or fstab entry is:
/olddir /newdir none bind

After this call the same contents is accessible in two places. One can also remount a single file (on a single file).
This call attaches only (part of) a single filesystem, not possible submounts. The entire file hierarchy including submounts is attached a second place using

So, if I’m well understanding the deal:
Unmount the disk from /opt
and mount it in a /var/lib/nethserver/ibay/TimeMachine folder.

But ( and :dizzy_face: ) I didn’t understand how to attribute the shared recourse in the Nethgui.

(I’m thinking, I remember to already see something about bays, in the old Nethserver doc, I’m going to read again this one )

Create a shared folder, “Time Machine”: you’ll find an empty folder where to mount your disk.

It’s exactly this that make me crazy!!!
I know how to make the folder… Not the “shared” :alien::stuck_out_tongue_winking_eye::stuck_out_tongue_winking_eye: