Configurations raid on nethserver

Hello everyone, for first I want to say hello, because this is my first topic on this forum and I want to apologize for my bad English but I hope everybody understands me.

So, I have two problems on my server. In my case nethserver is virtualized on Proxmox and it’s work as AD Domain Controler for other computers on my home. I put three disk, one is for the system and two for RAID. On storage I created a raid and mounted as share but in my windows workstations this share folder looks like have only 12 GB. Why I dont’s see the 4TB? What do I wrong?

And the seconds questions. As I know, AD Domain controller is very related with DNS. I try to delegate everything on my pihole and it’s work but sometimes I have warning message on pihole to exceeding the limit (Client 10.0.30.15 has been rate-limited (current config allows up to 1000 queries in 60 seconds)). Every computer and other devices on my lan have static dns to pihole.
I will be very grateful for your answer.

Couple of screenshots in my lan
https://app.box.com/s/psaeu4rqomp5xlt5g1b8nn2x6v2oc3m7

Hi @hostister

And welcome to the NethServer community!

Your english above is very readable, no worries about that!

As an intensive Proxmox user, my 30 clients all run their business with NethServer, virtualised with Proxmox, Backups with PBS and Offsite backups also with PBS. I do have a certain experience using Proxmox…

Rule One for ANY virtualisation: Always let the Hypervisor (Here Proxmox) or Storage (If using shared Storage) deal with disk redundancy. NEVER put in a RAID in a VM!
You’re simply wasting MASSIVE CPU resources!!!

Your Proxmox probably already is running with redundant RAID storage, or even a ZFS mirror.
So all VMs are “covered” from doing RAID on their own…

NethServer special: Always install a virtual NethServer only with a single disk. Make it a small as you need. Enlarging a NethServer’s disk is very quick on Proxmox, it takes maybe 2 minutes to resize any size you need, can… Making a disk smaller (Backup Times, Storage space issues) takes a lot more work!

2nd NethServer Special: If you want to separate system from your data, it’s best to do this after the initial installation of NethServer. Shut down, add in another virtual HD, format that with XFS (That’s what NethServer itself uses), it’s up to you if you want to use LVM on this additional Disk.
When done, you just mount it eg to /var/lib/nethserver/ibays or /var/lib/nethserver/ibays.
You need to temporary move the contents of those folders elsewhere, than move them back when mounted, or you lose access to those contents…
(Also the reason I don’t suggest just mounting /var/lib/ nethserver/ to the external disk, as that also contains config and backup information that should remain on the system disk…
And make sure automounting with /etc/fstab is done, otherwise your data disk is not mounted when rebooting…

General Networking advice:
If possible always evade using “fantasy” domains like .local or .lan. Even Microsoft stopped several years ago suggesting people use .local for their AD domains…
You’re just making your life using that network difficult…
Without valid certs, any E-Mail usage, or generally an Smartphone or Tablett usage will be a PITA, they all expect valid certs and are very unstable without. I’ve setup androids, only to have the lose functionality the next day. As soon as LetsEncrypt is set up, all devices work smoothly and very stable!

I’ve been in netowrking for 35 years, have setup countless servers and Microsoft ADs - not one ever used a fantasy name! Then again, others have always considered me some kind of DNS “Guru”…

I’m also a PI-Hole user. My PI-Hole is usually a LXC in Proxmox. All my PI-Holes use the IP x.x.x.29, just as all my NethServers use the IP x.x.x.20 and the AD always uses x.x.x.11.
(Standardizing makes it easier for me… Printers will start with x.x.x.31…)

The best way is to set your PI-Hole to use your NethServer as internal DNS, not the other way around. This way, all clients would get DNS, but also correct AD-DNS on requests from your PI-Hole.

These screenshots are from one of my PI-Holes:

Bildschirmfoto 2022-02-24 um 18.06.152512×1452 378 KB

Bildschirmfoto 2022-02-24 um 18.06.262002×802 281 KB

The IP 172.26.11.1 is the Firewall, an OPNsense box.
I do not use my NethServers as firewall, my swiss clients also prefer a dedicated firewall “box” as hardware…

Hope these tips / info helps.

Do not hesitate to ask questions here, our motto in this forum is:

The only stupid questions are those not asked!

My 2 cents
Andy

Here are some ideas you might find helpful:

https://wiki.nethserver.org/doku.php?id=userguide:nethserver_and_proxmox

Some examples of Proxmox / NethServer:

LAN-Map2428×1432 650 KB

Bildschirmfoto 2022-01-03 um 08.25.292812×1450 922 KB

Bildschirmfoto 2021-10-15 um 11.14.292828×1744 1020 KB

Bildschirmfoto 2021-10-15 um 11.14.492734×1670 988 KB

…but like RAID, it’s kind of pointless in a VM. Let the hypervisor manage that stuff.

Hi @danb35

Additional “virtual” Disk in a VM:

It CAN be a performance increase, say for a specialized DB machine, but as stated, let the Hypervisor do it’s job is usually the best option…

My 2 cents
Andy

I wasn’t referring to the additional disk so much as using LVM on it–but I guess my remark would apply nearly as well to the additional disk.

Using LVM only simplifies enlarging the VM Disk, if needed…
No other reason.

Hi @Andy_Wismer and @danb35

I’m never expected that really helpful answers. Thank you so much. But I have a couple of another questions.

“Your Proxmox probably already is running with redundant RAID storage, or even a ZFS mirror.
So all VMs are “covered” from doing RAID on their own…”

For real, this is an old PC running with Proxmox. Ok, so I can detach this two disk and add in to Proxmox. What can be better, add this two disk like LVM or like Directory? For ZFS I don’t have enaught RAM.

2nd NethServer Special: If you want to separate system from your data, it’s best to do this after the initial installation of NethServer.

This is what I scare. I don’t want to do new installation, because new installation it will be disconnected all my workstations on domain.

If possible always evade using “fantasy” domains like .local or .lan. Even Microsoft stopped several years ago suggesting people use .local for their AD domains…

Oh my … when I created my AD (I don’t know where I readen this) it was sugessted to use .local or .lan and I pickup “home.lan” as a domain name. For now I have every thing like this “proxmox.home.lan”, “docker.home.lan” or “wrk01.home.lan”
Is there any chance to correct this? I don’t wont to use email or LetsEncrypt in my home LAN network.

The best way is to set your PI-Hole to use your NethServer as internal DNS, not the other way around. This way, all clients would get DNS, but also correct AD-DNS on requests from your PI-Hole.

Ok so, a try this setup. But how can I redistributed these settings via Sophos? When I use “custom 2” with my IP router (on Pihole) then will be something like loop?
My DNS setup on this moment look like this: Router send DNS 1 → 10.0.30.10 (PiHole) DNS 2: 1.1.1.1 DNS 3: 8.8.8.8 (please see the attachment - sophos.png)

sophos1030×636 44.2 KB

On my workstations it’s look like this:

Connection-specific DNS Suffix  . : home.lan
IPv4 Address. . . . . . . . . . . : 10.0.20.104
DNS Servers . . . . . . . . . . . : 10.0.30.10
                                       1.1.1.1
                                       8.8.8.8
NetBIOS over Tcpip. . . . . . . . : Enabled

and what must I write in nethserver → dashboard → dns? Router IP or PiHole IP ?

Thanks so much for helping me

Assuming you have two 4 TB disks in a ZFS mirror, you need 6 GB RAM for a well working ZFS.
( 2 GB RAM for basic ZFS, 1 GB RAM per TB of Diskspace).

LVM & Thin Allocation would be the best options. If you have 6 GB RAM to use, I’d put in those two disks in Proxmox and set up ZFS mirror from the GUI. Else create an MD array and use LVM with Thin allocation for your VMs.

AD on NethServer

Even if you don’t plan on using Mail or LE in your home network it still does have a lot of advantages. Certain Apps (JAVA / PHP especially) will only work if your AD has a valid SSL cert.
On NethServer, these are: Guacamole & MeshCentral among others, both very cool and usable in a home environment.

You can correct this and use a “real” domain, for a home network the work involved is not much…

• Make a Backup of your NethServer (What else !)
• Remove the Account Provider in NethServer cockpit.
• Change the name / IP of the server if wanted / needed.
• ReCreate the AD with a correct subdomain of your real domain, eg ad.mydomain.com.
• Use a free IP from your LAN. I use x.x.x.11 for all my 30 clients.
• Recreate the Users if needed.
• Remove PCs from the AD and re-add them to the new AD.
• Use this free tool to migrate each PC-Users profile: ForensiT Domain Migration

Done!

PI-Hole / DNS:

On your Sophos (I’m not really familiar with Sophos specific stuff…) I assume it’s the DHCP server for your LAN / Home Network.

There, (For DHCP server usage) and if 10.0.30.10 is the IP of your PI-Hole it’s correct.
As second DNS Server to be allocated to your clients, I’d use the IP of your NethServer.
No need to pass 8.8.8.8 or 1.1.1.1 to your clients. PI-Hole as Primary, NethServer as secondary DNS.

The Sophos itself should use 8.8.8.8 and 1.1.1.1 as DNS for itself, or: The LAN IP of your NethServer and the other two.

For DNS it’s important to understand that even if 2 or 3 DNS servers can be entered in, only the first one is ever queried if it’s working. The other two will NEVER be queried…

So, ultimately the NethServer must answer for all, as it has AD. It can use 8.8.8.8 and 1.1.1.1 as DNS (But NOT the PI-Hole, as this would be the dreaded loop…).

The PI-Hole uses NethServer as primary DNS. Clients all query the PI-Hole.

Hope this answers your questions…

My 2 cents
Andy