NethServer Version: NethServer 7.9.2009, NS8 qcow2 Image from today (sorry, it is NOT possible to find a version in webgui/cli)
Module: nethserver-ns8-migration
Hi there,
I successfully already tested the migration from NS7 to NS8 which worked quiet well. But now I had to reinstall the NS8 from scratch.
I disabled/aborted all migrations from NS7 and reinstalled the module on NS7:
sudo yum remove nethserver-ns8-migration
REBOOT
sudo yum install nethserver-ns8-migration
Installation of NS8 and modification of SSH port and sshd_config
I installed the NS8 from qcow2 and made the basic things (admin, LDAP, …).
I also changed the SSH port from 22 to another and disabled password llogin in sshd_config:
firewall-cmd --permanent --add-forward-port=port=MYPORT:proto=tcp:toport=22
firewall-cmd --permanent --service=ssh --add-port=MYPORT/tcp
firewall-cmd --permanent --service=ssh --remove-port=22/tcp
firewall-cmd --reload
# diff /etc/ssh/sshd_config /etc/ssh/sshd_config.orig
40c40
< PermitRootLogin prohibit-password
---
> #PermitRootLogin prohibit-password
65,66c65,66
< PasswordAuthentication no
< PermitEmptyPasswords yes
---
> #PasswordAuthentication yes
> #PermitEmptyPasswords no
69c69
< KbdInteractiveAuthentication no
---
> #KbdInteractiveAuthentication yes
96c96
< UsePAM no
---
> #UsePAM no
ERROR
Then I opened up the migration app in the webgui of NS7:
- LDAP user domain: exact same like on NS7 (this is prefilled)
.- NS8 leader node [1]: IP of NS8 - NS8 admin username [2]: name of admin (LADAP) / Builtin administrator user
- NS8 admin password: hence the PW of admin
- TLS validation: NOT Checked
Some remarks, which also bothered me the first time:
[1] “NS8 leader node” is VERY confusing and could force users to fill in the FQDN (node1.yourserver.com). Why not name it like it should be: “IP of NS8-installation”?
[2]“NS8 admin username” is misleading: which “admin” exactly? Confusion. You have to read the documentation and also there is is not 100% clear. Why not name it, like it should be “Builtin administrator user (LDAP)”
When trying to connect from NS7 I get the following errors:
- “Error connecting to NS8: ns8-join: error: the following arguments are required: user_domain”
- “Enter a unique domain name for OpenLDAP migration within the NS8 cluster.”
I know, this worked. What am I doing wrong?
Do I have to create the domain"user_domain" in the first run on NS8? I can not remember, that I did this the last time-.
I also tested the FQDN, included and also not included a leading “ldapservice.”. I also tried other domain names.This should be in internal domain, right (I used to have something like “myserver.int” on NS7).
Any help appreciated
Cheers Axel