How to run Nethserver on Google Cloud Platform

Requirement

1. A working Google Cloud Platform account.

For this test I’ve used the free trial period given by Google to new subscribers: 60 days with 300$ of credit to consume. Not bad…

Let’s go…

Create a new project on Google Cloud Platform

Access to the Google Cloud Platform console management at https://console.developers.google.com/ and create a new project
In advanced options you could choose the location of your instance/project.

Now select the new project just created in the list

Create a new instance of the virtual machine

In the left side bar menu go to Compute > Compute Engine and select VM instances.

And in the right main panel select Sign up for a free trial of your free trial period and complete the registration (credit card is required). Completed the registration, you can create a new virtual machine instance clicking over Create instance

Configure the instance

Set the name, the zone and the type machine of you instance

Change Boot disk image to CentOS 6.6

If you want, allow http and https traffic to allow.
This is optional, but later you have to set access to port 980 of server-manager.

Click over Create bottom to create the virtual machine

Accessing to the virtual machine

Now the new instance of CentOS should be listed, click on it

And then click on the first bottom SSH in the top to access to your console

Download NethServer package and Install it

Follow the official documentation to install Nethserver over centos via ssh

http://docs.nethserver.org/en/latest/installation.html#install-on-centos

# sudo yum localinstall -y http://mirror.nethserver.org/nethserver/nethserver-release-6.6.rpm

Before run the installation process command nethserver-install we have to made some manual steps to avoid that the virtual machine become unreachable (view this topic for more info)

Manual installation process

Open nethserver-install script with your favorite editor and comment the line 104

[stefano@neferneth ~]$ which nethserver-install
/usr/sbin/nethserver-install
[stefano@neferneth ~]$ sudo vim /usr/sbin/nethserver-install 

#logexec "/sbin/e-smith/signal-event system-init"

Now you can run the installation command

# sudo nethserver-install

It could take a while… be patient.
If you want, you can open a new ssh session by clicking the option icon in the upper corner of the window and then select “New Connection to yourservername”

By this way you can check installation logs at /var/log/messages and /var/log/nethserver-install.log

# sudo tail -f /var/log/messages
# sudo tail -f /var/log/nethserver-install.log

Completed the task, the system is not yet initializied.

Before continuing you have to reload nethserver bash aliases

[stefano@neferneth ~]$ source /etc/bashrc

and then delete a symlink in the init-system events tasks

[stefano@neferneth ~]$ sudo rm /etc/e-smith/events/system-init/S95nethserver-base-interface-update

This is important to avoid the problem issued with network interfaces.

Now you can complete the installation running the sistem-init process

[stefano@neferneth ~]$ signal-event system-init

Now the system is installed!

Just after have made an

# sudo yum update

To update the system
(The update of CentOS system should be made after NethServer installation to avoid dependence version issue according to this post of @filippo_carletti)

Restore sshd configuration

Perform this commando to restore Google Compute Platform sshd standard configuration

Disable PasswordAuthentication

[stefano@neferneth ~]$ db configuration setprop sshd PasswordAuthentication no

Disable root login via ssh

[stefano@neferneth ~]$ db configuration setprop sshd PermitRootLogin no

Setup GSSAPI Authentication

[stefano@neferneth ~]$ db configuration setprop sshd GSSAPIAuthentication yes
[stefano@neferneth ~]$ db configuration setprop sshd GSSAPICleanupCredentials yes

Update the file configuration with new parameters

[stefano@neferneth ~]$ signal-event nethserver-openssh-update

Disable FirstConfigWiz on httpd-admin

To avoid a reset of sshd configuration with FirstConfig Wizard at first login via httpd-admin, disable it with this commands

[stefano@neferneth ~]$ db configuration setprop httpd-admin ForcedLoginModule ""
[stefano@neferneth ~]$ signal-event nethserver-httpd-admin-update
[stefano@neferneth ~]$ service httpd-admin restart

You should remember to configure manually hostname and timezone of your server.

Setup root password

Now you have to setup the password for root user for using it to access the server-manager console

[stefano@neferneth ~]$ sudo su -
[root@neferneth ~]# passwd
Changing password for user root.
New password: 
Retype new password: 
passwd: all authentication tokens updated successfully.

Open 980 port on Compute Engine Console

In the left bar go to Compute > Compute Engine > Networks

Select the default network

And then in the Firewall rules select Add firewall rule

Create a rule to permit access from every source ip range to tpc:980 port.
If you have more instace you could use tags to route the traffic to a specific host.

Access to server-manager

Now go on the VM instance to found you public ip and try to connect with explicit https protocol to the server-manager at port 980

In this case the server-manager is reachable at https://146.198.131.297:980

Now you have access to NethServer manager hosted on Google Compute Engine Platform.

Have fun!

You are very nice

If you want (or someone else) feel free to give me a feedback about the howto… it could help me for the next ones. If there will be…

A nobel prize for god’s sake

Disclaimer: I’haven’t read the (f*) NethService manual, I mean to read it sometime in the future (really!), so what I’m about to write might very well be me just being ignorant about NethService.

I’ve followed etino’s beautiful howto step by step, it works awesome, the only command lines I had to change were:

signal-event system-init

sudo /sbin/e-smith/signal-event system-init

db configuration setprop sshd PasswordAuthentication no

sudo /sbin/e-smith/db configuration setprop sshd PasswordAuthentication no

db configuration setprop sshd PermitRootLogin no

sudo /sbin/e-smith/db configuration setprop sshd PermitRootLogin no

signal-event nethserver-openssh-update

sudo /sbin/e-smith/signal-event nethserver-openssh-update

A couple of times I got to the Setup root password phase only to find out the sudo command was all of a sudden asking me the (unknown) root password, changing it at the top of the procedure worked for me.

A big thank you to etino.

thank you!

I had the same problem turing the first install that I’ve solved by reloading bash aliases with this command after nethserver-install and before running signal-event system-init

$ source /etc/bashrc

In the how to I’ve not emphasized this step (before removing the symbolic link). Do you remember if you have done it?

Yes, I’ve run the source /etc/bashrc command, it seems it might not work properly when run in this exact sequence:

[…]

[andreac@neth7 ~]$ sudo nethserver-install
[andreac@neth7 ~]$ source /etc/bashrc
[andreac@neth7 ~]$ sudo rm /etc/e-smith/events/system-init/S95nethserver-base-interface-update
[andreac@neth7 ~]$ signal-event system-init
-bash: signal-event: command not found

it’s reproducible, or at least I can, creating a new centos 6.6 vm and running the following sequence of commands:

[user@neth ~]$ sudo yum update
[user@neth ~]$ sudo yum localinstall -y http://mirror.nethserver.org/nethserver/nethserver-release-6.6.rpm
[user@neth ~]$ sudo vim /usr/sbin/nethserver-install 

// comment out line 104
#logexec "/sbin/e-smith/signal-event system-init"

[user@neth ~]$ sudo nethserver-install
[user@neth ~]$ source /etc/bashrc
[user@neth ~]$ sudo rm /etc/e-smith/events/system-init/S95nethserver-base-interface-update
[user@neth ~]$ signal-event system-init

at this time, whatever might happen that re-loads the user .bashrc file (a new logon, such as the google web ssh going down, it’s happened a couple of times to me), makes everything work fine

I was aware of this behavior who a simple new logon would solve the problem…

I have tested one time to reload bashrc with success and I’ve thinked that it would have been enough.

Probably it is not so

When I will find a bit of time, I will do a new test and eventually I will update the how to… with a simple “logout end login”

A post was split to a new topic: VPS on Aruba no longer accessible after reboot

I just wanted to summarise the commands I had to run which is a collection of all those in the original post and comments. These were performed on CentOS 7 using Nethserver 7 latest as of yesterday.

[steve@nethserver ~]$ sudo yum install -y http://mirror.nethserver.org/nethserver/nethserver-release-7.rpm
[steve@nethserver ~]$ sudo vim /usr/sbin/nethserver-install

Comment out…
#logexec "/sbin/e-smith/signal-event system-init"

[steve@nethserver ~]$ sudo nethserver-install
[steve@nethserver ~]$ source /etc/bashrc
[steve@nethserver ~]$ sudo rm /etc/e-smith/events/system-init/S95nethserver-base-interface-update
[steve@nethserver ~]$ sudo /sbin/e-smith/signal-event system-init
[steve@nethserver ~]$ sudo /sbin/e-smith/db configuration setprop sshd PasswordAuthentication no
[steve@nethserver ~]$ sudo /sbin/e-smith/db configuration setprop sshd PermitRootLogin no
[steve@nethserver ~]$ sudo /sbin/e-smith/db configuration setprop sshd GSSAPIAuthentication yes
[steve@nethserver ~]$ sudo /sbin/e-smith/db configuration setprop sshd GSSAPICleanupCredentials yes
[steve@nethserver ~]$ sudo /sbin/e-smith/signal-event nethserver-openssh-update
[steve@nethserver ~]$ sudo /sbin/e-smith/db configuration setprop httpd-admin ForcedLoginModule ""
[steve@nethserver ~]$ sudo /sbin/e-smith/signal-event nethserver-httpd-admin-update
[steve@neferneth ~]$ sudo service httpd-admin restart
[steve@neferneth ~]$ sudo su -
[root@neferneth ~]# passwd
[root@neferneth ~]# exit
[steve@neferneth ~]$

It seems much simpler to me, if you’re going to be doing a lot of system administration, to just become root: su - (be sure to include the hyphen at the end, to load root’s profile and path), then run everything, rather than doing a bunch of sudo commands. Doing it this way also avoids the need for explicit paths for the db and signal-event commands.