Losing my faith and trust in Nethserver

Dear friends,

I was out for some weeks and got back and wanted to update my old NS6.9 to NS7.4. This was something I wanted to do since some weeks. No I had the time and was happy to get started.

I downloaded the iso and began to install. Everything was fine. After installation I did all updates and prepared to to upgrade via rsync. (to update was a failure, but I didn’t realize it at this point!!)

1. step of rsync went fine, no problem so far
2. step of rsync: restore config failed.
   I tried it a second time and a third time. No chance to restore the config.

O.k. back to start and lets try it via backup. Restore config failed again??

Again back to start and try it again with rsync. This time I watched the process exactly and recongized that the installation of modules stoped at nethserver-ups (exactlier at restore nut, which complained about some libraries). So remove nethserver-ups from source machine and start again.
This time restore config stoped at restore nethserver-cgp. So remove nethserver-statistik and start once more. Heureca, restore config passed finally and stop with a message “to few arguments”.
Exit from screen doesn’t give any more hint about. A look at restore-config.log only says: “retsore-config failed 256”. Hmmmm. O.k. lets check modules. All modules seem to be installed and system is running in ldap-mode. The signal-event post-restore-data worked. O.k. the cgp-module is mentioned in “discontinued modules”, but a hint, that this has to be removed before upgrade would be really fine.

Next step is to upgrade from ldap to AD. This procedure stoped at 50% which tells me “activating services” nothing more. Process hangs. After some hours of serching and thinking I had the right idea.
A look at journalctl -M nsdc tells me, that provisioning failed because there are users and groups with the same name.
Luckilly this is all on a VM, so rollback to previous state and try to remove the groups that block the provisioning. The next two hours I was blind. I didn’t see the easy way to delete the groups via GUI.
o.k. my fault! Fortunately I have only 15 users on this system, so it took me about 10 minutes to remove each group manually. But I though by my self, what if I had some hundret users?!?
@davidep told me this could happen with a customized setup, with user created on commandline. I searched my source machine and found anly two things. I installed virtulabox, which is not a ns-module and I installed EAP-controller from a HowTo, which works really great. IMO this should be no problem for a upgarde.

Starting upgarde to local AD again finally worked. Wow, I had a working NS 7 with all my users and all my data and all events in Sogo. Finally everything seemed to be fine.

Now I wanted to install some modules which I wanted. One of them is the nDPI-module.
Installed it from softwarecenter and then I got the message “please use a kernel that supports DPI”.
What???
At this point I realized that I had no subsciption on this machine and so I accidentally updated to V7.5 with kernel 3.10.0.862, which doesn’t support the current stable nethserver-ndpi-module.
Reboot and start with kernel 3.10.0.693 worked. All my work endedup in a machine with an unstable alpha release. I couldn’t belief it!

The conclusion of all this is, if I try to install a new nethserver-machine without subsciption I have two options:

1. to install an old software from iso and do not update. So I have an old system with old modules which maybe are buggy and have some incompatibilities (regarding to github 497 issues are solved on V7 so far - don’t know which state the iso has), which results in an unstable machine
2. to install from iso and update and get an unstable alpha-release.

Both options are not acceptable. If this is the way nethserver wants to force users to buy subsciptions, I totally disagree with this policy.

Let me suggest 2 Options to solve this:

1. always release an iso with the latest stable version, so an immediately update is not necesarry
2. put a automatic trial-subsciption into the iso, so an update it possible to a stable up-to-date version

The 3. option, to install a trial subsciption before update the new installation is a really hard one for those how only want to try this software. I don’t think that this will lead to many newcommers.

So my honest plea is, that you overthink your update/subsciption policy/stategy.

Yours sincerely

Flatspin

@giacomo I think the way we had before subscription was the right one.

Of course updates were not tested as closely as for enterprise version, but they were tested and updates in alpha or beta status had to be installed manually. So the admin can choose to install and test it on a test-server and not has to choose if the production system is running at alpha or old updates.

There is no difference AFAIK, there’s only an additional subscription possibility to avoid such things and still have autoupdates. Last time there was a samba bug so we decided to implement a warning on new releases.

Another problem is EPEL and other additional repos, they will still get updates and there seems to be no possibility to freeze them except of hosting all packages (this is done in the stable repos AFAIK).

So what else can we do to have stable installations during the phase of a new upstream release without subscription?

I don’t know if it’s possible to bake an actual ISO, AFAIK as I know the minimal centos ISO are not updated between the releases.

If I understand aright you had to manually install the release package for 7.4 beta:

yum install http://packages.nethserver.org/nethserver/7.4.1708/updates/x86_64/Packages/nethserver-release-7-3.1.ge457d21.ns7.noarch.rpm

EDIT!!!

Now I have found the following:

It’s the same for 7.5. But why we get the updates automatically at the software center?

Isn’t it still the same? Nethserver alpha or beta packages are not installed automatically. The problem is that centos base packages and others get updated and don’t “fit” to the existing Nethserver packages.

There should be a warning, it’s not updated automatically.

That’s right, but at the softwarecenter you can only install all updates.

Yes you’re right, I only see Cent OS 7.5 upstream update.

Hi guys,

Depends of the updates of the NS modules.
Sometimes are only CentOS updates, sometimes are only NS updates and sometimes are both.

I thing the separate updates is the best solution.

I understand your frustration and all the rants around the recent update stability.

We are NethServer!

Where we can find a technical solution to an issue we can improve tirelessly.

See also my today’s reply here: Lock to “current release” enabled by default from 7.5?

Hi guys, thanks for taking this serious. I’m really frustated about this.

Could be a good approach and should be reachable in a short time.

Also a good idea,if possible. IIUC you mean 2 catogories like nethsverver-updates and upstream-updates to choose seperately.

This is only a solution for nethservians IMO. My concerns are about those who want to test and become new members or those who are not as deep in this software as some others.

Maybe you @davidep can hep to understand why we never had these problems with V6.
Is it only because of the subscruption?

PS: I deliberately opened this topic in plublic, because I think this is important for every one.

Yes.
I wrote about this for many times …
It’s not my idea, it’s from Zentyal. And I think it’s a good thing.

Anyway, I don’t think is about losing faith and trust in Nethserver!
Just some problems which will be solved!
I think your contribution to NS is worth taking into account and nobody will blame you!

I feel you. But the answer is absolutely NO.
Subscription is just an answer to a problem that has been around for a long time, we talked about this at our last NethServer Conference 8 months ago.
It’s a technical problem that we need to resolve or at least to minimise. As always TOGETHER

I choosed this titel to show how frutrated I am. Maybe a little to dramatic.

No, Subscription has nothing to do with this!

I think I partially answered to this question here: Lock to "current release" enabled by default from 7.5 - #13 by davidep

About v6: it depends on RHEL lifecycle. ns6 started from 6.5 up to 6.9, whilst ns7 started from 7.3 and we’re now at 7.5! It corresponds to production phase 1 where upstream pushes more components updates at minor release points.

Furthermore ns6 has no customized kernel modules!

I understand you and I hope also all our friends from NS!

With this machine I started with V6.6 I think, so there were 3 updates of minor releases. Never had a problem. Always applied the update and everything was fine AFAIR and we also hadn’t had this problem with V7.3 to V7.4. That’s the reason why I’m wondering.

I understand this thing with the two layers, but can’t they be seperated to choose?

AFAIK the rpm of the “old” release of upstream goes to vault-repo when a new release is released by centos. Is it possible to change the upstream-repo to vault the moment a new release ist born?
Or maybe to manually enable/disable repos in GUI?

Are you kidding me? 7.3 to 7.4 was a mess too! Surely not for everyone…

About 6 hypothetical stability: you started at a more stable release: 6.6 was probably in RHEL production phase 2 that means less features

My point of view is that there are issues that needs to be solved.

Nethserver is flexible, powerful, feature-rich. Now it’s not stable.
Developers can help to regain the lost stability.
And the community can help to.

I am positive, anyway. It’ wont be easy, but i feel confident that the situation will evolve successfully.

Please may I butt-in to the conversation.
In my experience, no operating system is immune from updates which break things. All of the offerings from Redmond have had, or do have, problems with updates. Linux is no different. Every linux distro I’ve used has had problems with updates, Fedora, CentOS, Debian, Ubuntu, Mint, SuSe, Slackware…they all have the same problem a bad update with break the system. I’ve even broken an NT4 system by installing bad anti virus updates.

The only difference I see between different operating systems is how well they recover from bad updates. In Redmonds case this seems to be pot luck and Linux is much the same (for the average user). Every Linux problem I’ve ever had involves accessing the terminal, so if you have a broken system then most people are finished.

I think the problem is that people expect their IT systems to work all the time. They are much better now, but they used to be awfull! (See my comment about NT4 and a bad anti virus update).

May I suggest that for those people using free software (which Linux is) it’s presented with a statement that says there is no guarantee an update won’t break the system.

If you pay for updates, that should come with reasonable confidence they will work. But even then you can’t guarantee some odd system config won’t have a problem. In my experience its “user beware” on ANY operating system, and NethServer is no different.

The only Operating system I’ve found that can recover from bad updates is Solaris and ZFS, but even that isn’t a recovery, it’s a roll back to a working config (which is how Redmond operates with their latest system recovery tools).

Sorry for interrupting the discussion, but I just wanted to highlight that every operating system has problems with updates. It’s up to the user to have system data backed up so they can re-install and carry on.

Regards
Bob