Nethserver 7 to Nethserver 8 migration error

**NethServer Version:7.9 & 8
Module: Nethserver 7 to 8 Migration

I just installed Nethserver 8 beta using Alma 9.1 in a Proxmox VM. When I try to use the migration module in Nethserver 7 I get the following error “The NS8 cluster already has a user domain for the ‘ad.xxxxxx.xxx’ domain. Before starting the migration, remove the ‘ad.xxxxxx.xxx’ domain from the NS8 cluster.”

How do I remove the ‘ad.xxxxxx.xxx’ from the NS8 cluster?

1 Like

Thanks for testing!

Did you create an account provider?
You can remove it on “Domains and users” page.
Maybe it’s a DNS issue, does your AD domain point to the NS7 container or already to NS8?

2 Likes

Thanks Markus for the quick response. I have not created a domain or setup active dir. in NS8. I do have ad setup in NS7 and I have a local host in NS8 /etc/hostname xxx.xxxxxx.local and the following in the /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
127.0.0.1 lab.cyberiantec.local
127.0.0.1 cluster-leader
10.5.4.1 cluster-localnode

I have the DNS for NS8 set to the NS7 local ip

Below are the settings in the NS8 migration module


Again thanks for all your help.

Maybe add the short name like

127.0.0.1 lab.cyberlantec.local lab

Can you ping the hostnames of NS7 and NS8 and ad.xchangegate.net from both machines?

Did you try to connect to IP instead of hostname in the migration tool?

I had this error once but I can’t reproduce it anymore.

3 Likes

I have this error too. Can’t find the problem. I did untick the box with regards to TLS-validation.

The log file /var/log/messages contains the following.

[Thu Jan  1 01:00:00 1970]May 27 00:57:57 server1 cockpit-ws: couldn't read from connection: Peer sent fatal TLS alert: Unknown certificate
[Thu Jan  1 01:00:00 1970]May 27 00:58:03 server1 cockpit-ws: couldn't read from connection: Peer sent fatal TLS alert: Unknown certificate
[Thu Jan  1 01:00:00 1970]May 27 00:58:03 server1 cockpit-ws: couldn't read from connection: Peer sent fatal TLS alert: Unknown certificate
[Thu Jan  1 01:00:00 1970]May 27 00:58:03 server1 cockpit-ws: couldn't read from connection: Peer sent fatal TLS alert: Unknown certificate
[Thu Jan  1 01:00:00 1970]May 27 00:58:03 server1 cockpit-ws: couldn't read from connection: Peer sent fatal TLS alert: Unknown certificate
[Thu Jan  1 01:00:00 1970]May 27 00:58:03 server1 cockpit-ws: couldn't read from connection: Peer sent fatal TLS alert: Unknown certificate
[Thu Jan  1 01:00:00 1970]May 27 00:58:03 server1 cockpit-ws: couldn't read from connection: Peer sent fatal TLS alert: Unknown certificate
[Thu Jan  1 01:00:00 1970]May 27 00:58:03 server1 cockpit-ws: New connection to session from 172.21.99.33
[Thu Jan  1 01:00:00 1970]May 27 00:58:39 server1 systemd-logind: New session 2 of user root.
[Thu Jan  1 01:00:00 1970]May 27 00:58:39 server1 systemd: Started Session 2 of user root.
[Thu Jan  1 01:00:00 1970]May 27 00:58:53 server1 systemd: getty@tty1.service has no holdoff time, scheduling restart.
[Thu Jan  1 01:00:00 1970]May 27 00:58:53 server1 systemd: Stopped Getty on tty1.
[Thu Jan  1 01:00:00 1970]May 27 00:58:53 server1 systemd: Started Getty on tty1.
[Thu Jan  1 01:00:00 1970]May 27 00:58:53 server1 systemd-logind: Removed session 2.
[Thu Jan  1 01:00:00 1970]May 27 00:59:27 server1 cockpit-ws: WebSocket from 172.21.99.33 for session closed
[Thu Jan  1 01:00:00 1970]May 27 00:59:27 server1 cockpit-ws: couldn't read from connection: Peer sent fatal TLS alert: Unknown certificate
[Thu Jan  1 01:00:00 1970]May 27 00:59:27 server1 cockpit-ws: couldn't read from connection: Peer sent fatal TLS alert: Unknown certificate
[Thu Jan  1 01:00:00 1970]May 27 00:59:27 server1 cockpit-ws: couldn't read from connection: Peer sent fatal TLS alert: Unknown certificate
[Thu Jan  1 01:00:00 1970]May 27 00:59:30 server1 cockpit-ws: couldn't read from connection: Peer sent fatal TLS alert: Unknown certificate
[Thu Jan  1 01:00:00 1970]May 27 00:59:30 server1 cockpit-ws: couldn't read from connection: Peer sent fatal TLS alert: Unknown certificate
[Thu Jan  1 01:00:00 1970]May 27 00:59:30 server1 cockpit-ws: couldn't read from connection: Peer sent fatal TLS alert: Unknown certificate
[Thu Jan  1 01:00:00 1970]May 27 00:59:30 server1 cockpit-ws: couldn't read from connection: Peer sent fatal TLS alert: Unknown certificate
[Thu Jan  1 01:00:00 1970]May 27 00:59:30 server1 cockpit-ws: couldn't read from connection: Peer sent fatal TLS alert: Unknown certificate
[Thu Jan  1 01:00:00 1970]May 27 00:59:30 server1 cockpit-ws: couldn't read from connection: Peer sent fatal TLS alert: Unknown certificate
[Thu Jan  1 01:00:00 1970]May 27 00:59:31 server1 cockpit-ws: couldn't read from connection: Peer sent fatal TLS alert: Unknown certificate
[Thu Jan  1 01:00:00 1970]May 27 00:59:31 server1 cockpit-ws: New connection to session from 172.21.99.33
[Thu Jan  1 01:00:00 1970]May 27 00:59:51 server1 cockpit-bridge: Traceback (most recent call last):
[Thu Jan  1 01:00:00 1970]May 27 00:59:51 server1 cockpit-bridge: File "/usr/lib64/python3.6/urllib/request.py", line 1349, in do_open
[Thu Jan  1 01:00:00 1970]May 27 00:59:51 server1 cockpit-bridge: encode_chunked=req.has_header('Transfer-encoding'))
[Thu Jan  1 01:00:00 1970]May 27 00:59:51 server1 cockpit-bridge: File "/usr/lib64/python3.6/http/client.py", line 1254, in request
[Thu Jan  1 01:00:00 1970]May 27 00:59:51 server1 cockpit-bridge: self._send_request(method, url, body, headers, encode_chunked)
[Thu Jan  1 01:00:00 1970]May 27 00:59:51 server1 cockpit-bridge: File "/usr/lib64/python3.6/http/client.py", line 1300, in _send_request
[Thu Jan  1 01:00:00 1970]May 27 00:59:51 server1 cockpit-bridge: self.endheaders(body, encode_chunked=encode_chunked)
[Thu Jan  1 01:00:00 1970]May 27 00:59:51 server1 cockpit-bridge: File "/usr/lib64/python3.6/http/client.py", line 1249, in endheaders
[Thu Jan  1 01:00:00 1970]May 27 00:59:51 server1 cockpit-bridge: self._send_output(message_body, encode_chunked=encode_chunked)
[Thu Jan  1 01:00:00 1970]May 27 00:59:51 server1 cockpit-bridge: File "/usr/lib64/python3.6/http/client.py", line 1036, in _send_output
[Thu Jan  1 01:00:00 1970]May 27 00:59:51 server1 cockpit-bridge: self.send(msg)
[Thu Jan  1 01:00:00 1970]May 27 00:59:51 server1 cockpit-bridge: File "/usr/lib64/python3.6/http/client.py", line 974, in send
[Thu Jan  1 01:00:00 1970]May 27 00:59:51 server1 cockpit-bridge: self.connect()
[Thu Jan  1 01:00:00 1970]May 27 00:59:51 server1 cockpit-bridge: File "/usr/lib64/python3.6/http/client.py", line 946, in connect
[Thu Jan  1 01:00:00 1970]May 27 00:59:51 server1 cockpit-bridge: (self.host,self.port), self.timeout, self.source_address)
[Thu Jan  1 01:00:00 1970]May 27 00:59:51 server1 cockpit-bridge: File "/usr/lib64/python3.6/socket.py", line 724, in create_connection
[Thu Jan  1 01:00:00 1970]May 27 00:59:51 server1 cockpit-bridge: raise err
[Thu Jan  1 01:00:00 1970]May 27 00:59:51 server1 cockpit-bridge: File "/usr/lib64/python3.6/socket.py", line 713, in create_connection
[Thu Jan  1 01:00:00 1970]May 27 00:59:51 server1 cockpit-bridge: sock.connect(sa)
[Thu Jan  1 01:00:00 1970]May 27 00:59:51 server1 cockpit-bridge: socket.timeout: timed out
[Thu Jan  1 01:00:00 1970]May 27 00:59:51 server1 cockpit-bridge: During handling of the above exception, another exception occurred:
[Thu Jan  1 01:00:00 1970]May 27 00:59:51 server1 cockpit-bridge: Traceback (most recent call last):
[Thu Jan  1 01:00:00 1970]May 27 00:59:51 server1 cockpit-bridge: File "/usr/sbin/ns8-action", line 104, in <module>
[Thu Jan  1 01:00:00 1970]May 27 00:59:51 server1 cockpit-bridge: resp = request.urlopen(req, timeout = 20)
[Thu Jan  1 01:00:00 1970]May 27 00:59:51 server1 cockpit-bridge: File "/usr/lib64/python3.6/urllib/request.py", line 223, in urlopen
[Thu Jan  1 01:00:00 1970]May 27 00:59:51 server1 cockpit-bridge: return opener.open(url, data, timeout)
[Thu Jan  1 01:00:00 1970]May 27 00:59:51 server1 cockpit-bridge: File "/usr/lib64/python3.6/urllib/request.py", line 526, in open
[Thu Jan  1 01:00:00 1970]May 27 00:59:51 server1 cockpit-bridge: response = self._open(req, data)
[Thu Jan  1 01:00:00 1970]May 27 00:59:51 server1 cockpit-bridge: File "/usr/lib64/python3.6/urllib/request.py", line 544, in _open
[Thu Jan  1 01:00:00 1970]May 27 00:59:51 server1 cockpit-bridge: '_open', req)
[Thu Jan  1 01:00:00 1970]May 27 00:59:51 server1 cockpit-bridge: File "/usr/lib64/python3.6/urllib/request.py", line 504, in _call_chain
[Thu Jan  1 01:00:00 1970]May 27 00:59:51 server1 cockpit-bridge: result = func(*args)
[Thu Jan  1 01:00:00 1970]May 27 00:59:51 server1 cockpit-bridge: File "/usr/lib64/python3.6/urllib/request.py", line 1377, in http_open
[Thu Jan  1 01:00:00 1970]May 27 00:59:51 server1 cockpit-bridge: return self.do_open(http.client.HTTPConnection, req)
[Thu Jan  1 01:00:00 1970]May 27 00:59:51 server1 cockpit-bridge: File "/usr/lib64/python3.6/urllib/request.py", line 1351, in do_open
[Thu Jan  1 01:00:00 1970]May 27 00:59:51 server1 cockpit-bridge: raise URLError(err)
[Thu Jan  1 01:00:00 1970]May 27 00:59:51 server1 cockpit-bridge: urllib.error.URLError: <urlopen error timed out>
[Thu Jan  1 01:00:00 1970]May 27 01:00:01 server1 cockpit-bridge: Traceback (most recent call last):
[Thu Jan  1 01:00:00 1970]May 27 01:00:01 server1 cockpit-bridge: File "/usr/lib64/python3.6/urllib/request.py", line 1349, in do_open
[Thu Jan  1 01:00:00 1970]May 27 01:00:01 server1 cockpit-bridge: encode_chunked=req.has_header('Transfer-encoding'))
[Thu Jan  1 01:00:00 1970]May 27 01:00:01 server1 cockpit-bridge: File "/usr/lib64/python3.6/http/client.py", line 1254, in request
[Thu Jan  1 01:00:00 1970]May 27 01:00:01 server1 cockpit-bridge: self._send_request(method, url, body, headers, encode_chunked)
[Thu Jan  1 01:00:00 1970]May 27 01:00:01 server1 cockpit-bridge: File "/usr/lib64/python3.6/http/client.py", line 1300, in _send_request
[Thu Jan  1 01:00:00 1970]May 27 01:00:01 server1 cockpit-bridge: self.endheaders(body, encode_chunked=encode_chunked)
[Thu Jan  1 01:00:00 1970]May 27 01:00:01 server1 cockpit-bridge: File "/usr/lib64/python3.6/http/client.py", line 1249, in endheaders
[Thu Jan  1 01:00:00 1970]May 27 01:00:01 server1 cockpit-bridge: self._send_output(message_body, encode_chunked=encode_chunked)
[Thu Jan  1 01:00:00 1970]May 27 01:00:01 server1 cockpit-bridge: File "/usr/lib64/python3.6/http/client.py", line 1036, in _send_output
[Thu Jan  1 01:00:00 1970]May 27 01:00:01 server1 cockpit-bridge: self.send(msg)
[Thu Jan  1 01:00:00 1970]May 27 01:00:01 server1 cockpit-bridge: File "/usr/lib64/python3.6/http/client.py", line 974, in send
[Thu Jan  1 01:00:00 1970]May 27 01:00:01 server1 cockpit-bridge: self.connect()
[Thu Jan  1 01:00:00 1970]May 27 01:00:01 server1 cockpit-bridge: File "/usr/lib64/python3.6/http/client.py", line 946, in connect
[Thu Jan  1 01:00:00 1970]May 27 01:00:01 server1 cockpit-bridge: (self.host,self.port), self.timeout, self.source_address)
[Thu Jan  1 01:00:00 1970]May 27 01:00:01 server1 cockpit-bridge: File "/usr/lib64/python3.6/socket.py", line 724, in create_connection
[Thu Jan  1 01:00:00 1970]May 27 01:00:01 server1 cockpit-bridge: raise err
[Thu Jan  1 01:00:00 1970]May 27 01:00:01 server1 cockpit-bridge: File "/usr/lib64/python3.6/socket.py", line 713, in create_connection
[Thu Jan  1 01:00:00 1970]May 27 01:00:01 server1 cockpit-bridge: sock.connect(sa)
[Thu Jan  1 01:00:00 1970]May 27 01:00:01 server1 cockpit-bridge: socket.timeout: timed out
[Thu Jan  1 01:00:00 1970]May 27 01:00:01 server1 cockpit-bridge: During handling of the above exception, another exception occurred:
[Thu Jan  1 01:00:00 1970]May 27 01:00:01 server1 cockpit-bridge: Traceback (most recent call last):
[Thu Jan  1 01:00:00 1970]May 27 01:00:01 server1 cockpit-bridge: File "/usr/sbin/ns8-action", line 104, in <module>
[Thu Jan  1 01:00:00 1970]May 27 01:00:01 server1 cockpit-bridge: resp = request.urlopen(req, timeout = 20)
[Thu Jan  1 01:00:00 1970]May 27 01:00:01 server1 cockpit-bridge: File "/usr/lib64/python3.6/urllib/request.py", line 223, in urlopen
[Thu Jan  1 01:00:00 1970]May 27 01:00:01 server1 cockpit-bridge: return opener.open(url, data, timeout)
[Thu Jan  1 01:00:00 1970]May 27 01:00:01 server1 cockpit-bridge: File "/usr/lib64/python3.6/urllib/request.py", line 526, in open
[Thu Jan  1 01:00:00 1970]May 27 01:00:01 server1 cockpit-bridge: response = self._open(req, data)
[Thu Jan  1 01:00:00 1970]May 27 01:00:01 server1 cockpit-bridge: File "/usr/lib64/python3.6/urllib/request.py", line 544, in _open
[Thu Jan  1 01:00:00 1970]May 27 01:00:01 server1 cockpit-bridge: '_open', req)
[Thu Jan  1 01:00:00 1970]May 27 01:00:01 server1 cockpit-bridge: File "/usr/lib64/python3.6/urllib/request.py", line 504, in _call_chain
[Thu Jan  1 01:00:00 1970]May 27 01:00:01 server1 cockpit-bridge: result = func(*args)
[Thu Jan  1 01:00:00 1970]May 27 01:00:01 server1 cockpit-bridge: File "/usr/lib64/python3.6/urllib/request.py", line 1377, in http_open
[Thu Jan  1 01:00:00 1970]May 27 01:00:01 server1 cockpit-bridge: return self.do_open(http.client.HTTPConnection, req)
[Thu Jan  1 01:00:00 1970]May 27 01:00:01 server1 cockpit-bridge: File "/usr/lib64/python3.6/urllib/request.py", line 1351, in do_open
[Thu Jan  1 01:00:00 1970]May 27 01:00:01 server1 cockpit-bridge: raise URLError(err)
[Thu Jan  1 01:00:00 1970]May 27 01:00:01 server1 cockpit-bridge: urllib.error.URLError: <urlopen error timed out>

It’s a clean install on Debian 11.

1 Like

I can ping hostnames of NS7 and NS8 and I can ping ad.xchangegate.net from both machines i have tried both ip and local domain same error message.

I think I found the error.
The Wireguard allowed IP on the NS8 cluster does not match to the Wireguard IP address of the NS7 migration tool.

First use the migration tool on NS7 to connect to NS8 until you get the “The NS8 cluster already has a user domain for the ‘ad.xxxxxx.xxx’ domain” error.

On NS8:

In /etc/wireguard/wg0.conf you can find the IP in AllowedIPs that NS8 allows for the peer endpoint. My NS7 has the IP 192.168.3.162.

AllowedIPs = 10.5.4.21/32
Endpoint = 192.168.3.162:39408

On NS7:

Set the IP address for Wireguard to the one you found above, in my case 10.5.4.21:

config setprop wg-quick@wg0 Address 10.5.4.21

Expand the wireguard template:

expand-template /etc/wireguard/wg0.conf

Restart wireguard:

systemctl restart wg-quick@wg0

Ping to NS8 should work now:

ping 10.5.4.1

Now the NS8 migration tool should work if you reload the migration tool page.

EDIT:

OK, it just worked once, the second test failed but for sure it’s an issue if the IP address doesn’t match the allowed IP.

4 Likes