Nethserver on Time4VPS.com

Support
1

NethServer Version: 7.9
Module: Basic installation with Webserver, Basic Firewall and Fail2Ban

I ordered this Storage VPS: Cheap Storage VPS hosting - Storage VPS server - Time4VPS

image
image650×1228 45.9 KB

Via ssh I installed Nethserver based on CentOS7.

The server is now up, I can login into Cockpit, but some services are not starting.

Please, review the following settings:

  • chronyd : The service is either not running or not enabled
  • chronyd.service - NTP client/server
    Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
    Active: inactive (dead)
    Condition: start condition failed at Thu 2021-12-09 00:26:17 EET; 2min 9s ago
    ConditionCapability=CAP_SYS_TIME was not met
    Docs: man:chronyd(8)
    man:chrony.conf(5)
  • rsyslog : The service is either not running or not enabled
    echo '{"action":"start","name":"rsyslog"}' | /usr/bin/setsid /usr/bin/sudo /usr/libexec/nethserver/api/system-services/update | jq
    # systemctl status rsyslog
    Unit rsyslog.service could not be found.
  • shorewall : The service is either not running or not enabled
    echo '{"action":"start","name":"shorewall"}' | /usr/bin/setsid /usr/bin/sudo /usr/libexec/nethserver/api/system-services/update | jq
    * shorewall.service - Shorewall IPv4 firewall
    Loaded: loaded (/usr/lib/systemd/system/shorewall.service; enabled; vendor preset: disabled)
    Drop-In: /usr/lib/systemd/system/shorewall.service.d
    `-nethserver-firewall-base.conf
    Active: failed (Result: exit-code) since Thu 2021-12-09 00:24:59 EET; 2min 27s ago
    Process: 3514 ExecStart=/usr/sbin/shorewall $OPTIONS start $STARTOPTIONS (code=exited, status=143)
    Main PID: 3514 (code=exited, status=143)
    Dec 09 00:24:59 ns-srv02.dargels.de shorewall[3514]: Running /sbin/iptables-restore --wait 60…
    Dec 09 00:24:59 ns-srv02.dargels.de shorewall[3514]: IPv4 Forwarding Enabled
    Dec 09 00:24:59 ns-srv02.dargels.de shorewall[3514]: Processing /etc/shorewall/stopped …
    Dec 09 00:24:59 ns-srv02.dargels.de shorewall[3514]: ipset v7.1: Kernel error received: Operation not permitted
    Dec 09 00:24:59 ns-srv02.dargels.de root[3726]: Shorewall Stopped
    Dec 09 00:24:59 ns-srv02.dargels.de shorewall[3514]: /usr/share/shorewall/lib.common: line 93: 3597 Terminated $SHOREWALL_SHELL $script $options $@
    Dec 09 00:24:59 ns-srv02.dargels.de systemd[1]: shorewall.service: main process exited, code=exited, status=143/n/a
    Dec 09 00:24:59 ns-srv02.dargels.de systemd[1]: Failed to start Shorewall IPv4 firewall.
    Dec 09 00:24:59 ns-srv02.dargels.de systemd[1]: Unit shorewall.service entered failed state.
    Dec 09 00:24:59 ns-srv02.dargels.de systemd[1]: shorewall.service failed.

The Network section is completely empty, not network device is defined.

Routing table:

Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 venet0
    0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 venet0

The external IP is 80.209.231.27

image
image1330×472 51.4 KB

If anyone sees a way to correct the configuration, I will gratefully use your advice.
Sincerely, MArko

2

That sounds odd. What “network section” are you talking about. In Cockpit? Let’s see what we have to work with. What’s the output of ls /sys/class/net and db networks show?

3

yes

# ls /sys/class/net
lo  venet0

# db networks show
ppp0=xdsl-disabled
    AuthType=auto
    FwInBandwidth=
    FwOutBandwidth=
    Password=
    name=PPPoE
    provider=xDSL provider
    role=red
    user=

Thanks, Marko

4

So your network adapter seems to be venet0. What’s the output of ifconfig venet0?

I’m wondering if the answer might not be something as simple as running network-recovery and entering your external IP address there.

1 Like
5

Related threads:

EDIT:

You may check the shorewall logs:

I’m going to test time2vps Neth install later today…

1 Like
6 
# ifconfig venet0
venet0: flags=211<UP,BROADCAST,POINTOPOINT,RUNNING,NOARP>  mtu 1500
        inet 127.0.0.1  netmask 255.255.255.255  broadcast 0.0.0.0  destination 127.0.0.1
        inet6 2a02:7b40:50d1:e71b::1  prefixlen 128  scopeid 0x0<global>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 0  (UNSPEC)
        RX packets 89392  bytes 57875527 (55.1 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 75522  bytes 19247431 (18.3 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

network-recovery doesn’t fix it

7

Chronyd does not work so we need to disable it, the virtualization doesn’t allow it, time is set by hypervisor, see Chronyd does not start - #3 by rasi

config setprop chronyd status disabled

It wasn’t installed:

yum install rsyslog

Shorewall and routes config didn’t survive a reboot :unamused: but it should work…

grafik
grafik915×434 33 KB

8

I reinstalled centos7 and tried to set ip link set dev venet0 alias eth0 (and did chattr +i /etc/sysconfig/network-scripts/ifcfg-venet0)before nethserver installation: no success.
venet0 still exists, eth0 missed

I believe the shorewall problems are related to the missing network interface.

9

I got shorewall running, it’s just the route that makes problems after reboot, I’ll post when I have it sorted out.

This command sets up a network interface in server manager:

db networks set venet0 ethernet ipaddr <YOUR_IP> netmask 255.255.255.255 role green

10

Current state:

  1. fresh install centos7
  2. yum install e2fsprogs # for chattr
  3. chattr +i /etc/sysconfig/network-scripts/ifcfg-venet0
  4. db networks set venet0 ethernet ipaddr 80.209.231.27 netmask 255.255.255.255 role green
  5. yum install -y http://mirror.nethserver.org/nethserver/nethserver-release-7.rpm
  6. nethserver-install
  7. yum install rsyslog
  8. reboot

Network:

# db networks show
ppp0=xdsl-disabled
AuthType=auto
FwInBandwidth=
FwOutBandwidth=
Password=
name=PPPoE
provider=xDSL provider
role=red
user=
venet0=ethernet
ipaddr=80.209.231.27
netmask=255.255.255.255
role=green

but…

image
image1794×266 17.1 KB

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 venet0
10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 venet0
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 venet0

# ifconfig -a
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 138  bytes 264894 (258.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 138  bytes 264894 (258.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

venet0: flags=211<UP,BROADCAST,POINTOPOINT,RUNNING,NOARP>  mtu 1500
        inet 127.0.0.1  netmask 255.255.255.255  broadcast 0.0.0.0  destination 127.0.0.1
        inet6 2a02:7b40:50d1:e71b::1  prefixlen 128  scopeid 0x0<global>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 0  (UNSPEC)
        RX packets 8210  bytes 837928 (818.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 6929  bytes 1976611 (1.8 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

venet0:0: flags=211<UP,BROADCAST,POINTOPOINT,RUNNING,NOARP>  mtu 1500
        inet 80.209.231.27  netmask 255.255.255.255  broadcast 80.209.231.27  destination 80.209.231.27
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 0  (UNSPEC)

venet0:1: flags=211<UP,BROADCAST,POINTOPOINT,RUNNING,NOARP>  mtu 1500
        inet 10.209.231.27  netmask 255.0.0.0  broadcast 10.255.255.255  destination 10.209.231.27
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 0  (UNSPEC)

Services:

image
image1556×1388 166 KB

1 Like
11

should we install dummy network interface?
https://wiki.nethserver.org/doku.php?id=virtual_network_interface&s[]=dummy

13

I think it’s not really needed for a backup machine.

14

Time4VPS uses OpenVZ virtualization so you can’t edit time or kernel.

Not working:
Fail2Ban

Here are my steps to a working time4VPS NethServer:

Start with a fresh CentOS 7.

Install requirements:

yum -y install which rsyslog e2fsprogs

Protect preconfigured files:

chattr +i /etc/sysconfig/network-scripts/ifcfg-venet0*

Set a root password:

passwd

Install NethServer:

yum install -y http://mirror.nethserver.org/nethserver/nethserver-release-7.rpm
nethserver-install

Here it breaks via ssh and you need to reboot. It’s no problem, the process is finished.

If ssh is still not working you need to go to time4vps emergency console and disable shorewall:

shorewall clear

Now ssh should work again for easier copy/paste.

Set route on interface update:

echo ip route add default dev venet0 > /etc/e-smith/events/actions/route-venet0
ln -s ../actions/route-venet0 /etc/e-smith/events/interface-update/S81route-venet0

Set route on boot:

echo 0.0.0.0/0 dev venet0 > /etc/sysconfig/network-scripts/route-venet0
chattr +i /etc/sysconfig/network-scripts/route-venet0

Set network interface - replace 1.2.3.4 with your IP:

db networks set venet0 ethernet ipaddr 1.2.3.4 netmask 255.255.255.255 role green

Shorewall fix:

touch /var/log/firewall.log
shorewall show -f capabilities > /etc/shorewall/capabilities
mv /var/run/.nethserver-fixnetwork ~
mv /var/lib/shorewall/.iptables-restore-input ~
signal-event firewall-adjust

Disable chronyd - we are unable to set time in OpenVZ container:

config setprop chronyd status disabled

Now you should see all services working.

6 Likes
15

after complete reinstallation following your guide
[root@ns-srv02 ~]# shorewall clear
ERROR: Shorewall has never been started
[root@ns-srv02 ~]#

:neutral_face:

16

No problem, just go on with the steps…

EDIT:

Is it working?

BTW, I did restic and rsync backups via SFTP to the new server and it worked, at least with root account.

1 Like
17

next try…

[root@ns-srv02 ~]# mv /var/run/.nethserver-fixnetwork ~
mv: der Aufruf von stat für „/var/run/.nethserver-fixnetwork“ ist nicht möglich: Datei oder Verzeichnis nicht gefunden
[root@ns-srv02 ~]# mv /var/lib/shorewall/.iptables-restore-input ~
mv: der Aufruf von stat für „/var/lib/shorewall/.iptables-restore-input“ ist nicht möglich: Datei oder Verzeichnis nicht gefunden

18

No problem again, the next step is interesting…

I tried a lot, maybe some is not needed, I’ll go through it again after your feedback.

1 Like
19

ssh access is possible, Cockpit not.

[root@ns-srv02 ~]# ip -a address

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/void
inet 127.0.0.1/32 scope host venet0
inet 80.209.231.27/32 brd 80.209.231.27 scope global venet0:0
inet 10.209.231.27/8 brd 10.255.255.255 scope global venet0:1
inet6 2a02:7b40:50d1:e71b::1/128 scope global
valid_lft forever preferred_lft forever
[root@ns-srv02 ~]#

20

Please try to restart cockpit:

systemctl restart cockpit

1 Like
21

Thank you for your support

1 Like