NS7 upgrade NS8 problems

steve · October 17, 2024, 6:47pm

NethServer Version: Nethserver 7.9.2009 (final)

Hi!

It seems that NS7 has reached the end of its life, support for CentOS 7 has ended.

I would like to know if it is safe to continue using NS7 and for how long?

I’m asking because I can’t manage to switch to NS8. There are some applications, programs, and databases that are necessary for our work. I can partially install these, partially not. For example, running the maraiadb and firebird databases is still unsuccessful. A serious problem is that individual files cannot be restored independently from a backup. This helped me a lot when a file on the Samba share was damaged or accidentally deleted. Another problem is that only encrypted restic saving is possible and the previous rsync cannot be used.

Perhaps the biggest problem is that it is not possible to create a truly functional server in all its parts, from the firewall to the intrusion protection to the Samba sharing, they regularly get stuck in the descriptions. The installation description does not contain at least one sample installation either.

Can I find such a description somewhere?

Does anyone have an idea to solve my problems or should I look for another solution to my greatest regret?

Thanks for the help

dnutan · October 17, 2024, 8:08pm

Hi! Just answering one of your questions as it came up on the milestone announcement.

As announced today, it is on the roadmap for NS8 milestone 8.3:

steve · October 19, 2024, 6:42pm

Thanks @dnutan .

Don’t get me wrong, I’m happy to use Nethserver and if my problems can be solved, I’d be happy with NS8 as well. Our VPS provider can host NS8…

Can anyone help? How to install firebird database manager on NS8?
How can I create a mariadb database that the user can access via VPN? Is it necessary to create a second Green LAN interface (dummy)?

Maybe these are stupid questions, but unfortunately I don’t understand a lot about NS8 and I can’t find detailed descriptions and HowTos anywhere…

Thanks for help.

Andy_Wismer · October 19, 2024, 6:58pm

Hi @steve

If running as a VPS or VM in the cloud, NS8 already has a firewall built in to protect itself, and Croudsec should protect against malicious attempts. So no worries about the server as such.

AFAIK, it is needed to have a local “dummy” interface to act as LAN for VPNs. A cloud server has no “LAN” for other hosts. Debian or Rocky do support this from the basic OS install.

There is a WG VPN server module you can install on NS8 to allow access.
There is also a MariaDB module you can use as required.

The one issue I still see is firebird, but maybe @oneitonitram can help with making a firebird module for you.

Backup as such works, individual file restore should be here by the time you’re ready to go live after migration of most stuff (But also could be a few weeks later, should not be too critical)!

Note: NS7 as such will still continue to run. Only Centos7 and Epel Repos will probably be off, but NS7 will still be able to access it’s repos to install stuff or migration upgrades or whatever. That also lowers pressure eg for the Firebird module, which can be left running as last app on NS7 until you get a module for firebird up & running and can migrate your DBs.
New issues may crop up, security won’t get better with NS7, but it will still run.

My 2 cents
Andy

steve · October 21, 2024, 1:26pm

Dear @Andy_Wismer !

Thank you for your answer, it is very useful and I got answers from you for almost all the problems. I’m glad that apart from the Firebird problem, there is a solution or there will be a solution soon.

I created a dummy LAN interface for the NS7 VPS (which is in the cloud) so that users can connect via VPN to services such as mariadb, firebird databases, mail, Samba, etc. This works great, no one can access the dummy LAN interface and thus the services. @stephdl made a great description for it…

Did I understand you correctly, does the NS8 also need a dummy LAN interface so that users can access the services via VPN? How to create it?

The Firebird problem is a serious problem for me because the databases that are part of our work run on it. Unfortunately, we need to use it and the databases cannot be exported to another database manager (e.g. mariadb). Does anyone have any ideas on how to install and use Firebird under NS8? If everything else can be installed, why can’t we solve this?

I created a service for NS7 when installing Firebird and also set up the firewall for it, but I don’t know what to do under NS8. Unfortunately I don’t know @oneitonitram…

I hope that what was written by @dnutan will be fulfilled soon and the restoration of individual files will work. Although I don’t know how I will be able to solve the saving, because now they went to sftp and as I remember NS8 cannot save to sftp…

I created an NS8 with some users and email addresses, but for now I can’t go any further, I’m stuck. VPN and Samba sharing should be created, but for now I cannot access the test environment from the internal network…

The good news is that NS7 can still be used and there will be updates for it, at least I hope until my problems are solved and we can fully use NS8… That’s for sure, can other developers confirm this?

Thanks for the help. Regards

Andy_Wismer · October 21, 2024, 1:30pm

Hi @steve

I may have time later today to answer some questions here - or at least provide you the right link to a How-To or such…

This one should provide some help…

As to Firebird…

I did say earlier it would not pose much problems to leave Firebird running on NS7 until a good solution is available. NS7 would be cleaned up and reduced in services until basically only Firebird is running.

Basically, this depends on if you can keep both servers running (Cloud…).

@oneitonitram is one of the App developers here, if he has time and capacity he will help you with this. You’ll need to help by testing, but this has a good chance of working as expected. Best would be to ask him directly with a PM…

My 2 cents
Andy

steve · October 23, 2024, 12:24pm

Hi @Andy_Wismer

Unfortunately, I don’t understand the content of the linked post…
I am currently using a dummy LAN interface under NS7 so that users connected to openVPN can access the services through the virtual LAN (Green) interface, not the public (Red) interface.

Am I right, is this also needed under NS8?

I did’n create it during installation. Can this be solved afterwards and how should it be done?

Thanks and Regards

Andy_Wismer · October 23, 2024, 3:10pm

Hi @steve

In the post this is also discussed, so it’s explained how to install it (afterwards!).
The internal Wireguard VPN is also explained and how to connect to NS7.

Most are toward the end of that post.

My 2 cents
Andy

steve · October 23, 2024, 5:53pm

Hi @Andy_Wismer

Unfortunately, I don’t understand what the conversation is about in the linked post. Maybe my English is not enough to understand it?

I tried to interpret it several times, but without success. I’m sorry…

Andy_Wismer · October 23, 2024, 7:05pm

Hi @steve

While this is an english forum, excellent english understanding should not be mandatory.
If I have time, I’ll see if I can take it apart and make it easier for you to understand.

But basically, yes, you need the dummy LAN. This can be installed before,or after the installation of NS8, but is easier on the plain OS underneath, no matter if using Rocky or Debian.
I install this before installing NS8 in such cases.

I also set static IPs and correct DNS before installing NS8, this makes things much easier.

My 2 cents
Andy

steve · October 24, 2024, 2:43pm

OK. I created the dummy LAN interface and set its IP address from the command line. It was created and appeared on the firewall tab, but NS8 will not use it, it is not marked…

How to proceed?

Thanks