NS7toNS8 error connecting

NethServer Version: 7.9.2009
Module: Migration NS7toNS8

• Using debian12 as basis

• installed NS8 with script from nethserver.org > OK

• checked VPN connection from NS7 to NS8 with nmap >OK

• installed and start migration tool on NS7

• Try to connect with NS8: connecting error …
  Where is my mistake ??
  there is the log

 Logs
  File "/usr/lib64/python3.6/urllib/request.py", line 526, in open
    response = self._open(req, data)
  File "/usr/lib64/python3.6/urllib/request.py", line 544, in _open
    '_open', req)
  File "/usr/lib64/python3.6/urllib/request.py", line 504, in _call_chain
    result = func(*args)
  File "/usr/lib64/python3.6/urllib/request.py", line 1377, in http_open
    return self.do_open(http.client.HTTPConnection, req)
  File "/usr/lib64/python3.6/urllib/request.py", line 1351, in do_open
    raise URLError(err)
urllib.error.URLError: <urlopen error [Errno 110] Connection timed out>
=========== Join cluster Wed, 28 Aug 2024 17:35:05 +0200
ns8-join: HTTP Error 401: Unauthorized
=========== Join cluster Wed, 28 Aug 2024 17:35:31 +0200
ns8-join: HTTP Error 401: Unauthorized
=========== Join cluster Wed, 28 Aug 2024 17:35:58 +0200
Traceback (most recent call last):
  File "/usr/lib64/python3.6/urllib/request.py", line 1349, in do_open
    encode_chunked=req.has_header('Transfer-encoding'))
  File "/usr/lib64/python3.6/http/client.py", line 1254, in request
    self._send_request(method, url, body, headers, encode_chunked)
  File "/usr/lib64/python3.6/http/client.py", line 1300, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
  File "/usr/lib64/python3.6/http/client.py", line 1249, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/usr/lib64/python3.6/http/client.py", line 1036, in _send_output
    self.send(msg)
  File "/usr/lib64/python3.6/http/client.py", line 974, in send
    self.connect()
  File "/usr/lib64/python3.6/http/client.py", line 946, in connect
    (self.host,self.port), self.timeout, self.source_address)
  File "/usr/lib64/python3.6/socket.py", line 724, in create_connection
    raise err
  File "/usr/lib64/python3.6/socket.py", line 713, in create_connection
    sock.connect(sa)
TimeoutError: [Errno 110] Connection timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/sbin/ns8-join", line 239, in <module>
    call(api_endpoint, "remove-external-domain", payload['token'], {"domain": account_provider_domain}, False)
  File "/usr/sbin/ns8-join", line 47, in call
    post = request.urlopen(req, context=ctx)
  File "/usr/lib64/python3.6/urllib/request.py", line 223, in urlopen
    return opener.open(url, data, timeout)
  File "/usr/lib64/python3.6/urllib/request.py", line 526, in open
    response = self._open(req, data)
  File "/usr/lib64/python3.6/urllib/request.py", line 544, in _open
    '_open', req)
  File "/usr/lib64/python3.6/urllib/request.py", line 504, in _call_chain
    result = func(*args)
  File "/usr/lib64/python3.6/urllib/request.py", line 1377, in http_open
    return self.do_open(http.client.HTTPConnection, req)
  File "/usr/lib64/python3.6/urllib/request.py", line 1351, in do_open
    raise URLError(err)
urllib.error.URLError: <urlopen error [Errno 110] Connection timed out>
=========== Leave cluster Wed, 28 Aug 2024 18:46:59 +0200
=========== Join cluster Wed, 28 Aug 2024 18:47:40 +0200
Traceback (most recent call last):
  File "/usr/lib64/python3.6/urllib/request.py", line 1349, in do_open
    encode_chunked=req.has_header('Transfer-encoding'))
  File "/usr/lib64/python3.6/http/client.py", line 1254, in request
    self._send_request(method, url, body, headers, encode_chunked)
  File "/usr/lib64/python3.6/http/client.py", line 1300, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
  File "/usr/lib64/python3.6/http/client.py", line 1249, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/usr/lib64/python3.6/http/client.py", line 1036, in _send_output
    self.send(msg)
  File "/usr/lib64/python3.6/http/client.py", line 974, in send
    self.connect()
  File "/usr/lib64/python3.6/http/client.py", line 946, in connect
    (self.host,self.port), self.timeout, self.source_address)
  File "/usr/lib64/python3.6/socket.py", line 724, in create_connection
    raise err
  File "/usr/lib64/python3.6/socket.py", line 713, in create_connection
    sock.connect(sa)
TimeoutError: [Errno 110] Connection timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/sbin/ns8-join", line 239, in <module>
    call(api_endpoint, "remove-external-domain", payload['token'], {"domain": account_provider_domain}, False)
  File "/usr/sbin/ns8-join", line 47, in call
    post = request.urlopen(req, context=ctx)
  File "/usr/lib64/python3.6/urllib/request.py", line 223, in urlopen
    return opener.open(url, data, timeout)
  File "/usr/lib64/python3.6/urllib/request.py", line 526, in open
    response = self._open(req, data)
  File "/usr/lib64/python3.6/urllib/request.py", line 544, in _open
    '_open', req)
  File "/usr/lib64/python3.6/urllib/request.py", line 504, in _call_chain
    result = func(*args)
  File "/usr/lib64/python3.6/urllib/request.py", line 1377, in http_open
    return self.do_open(http.client.HTTPConnection, req)
  File "/usr/lib64/python3.6/urllib/request.py", line 1351, in do_open
    raise URLError(err)
urllib.error.URLError: <urlopen error [Errno 110] Connection timed out>

Hi @rowihei

Do you have internal DNS entries for both servers? This is very important for NS8.
It helps, eg if you make the DNS entries on NS7, and point your NS8 to the NS7 for DNS.

My 2 cents
Andy

Did you try to ping 10.5.4.1 (which is the default wireguard IP of the first NS8 node) from the NS7?

If it doesn’t work please check the wireguard connection and the config files /etc/wireguard/ns8.conf on NS7 and etc/wireguard/wg0.conf on NS8.

Thanks for the answers,
… typical rookie mistake … two equal names in firma.lan
I hope it is possible to rename NS8 before and after migration ??
There are some firewall rules and many other things point to msrv …
But the contradiction ping to VPN and nmap test ??
That’s the results:

[admin@msrv ~]$ ping 10.5.4.1
PING 10.5.4.1 (10.5.4.1) 56(84) bytes of data.
^C
--- 10.5.4.1 ping statistics ---
16 packets transmitted, 0 received, 100% packet loss, time 15000ms

[admin@msrv ~]$ nslookup 10.2.2.11
11.2.2.10.in-addr.arpa  name = msrv.firma.lan.

[admin@msrv ~]$ nmap -p 55820 10.2.2.11

Starting Nmap 6.40 ( http://nmap.org ) at 2024-08-29 10:12 CEST
Nmap scan report for msrv.firma.lan (10.2.2.11)
Host is up (0.00039s latency).
PORT      STATE    SERVICE
55820/tcp filtered unknown

Nmap done: 1 IP address (1 host up) scanned in 0.04 seconds
[admin@msrv ~]$ nslookup msrv.firma.lan
Server:         127.0.0.1
Address:        127.0.0.1#53

Name:   msrv.firma.lan
Address: 10.2.2.9
Name:   msrv.firma.lan
Address: 10.2.2.11

Wireguard uses UDP.

…sorry, I’m unalert ;

[admin@msrv ~]$ nc -vzu 10.2.2.11 55820
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 10.2.2.11:55820.
Ncat: UDP packet sent successfully
Ncat: 1 bytes sent, 0 bytes received in 2.02 seconds.

Next question: Is it possible to interrupt the migration, because we want to start it on weekend, now we only prepare it (320 GB ~ 5h downtime or more and NO way back) ??

As soon as an app is migrated to NS8 the service on NS7 is disabled.
To enable it again:

Thanks Markus,
… we will try migration on Friday afternoon. I will report on Monday. We hope that all applications work and no unrepairable errors.
If there are too many problems it should be enough to reconfigure all services on NS7 ? - there are mailserver + sogo + nextcloud + dhcp-server + revers-proxy + Let’sEncrypt
Just in case of problems, I created a virtual machine with NS7 on Proxmox to restore the last backup from USB-HD … at the moment it is behind a firewall (VM) because to avoid IP conflicts.

Good luck. If there are issues just share it here.

Yes, so you can continue using NS7 and retry the migration after solving the issues.

It’s always good to have some backups.

Hello Andy,
… thank you and yes, it’s configured:

Name  ... Beschreibung ... IP
msrv.firma.lan NS7-msrv 10.2.2.9
ns8.firma.lan NS8-TEST 10.2.2.11

Hello, again,
… it’s an endless nigthmare;
tested connection:

getent hosts ns8.firma.lan
10.2.2.11       ns8.firma.lan ns8

And on NS7 services wireguard wg-quick@ns8 we see a new VPN address. not 10.5.4.3

Eigenschaften

Address
    10.5.4.7
RemoteNetwork
    10.5.4.0/24
RemoteEndpoint
    msrv.firma.lan:55820
RemoteKey
    vGgdjXr7Mzw***************************=

Now we get error: Error retrieving apps to migrate

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/sbin/ns8-join", line 239, in <module>
    call(api_endpoint, "remove-external-domain", payload['token'], {"domain": account_provider_domain}, False)
  File "/usr/sbin/ns8-join", line 47, in call
    post = request.urlopen(req, context=ctx)
  File "/usr/lib64/python3.6/urllib/request.py", line 223, in urlopen
    return opener.open(url, data, timeout)
  File "/usr/lib64/python3.6/urllib/request.py", line 526, in open
    response = self._open(req, data)
  File "/usr/lib64/python3.6/urllib/request.py", line 544, in _open
    '_open', req)
  File "/usr/lib64/python3.6/urllib/request.py", line 504, in _call_chain
    result = func(*args)
  File "/usr/lib64/python3.6/urllib/request.py", line 1377, in http_open
    return self.do_open(http.client.HTTPConnection, req)
  File "/usr/lib64/python3.6/urllib/request.py", line 1351, in do_open
    raise URLError(err)
urllib.error.URLError: <urlopen error [Errno 110] Connection timed out>
=========== Leave cluster Fri, 30 Aug 2024 15:09:58 +0200
=========== Join cluster Fri, 30 Aug 2024 15:10:31 +0200
Traceback (most recent call last):
  File "/usr/lib64/python3.6/urllib/request.py", line 1349, in do_open
    encode_chunked=req.has_header('Transfer-encoding'))
  File "/usr/lib64/python3.6/http/client.py", line 1254, in request
    self._send_request(method, url, body, headers, encode_chunked)
  File "/usr/lib64/python3.6/http/client.py", line 1300, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
  File "/usr/lib64/python3.6/http/client.py", line 1249, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/usr/lib64/python3.6/http/client.py", line 1036, in _send_output
    self.send(msg)
  File "/usr/lib64/python3.6/http/client.py", line 974, in send
    self.connect()
  File "/usr/lib64/python3.6/http/client.py", line 946, in connect
    (self.host,self.port), self.timeout, self.source_address)
  File "/usr/lib64/python3.6/socket.py", line 724, in create_connection
    raise err
  File "/usr/lib64/python3.6/socket.py", line 713, in create_connection
    sock.connect(sa)
TimeoutError: [Errno 110] Connection timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/sbin/ns8-join", line 239, in <module>
    call(api_endpoint, "remove-external-domain", payload['token'], {"domain": account_provider_domain}, False)
  File "/usr/sbin/ns8-join", line 47, in call
    post = request.urlopen(req, context=ctx)
  File "/usr/lib64/python3.6/urllib/request.py", line 223, in urlopen
    return opener.open(url, data, timeout)
  File "/usr/lib64/python3.6/urllib/request.py", line 526, in open
    response = self._open(req, data)
  File "/usr/lib64/python3.6/urllib/request.py", line 544, in _open
    '_open', req)
  File "/usr/lib64/python3.6/urllib/request.py", line 504, in _call_chain
    result = func(*args)
  File "/usr/lib64/python3.6/urllib/request.py", line 1377, in http_open
    return self.do_open(http.client.HTTPConnection, req)
  File "/usr/lib64/python3.6/urllib/request.py", line 1351, in do_open
    raise URLError(err)
urllib.error.URLError: <urlopen error [Errno 110] Connection timed out>

Please check the wireguard configs as explained here:

This should already have been fixed but maybe it’s another issue…

If the NS8 is not on LAN but WAN you may need to add the wireguard service port 55820/udp to the NS7 services to be able to connect.

good morning Markus,
readed this post and configured wireguard with new VPN IP. But there are more config errors:

• read to late, that on NS8 no applications allowed before migration
  But: HOW is it possible to remove an application, not found a button to remove
  installation wiki is a little bit confused (for me) …
  That’s why yesterday evening I removed ns8 with
  bash /var/lib/nethserver/node/uninstall.sh .
  By the way, the home was NOT cleared like wrote in documentation - it’s debian12 ??
  … i cleared ns8 directories in /home by hand …
  REBOOT and tried a new installation of NS8 with
  curl https://raw.githubusercontent.com/NethServer/ns8-core/ns8-stable/core/install.sh | bash
  After reboot I was NOT able to start https://10.2.2.11/cluster-admin …

It’s looking like debian12 is damaged, what should I do - make a fresh debian installation and configuration again and again and again ??? I have time I’m pensioner, but somewhen my head is empty …
First error to seen is syctl, I have to start with path /sbin/sysctl …
Where is the script I have to edit, or it’s better to edit path ?
The installation screen said:

NethServer cluster-admin UI:
  - https://ns8.fima.lan/cluster-admin/
  - https://10.2.2.11/cluster-admin/

Last login: Fri Aug 30 19:33:16 2024 from 10.2.2.9
-bash: [: : Ganzzahliger Ausdruck erwartet.
tux@ns8:~$ su
Passwort: 
root@ns8:/home/tux# cd ~
root@ns8:~# ./install_ns8.sh
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  3153  100  3153    0     0  11422      0 --:--:-- --:--:-- --:--:-- 11423
Checking port 80 and 443 are not already in use
Restart journald:
Install dependencies:
OK:1 http://deb.debian.org/debian bookworm InRelease
Holen:2 http://security.debian.org/debian-security bookworm-security InRelease [48,0 kB]
Holen:3 http://deb.debian.org/debian bookworm-updates InRelease [55,4 kB]                                   
Holen:4 http://security.debian.org/debian-security bookworm-security/main Sources [109 kB]                       
Holen:5 http://security.debian.org/debian-security bookworm-security/main amd64 Packages [179 kB]
Holen:6 http://security.debian.org/debian-security bookworm-security/main Translation-en [108 kB]
OK:7 https://packagecloud.io/crowdsec/crowdsec/debian bookworm InRelease                                     
Es wurden 499 kB in 2 s geholt (299 kB/s).
Paketlisten werden gelesen… Fertig
Paketlisten werden gelesen… Fertig
Abhängigkeitsbaum wird aufgebaut… Fertig
Statusinformationen werden eingelesen… Fertig
gnupg2 ist schon die neueste Version (2.2.40-1.1).
0 aktualisiert, 0 neu installiert, 0 zu entfernen und 2 nicht aktualisiert.
OK:1 http://deb.debian.org/debian bookworm InRelease
OK:2 http://security.debian.org/debian-security bookworm-security InRelease
OK:3 http://deb.debian.org/debian bookworm-updates InRelease               
OK:4 https://packagecloud.io/crowdsec/crowdsec/debian bookworm InRelease   
Paketlisten werden gelesen… Fertig
Paketlisten werden gelesen… Fertig
Abhängigkeitsbaum wird aufgebaut… Fertig
Statusinformationen werden eingelesen… Fertig
python3-venv ist schon die neueste Version (3.11.2-1+b1).
podman ist schon die neueste Version (4.3.1+ds1-8+deb12u1).
wireguard ist schon die neueste Version (1.0.20210914-1).
uuid-runtime ist schon die neueste Version (2.38.1-5+deb12u1).
curl ist schon die neueste Version (7.88.1-10+deb12u6).
jq ist schon die neueste Version (1.6-2.1).
openssl ist schon die neueste Version (3.0.13-1~deb12u1).
psmisc ist schon die neueste Version (23.6-1).
firewalld ist schon die neueste Version (1.3.3-1~deb12u1).
pciutils ist schon die neueste Version (1:3.9.0-4).
wget ist schon die neueste Version (1.21.3-1+b2).
0 aktualisiert, 0 neu installiert, 0 zu entfernen und 2 nicht aktualisiert.
Extracting core sources from ghcr.io/nethserver/core:ns8-stable:
Gesamtzahl gelesener Bytes: 145500160 (139MiB, 257MiB/s)
etc/
.....................................
Set kernel parameters:
/var/lib/nethserver/node/install-core.sh: Zeile 39: sysctl: Kommando nicht gefunden.
Setup Python virtual environment for agents:
Requirement already satisfied: aiodns==3.0.0 in /usr/local/agent/pyenv/lib/python3.11/site-packages (from -r /etc/nethserver/pyreq3_11.txt (line 5)) (3.0.0)
Requirement already satisfied: aiohttp==3.8.4 in /usr/local/agent/pyenv/lib/python3.11/site-packages (from -r /etc/nethserver/pyreq3_11.txt (line 6)) (3.8.4)
Requirement already satisfied: ansible-core==2.15.1 in /usr/local/agent/pyenv/lib/python3.11/site-packages (from -r /etc/nethserver/pyreq3_11.txt (line 7)) (2.15.1)
Requirement already satisfied: ansible-runner==2.3.1 in /usr/local/agent/pyenv/lib/python3.11/site-packages (from -r /etc/nethserver/pyreq3_11.txt (line 8)) (2.3.1)
Requirement already satisfied: async-timeout==4.0.2 in /usr/local/agent/pyenv/lib/python3.11/site-packages (from -r /etc/nethserver/pyreq3_11.txt (line 9)) (4.0.2)
Requirement already satisfied: attrs==22.2.0 in /usr/lib/python3/dist-packages (from -r /etc/nethserver/pyreq3_11.txt (line 10)) (22.2.0)
Requirement already satisfied: brotlipy==0.7.0 in /usr/local/agent/pyenv/lib/python3.11/site-packages (from -r /etc/nethserver/pyreq3_11.txt (line 11)) (0.7.0)
Requirement already satisfied: certifi==2022.9.24 in /usr/lib/python3/dist-packages (from -r /etc/nethserver/pyreq3_11.txt (line 12)) (2022.9.24)
Requirement already satisfied: cffi==1.15.1 in /usr/local/agent/pyenv/lib/python3.11/site-packages (from -r /etc/nethserver/pyreq3_11.txt (line 13)) (1.15.1)
Requirement already satisfied: chardet==5.1.0 in /usr/lib/python3/dist-packages (from -r /etc/nethserver/pyreq3_11.txt (line 14)) (5.1.0)
Requirement already satisfied: cryptography==41.0.1 in /usr/local/agent/pyenv/lib/python3.11/site-packages (from -r /etc/nethserver/pyreq3_11.txt (line 15)) (41.0.1)
Requirement already satisfied: dnspython==2.3.0 in /usr/local/agent/pyenv/lib/python3.11/site-packages (from -r /etc/nethserver/pyreq3_11.txt (line 16)) (2.3.0)
Requirement already satisfied: docutils==0.20 in /usr/local/agent/pyenv/lib/python3.11/site-packages (from -r /etc/nethserver/pyreq3_11.txt (line 17)) (0.20)
Requirement already satisfied: hiredis==2.2.3 in /usr/local/agent/pyenv/lib/python3.11/site-packages (from -r /etc/nethserver/pyreq3_11.txt (line 18)) (2.2.3)
Requirement already satisfied: idna==3.3 in /usr/lib/python3/dist-packages (from -r /etc/nethserver/pyreq3_11.txt (line 19)) (3.3)
Requirement already satisfied: Jinja2==3.1.2 in /usr/local/agent/pyenv/lib/python3.11/site-packages (from -r /etc/nethserver/pyreq3_11.txt (line 20)) (3.1.2)
Requirement already satisfied: jsonschema==4.10.3 in /usr/lib/python3/dist-packages (from -r /etc/nethserver/pyreq3_11.txt (line 21)) (4.10.3)
Requirement already satisfied: ldap3==2.9.1 in /usr/local/agent/pyenv/lib/python3.11/site-packages (from -r /etc/nethserver/pyreq3_11.txt (line 22)) (2.9.1)
Requirement already satisfied: lockfile==0.12.2 in /usr/local/agent/pyenv/lib/python3.11/site-packages (from -r /etc/nethserver/pyreq3_11.txt (line 23)) (0.12.2)
Requirement already satisfied: MarkupSafe==2.1.3 in /usr/local/agent/pyenv/lib/python3.11/site-packages (from -r /etc/nethserver/pyreq3_11.txt (line 24)) (2.1.3)
Requirement already satisfied: multidict==6.0.4 in /usr/local/agent/pyenv/lib/python3.11/site-packages (from -r /etc/nethserver/pyreq3_11.txt (line 25)) (6.0.4)
Requirement already satisfied: packaging==23.0 in /usr/local/agent/pyenv/lib/python3.11/site-packages (from -r /etc/nethserver/pyreq3_11.txt (line 26)) (23.0)
Requirement already satisfied: pexpect==4.8.0 in /usr/lib/python3/dist-packages (from -r /etc/nethserver/pyreq3_11.txt (line 27)) (4.8.0)
Requirement already satisfied: psutil==5.9.4 in /usr/local/agent/pyenv/lib/python3.11/site-packages (from -r /etc/nethserver/pyreq3_11.txt (line 28)) (5.9.4)
Requirement already satisfied: ptyprocess==0.7.0 in /usr/lib/python3/dist-packages (from -r /etc/nethserver/pyreq3_11.txt (line 29)) (0.7.0)
Requirement already satisfied: pyasn1==0.4.8 in /usr/local/agent/pyenv/lib/python3.11/site-packages (from -r /etc/nethserver/pyreq3_11.txt (line 30)) (0.4.8)
Requirement already satisfied: pycares==4.3.0 in /usr/local/agent/pyenv/lib/python3.11/site-packages (from -r /etc/nethserver/pyreq3_11.txt (line 31)) (4.3.0)
Requirement already satisfied: pycparser==2.21 in /usr/local/agent/pyenv/lib/python3.11/site-packages (from -r /etc/nethserver/pyreq3_11.txt (line 32)) (2.21)
Requirement already satisfied: pyrsistent==0.18.1 in /usr/lib/python3/dist-packages (from -r /etc/nethserver/pyreq3_11.txt (line 33)) (0.18.1)
Requirement already satisfied: python-daemon==3.0.1 in /usr/local/agent/pyenv/lib/python3.11/site-packages (from -r /etc/nethserver/pyreq3_11.txt (line 34)) (3.0.1)
Requirement already satisfied: PyYAML==6.0 in /usr/local/agent/pyenv/lib/python3.11/site-packages (from -r /etc/nethserver/pyreq3_11.txt (line 35)) (6.0)
Requirement already satisfied: redis==5.0.1 in /usr/local/agent/pyenv/lib/python3.11/site-packages (from -r /etc/nethserver/pyreq3_11.txt (line 36)) (5.0.1)
Requirement already satisfied: regex-engine==1.1.0 in /usr/local/agent/pyenv/lib/python3.11/site-packages (from -r /etc/nethserver/pyreq3_11.txt (line 37)) (1.1.0)
Requirement already satisfied: requests==2.31.0 in /usr/local/agent/pyenv/lib/python3.11/site-packages (from -r /etc/nethserver/pyreq3_11.txt (line 38)) (2.31.0)
Requirement already satisfied: resolvelib==1.0.1 in /usr/local/agent/pyenv/lib/python3.11/site-packages (from -r /etc/nethserver/pyreq3_11.txt (line 39)) (1.0.1)
Requirement already satisfied: semver==3.0.1 in /usr/local/agent/pyenv/lib/python3.11/site-packages (from -r /etc/nethserver/pyreq3_11.txt (line 40)) (3.0.1)
Requirement already satisfied: six==1.16.0 in /usr/lib/python3/dist-packages (from -r /etc/nethserver/pyreq3_11.txt (line 41)) (1.16.0)
Requirement already satisfied: typing-extensions==4.6.3 in /usr/local/agent/pyenv/lib/python3.11/site-packages (from -r /etc/nethserver/pyreq3_11.txt (line 42)) (4.6.3)
Requirement already satisfied: urllib3==1.26.12 in /usr/lib/python3/dist-packages (from -r /etc/nethserver/pyreq3_11.txt (line 43)) (1.26.12)
Requirement already satisfied: yarl==1.9.2 in /usr/local/agent/pyenv/lib/python3.11/site-packages (from -r /etc/nethserver/pyreq3_11.txt (line 44)) (1.9.2)
Requirement already satisfied: charset-normalizer<4.0,>=2.0 in /usr/lib/python3/dist-packages (from aiohttp==3.8.4->-r /etc/nethserver/pyreq3_11.txt (line 6)) (3.0.1)
Requirement already satisfied: frozenlist>=1.1.1 in /usr/local/agent/pyenv/lib/python3.11/site-packages (from aiohttp==3.8.4->-r /etc/nethserver/pyreq3_11.txt (line 6)) (1.4.1)
Requirement already satisfied: aiosignal>=1.1.2 in /usr/local/agent/pyenv/lib/python3.11/site-packages (from aiohttp==3.8.4->-r /etc/nethserver/pyreq3_11.txt (line 6)) (1.3.1)
Requirement already satisfied: setuptools>=62.4.0 in /usr/local/agent/pyenv/lib/python3.11/site-packages (from python-daemon==3.0.1->-r /etc/nethserver/pyreq3_11.txt (line 34)) (74.0.0)
Setup registry:
Add firewalld core rules:
Warning: ALREADY_ENABLED: http
Warning: ALREADY_ENABLED: https
Write initial cluster environment state
Write initial node environment state
Generate WireGuard VPN key pair:
JASGYecRcpESgnESsTmvc0YIvK/mzYj+lG1h3q76b3o=
Start Redis DB:
Generating cluster password:
Generating api-server password:
Generating node password:
AUTH failed: WRONGPASS invalid username-password pair or user is disabled.
NOPERM User default has no permissions to run the 'set' command

NOPERM User default has no permissions to run the 'set' command

NOPERM User default has no permissions to run the 'set' command

NOPERM User default has no permissions to run the 'hset' command

NOPERM User default has no permissions to run the 'hset' command

NOPERM User default has no permissions to run the 'acl|setuser' command

WRONGPASS invalid username-password pair or user is disabled.

NOPERM User default has no permissions to run the 'acl|setuser' command

NOPERM User default has no permissions to run the 'acl|setuser' command

NOPERM User default has no permissions to run the 'acl|setuser' command

NOPERM User default has no permissions to run the 'acl|save' command

NOPERM User default has no permissions to run the 'save' command

NOPERM User default has no permissions to run the 'config|set' command

NOPERM User default has no permissions to run the 'config|set' command

NOPERM User default has no permissions to run the 'config|rewrite' command

NOPERM User default has no permissions to run the 'set' command

Start API server and core agents:
Grant initial permissions:
Traceback (most recent call last):
  File "<stdin>", line 4, in <module>
  File "/usr/local/agent/pypkg/cluster/grants.py", line 73, in grant
    return _change_role_definition(rdb, False, action_clause, on_clause, to_clause)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/agent/pypkg/cluster/grants.py", line 64, in _change_role_definition
    pipe.execute()
  File "/usr/local/agent/pyenv/lib/python3.11/site-packages/redis/client.py", line 1472, in execute
    conn = self.connection_pool.get_connection("MULTI", self.shard_hint)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/agent/pyenv/lib/python3.11/site-packages/redis/connection.py", line 1086, in get_connection
    connection.connect()
  File "/usr/local/agent/pyenv/lib/python3.11/site-packages/redis/connection.py", line 276, in connect
    self.on_connect()
  File "/usr/local/agent/pyenv/lib/python3.11/site-packages/redis/connection.py", line 342, in on_connect
    auth_response = self.read_response()
                    ^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/agent/pyenv/lib/python3.11/site-packages/redis/connection.py", line 500, in read_response
    response = self._parser.read_response(disable_decoding=disable_decoding)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/agent/pyenv/lib/python3.11/site-packages/redis/_parsers/hiredis.py", line 133, in read_response
    raise response
redis.exceptions.AuthenticationError: invalid username-password pair or user is disabled.

Hi,

on which hardware (CPU, RAM, storage) do you run NS8?

Did the ping from NS7 to 10.5.4.1 work?

EDIT:

Sometimes the UDP connection got stuck somehow.
After removing the connection on the firewall or restarting the firewall it worked.

In Software Center switch to installed apps and then go to “Instances”

grafik1261×823 63.7 KB

It’s behind the three dots menu:

grafik1290×793 65.4 KB

Please check if DNS is still working on the Debian system:

• Is the hostname still resolvable from NS8?
• Are the entries in /etc/hosts correct?

If it doesn’t help I think in this case it’s better to reinstall the Debian system to avoid future issues. Maybe there was an issue due to the uninstallation.
If you’re using proxmox for NS8 just create a snapshot/backup of the NS8 after the installation so you can go back in case of failure.

As regards this error, there are some solved threads:

https://community.nethserver.org/search?q=invalid%20username-password%20pair%20or%20user%20is%20disabled%20order%3Alatest

… What a week …
After all that trouble the old hardware crashed and we have to buyed a new one.
We installed proxmox on it with NS8@debian12 in a VM.
Migration works now, but other problems with configuration of proxy …
but this problem is a new theme…

Thanks to all !