NS8 - Question of understanding

Currently we are running on NS7 up-to-date. It’s only a small business, a few windows clients but a lot of machines (and data) in the LAN of the company. In 99,9% of all time everything is running as intended, no need to investigate as an admin. No way due legal circumstances to move any data in a cloud.

While moving from SME to NS I followed the good advice from Andy and installed NS in/on proxmox. In front there’s an OPNSense acting as firewall, and handling a few things for the network. The migration was not easy, finally with the help of this community and the forum, it could be done.

I’d like to test the new NS8. A few questions are coming in my mind:

  • Assuming I want to stay with proxmox. Does this mean, I’d have to install first i.e. Rocky, Alma or Debian? And then on top the NS8 software?

  • will NS8 serve the LAN if there’s no internet connection?

  • I tried to read as much threads as I found in the forum about the intended changes from NS7 to NS8. It’s very clear that every new move needs a learning curve. No problem with that.

Today NS claimes (or states) on the main page https://www.nethserver.org/:

Simple

Powerful web interface that simplifies common administration tasks, very easy/fast installation and a lot of pre-configured modules installable with a “single click”.

I know NS8 is in alpha state - but all I read in the forum about NS8 gives me the feeling, that as a part time sysadmin I have to spend a lot more time for NS8 as for NS7. Not only to install, configure and administer NS8, further more, at least there’s also to maintain one underlying OS (maybe two).

  • at this point I do have the feeling, that NS8 might not longer address small enterprises. It seems more to be an offer for companies, with an IT-department or an external IT-guy, who’s doing the whole stuff.

I’ll going to install NS8 in a VM for tests. Will try for myself to find out, if NS8 could be the future for us.

But - am I wrong with my thoughts?

regards,
stefan

3 Likes

Hi @schulzstefan

NS8 CAN do more than NS7, for sure.

But in the end, there will be a migration path, where you backup on NS7, and install restore on NS8 (Or something similiar, that’s up to the devs to decide!), BUT: You will end up with your data, and services, running on NS8. If you want or need to run more, why not? If you prefer to stay as it is (It works), also why not.

Sure have a look at what’s coming, but don’t worry before you get to the bridge… Maybe it’s a big looking bridge, but only spanning a small chasm…

I trust our devs will handle the migration as they have in the past - eg NS6 → NS7…

Using Proxmox underneath does make the migration less of a headache…
And OPNsense will still stay my firewall, why change a winning eam?

My 2 cents
Andy

2 Likes

As I see System requirements — NS8 documentation for testing with rocky it has to be >= 9.1. This leads to problems with my old horse hp compaq 7900 sff. CPU can’t sse4. Means kernel panic. I assume the same problem will pop up with alma.

Should I try debian? Or centos?

Edit: I’ll give debian a shot. Probably centos is causing the same problem

Hmm, debian-11.6.0-amd64-netinst.iso seems to work even on older machines. Installation is running.

I understand that creating a VPN on NS8 is mandatory, is this correct? And if so, why does it have to be on a server and not on a firewall?

Just my thoughts, I guess it is the point where we leave the ‘all in one’ concept of the SME legacy design and philosophy.

One upon a time, ‘E-smith Server & Gateway’ was intended for area’s and small entities (e.g. K? schools too) in AUS to provide a simple ‘small business server’ based on ‘install and forget’.

I guess times change, but I hope the NS8 update system will provide some automatic assistance. But yes, Proxmox + base OS + NS8 (nodes) + Firewall

Just Food for thought and memory lane.

When the installation script ends, access the Web user interface at https://<server_ip_or_fqdn>/cluster-admin/.

First, you will need to login using the default credentials:

  • Username: admin
  • Password: Nethesis,1234

Even after a reboot, this is not working.

Edit: cat /etc/passwd does not show a user admin.

Added a system user “admin” manually. Gave the standard password. Still no luck:
“Cannot log in Invalid username or password”

The debian install was minimalistic. Only system and ssh. Nothing more before installing NS8.

How to proceed?

Edit: ssh login from host with user admin is working.
Edit: no, it’s not. I gave admin no home. Will try to delete and recreate with home.

Stuck. ssh is working now. But no access with /cluster-admin/ from browser.

Started over. Deleted the user admin. Uninstalled neth8. Re-installed neth8. Don’t know why, but now I have access to /cluster-admin.

Edit: time to go to bed. Will proceed the next days.

…and without any further indication of what was happening (“doesn’t work” is, well, pretty useless as a problem report), none of us have any idea of what was going on either. But there’s no reason to expect that the web UI’s users should show up in /etc/passwd.

That’s correct. I followed blindly the install instructions. It’s not a problem report, more a report of just following the instructions.

As I installed the most minimalistic debian (only ssh and system) without apache or nginx, where to investigate? Do I have to look to the logs of the debian os? Where are the logs from NS8? Still in os directory /var/log? Does NS8 have an own structure for keeping logs? Is this somewhere documented?

For now system is up and running. Next step is creating an AD, groups and users. Will report.

Yes, but we are also preparing some ready-to-use images for different virtualization platforms.
Stay tuned :slight_smile:

Yes, but the internet connection is required during install and when installing new stuff.

Our targets are always small companies. So yes, we hope that a single server will handle almost the same stuff as a NS7 server.

The VPN is for connecting the node clusters. It’s mandatory but used only when you have two or more nodes.
The VPN is bundled inside the cluster because the system needs to handle the configuration in case of leader switch. If you use a cluster with one node, you can just completely forgive about the VPN.

2 Likes

@giacomo

Thank you for clarification.

Meanwhile I figured out where the logs are stored. Still a little confused because of the underlying OS logs and the logs of neth8. Well I guess, one can get used to it.

1 Like

I created an AD, user and group. I also installed the mail module and roundcube. While installing the mail module there’s an issue looping in the logs:

  1. from the neth8 app (mail1) log:

2023-04-12T15:25:26+02:00 mail1 dbf1d0f1a5dae71381316ce182c1f58aaea50618ebfb761dcd857403fef1db7c
2023-04-12T15:25:27+02:00 mail1 Illegal instruction
2023-04-12T15:25:28+02:00 mail1 dbf1d0f1a5dae71381316ce182c1f58aaea50618ebfb761dcd857403fef1db7c
2023-04-12T15:25:29+02:00 mail1 systemctl --user is-enabled clamav.service
2023-04-12T15:25:29+02:00 mail1 enabled
2023-04-12T15:25:30+02:00 mail1 d5674cf50009691ecc0dca4100905ba7b171d16435ac9a58bfa94c15f95b6fd4
2023-04-12T15:25:31+02:00 mail1 Illegal instruction

  1. from the debian OS (journalctl):

Lot more information. As there’s no integration to the host (not possible to copy’n paste, I could take a screenshot of course), I decided to ssh to the system. I read in the install instructions the firewall is open on port 22 per default. I am able to login on the console with the given credentials for root while installing the debian host OS. I’m not able to ssh to the box. On the console systemctl status ssh shows the server is up and running. It also tells me, the user root is failing the password. No idea at this point - I’m not a debian specialist. I would assume this should just work?

Hmm…?

Further more testing, now on beta2, still underlying debian 12 os as host in virtualbox. No letsencrypt certs.

As far as I can see, samba is running, shares, user and groups are functional. Mariadb, nginx and nextcloud seem to work. Did not test any email yet.

Syncing data from i.e. another linux machine with rsync to a samba share, seems to be very difficult. The underlying OS knows only root. The shares of course have other users (and groups). Trying to change owner and permissions does not help. Anybody with a hint? Could help to sync BIG DATA from old to new server… just in case moving data manually from old to new.

And another probably stupid question: in Neth7 backups were offered with restic, rsync and duplicity. What is the reason for changing the horses? It was simple and did the job…

2 Likes

Salut @schulzstefan

You read my mind !!!

Michel-André

This is due to how containers work, take a look at this.
You need an external rsync process that mounts the volume and does the job: it’s not easy at all.

We didn’t, we just pick the right horse for the job: restic is the only backup engine supported so far.

1 Like

fullack

Making the swiss knive rsync complicated to use is in linux world a really big con. Not beeing able to easy transfer data from one linux machine to another with rsync, is a lack. Sorry to complain.

Easy backup and restore single files seems also getting complicated. Why? It’s essential to any admin to have an easy and fast process. Do I overlook something?