I am starting a separate thread here to document my experiences and raised questions.

Attention: I did not use the manual, I proceeded a pure intuitive installation with one exception: the NS8-Install script

Prequisits:

Proxmox 7:

Memory: 8.00 GiB
Processors: 2 (1 sockets, 2 cores) [×86-64-v2-AES]
BIOS: Default (SeaBIOS)
Display: Default
Machine: Default (i440fx)
SCSI Controller: VirtlO SCSI single
CD/DVD Drive (ide2): ISOlmage:iso/debian-12.1.0-amd64-netinst.iso,media=cdrom,size=627M
Hard Disk (scsiO):DiskImage:103/vm-103-disk-O.qcow2,iothread=1,size=32G
Network Device (netO): virtio=6E:4A:AO:8A:68:13,bridge=vmbro

DNS

OPNSense: DHCPv4 // “static IP”

6e:4a:a0:8a:68:13 192.168.3.211 ns8beta.home.dargels.de

OPNSense: Unbound-Overrides:

Host override: ns8beta.home.dargels.de
Host: nextcloud
Domain: home.dargels.de

Host override: ns8beta.home.dargels.de
Host: wiki
Domain: home.dargels.de

Debian12-Installation

Standard Net-Installation with ssh-server and curl

Customizing

/etc/ssh/sshd_config

PermitRootLogin prohibit-password

NS8 Installation

curl https://raw.githubusercontent.com/NethServer/ns8-core/ns8-stable/core/install.sh | bash

Install log

Successfully installed Jinja2-3.1.2 MarkupSafe-2.1.3 PyYAML-6.0 aiodns-3.0.0 aiohttp-3.8.4 aioredis-2.0.1 aiosignal-1.3.1 ansible-core-2.15.1 ansible-runner-2.3.1 async-timeout-4.0.2 brotlipy-0.7.0 cffi-1.15.1 cryptography-41.0.1 dnspython-2.3.0 docutils-0.20 frozenlist-1.4.0 hiredis-2.2.3 ldap3-2.9.1 lockfile-0.12.2 multidict-6.0.4 packaging-23.0 pexpect-4.8.0 psutil-5.9.4 ptyprocess-0.7.0 pyasn1-0.4.8 pycares-4.3.0 pycparser-2.21 python-daemon-3.0.1 redis-4.5.5 regex-engine-1.1.0 resolvelib-1.0.1 semver-3.0.1 typing-extensions-4.6.3 yarl-1.9.2
Setup registry:
Add firewalld core rules:
Write initial cluster environment state
Adding id_rsa.pub to module skeleton dir:
Add /etc/hosts entries:
Generate WireGuard VPN key pair:
u69<snipped>Q8=
Start Redis DB:
Created symlink /etc/systemd/system/default.target.wants/redis.service → /etc/systemd/system/redis.service.
Generating cluster password:
Generating api-server password:
Generating node password:
AUTH failed: WRONGPASS invalid username-password pair or user is disabled.
OK
OK
3
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
Start API server and core agents:
Created symlink /etc/systemd/system/multi-user.target.wants/api-server.service → /etc/systemd/system/api-server.service.
Created symlink /etc/systemd/system/default.target.wants/agent@cluster.service → /etc/systemd/system/agent@.service.
Created symlink /etc/systemd/system/default.target.wants/agent@node.service → /etc/systemd/system/agent@.service.
Grant initial permissions:
Install Traefik:
<7>podman-pull-missing ghcr.io/nethserver/traefik:2.0.0
Trying to pull ghcr.io/nethserver/traefik:2.0.0...
Getting image source signatures
Copying blob sha256:fe568243fd51854aefa667803a62d00dca43e72012450928dea74ac7dd1a7477
Copying config sha256:bc892b520b5f853d383b1a02e0e9cefaf3da3d1f382b6154de296b95e37b662d
Writing manifest to image destination
Storing signatures
bc892b520b5f853d383b1a02e0e9cefaf3da3d1f382b6154de296b95e37b662d
<7>extract-ui ghcr.io/nethserver/traefik:2.0.0
Extracting container filesystem ui to /var/lib/nethserver/cluster/ui/apps/traefik1
ui/index.html
b56c8af1fa332b620d991ddaf0fab07a2f48cbda1ccc2247c1b204ef7a007492
{'module_id': 'traefik1', 'image_name': 'traefik', 'image_url': 'ghcr.io/nethserver/traefik:2.0.0'}
Setting default admin password:
True

NethServer 8 Core
----------------------------------------------------------------------------

Finish the cluster configuration by running one of the following procedures.

A. To join this node to an already existing cluster run:

      join-cluster <cluster_url> <jwt_auth>

   For instance:

      join-cluster https://cluster.example.com eyJhbGc...NiIsInR5c

B. To initialize this node as a cluster leader run:

      create-cluster <vpn_endpoint_address>:<vpn_endpoint_port> [vpn_cidr] [admin_password]

   For instance:

      create-cluster NS8Beta.home.dargels.de:55820 10.5.4.0/24 Nethesis,1234

Finally, access the administration UI at:

   https://<hostname_or_IP>/cluster-admin/

For instance, if NS8Beta.home.dargels.de is resolvable

   https://NS8Beta.home.dargels.de/cluster-admin/

Enter the following credentials:

   User: admin
   Password: Nethesis,1234

initialize this node as a cluster leader

root@NS8Beta:~# create-cluster NS8Beta.home.dargels.de:55820 10.5.4.0/24 Nethesis,1234
Copy the following command to a worker node to join this cluster with admin's credentials:

    join-cluster --no-tlsverify https://NS8Beta.home.dargels.de 
ey<nsipped>-YWA

Post Installation:

Change Admin PW

done

Backup Encryption PW

done

Request TLS Certificate

failed

{"context":{"action":"set-certificate","data":{"fqdn":"NS8Beta.home.dargels.de","sync":true},"extra":{"description":"Processing","eventId":"62a5a745-9819-45e0-ac77-e3f989cdc783","logs":{"instance":"traefik1","path":"?searchQuery=&context=module&selectedAppId=traefik1&followLogs=false&startDate=2023-09-13&startTime=13%3A58&autoStartSearch=true"},"title":"Request certificate for NS8Beta.home.dargels.de"},"id":"6613dbbc-5668-4dec-b9bf-49c1e36394b8","parent":"","queue":"module/traefik1/tasks","timestamp":"2023-09-13T11:58:06.770590368Z","user":"admin"},"status":"aborted","progress":99,"subTasks":[],"validated":true,"result":{"error":"","exit_code":2,"file":"task/module/traefik1/6613dbbc-5668-4dec-b9bf-49c1e36394b8","output":{"obtained":false}}}

Installation DokuWiki

done
Progess indicator freezes at 100%

image802×236 5.44 KB

… but outdated version

Hotfix release available: 2023-04-04a “Jack Jackrum”. upgrade now! [54.1] (what’s this?)

New release available: 2023-04-04 “Jack Jackrum”. upgrade now! [54] (what’s this?)

Hotfix release available: 2022-07-31b “Igor”. upgrade now! [53.1] (what’s this?)

Hotfix release available: 2022-07-31a “Igor”. upgrade now! [53] (what’s this?)

New release available: 2022-07-31 “Igor”. upgrade now! [52.2] (what’s this?)

New release candidate 2 available: rc2022-06-26 “Igor”. upgrade now! [52.1] (what’s this?)

New release candidate available: 2022-06-26 “Igor”. upgrade now! [52] (what’s this?)

Hotfix release available: 2020-07-29a “Hogfather”. upgrade now! [51.4] (what’s this?)

Configuration

FQDN: wiki.home.dargels.de
Let’s Encrypt (Cert): yes
HTTP to HTTPS: yes

Test:

• No LE-Cert (DEFAULT CERT for “host-28671.ns8.test”)
• Webstite starts
• http to https works

create internal domain (Samba)

Domain: adns8.home.dargels.de (expl.: ad.home.dargels.de still used by also running NS7-VM)
NetBIOS domain: DAHO (expl.: defined within OPNSnse)
Choose Samba admin username: administrator
Choose a password for Samba admin user:
Re-enter Samba admin password:
Hostname: dc1
Provide file shares and authentication to Windows clients: Enabled
Provider IP address: Choose → 192.168.3.211 - ens18 (enp0s18)

the same like cluster node?!

Creating groups:

DokuWiki - to assign Dokuwiki User
NextCloud - to assign NextCloud User

Creating shares

image1586×1004 56.1 KB

NC-Data ACLs

• Domain Controllers: Special
• NT AUTHORITY\SYSTEM: Full access
• BUILTIN\Administrators: Full access
• Domain Admins: Read and write
• Everyone: Read only

Change permissions:

image1570×568 34.4 KB

NC-Data ACLs NEW

• Domain Controllers: Special
• NT AUTHORITY\SYSTEM: Full access
• BUILTIN\Administrators Full access
• Everyone: Read and write

NextCloud Installation

done
Progress indicator freezes also like Dokuwiki

image844×680 22.6 KB

cofiguration:

• change PW: done
• hoste name was prefilled with nextcloud.home.dargels.de (but I am not sure if only proposed or defined, therefore redefined)
• Let’s Encrypt Certificate: yes
• User Domain selected: adns8.home.dargels.de

Evaluation:

• LE-Cert not povided, only default cert host-28671.ns8.test
• Website reachable, login with admin user possible
• german localization of the site although english is preset in the admin profile.
• welcome screen is empty

just give hints or testing tasks

Hi Marko,

I will join you.

Michel-André

Question1: How to backup if no such backup repository available

image1604×856 44.8 KB

…especially on Synology NAS?

Question 2: Which software modules are essential or recommended? Does the old saying still apply “What you don’t know, you don’t need”?
Because I don’t know something about Grafana, Prometheus, CrowdSec and node_exporter and cannot recognize use cases.

Or does the new wisdom “better to have than to need” apply?

i think another question that can be asked about the modules would be.

Is there a given order to installing any of the Module? , or whichever order is ok and all will just align

1st Summary:

Installation and initial configuration in a time frame of 2 hours with an intuitive procedure without a manual.

Chapeau!

Question 4
How to update Software Modules? Using the internal updaters like in NextCloud or updating via Software center like in NS7?

Question 5: …probably the most stupid question ever… Where is the switch to reboot the node in cluster-admin?

You should go with the “S3 compatible provider”. Maybe your device already provides a S3-compatible service, or it has a Docker add-on and you can run MinIO on it.

There is no exhaustive answer. Core modules already provide the basic platform features to run the modules available in the Software Center. There are still many things to improve, for instance the services monitoring. We are working on it.

Question 3

No ordering is required. You can install many modules at the same time, there is no limit until you find a bug!

Software Center, like NS7 if not permitted otherwise.

As there are no UI managed OS updates, there is no UI reboot button in Beta 2. We are still fighting over that

Unless you’re a developer, don’t run that command. Go to https://.../cluster-admin/ and follow the UI instructions.

Post-installation steps are documented here. Please read it! Installation — NS8 documentation

I also noticed this regression. It is a maybe-bug we must investigate.

Thank you for reporting it!

Edit, card added Trello

But it seems to work. Is it just not recommended or a real mistake that I need to correct, for example by reinstalling?

Yes it works but the UI procedure also guides you through more setup steps:

• change the default password
• set fqdn correctly
• review vpn setup

Did you noticed the issues?

Dokuwiki

Test:

• No LE-Cert (DEFAULT CERT for “host-28671.ns8.test”)

Nextcloud

Evaluation:

• LE-Cert not provided, only default cert host-28671.ns8.test

The domain is not registered in public DNS: for sure, Let’s Encrypt can’t provide a certificate for it!

$ host wiki.home.dargels.de
Host wiki.home.dargels.de not found: 3(NXDOMAIN)

See TLS certificates — NS8 documentation

35% of a successful server install is… preparation.
Thus why i suggest to put into “server tasklist installation” as second step: FDQN.
First one is “password”. Not the “personal default one”.

Why first? Because the “i’ll do later” schedule usually fails blatantly.

If you have already registered in DNS, some time must pass before it will be seen (from tens of minutes to several hours).

You are right. In the public DNS I only registered home.dargels.de

wiki.home.dargels.de are only defined in OPNSense

I have not yet looked into how to generate an LE Cert for an internal IP address. I can’t point to an internal IP in the public DNS.

Question 6: How to set up one (or several different) vhost(s) + related Maria DBs to deploy multiple WordPress sites with different domain names?
I cannot find any Information in the docu.

Question 7: Will it be possible with NS8 to configure the mail server with multiple mail domains properly also with differentiated assigned mail users? Or must be practiced again the work around as in NS7? How to setup it in NS8Beta2?

Question 8: Will the migration script support migration of NS7 installations configured to different vhosts + related DBs with different domain names and different mail domains ?