NS8beta2 | MArtin: my experiences and suggestions for imporvements

Openstack VM

1 Vcpu, 2 GB RAM 20 GB HDD

DNS

ns8.bybiz.link
min.ns8.bybiz.link
mina.ns8.bybiz.link

Alma Linux 9 standard installation ssh
curl https://raw.githubusercontent.com/NethServer/ns8-core/ns8-stable/core/install.sh | bash

Backup Encryption PW

done

Installation Minio

Setting Minio hostname with http:// or / after the fgdn causes these errors

image657×527 16.1 KB

Minio LE cert is not reflected immediately, is a reboot or login/logout required for main cluster admin for this to be visible?

Configuration

API server host name:
min.ns8.bybiz.link

Web interface host name:
min.ns8.bybiz.link

TEst
NO LE and LE,
LE takes long to reflect.

Api host server name, redirects to :9001

Create a new Bucket and upload files.,

Share link for file is in format of :

http://127.0.0.1:9000/minadmin/things%20to%20read%20and%20research.txt?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=8DVLUACFOQJWB8UVIKII%2F20230915%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230915T133022Z&X-Amz-Expires=604800&X-Amz-Security-Token=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhY2Nlc3NLZXkiOiI4RFZMVUFDRk9RSldCOFVWSUtJSSIsImV4cCI6MTY5NDgyNjUwNCwicGFyZW50IjoibWluaW9hZG1pbiJ9.w_tgEfdlxXjMOADL1BPpizY9DfaKMO6RC-oAhf_VQvhGrRqPP7UBBct4rYFHsoHlALMIg9jejmp5K1gymUlBzA&X-Amz-SignedHeaders=host&versionId=null&X-Amz-Signature=40089df7df5eea37388649ac8165e491df07b17666afb5ac4547877460ee40a7

instead of the defined api hostname

the fact that you can define an external/attached storage is a welcome and nice to have feature.

Notification Panel:
i think it would be great if it was possible to clear individual completed cards on this panel.
Also Ability to clear all.
currently only mark as read is available

image412×543 8.25 KB

Samba AD Installed
Much easier to install and configure than on NS7

Adding a second Provider of Samba, on the same domain possible on the same host, but configuring gives config error.

image660×504 12 KB

Adding AD domain and OpenLdap Domain on the same domain is possible (),interesting

The Edit Domain user Interface is so Huge, i think it can be reduce, since there are not many parameters. ( )

No, there is an error that prevents the certificate request from being issued: failed validation from set-route. It smells like a bug!

Try with another TLD, if possible.

We already planned a Notification panel rework.

An active directory domain controller binds to some well known port numbers (like DNS, kerberos LDAP and so on…), so it is not possible to start two DCs on the same node.

Do you mean to compact the fields layout? We have to ask @andre8244 !

This App can not be enabled becaue it makes the server unstable.

image720×467 21.4 KB

I am not sure why this error is received for literally all apps i try, could there be somethign wrong?

I have discovered that the cluster admin interface does not autologout a user after some time, it can continue in a loggedIn state for weeks.

is this by design?

Yes the current token lifetime is about 15 days.

is there a settings place to reduce this token to a lower value, so that someone can define it.

its important for cloud facing instances and or those managed on shared machines

The value is hardcoded in Golang code (middleware.go), but I guess it is possible to define a configurable value with a simple PR /cc @edoardo_spadoni

Consider that if you log out, the token is removed from the browser local storage and hopefully there is no way to recover it.

what repercussions does having the token removed have, if the user would just be able to login back again,

Are there other background processes dependant on the token?

No, as said the token has limited lifetime and is used only to obtain cluster-admin usage authorization.

I think i might have Encountered a Bug, But i am not sure, could someone help me test this scenario.

WHile Nextcloud interface is open, go to any application instance settings page (dokuwiki, collabora) or others, create configs and save the settings,

While the Update of the settings is still running, try loading anything inside the nexctloud instance, or even load the cluster admin console on a seprate tab, and try running commands.

the Server Freezes, Tieouts, and Gives websockets connetion error
this has happened 2 times already.

I have updated my instance to RC1, it was running both Ldap and Active directory, and so far so goo, all works well

I have been testing the webserver module and i must say, its implementation is extremely interesting, very very interesting.

it has an smtp settings for the sftpgo, could you consider pre-implementing default admin email on the smtp settings, if mail has been implemented on the server?

Under settings, we have HTTP Routes

image994×479 10 KB

i am curious about the ports defined, are those internal ports, or external ports.

if they are external ports, does it not then mean on a server sitting behind a firewall, all those ports will have to be whitelisted?

Please see nodes > select nodes, 3 dots upper right → firewall = overview of e.g. all external ports recognised by the firewall on that node.

my question is if the VM itself is behind another firewall.

Say youre on proxmox, and using opnsense as firewall, and not all ports are open.

or youre on a cloud provider, with whom you have to open ports to have the server accessible on the open web.

You mean node1 is on proxmox on your location and node2 is in the cloud with a provider on a VPS, and node3 is in another location?

not its just one node.

I am just anticipating a scenario like the one that ports needs to be opened on firewall.

i currently dont have an ns8 instacne with those requirement, but my ns7 instances do have those

Those high ports per app on 1 node do not need any attention from any firewall.

Setting a good default timeout isn’t easy; the TrueNAS folks are having problems there as well. But 15 days seems excessive.

tihahaha

Can we not make it a setting?