Scenario…
I’m gonna use a hosted installation, for services that for some reasons, it’s better put outside the company rather than inside.
But I already have some bare-metal/virtual capacity to create and start tweaking the server.
Option 1 could be take detailed notes of everything i need for configure as expected. But this crashes into another issue: sometimes data (not so few, not so simple) is already into the system.
This lead to …
Option 2 create a configuration AND data backup of the whole system, at the end the system would be backup on a WebDav host so the “hosted” system can restore from internet without hassle. But this lead to another problem: configuration backup could litteraly crush the network configuration, because sometimes hosting is not the way “we” sysyadmin likes, mostly is the way of the hosting services sysadmins wants.
Cue in the emergency recover tool from bash, who can allow with a “nice and switf” change of address on Green interface… Which is the only mandatory, but anyway… maybe is not the network interface we use into our hosted server.
My proposal is to have checkbox during restore of the configuration, par default checked.
The box should be called “network configuration restore”. With a “baloon” hint available.
During restore configuration process with the checkbox enabled, everything goes as currently happening.
During restore without checkbox enabled, everything but network adapters and addresses are restored.
The checkbox could also be available in reverse, as “skip network configuration restore”.
Some of the critical points of this choice could be:
- IPSec and OpenVPN configuration could be loss. By my point of view, these are “networks”. IPSec tunnels and OpenVPN warriors should be recreated from scratch, OpenVPN N2N should be faster to recreate
- Firewall rules could hit something really bad. They should be restore, but a lot of the objects could be not be valid anymore. My suggestion is to recreate all the objects and the rules, but having latest disabled. Deletion or enable could be cherry-picked later by the sysadmin
- Another big hit could be external LDAP server. Talking about that separately because user availability could be crushed by cannot contact anymore the userbase master. Currently I have no good ideas to propose
- Last (to my current idea) but not least hit are the containers. Without restoring the network configuration I think that containers could be not that happy to not have “connecting rods” (aqua network) between them and the system. Currently i don’t know if the network configuration of the containers is stored into data backup or into configuration backup, but i would bet on the latter. Also, i don’t know if the concept of “virtual vs phisical” adapter by Nethserver perspective could be the “split” between network restore skip and network restore allow.
Game on 
