Testers needed nethserver-arm img

mark_nl · July 10, 2018, 10:14pm

In the process of updating nethserver-arm to 7.5.1804 the manner of creating images is going to change; adopting the centos-upstream workflow the spinoff of livecd-creator, appliance-creator will be used.

I backed an image using this tool of the existing nethserver-arm 7.4.1709 release based on centos 7.5.1804 (still with me ). It should work on a rpi3+ too.

This image never booted up and start at first boot with a “signal-event system-init”, this takes about 5 minutes (largely depending on the speed of the SD card).

The only way to see what is happening is to connect a monitor, login and
journalctl -f

It would help to get some feedback on this image to verify the new creation tool.
(AGAIN) its not an update of nethserver-arm

Here is the test Image
Login : root
Password : Nethesis,1234

Thanx in advance

giacomo · July 11, 2018, 7:24am

Just to be clear, on which hardware I can test it? RP2 2, right?

mark_nl · July 11, 2018, 8:18am

Sorry, yes its for Raspberry PI 2,3 and 3-plus

mrmarkuz · July 11, 2018, 11:03am

Thanks for your work @mark_nl ! I tested on a raspi 3.

I like the warning at login to use “Nethesis,1234” as password.

First config wizard comes with old version:

The FQDN in install wizard is empty - usually it defaults to localhost.localdomain.

There’s some error in dnsmasq template:

Jul 11 10:38:51 localhost esmith::event[1929]: ERROR in /etc/e-smith/templates//etc/dnsmasq.conf/20dns: Program fragment delivered error <<Can't call method "within" on an undefined value at /etc/e-smith/templates//etc/dnsmasq.conf/20dns line 18.>> at template line 8
Jul 11 10:38:51 localhost esmith::event[1929]: ERROR: Template processing failed for //etc/dnsmasq.conf: 1 fragment generated errors

Same error occurs after applying first config wizard and is reproducable with expand-template /etc/dnsmasq.conf.

Dashboard shows old version, no hardware info and IPv6 remote DNS:

mark_nl · July 11, 2018, 11:56am

THANX @mrmarkuz, very helpful!

mrmarkuz:

There’s some error in dnsmasq template:

Jul 11 10:38:51 localhost esmith::event[1929]: ERROR in /etc/e-smith/templates//etc/dnsmasq.conf/20dns: Program fragment delivered error <<Can't call method "within" on an undefined value at /etc/e-smith/templates//etc/dnsmasq.conf/20dns line 18.>> at template line 8
Jul 11 10:38:51 localhost esmith::event[1929]: ERROR: Template processing failed for //etc/dnsmasq.conf: 1 fragment generated errors

Same error occurs after applying first config wizard and is reproducable with expand-template /etc/dnsmasq.conf .

I can not repoduce, but have a hunch why:

No ipv6 in my network

Definitely need to disable ipv6 while backing the Image, the falling ..dnsmasq.conf/20dns template seems to break on ipv6 stuff while determining if the assigned IP address is in a known private ipv4 range.

giacomo · July 11, 2018, 12:58pm

Tested on 01041 (2 Model B): it works flawlessly!
Also tried to expand the root FS and install CGP package.

The system is a bit slow (not so much slower than an APU), but my SD is a bit sloppy:

[root@localhost ~]# dd if=/dev/zero of=test bs=1M oflag=direct count=1024
1024+0 records in
1024+0 records out
1073741824 bytes (1.1 GB) copied, 75.7586 s, 14.2 MB/s

[root@localhost ~]# hdparm -tT /dev/mmcblk0

/dev/mmcblk0:
 Timing cached reads:   632 MB in  2.00 seconds = 315.80 MB/sec
 Timing buffered disk reads:  66 MB in  3.05 seconds =  21.66 MB/sec

Excellent work!

mark_nl · July 11, 2018, 1:13pm

I have a bit of a naughty question…

has some pro around here access to rhel solutions

becase i’m reading some older posts the --noipv6 option for kickstart files did not work well

-or-

Has some dealt with a kickstart file disabling ipv6?

Do not want to poke in config files to much to give nethserver-init ‘a clean starting point’;
we can fallback to the old method : let firewalld filter IPv6 for first boot and than nethserver-network takes over…

mrmarkuz · July 11, 2018, 2:52pm

Good catch. I had to disable IPv6 DHCP server on an openwrt device and now it works without errors.

giacomo · July 11, 2018, 3:28pm

It seems it’s still supported, see here: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/installation_guide/sect-kickstart-syntax

But I also had bad experiences with anaconda and kickstart.

On my machine, I didn’t see the problem on IPv6

Jclendineng · July 11, 2018, 3:47pm

WebDAV support is not in ARM is it? For mail/contacts etc…Just curious, Im pretty sure thats a x86 thing.

mrmarkuz · July 11, 2018, 3:55pm

It was caused by odhcpd on openwrt. It acts as DHCPv6 and the Neth-pi got it’s IPv4 DNS correctly from another Nethserver DHCP server but also got an IPv6 DNS address from the openwrt odhcpd.

mark_nl · July 11, 2018, 4:27pm

For roughening/testing , i’m going to make an image as soon as possible with --noipv6 and add an initial FQDN (localhost.localdomain) in one go.

thnx for the feedback, it helps a lot!

mark_nl · July 11, 2018, 4:36pm

note we are just testing the creation of images for PI’s

To answer your question:
Still evaluating the options on this on limited hardware, next step IMHO is trying out horde

mark_nl · July 19, 2018, 12:39pm

Here a update from this front

I have to admit it is much harder to get an arm 7.5.1804 out as expected.
the result is not what i hopped it would be ( Tata here is the update) but running out of time i want to share my results. So no alpha release merely my devel repo

Major hurdle is (still) nethserver-mail2, not sure if we get it smoothly running on small hardware.
An other thing costing a lot of time is evebox (pardon my language) it a bitch to build for me . GO and nodejs (npm) is out of my comfort zone so did not manage to build it on centos but succeed in a fc27 chroot. Did not succed to make a proper source package for it.

And just want something of my chest : while toiling along i got the impression we are treating open source software as free beer, meaning: we get binary packages from somewhere and put them in NS repositories, really hoping i’m mistaking . if not IMHO its bad practice and not done in major linux distributions, most notable rhel/centos!

This being said, here is a snapshot of current status of the local repo. Unfortunately not really equipped to host this repo being on a “home-internet” account already got warnings in the past about “reasonable use”. And do not feel like spinning up a VPS just for this…

As said its a bit to much to build and test it by my self, so like to involve others by getting it out there; if possible host it somewhere.

@dz00te are you still around? other ideas how to fix this? (@mrmarkuz, if i may be so cheeky could you help me out here).

Thanx in advance mark

mrmarkuz · July 19, 2018, 1:11pm

I really appreciate your work so I am happy to help.

Here is the arm repo:

https://nethserver.globalcortex.net/mirror/nethserver-arm/7.5.1804/

Just tell me if you need some more like access to it etc.

Please clarify as I get the savapage binary and include it to nethserver-savapage, the developer knows that and it’s ok for everyone. Are we doing something wrong?

alefattorini · July 19, 2018, 1:13pm

Why are you thinking that? Could you plesae be more specific?

Good job BTW and thank you for your time

mark_nl · July 19, 2018, 1:23pm

Thanx a lot !

Will send you a update of the release package asap with correct repo!

No there is nothing really wrong with it ; Gues i’m very old-school and live by the principle here is my binary package, here are the sources and this is how i build it: If you want to reproduce it be my guest.
IMHO the reason linux (open source in general) has such an good record on security. just personal preferance

mark_nl · July 19, 2018, 1:27pm

Missing source packages / spec files for:
evebox
rsampd
firehol
speedtest-cli
ufdbGuard

pike · July 19, 2018, 1:37pm

Well… has RaspBerry Pi 2 enough CPU power to keep up Suricata+evebox?

mrmarkuz · July 19, 2018, 1:46pm

OK, this may be oldschool but is still true.