Testers needed nethserver-arm img


(Mark Verlinde) #1

In the process of updating nethserver-arm to 7.5.1804 the manner of creating images is going to change; adopting the centos-upstream workflow the spinoff of livecd-creator, appliance-creator will be used.

I backed an image using this tool of the existing nethserver-arm 7.4.1709 release based on centos 7.5.1804 (still with me :roll_eyes:). It should work on a rpi3+ too. :grinning:

This image never booted up and start at first boot with a “signal-event system-init”, this takes about 5 minutes (largely depending on the speed of the SD card).

The only way to see what is happening is to connect a monitor, login and
journalctl -f

It would help to get some feedback on this image to verify the new creation tool.
(AGAIN) its not an update of nethserver-arm

Here is the test Image
Login : root
Password : Nethesis,1234

Thanx in advance

(Giacomo Sanchietti) #2

Just to be clear, on which hardware I can test it? RP2 2, right?

(Mark Verlinde) #3

Sorry, yes its for Raspberry PI 2,3 and 3-plus

(Markus Neuberger) #4

Thanks for your work @mark_nl ! :clap: I tested on a raspi 3.

I like the warning at login to use “Nethesis,1234” as password.

First config wizard comes with old version:

The FQDN in install wizard is empty - usually it defaults to localhost.localdomain.

There’s some error in dnsmasq template:

Jul 11 10:38:51 localhost esmith::event[1929]: ERROR in /etc/e-smith/templates//etc/dnsmasq.conf/20dns: Program fragment delivered error <<Can't call method "within" on an undefined value at /etc/e-smith/templates//etc/dnsmasq.conf/20dns line 18.>> at template line 8
Jul 11 10:38:51 localhost esmith::event[1929]: ERROR: Template processing failed for //etc/dnsmasq.conf: 1 fragment generated errors

Same error occurs after applying first config wizard and is reproducable with expand-template /etc/dnsmasq.conf.

Dashboard shows old version, no hardware info and IPv6 remote DNS:

(Mark Verlinde) #5

THANX @mrmarkuz, very helpful! :+1:

I can not repoduce, but have a hunch why:

No ipv6 in my network :hushed:

Definitely need to disable ipv6 while backing the Image, the falling ..dnsmasq.conf/20dns template seems to break on ipv6 stuff while determining if the assigned IP address is in a known private ipv4 range.

(Giacomo Sanchietti) #6

Tested on 01041 (2 Model B): it works flawlessly!
Also tried to expand the root FS and install CGP package.

The system is a bit slow (not so much slower than an APU), but my SD is a bit sloppy:

[root@localhost ~]# dd if=/dev/zero of=test bs=1M oflag=direct count=1024
1024+0 records in
1024+0 records out
1073741824 bytes (1.1 GB) copied, 75.7586 s, 14.2 MB/s

[root@localhost ~]# hdparm -tT /dev/mmcblk0

 Timing cached reads:   632 MB in  2.00 seconds = 315.80 MB/sec
 Timing buffered disk reads:  66 MB in  3.05 seconds =  21.66 MB/sec

Excellent work!

(Mark Verlinde) #7

I have a bit of a naughty question…

has some pro around here access to rhel solutions

becase i’m reading some older posts the --noipv6 option for kickstart files did not work well


Has some dealt with a kickstart file disabling ipv6?

Do not want to poke in config files to much to give nethserver-init ‘a clean starting point’;
we can fallback to the old method : let firewalld filter IPv6 for first boot and than nethserver-network takes over…

(Markus Neuberger) #8

Good catch. I had to disable IPv6 DHCP server on an openwrt device and now it works without errors. :+1:

(Giacomo Sanchietti) #9

It seems it’s still supported, see here: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/installation_guide/sect-kickstart-syntax

But I also had bad experiences with anaconda and kickstart.

On my machine, I didn’t see the problem on IPv6

(Joel Clendineng) #10

WebDAV support is not in ARM is it? For mail/contacts etc…Just curious, Im pretty sure thats a x86 thing.

(Markus Neuberger) #11

It was caused by odhcpd on openwrt. It acts as DHCPv6 and the Neth-pi got it’s IPv4 DNS correctly from another Nethserver DHCP server but also got an IPv6 DNS address from the openwrt odhcpd.

(Mark Verlinde) #12

For roughening/testing , i’m going to make an image as soon as possible with --noipv6 and add an initial FQDN (localhost.localdomain) in one go.

thnx for the feedback, it helps a lot!

(Mark Verlinde) #13

note we are just testing the creation of images for PI’s :grinning:

To answer your question:
Still evaluating the options on this on limited hardware, next step IMHO is trying out horde

(Mark Verlinde) #14

Here a update from this front

I have to admit it is much harder to get an arm 7.5.1804 out as expected.
the result is not what i hopped it would be ( Tata here is the update) but running out of time i want to share my results. So no alpha release merely my devel repo

Major hurdle is (still) nethserver-mail2, not sure if we get it smoothly running on small hardware.
An other thing costing a lot of time is evebox (pardon my language) it a bitch to build for me :rage:. GO and nodejs (npm) is out of my comfort zone so did not manage to build it on centos but succeed in a fc27 chroot. Did not succed to make a proper source package for it.

And just want something of my chest : while toiling along i got the impression we are treating open source software as free beer, meaning: we get binary packages from somewhere and put them in NS repositories, really hoping i’m mistaking . if not IMHO its bad practice and not done in major linux distributions, most notable rhel/centos!

This being said, here is a snapshot of current status of the local repo. Unfortunately not really equipped to host this repo being on a “home-internet” account already got warnings in the past about “reasonable use”. And do not feel like spinning up a VPS just for this…

As said its a bit to much to build and test it by my self, so like to involve others by getting it out there; if possible host it somewhere. :rofl:

@dz00te are you still around? other ideas how to fix this? (@mrmarkuz, if i may be so cheeky could you help me out here).

Thanx in advance mark

(Markus Neuberger) #15

I really appreciate your work so I am happy to help.

Here is the arm repo:


Just tell me if you need some more like access to it etc.

Please clarify as I get the savapage binary and include it to nethserver-savapage, the developer knows that and it’s ok for everyone. Are we doing something wrong?

(Alessio Fattorini) #16

Why are you thinking that? Could you plesae be more specific?

Good job BTW and thank you for your time

(Mark Verlinde) #17

Thanx a lot ! :clap::clap::clap:

Will send you a update of the release package asap with correct repo!

No there is nothing really wrong with it ; Gues i’m very old-school and live by the principle here is my binary package, here are the sources and this is how i build it: If you want to reproduce it be my guest.
IMHO the reason linux (open source in general) has such an good record on security. just personal preferance

(Mark Verlinde) #18

Missing source packages / spec files for:

(Michael Kicks) #19

Well… has RaspBerry Pi 2 enough CPU power to keep up Suricata+evebox?

(Markus Neuberger) #20

OK, this may be oldschool but is still true.