Vmdk installation notes & problems

NethServer Version: 8
Module: BASE

I’ve been working with the vmdk for the past week off and on. One of the things I’ve noticed is that the ports for web access are closed?

Starting Nmap 7.95 ( https://nmap.org ) at 2024-07-02 12:04 Eastern Daylight Time
Nmap scan report for obs.cur.ed.000
Host is up (0.030s latency).
Not shown: 986 filtered tcp ports (no-response), 10 filtered tcp ports (admin-prohibited)
22/tcp open ssh
80/tcp closed http
443/tcp closed https
9090/tcp closed zeus-admin
Nmap done: 1 IP address (1 host up) scanned in 5.24 seconds

I downloaded the vmdk, made it the sole ‘drive’ and logged in at cli to change the password and run nmtui. The network functions fine, and after changing my repos to use rocky, I was able to update. Unfortunately, the ports appear to be closed and I’m unable to access the web interface. I did validate dns and rererereviewed the installation steps. No joy on the web interface. Maybe I missed something? I didn’t try updating repost until after I noticed the web console was non-responsive. My initial process was vmdk install, password at cli, nmtui, try to get web, test and troubleshoot network (confusing since it all worked), then try yum update, which failed due to software policies.

Is there a trick to get the web interface or is it just closed firewall ports? There are no internal network firewalls to block me.

I ran a security discovery on the system (nessus) and it only found 2 items, so I’m pretty happy that it already seems better than NS7 in that regard (NS7 base install usually has a half dozen findings or so). If the release is adjusted to disable icmp time requests (iptables -A INPUT -p icmp --icmp-type timestamp-request -j DROP) and IP forwarding (echo 0 > /proc/sys/net/ipv4/ip_forward), then there would be no alerts and it’d be perfect.

Additionally, I noted it a bit odd that a vmdk, designed for VMware, didn’t have open-vm-tools installed.

Finally, the ssh server requires keys to login. While I was able to scp my keys over from a different host, someone else might be stuck? I’m not sure if that’s intended. Moba and putty both gave the same error, “no supported authentication methods available (server sent: publickey, gssapi-keyex, gssapi-with-mic).” This could present a problem if anyone was expecting a standard u/p challenge ssh.

Thank you for this post, i thought i was the one doing something wrong,

1 Like

@support_team If you’ve seen this, do you have any feedback? Will a new vmdk be generated or is there any explanation as to why the web interface ports are closed?

The following won’t be of much help…
Today I’ve tested the vmdk image for about 2 hours (although not on vmware) and didn’t hit the ports problem.
From what I could grasp, the vmdk image is generated by converting the qcow2 one.

After dnf update, noticed a recent python 3.11 update, but for that short testing period (manual reboots included) didn’t break anything.

Can you share results from the following commands?, (as the open/closed ports seem to match another than the public and default firewalld zone):

firewall-cmd --get-active-zones
firewall-cmd --get-default-zone
firewall-cmd --list-all

i have been facing issues loading on openstack