Unresponsive server when installing on a CT on Proxmox 5.1


(Juan Carlos Fernandez) #1

NethServer Version: 7-4.1708

I’m having issues installing NethServer 7-4.1708 on Proxmox 5.1-38 as a container (I’m using proxmox Centos template centos-7-default_20171212_amd64.tar.xz). After following Nethserver’s “Install on Centos” guide I always end up with an unresponsive server.

This is what I did:

I created a Proxmox container with this configuration:

# pct config 109
arch: amd64
cores: 4
description: 
hostname: odin
memory: 1024
nameserver: 192.168.###.###
net0: name=eth0,bridge=vmbr0,gw=192.168.###.###,hwaddr=9E:35:A0:D0:F5:DC,ip=192.168.###.###,/24,type=veth
net1: name=eth1,bridge=vmbr1,gw=190.92.###.###,hwaddr=DE:68:CA:14:A0:39,ip=190.92.117.211/29,type=veth
ostype: centos
rootfs: local-zfs:subvol-109-disk-1,size=20G
searchdomain: myhost.lan
swap: 1024

I configured it like this:

# Fix timezone
timedatectl set-timezone America/Havana

# Inserted this into /root/.bashrc to enable global proxy
############################################################################################

# Define global proxy
MY_PROXY_URL="http://192.168.9.69:3128/"
HTTP_PROXY=$MY_PROXY_URL
HTTPS_PROXY=$MY_PROXY_URL
FTP_PROXY=$MY_PROXY_URL
http_proxy=$MY_PROXY_URL
https_proxy=$MY_PROXY_URL
ftp_proxy=$MY_PROXY_URL
export HTTP_PROXY HTTPS_PROXY FTP_PROXY http_proxy https_proxy ftp_proxy 

############################################################################################

# Inserted this into /root/.bashrc to enable console autocompletion
############################################################################################

if [ -f /etc/bash_completion ]; then
    . /etc/bash_completion
fi

############################################################################################

# Inserted this into /root/.inputrc to enable console autocompletion
############################################################################################

# mappings for making up and down arrow searching through history:
"\e[A": history-search-backward
"\e[B": history-search-forward
"\e[C": forward-char
"\e[D": backward-char
"\e[1;5C": forward-word
"\e[1;5D": backward-word

#Use [Tab] and [Shift]+[Tab] to cycle through all the possible completions:
"\t": menu-complete
"\e[Z": menu-complete-backward

############################################################################################

# Used this as firewall policy
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 4 -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 12 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT

# Updated the system 
yum update

# Installed man pages, nano, ssh, command autocompletion, needs-restarting, iptables save config, dig nslookup and other dns tools
yum install man-pages man nano openssh-server openssh-clients bash-completion yum-utils iptables-services bind-utils

# Reset ssh to enable Key-Based Authentication
systemctl restart sshd

# Enabled configuration forever
service iptables save

# Enabled NethServer software repositories
yum localinstall -y http://mirror.nethserver.org/nethserver/nethserver-release-7.rpm

# Installed the base system
nethserver-install

After installation completed I was not able to connect via ssh anymore, network configurations files got deleted (/etc/sysconfig/network-scripts/ifcfg-eth0 and /etc/sysconfig/network-scripts/ifcfg-eth1) and netstat --punta show open port 980 and 80 for tcp6 only.

One more thing, this my Proxmox VE version and packages info:

# pveversion -v
proxmox-ve: 5.1-38 (running kernel: 4.13.13-5-pve)
pve-manager: 5.1-43 (running version: 5.1-43/bdb08029)
pve-kernel-4.10.17-2-pve: 4.10.17-20
pve-kernel-4.13.13-5-pve: 4.13.13-38
libpve-http-server-perl: 2.0-8
lvm2: 2.02.168-pve6
corosync: 2.4.2-pve3
libqb0: 1.0.1-1
pve-cluster: 5.0-19
qemu-server: 5.0-20
pve-firmware: 2.0-3
libpve-common-perl: 5.0-25
libpve-guest-common-perl: 2.0-14
libpve-access-control: 5.0-7
libpve-storage-perl: 5.0-17
pve-libspice-server1: 0.12.8-3
vncterm: 1.5-3
pve-docs: 5.1-16
pve-qemu-kvm: 2.9.1-6
pve-container: 2.0-18
pve-firewall: 3.0-5
pve-ha-manager: 2.0-4
ksm-control-daemon: 1.2-2
glusterfs-client: 3.8.8-1
lxc-pve: 2.1.1-2
lxcfs: 2.0.8-1
criu: 2.11.1-1~bpo90
novnc-pve: 0.6-4
smartmontools: 6.5+svn4324-1
zfsutils-linux: 0.7.4-pve2~bpo9

(Markus Neuberger) #2

Could it be you just need the centos minimal template instead of the default one? You may dowload it here:


(Juan Carlos Fernandez) #3

@mrmarkuz thanks for the quick response. Starting at version 4 Proxmox change from OpenVZ to LXC. I’m gonna see where I can find LXC minimal template of centos 7.5.


(Markus Neuberger) #4

I don’t really use proxmox, it was just an idea.

LXC containers may be downloaded here:

https://uk.images.linuxcontainers.org/


(Juan Carlos Fernandez) #5

One more thing

# cat /etc/centos-release 
CentOS Linux release 7.4.1708

I’m using Centos 7.4.1708, I think I read somewhere that Centos and Nethserver must have the same version


(Markus Neuberger) #6

Best is to use centos minimal 7.4.1708 and NS 7 release.

I couldn’t find 7.4.1408, is it a typo?


(Juan Carlos Fernandez) #7

Sorry, I already fix that. I’m using Centos 7.4.1708 as you can see in the cat output


(Juan Carlos Fernandez) #8

@mrmarkuz I just run yum localinstall -y http://mirror.nethserver.org/nethserver/nethserver-release-7.rpm

In the output I’m reading that Nethserver is at 7-5.ns7

# yum localinstall -y http://mirror.nethserver.org/nethserver/nethserver-release-7.rpm
Loaded plugins: fastestmirror
nethserver-release-7.rpm                                                                                                                                                       |  23 kB  00:00:00     
Examining /var/tmp/yum-root-iLwF5d/nethserver-release-7.rpm: nethserver-release-7-5.ns7.noarch
Marking /var/tmp/yum-root-iLwF5d/nethserver-release-7.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package nethserver-release.noarch 0:7-5.ns7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================================================================================================
 Package                                             Arch                                    Version                                     Repository                                              Size
======================================================================================================================================================================================================
Installing:
 nethserver-release                                  noarch                                  7-5.ns7                                     /nethserver-release-7                                   42 k

Transaction Summary
======================================================================================================================================================================================================
Install  1 Package

Total size: 42 k
Installed size: 42 k
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : nethserver-release-7-5.ns7.noarch                                                                                                                                                  1/1 
  Verifying  : nethserver-release-7-5.ns7.noarch                                                                                                                                                  1/1 

Installed:
  nethserver-release.noarch 0:7-5.ns7                                                                                                                                                                 

Complete!

Is there a way to force the nethserver-install to install the 7.4 version?


(Markus Neuberger) #9

Install NS 7 release should be enough to install the most actual version of NethServer which is 7.4 at the moment. I assume it’s not version 7.5, it’s just the 5th release of the nethserver-release package.


(Juan Carlos Fernandez) #10

I think the problem is related to the firewall. I’m installing nethserver again from scratch and then I will run:

iptables -Z
iptables -F

To disable the firewall and see if I can log into port 980


(Juan Carlos Fernandez) #11

@mrmarkuz I finally managed to installed in a Proxmox 5.1 CT. Problem is seems to be that nethserver initial configuration doesn’t detect the network interfaces. Creating them manually solve the problem

db networks set eth0 ethernet role green ipaddr ###.###.###.### netmask 255.255.255.0 bootproto none gateway ###.###.###.###
signal-event interface-update

Now, should I post how I did it in this thread or create a new one?


(Rob Bosch) #12

@jfernandez: is there a particular reason that you want to use a CT and not a VM?
I run Proxmox 5.1 on my server and have several instances of NethServer running in VM’s. Also created a NethServer template from an updated NethServer VM and now I am able to fire up a new NethServer instance in less than a minute…


(Markus Neuberger) #13

I think best way is to just post it in this thread and mark this post as solution.


(scky) #14

I don’t know about @jfernandez but to me CT seems to be the best way to mount host storage. This keeps the file shares on my ZFS running in Proxmox, whilst only the server and configuration is inside the CT.


(Rob Bosch) #15

Sure, but my storage for VM’s is just a 2nd pool on proxmox ZFS… so I don’t really see the objection in choosing a VM instead of a CT…


(Juan Carlos Fernandez) #16

Nethserver minimum requirements are 1GB of RAM. Before I started hacking my CT to make Nethserver work I installed a VM with 2GB of RAM to see why I couldn’t access the web interface or by ssh on the CT. The differences between my Nethserver VM and CT in RAM are like 10% when both are on standby. I only have 16GB in RAM in my Proxmox, so every RAM MB counts.


(Juan Carlos Fernandez) #17

Also I agree with @scky, CT seems to be the best way to mount host storage


(scky) #18

How do you mount storage? If you use it as file server saving all your files in one large vm file seems impractical.


(Juan Carlos Fernandez) #19

The only problem I have encounter so far is that I’m not able to edit any network device on the CT using the web interface.

I’m posting images of both the VM and the CT DashBoard:
As you can see on the interface group box the VM interface eth0 show the link as OK

However on the CT interface eth0 there is no link status

Also on the VM Network tab you can edit see the MAC of each interface with they role colors and the Edit option

But on the CT Network tab, MAC are not shown and both interfaces are colored grey


(Juan Carlos Fernandez) #20

@mrmarkuz I already created the HowTo on Proxmox Forum