I don't use omv guy, I hate graphical interfaces! I admin my servers via cli, it is the first time I see that some upgrade has to be confirmed: why? and doing what?
That's a mystery.
F.P.
I don't use omv guy, I hate graphical interfaces! I admin my servers via cli, it is the first time I see that some upgrade has to be confirmed: why? and doing what?
That's a mystery.
F.P.
Bonjour,
I upgraded the system using apt-get
apt-get update && apt-get upgrade
Since this day, I get this message:
Subject: Pending configuration changes
The configuration has been changed. You must apply the changes in order for them to take effect.
Who send this message?
What does it mean.
How to stop it (and satisfy the offended service...)
Thank you.
F.P.
Do that and you will remove OMV itself - https://github.com/openmediava…avault/debian/control#L18
Don't worry!
dpkg -r --force-depends iptables
does the job and: apt list --installed | grep mediav gives:
openmediavault-keyring/usul,usul,now 1.0 all [installé]
openmediavault/now 5.5.21-1 all [installé, pouvant être mis à jour vers : 5.5.22-1]
Bonjour,
Nobody answered, so I give what I have done to use nftables.
1- I deleted iptables alternatives:
update-alternatives --remove iptables /usr/sbin/iptables-legacy
update-alternatives --remove iptables /usr/sbin/iptables-nft
Same for ip6tables:
update-alternatives --remove ip6tables /usr/sbin/ip6tables-legacy
update-alternatives --remove ip6tables /usr/sbin/ip6tables-nft
2- I removed x-permissions from script
/etc/iptables/openmediavault-firewall.sh
chmod u-x g-x a-x /etc/iptables/openmediavault-firewall.sh
3- I deleted all lines between <iptables> and </iptables> in xml config file /etc/openmediavault/config.xml
4- I removed all kernel modules concerning iptables with rmmod
And, at last, I could configure nftables.... and get it working.
Next time I will remove iptables packages...
That's all.
F.P.
Bonjour,
I try to have nftables as my default firewal on omv, but someone (?) has written something somewhere that prevent nftables to read its configation file (/etc/nftables.conf).
Whatever I write in this configation file, nft list ruleset -a returns:
table inet filter { # handle 40
chain input { # handle 1
type filter hook input priority 0; policy accept;
}
chain forward { # handle 2
type filter hook forward priority 0; policy accept;
}
chain output { # handle 3
type filter hook output priority 0; policy accept;
}
}
Thank you.
F.P.
access to the internet is absolutely no issue.
The risk comes when access from the internet is enabled.
Thank you so much and happy new year! I learnt something today: I can't get the Covid if I don't go outside and invite nobody in my home.
Only persons having the knowhow for securing a computer for this scenario should attempt this as it involves creation of proper firewall rules.
You maybe think that if someone asks for a tool, this fellow might know how to use the tool.... No?
Probably because it doesn't have iptables in its name. https://github.com/openmediava…tables/10firewall.sls#L51
Yes. I found something:
/etc/iptables/openmediavault-firewall.sh
That's what I was searching a script which could annihilate all attempts to build a firewall using the debian default one (nftables/iptables). Reading that script you can see:
start)
;;
It does nothing when starting and:
stop)
iptables -t filter -F INPUT
iptables -t filter -F OUTPUT
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
ip6tables -t filter -F INPUT
ip6tables -t filter -F OUTPUT
ip6tables -P INPUT ACCEPT
ip6tables -P OUTPUT ACCEPT
;;
flush all tables when stopping and changes them to default accept anything from anywhere...
So, for me:
systemctl mask openmediavault-firewall.service
And use my own iptables scripts to protect my machine (like others on my network!)
F.P.
"useless" is the wrong description! Its not preventing to lock any communication and leaves it to the knowledgeable user to apply the desired walls. As main purpose of OMV is sharing data inside a private home network, defaults "walls" would hurt more than do good
As the private network has an access to the internet, it is useful to control the traffic on network interfaces.
OMV's firewall tab uses iptables already.
# systemctl list-unit-files | grep iptables
answer= none
There are no default rules.
So the firewall is useless?
Bonjour,
I want to turn off some services configured by default by omv:
1- automatic upgrade
2- why is php enabled by default?
3- firewalld, I prefer to use iptables.
BTW, here, some ports are open (5355/tcp open llmnr, 35725/tcp open unknown, 42893/tcp open unknown, 46649/tcp open unknown, 46731/tcp open unknown)
The graphical interface under the firewall tab gives no informaion about the default rules.
Thank you for information.
F.P.
So it is working. No issue with lvm2.
package lvm2 is broken: if I try to start lvm2 the answer is: Unit lvm2.service is masked
Which is wrong: there no link to /dev/null for lvm2 in /etc/systemd/system/
Alles anzeigenNow try
apt-get install -f
and if that does not fix it again
apt-get install openmediavault --reinstall
If that still not works, I would go for a reinstall from the ISO and make sure OMV is working before installing omv-extras.
The main problem is lvm2: if I remove it, apt-get install -f seems to be happy.
As soon as I install it (without omv packages) errors occur andinstallation fails.
Once again: why does omv requires lvm2 as lvm is not installed? All disks are not partionned with lvm.
You can use that script/link if you do a Debian Net Install first, installing ssh server and basic utils only
I don't want to install a full debian system, I thought that omv was a light system which is enough to have a home nas.
If you installed from the ISO, OMV was already installed. But something went wrong.
This installed omv-extras, but as OMV was already in a bad state this did not help.
Would you run omv-aptclean as geaves suggested?
I did. It "Gets" a lot of things, then concludes:
Fetched 67.5 MB in 35s (1931 kB/s)
Reading package lists... Done
8. Saving current package list...
That's all.
I tried to install openmediavault and openmediavault-omvextrasorg from this link:
wget -O - https://github.com/OpenMediaVa…ckages/raw/master/install | bash
found on the forum.
Problem began here with lvm2 which is (mis)installed for dependency.
Maybe this way of doing is faulty.
apt-get upgrade will ask you
omv-update does not ask you
does
apt-get update run through without error/warning
No error, no warning...
Something went wrong during or after installation which we have not seen.
What happens if you run omv-update?
It does a lot of things then at the end:
Errors were encountered while processing:
lvm2
openmediavault
openmediavault-omvextrasorg
E: Sub-process /usr/bin/dpkg returned an error code (1)
There is a problem with lvm2 (why this package there is no use of lvm in installation!) if I run
apt-get install lvm2 --reinstall
the result is:
E: Internal Error, No file name for lvm2:amd64
No file? It has just installed it and claimesd that it is misconfigured.
One more question: when I run some install command (apt-get, or dpkg... ) there is no pause to tell me what will be done and ask me if I agree.... This is unpleasant, particularly if some package are removed.
That tells that openmediavault is installed, but not configured (installed-Unconfigured)
I would try
apt-get install openmediavault --reinstall
I tried this yesterday and today with the same result:
E: Internal Error, No file name for openmediavault:amd64
What is the output of dpkg -l | grep openmedia?
and
cat /etc/apt/sources.list
root@bertuccio:~# dpkg -l | grep openmedia
iU openmediavault 5.5.19-1 all openmediavault - The open network attached storage solution
ii openmediavault-keyring 1.0 all GnuPG archive keys of the OpenMediaVault archive
iU openmediavault-omvextrasorg 5.4.2 all OMV-Extras.org Package Repositories for OpenMediaVault
root@bertuccio:~# cat /etc/apt/sources.list
#
# deb cdrom:[Debian GNU/Linux 10 _Buster_ - Official Snapshot amd64 LIVE/INSTALL Binary 20200921-17:33]/ buster contrib main non-free
#deb cdrom:[Debian GNU/Linux 10 _Buster_ - Official Snapshot amd64 LIVE/INSTALL Binary 20200921-17:33]/ buster contrib main non-free
deb http://deb.debian.org/debian/ buster main non-free contrib
deb-src http://deb.debian.org/debian/ buster main non-free contrib
deb http://security.debian.org/debian-security buster/updates main contrib non-free
deb-src http://security.debian.org/debian-security buster/updates main contrib non-free
# buster-updates, previously known as 'volatile'
deb http://deb.debian.org/debian/ buster-updates main contrib non-free
deb-src http://deb.debian.org/debian/ buster-updates main contrib non-free
# This system was installed using small removable media
# (e.g. netinst, live or single CD). The matching "deb cdrom"
# entries were disabled at the end of the installation process.
# For information about how to configure apt package sources,
# see the sources.list(5) manual.
Do you have console access to the shell? Can you login as the root user? If so run omv-firstaid and try configuring the network.
I tried omv-firstaid, trid to configure the network and failed:
Failed to connect /var/lib/openmediavault/engined.sock: [Errno 2] No such file or directory
So, what?
I check the log and could see a lot of strange messages: for instance:
déc. 27 10:15:58 bertuccio monit[16535]: 'omv-engined' start: '/bin/systemctl start openmediavault-engined'
déc. 27 10:15:58 bertuccio monit[16535]: 'omv-engined' trying to restart
déc. 27 10:15:58 bertuccio monit[16535]: 'omv-engined' process is not running
déc. 27 10:15:58 bertuccio monit[16535]: 'nginx' failed to start (exit status 0) -- no output
déc. 27 10:15:27 bertuccio monit[16535]: 'nginx' start: '/bin/systemctl start nginx'
déc. 27 10:15:27 bertuccio monit[16535]: 'nginx' trying to restart
déc. 27 10:15:27 bertuccio monit[16535]: 'nginx' process is not running
But, if I check the nginx status, I get:
root@bertuccio:~# systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (exited) since Sat 2020-12-26 14:55:59 CET; 19h ago
Docs: man:nginx(8)
Tasks: 0 (limit: 4915)
Memory: 0B
CGroup: /system.slice/nginx.service
déc. 26 14:55:59 bertuccio systemd[1]: Starting LSB: starts the nginx web server...
déc. 26 14:55:59 bertuccio systemd[1]: Started LSB: starts the nginx web server.
Strange, isn't it?
Or these lines:
<a lot of same before>
déc. 26 17:06:20 bertuccio collectd[575]: rrdcached plugin: Failed to connect to RRDCacheD at unix:/run/rrdcached.
déc. 26 17:06:20 bertuccio collectd[575]: rrdcached plugin: Failed to connect to RRDCacheD at unix:/run/rrdcached.
déc. 26 17:06:20 bertuccio collectd[575]: rrdcached plugin: Failed to connect to RRDCacheD at unix:/run/rrdcached.
déc. 26 17:06:20 bertuccio collectd[575]: rrdcached plugin: Failed to connect to RRDCacheD at unix:/run/rrdcached.
déc. 26 17:06:20 bertuccio collectd[575]: rrdcached plugin: Failed to connect to RRDCacheD at unix:/run/rrdcached.
déc. 26 17:06:20 bertuccio collectd[575]: rrdcached plugin: Failed to connect to RRDCacheD at unix:/run/rrdcached.
déc. 26 17:06:20 bertuccio collectd[575]: rrdcached plugin: Failed to connect to RRDCacheD at unix:/run/rrdcached.
déc. 26 17:06:20 bertuccio collectd[575]: rrdcached plugin: Failed to connect to RRDCacheD at unix:/run/rrdcached.
déc. 26 17:06:20 bertuccio collectd[575]: rrdcached plugin: Failed to connect to RRDCacheD at unix:/run/rrdcached.
déc. 26 17:06:20 bertuccio collectd[575]: rrdcached plugin: Failed to connect to RRDCacheD at unix:/run/rrdcached.
<a lot of same after>
Then suddenly these messages stopped!
F.P.