Installing OMV 7 over Debian 12 breaks resolver

[knghtbrd]

Describe the bug

Followed instructions here: https://forum.openmediavault.org/index.php?thread%2F50222-install-omv7-on-debian-12-bookworm%2F= to install OMV 7 on a fairly minimal Debian 12 system. Could not ssh into system after installing OMV and the install process broke the resolver, so fixing it would've been annoying.

A clear and concise description of what the bug is.

To Reproduce

Steps to reproduce the behavior:

1. Install Debian 12.5 using the Debian netinst image.
2. Notable change from a "default" Debian installation, I installed the system encrypted:
   • /dev/nvme0n1p1, EFI ESP, ~ 500MB, FAT32
   • /dev/nvme0n1p2, ext4 /boot, ~ 2GB
   • /dev/nvme0n1p3, luks named motoko00_crypt in crypttab
     I realize that LUKS partition is NOT named how Debian names it. I renamed it manually during install.
   • /dev/motoko/root, ext4 /, ~ 200GB
   • /dev/motoko/swap, ~ 34GB, massively overkill and once I'd finished setting it up I'd change kernel swappiness
   • /dev/motoko/home, ext4 /home, ~ 700GB or so?
3. Created temporary keyfile for the LUKS partition. Intent was to set up clevis for this … later. LSI card seems to need flashing before I can use SecureBoot, hadn't done homework for this. Note, keyfile in initramfs requires editing a couple conffiles for update-initramfs. I did that. I don't think this or the preceding step would break anything for OMV.
4. Installed systemd-cron. This was undone by the OMV installation.
5. Gave grub a gfxmode theme (so I could start Linux at a sane resolution. Modified Linux cmdline to include a readable video mode once the amdgpu was initialized.
6. Followed the instructions at the above URL more or less exactly.
7. Logged in and changed my password.

Expected behavior

Following installation, I could log in at the VT, but sshing in so that I could COMFORTABLY look around kept asking me for a password despite an authorized ssh key. Feature I'm not aware of yet? 😕 However the resolver was broken DNS lookups just weren't happening. I could've fixed this, but hunched over laptop screen with a logitech k400 didn't seem like fun, and I was only about an hour in, so … let's see if the rc1 install image is a little better behaved.

Reference to Forum

https://forum.openmediavault.org/index.php?thread%2F50222-install-omv7-on-debian-12-bookworm%2F=

openmediavault Server (please complete the following information):

• OS version: Linux motoko 6.1.0-18-amd64 #1 SMP PREEMPT_DYNAMIC 6.1.76-1 (2024-02-01) x86_64 GNU/Linux
• openmediavault version: 7.0-30

I hope I did that uname -a correctly, since I can't ssh in, I got up and walked back and forth the six feet to … I could've just ssh'd the other direction to send it… 🤦

Additional context

I'm assuming the ssh thing was something I needed to configure. I'll RTFM. But since installing on top of Debian (though perhaps not intended to be a Debian this customized for being not very customized) is intended to be something you can do, detecting whatever systemd is doing with the resolver and coping with it might be a reasonable thing to fix before OMV 7 is released.

I don't think anything else I did could have caused this since I expressly DID NOT change anything from the stock installation with the network config. Gave it a static DHCP lease on the router, that's it.

[votdev]

Hmmm, that's strange because i've set up dozens of systems via Vagrant without problems.

The only thing OMV is doing is:

• Let APT install libnss-systemd, libnss-resolve and systemd-resolved
• Disable mDNS in systemd-resolved because this is done via Avahi in OMV.
• Deploy a default netplan configuration via Salt states of the imported network interface configuration

The only thing that comes to my mind is that the network interface import is not working on every system. Right now only configs from /etc/network/interfaces is supported. But that was no problem until now.

As a fallback users can use omv-firstaid to reconfigure the network from CLI.

[knghtbrd]

I did a little digging and there's a whole host of resolv.conf issues that seem to trip people up with Debian 12. None of them are terribly difficult to fix, but I didn't expect to run into one starting from Debian 12. I'd suggest adding a note that this can happen due to a Debian issue to the final documentation for 7.x and mark this resolved.

[votdev]

I did a little digging and there's a whole host of resolv.conf issues that seem to trip people up with Debian 12.

What resolv.conf problems are you talking about? Without having references such information is useless.

None of them are terribly difficult to fix

What exact issues could be fixed easily? References or examples please.

[travnick]

@knghtbrd I had also issues with network when installing on top of debian. resolv (dns) was also broken, dhcp too.

What is the output of ifconfig -a?

[votdev]

What is the output of ifconfig -a?

That does not work, ifconfig has been replaced by ip many years ago. The ifconfig Debian package is not installed by OMV.

What is the output of

# resolvectl status
# journalctl -u systemd-resolved

[travnick]

I have one, and it works (provided by net-tools package). but anyway, use any working tool to list all available network adapters.
Also, dmesg |grep -i eth may give some hints (I'm thinking about network interface renaming issues I faced recently)

---

edit:
journalctl -b |grep -i eth would also reveal some things

[Ijokoedih]

Hi,

I'm experiencing the same issue :

1. Install Debian 12.5 using the Debian netinst image ( preseed installation )
2. Followed : this doc
3. resolution stopped working

resolvctl status / resolvctl monitor / netplan status commands helped me to understand what was going wrong : the dns configured inside /etc/network/interfaces seems to be ignored.

The installation of systemd-resolved / netplan as dependencies seems to be linked to this issue : my network interface was installed and configured inside /etc/network/interfaces which seems to be deprecated (Wow !)

For-now my workaround is to set my DNS inside /etc/systemd/resolved.conf and i'll try to figured-out how to setup network interfaces with netplan + preseed.

Hope it will help...

[votdev]

The installation of systemd-resolved / netplan as dependencies seems to be linked to this issue : my network interface was installed and configured inside /etc/network/interfaces which seems to be deprecated (Wow !)

netplan and systemd are used for networking since OMV6. Nothing new for OMV7.

For-now my workaround is to set my DNS inside /etc/systemd/resolved.conf and i'll try to figured-out how to setup network interfaces with netplan + preseed.

Hmmm, why are you doing that? You can configure them via the UI.

i'll try to figured-out how to setup network interfaces with netplan + preseed.

Why are you using OMV if you are doing all on your own?

[Ijokoedih]

I'm doing an headless and minimal installation, then i'm using ssh to install OMV7 with ansible.
Because i'm doing a minimal installation, debian is using /etc/network/interface instead the networkmanager/netplan to setup my network..

I assume we should be able to install OMV7 on a minimalist debian no?

[ryecoaaron]

minimalist debian is recommended. Using netplan is not a non-minimalist idea. Are you writing a playbook for fun? I don't understand using ansible for installing OMV. If you were to run that playbook more than once, it might change settings that OMV is using saltstack for config management.

I already wrote a script to install omv. So, you are kind of re-inventing the wheel unless you are bulk provisioning OMV.

[Ijokoedih]

Nop, you should forget the "playbook" information : it is only a wrapper who will execute the supported way to install OMV7. (+ others things outside of the scope of this topic)

The official way to install OMV7 seems to be documented here :

• https://docs.openmediavault.org/en/latest/installation/on_debian.html
• https://forum.openmediavault.org/index.php?thread%2F50222-install-omv7-on-debian-12-bookworm%2F=

I was not aware of any script before you talked about it... is this script good to use on x86 installation ?
My understanding of the official documentation , is to go on your script for "Raspberry Pi OS" :
https://docs.openmediavault.org/en/latest/installation/on_debian.html#installation-on-debian

On [Raspberry Pi OS](https://www.raspberrypi.org/software/operating-systems/) the below instructions only partially work. Please refer to a specific [installation script](https://github.com/OpenMediaVault-Plugin-Developers/installScript)

[ryecoaaron]

is this script good to use on x86 installation ?

It works on all architectures. It is typically used for non-amd64 installs or amd64 installs not using the OMV iso.
https://github.com/OpenMediaVault-Plugin-Developers/installScript
Documented at omv-extras.org

[Ijokoedih]

Is this way install-omv7-on-debian-12-bookworm worse than the script ? does the script take care about the network configuration with netplan/resolved ?

[ryecoaaron]

Worse? No. The install script just does more and makes sure issues common encountered on the forum are taken care of. The script does not configure networking on amd64 or i386. It uses the existing network setup and gets the web interface working. Then you can do the network config from the web interface. The wiki should explain everything - https://wiki.omv-extras.org/doku.php?id=omv7:alternate_amd64_install

[knghtbrd]

@knghtbrd I had also issues with network when installing on top of debian. resolv (dns) was also broken, dhcp too.

What is the output of ifconfig -a?

Didn't keep the installation because I'm legally blind and COULD NOT SEE THE SCREEN with an 8x16 font without a magnifier and because I did not realize I would be locked out of ssh the moment I installed OMV until I got to editing group permissions. (Didn't know I'd need to do that yet…) Either way, ip addr show/ifconfig -a output wouldn't have helped fix this because the LAN connection was there, just refusing to allow logins over ssh.

The most common problem people seem to be having is that /etc/resolv.conf is missing entirely or is a dead symlink. With systemd-resolved installed, your /etc/resolv.conf should be a symlink to /run/systemd/resolve/stub-resolv.conf which should say something like this:

nameserver 127.0.0.53
options edns0 trust-ad
search .

If it doesn't, if the target on /run isn't there for some reason, if resolved isn't running, or if something munged nsswitch.conf … all of those things could have been it. But I just did a basic Debian installation onto LUKS/LVM, set up to not allow a direct root login, renaming some crypttab entries, and installing some tools like htop, pydf, git, neovim, that sort of thing. Just standard /etc/network/interfaces config out of the box, no network-manager or anything like that, even going out of my way to reject installing X11-related things since it seems OMV typically ignores recommends and makes anything it needs an explicit dependency.

I am SO building a pikvm so I can do this stuff where I can see what I'm doing from now on. ANY of the above problems should've been an easy fix. But as I said, I wasn't far into the process and I figured it was easier to approach from the other end, so I just reinstalled using the OMV installer image. Easy enough to boot rescue media and juggle some partitions and rebuild grub's notion of what was where. So I can't really debug the problem anymore.

I wonder if the initial installation of Debian somehow didn't include systemd-resolved and installing it broke DNS? Hmm, I'm likely to do a fresh Debian base install on a resurrected rem in a day or so—I'll see if I can replicate on that machine.

[Ttdussart]

Hmmm, that's strange because i've set up dozens of systems via Vagrant without problems.

The only thing OMV is doing is:

• Let APT install libnss-systemd, libnss-resolve and systemd-resolved
• Disable mDNS in systemd-resolved because this is done via Avahi in OMV.
• Deploy a default netplan configuration via Salt states of the imported network interface configuration

The only thing that comes to my mind is that the network interface import is not working on every system. Right now only configs from /etc/network/interfaces is supported. But that was no problem until now.

As a fallback users can use omv-firstaid to reconfigure the network from CLI.

Had the same problem. Omv-firstaid helped, but not really.
Thanks to this I was able to reconnect in SSH but it now asks me to confirm changes on OMV. When I press "validate", the system crashes.

[votdev]

I've currently tested a Debian 12.5 installation using the Netinst ISO. Did a normal setup, installed OMV as mentioned in the docs and was able to access the UI finally.

The only thing that seems to have changed in Debian is that user accounts are not added to the SSH group by default (i think that was done in the past), therefore the default user created during the installation is not able to log in via SSH after OMV has been installed. This is because OMV only allows users that are assigned to the _ssh group or the root user to log in. The later is only for fallback when the UI does not work and users should deny root as soon as possible.

[oliv99]

testing omv7 on VM in proxmox 8

I have installed debian bookworm (minimal net-install) on 4 virtual disks in raid1 configuration (2 actives, 2 spares) with DHCP virtio network
I have installed omv as per official forum post
Original IP is preserved but DNS is lost

re-configuring IPv4 network via omv-firstaid solve the DNS issue
everything is working as expected

[henriquedesousa]

Had a similar issue that, when using the automated script the network fails in the end, but using instructions from https://forum.openmediavault.org/index.php?thread%2F50222-install-omv7-on-debian-12-bookworm%2F= I get an error

when I reboot (if I don't reboot the webGUI from works perfectly). Bookwork Raspberry PI OS Bookworm 64bits Lite on Rpi zero 2w.

[ryecoaaron]

The install script does some special things for an RPi but probably doesn't do some things correctly on a zero 2w since it doesn't have a wired connection and I don't own one to test with.

[henriquedesousa]

Got it. Most notably, the local user I used to connect to the box stopped accepting ssh connections. I had to add the user to the new _ssh group. Also somehow, the webGUI also started working in the meantime.

[ryecoaaron]

The _ssh group change in Debian 12 is known. The script tries to change for it for the user running the script.

[github-actions]

This issue has been automatically marked as stale because it
has not had any activity for 60 days. It will be closed if no further
activity occurs for another 30 days.