Blog

NethServer and SME Server

Introduction

So, why reinvent the wheel? NethServer is a partial rewrite of the original code, focusing on maintainability, extensibility and standard compliance with CentOS.

Improvements:

  • Simplified configuration
  • Highly modularized
  • New dynamic interface for desktop and mobile
  • Use standard tools (bye bye runsv, welcome chkconfig)
  • Extensive documentation
  • LDAP authentication
  • …many more

Technical differences from SME

Everything is a module

The base system includes only this functions:

  • Remote access (SSH )
  • Base firewall
  • Template and event API
  • PHP interface running on a special Apache instance

Anything else must be explictly installed. For example, if you are configuring a firewall, you don’t need Samba or even the system users (nethserver-directory) and backup.

The web UI istelf is a simple module and can be optional.

Installer

Use CentOS minimal ISO+ kickstart file: no anaconda patches required.
Two kind of installations:

  • interactive: choose RAID, hostname, network, etc
  • fully unattended
Network

Network is configured using a network db, with standard CentOS options, handles ethernet, bridge, bond, alias and ipsec.

Console

Text-based console is still present but deprecated: anything can be configured from the web interface.

Service control

Use CentOS standard service tool. Runsv has been replaced with standard CentOS tools (like chkconfig). When special service behaviour is needed, upstart is used (see nethserver-hylafax, nethserver-httpd-admin or nethserver-directory).

Web UI

Web UI is PHP based. It’s totally replaceable, just remove nethserver-httpd-admin See: Creating web UI module tutorial

Pluggable firewall

Firewall module can be replaced. Now we use CentOS standard (/etc/sysconfig/system-config-firewall) in server-only mode and Shorewall in server and gateway mode.

Filesystem hierarchy

E-smith db, ibays and user’s homes moved from /home/e-smith/db to /var/lib/nethserver. We aim to have only one growing directory.

E-smith perl libraries moved to /usr/share/perl5/vendor_perl/esmith/ to respect CentOS 6 conventions.

Users

Users are stored in LDAP database. The ability of adding and removing users has been moved from nethserver-base to nethserver-directory.

Ibays

Filesystem permissions changed to owning group + POSIX ACLs.

Optional packages provide access services: sftp (nethserver-openssh), httpd (nethserver-httpd), samba (nethserver-samba) with extended attributes (ACL).

When accessing via http, ibays are configured as virtual host with optional HTTP Basic Authentication. No system user needed to avoid security problems when simple password are used.

Samba

Samba 3.x uses LDAP as backend for users, added join to Active Directory mode.

x86_64 platform

Nethserver is available only for 64-bit CPUs.

 

Optional modules

All modules (except nethserver-base and nethserver-lib) are now optional. Here a list of features and the respective package:

  • Users: nethserver-directory
  • DNS server and DHCP server: nethserver-dnsmasq and nethserver-hosts
  • HTTPD: nethserver-httpd (add also ibay httpd access);  configuration can be done via template or /etc/httpd/conf.d directory (preferred way)
  • Mail server: nethserver-mail-server (postifx + dovecot2)
  • Mail filtering: nethserver-mail-filter (amavis + spamassassin)
  • NTP server: netherver-ntp
  • Ibays: nethserver-ibays
  • SSH: ssh server is installed and accessibile by default, nethserver-openssh add shell access for users
  • Samba: nethserver-samba
  • MySQL: nethserver-mysql
  • Jabber: nethserver-ejabberd
  • Printers: nethserver-cups
  • Fax server: nethserver-hylafax
  • Groupware: nethserver-sogo. Porting Horde to nethserver, should be a quick job.
  • Backup: nethserver-backup- data uses duplicity for data backup, nethserver-backup-config automatically create a configuration-only small backup in tar.gz format.
  • Statistics: collectd collects and graphs system statistics
  • Bandwithd monitor: nethserver-ntopng
  • Advanced firewall: nethserver-firewall-base (and nethserver-shorewall)
  • External mails: nethserver-fetchmail
  • Web proxy: nethserver-squid, nethserver-lightsquid, nethserver-squidclamav, nethserver-squidGuard
  • Owncloud: nethserver-owncloud
  • Roundcubemail: nethserver-roundcubemail
  • etc.

See Package list and Dependency graph.

Others

  • Selinux is permissive not disabled. We plan to add a nethserver-kvm addon, maybe we’ll need to change selinux policy to ‘enforcing’
  • New special System validators, can available from the the web UI or via command line.
  • Strong conventions for modules (contribs) rpm format. See: Package rules, YUM plugin and Event API
Related Posts
This Post Has 0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *