Yunohost 11.1 spooky testing

Hello everyone :jack_o_lantern: :skull: !

We just released a new testing version for YunoHost! This version includes some important changes, and we would be more than happy to receive feedback before releasing it as a stable version!

A big chunck of the work included in this release is supported by NLnet foundation and we are much grateful to them :heart: !

We are still planning more changes in that version, in particular for the app catalog / install process, and for our dyndns mechanism, but so far the highlights are:

  • :superhero: Replace the ‘admin’ user with a new ‘admins’ group. On the long-term, this should remove some confusion about the role of the admin user and allow to define several admin users! :warning: Note that this impacts the login screen, as you’ll now have to enter the username in addition to the password! Right after upgrading to 11.1, the old ‘admin’ user will still exist as a regular YunoHost user, member of the admins group. The very first user you created in YunoHost will also be automatically added to the ‘admins’ group and will be able to connect to the webadmin using the same credentials as on the user portal. We recommend to get rid of the legacy ‘admin’ user once you validate that this is okay for you! (To do so, just go to the webadmin > Users > admin > Delete)
  • :package: Introduce a new “v2” app packaging format. This is in particular a major change for app packagers as it should simplify the app packaging and maintenance, but will also many UI/UX improvements for the app install process. On the long term, this is only an intermediate step towards an even-better “v3” format later :stuck_out_tongue_winking_eye:
  • :globe_with_meridians: Rework the domain list and domain info view. Domains are now displayed as a tree, and the various panels have been merged into a single one, which should be easier to browse and understand. Behind the scene, we’ve also extended the possibilities of the new config panel format introduced in 4.3!
  • :control_knobs: Refactor the “global” settings and make them available in the webadmin. So far, these were only available from the command line but they can now be found in the ‘Tools’ section of the webadmin. In particular, those settings allow to harden the security of the server, to configure email relay, and other technical aspects of the server.
  • :crescent_moon: A dark theme for the webadmin, much spook! You can enable it in the webadmin settings in the ‘Tools’ section of the webadmin.
  • And as always, a bunch of minor fixes and improvements for daily life!

How to participate to the beta-testing :construction_worker_woman: :construction_worker_man:

:warning: DO NOT do this on a critical production server! :warning:

From the command line, you can launch the following command to switch to testing:

curl https://install.yunohost.org/switchtoTesting | bash

(If you are familiar with bash scripting, you might want to read what this script does before blindly running the command)

You should then be running YunoHost 11.1.x.

What to test? :space_invader: :telescope:

Here are some specific items which are important to check to validate the current work:

  • Validate that you’re indeed able to login to the webadmin following the new ‘admins’ group change. Possibly delete the old ‘admin’ user once you confirm that you’re able to connect with your main user (the very first user that was created on the server).
  • Test the dark theme :stuck_out_tongue_winking_eye: !
  • Test the new domain views and tell us if you find it better than the previous one, and/or if some specific items could be improved.
  • Test to install / upgrade various apps, especially following the work on packaging v2, we want to make sure that everything stays backward-compatible with v1 apps.
19 Likes

Testing the dark mode… Very nice.

Two small remarks:

3 Likes

Amazing update, thank you :star_struck:

Check :white_check_mark: I like to be able to be the official admin now :sunglasses:

Check :white_check_mark: (and impressed, that’s a very great job!! I love it!)

Check :white_check_mark: And feels quiete better than before (even though I didn’t test it extensively for now)

2 Likes

About admins group

On my side, i had configured a user receiving email from root@ & co onto a separated account dedicated to that we can call here A. So this user A was automatically added to admins group.

However, this configuration doesn’t feet my needs, cause i want to synchronize via IMAP those system emails AND for security reasons, i don’t want an admin password to be configured in an email client.

So the solution i find was to remove this user A from admins group (all member of admins group receive root@ email now) AND i made an email forward from my admin B to my non admin user A.

To do that, i had to check admins group was now configured into LDAP to receive root@ & co. It’s not written in “Manage permissions & groups view”.

Dark theme

Nice job, i will be able to upgrade system in the night :slight_smile:

White on yellow quite unreadable.

Domain

It’s amazing \o/

The text said that “this page” doesn’t configure the DNS zone BUT it should be “The section bellow”

The “Ignore diagnosis checks” boolean will be very helpful :slight_smile:

Apps v2

I didn’t test it for the moment.

1 Like

About multi admin, i don’t know if it’s wanted, i got

$ sudo su

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for ADMIN_USER:

Isn’t this the message displayed to any first use of sudo by any non-root user? :thinking:

It depends, in yunohost the admin user was added in sudoers file in a way that doesn’t require password at each use. But for the first message you are probably right.

I don’t know if this change is a design or just an accident.

Now, the new admin user seem to have lost all those mail aliases:

    root@mydomain.tld
    admin@mydomain.tld
    webmaster@mydomain.tld
    postmaster@mydomain.tld
    abuse@mydomain.tld

It seems that the update rewrite ssh configuration. My ssh port was XXXX and after update, it come back to 22 but the firewall didn’t open port. I wasn’t able to connect through ssh before opening port 22 on firewall and connect through 22 port.

I also get an error with migrations on the webadmin :

  • update tell me that there is waiting migration
  • going to tools->migration give me a 500 error :
Impossible de charger la migration 0025_global_settings_to_configpanel : cannot import name 'translate_legacy_settings_to_configpanel_settings' from 'yunohost.utils.legacy' (/usr/lib/python3/dist-packages/yunohost/utils/legacy.py)
  • running yunohost tools migration state through the cli give me the following result :
  0021_migrate_to_bullseye: done
  0022_php73_to_php74_pools: done
  0023_postgresql_11_to_13: done
  0024_rebuild_python_venv: done
  0025_global_settings_to_configpanel: done
  0026_new_admins_group: done

Migration done (a little randomly as I thought I was back in stable).
Everything is working as intended, with just a little graphical problem with the pacman with it’s rough white border.

Everything else is so much BETTER than before (and before was already awesome :star_struck: )

The access to the configuration parameters from the web interface will make things easier and accessible for those who do not read the documentation. Now everything is available and explained, this is awesome !

Thanks a lot to the YunoHost team and NLnet foundation :heart:

1 Like

I just tried to change many options to test, and it seems that the root password change is not working.

I am on the same network as my server, and I have a password error when I try to ssh root@myserver.fr

On my side i made the upgrade of borgserver and it works like a charm.

Yeah that’s nothing unusual, as far as I know this is the default behavior of sudo on any debian system and this is only displayed the first time an user uses sudo

Yeah these are now handled by the admins group behind the scene … though so far there’s no way to explicitly see them from the webadmin … but oneday™ we’ll implement mail-alias management for groups, which should also solve a bunch of use case and have a minimalist mailing-list mechanism (eg behind able to define contact@).

It’s actually not that complex to implement, cf Use the group mechanism as mailing distribution list · Issue #1537 · YunoHost/issues · GitHub

2 Likes

Sounds like it’s related to the global settings migration that miserably crashed …

I don’t quite understand how this can happen x_x

Can you inspect /usr/lib/python3/dist-packages/yunohost/utils/legacy.py and double-check that there really is no function named translate_legacy_settings_to_configpanel_settings ?

Can you confirm that you’re trying to log as root from the local network ?

You can also “test” the root password by simply running su as a non-root user (without sudo) in the CLI, which will prompt for the root password

I found the following function :

def translate_legacy_settings_to_configpanel_settings(settings):
    return LEGACY_SETTINGS.get(settings, settings)

Hmyeah I think yunohost-api wasn’t properly restarted hence it fails to run the migration because it’s still using some old code

Nevertheless the migrations should have been triggered after the upgrade and should have been used the proper code version, but maybe another issue prevented it from running

We can check this in the logs in Tools > Logs

And/or try re-running it using sudo yunohost tools migrations run

I cannot connect to webadmin anymore.

Running yunohost tools migrations run give me No migrations to run