Autoinstaller Feedback

Discussion in 'ISPConfig 3 Priority Support' started by yupthatguy, Apr 9, 2021.

  1. yupthatguy

    yupthatguy Member HowtoForge Supporter

    Worked Excellently!!!

    My notes / suggestions:
    1.) add a note to use to linux command 'hostnamectl set-hostname server1.example.com', prior to running script, because a FQDN is necessary... I reset my server, so was on the default alibaba hostname at the time I made my first attempt to run the autoinstaller.

    2.) I did get one warning during the setup process regarding the resolver, see screenshot:

    https://i.imgur.com/WzuTTwz.png

    Code:
    [WARN] Unexpected resolver response: Server:        100.100.2.136 (/lib/os/class.ISPConfigDebianOS.inc.php:869)
    3.) SSL seems to work despite the warning, no browser warning about SSL at the login page


    4.) About the final line of the installer, the warning about the passwords, my suggestion is this:

    Yours:
    [INFO] Warning: Please delete the log files in /tmp/ispconfig-ai/var/log/setup-* once you don't need them anymore because they contain your passwords!

    Mine:
    [INFO] Warning: AFTER you have copied the default passwords to a safe location, please delete the temporary setup files, run ' /tmp/ispconfig-ai/var/log/setup-* '. You can change your default passwords via the ISPConfig interface. Happy Hosting!
    5.) Provide means to change default passwords via ISPConfig or in the short run provide a link to instructions to change the default passwords. Default, unchangeable passwords, make paranoid people, more paranoid. :eek:
     
    ahrasis likes this.
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Rather the autoinstaller readme should say install the OS using the minimal server guide, like for Debian which already contains the hostname setup instructions:
    https://www.howtoforge.com/tutorial/debian-minimal-server/#-configure-the-network
    Good point, though. I had not realised the autoinstaller README omits any info on how the base OS should be installed and configured.
    What would that command do? I believe it would not work since those are not command or script files.

    They are not default passwords that are the same at every install. They are random passwords generated during install (or user can write own password if preferred). And passwords can be changed when the installed system is running. I do not consider your proposal would make things better.
     
  3. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    A official guide will be released soon that covers the steps that have to be done before running the installer.

    This is a Alibaba IP address. I have not seen this error before, but I highly suspect it is a problem with Alibaba's nameservers (those tend to have problems more often than you'd like)

    So there is a valid cert? Or not? It is unclear what you mean.

    Sorry, but I think someone setting up such a system must be wise enough to copy the shown passwords at the end of the install.

    You can change them of course, but for MySQL this requires quite some work. The used passwords are randomly generated so they are secure.
     
  4. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    You can change the ISPConfig admin password in the UI (subject to https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6125), just copy/paste the "default" a single time to get logged in. The mysql password can't be set in the ui (if you want to change it, put the new one in /usr/local/ispconfig/{server,interface}/lib/config.inc.php, then reconfigure services with the installer).
     
  5. yupthatguy

    yupthatguy Member HowtoForge Supporter

    Hey fellas,

    First off, my bad.. I made a typo, in my posts it should read:
    Code:
    'run, rm /tmp/ispconfig-ai/var/log/setup-*'
    My meaning, don't depend on the user to know the command to remove the files, provide it.

    The SSL certificate worked perfectly.

    Regarding this comment:

    I know it might be difficult for you guys, but for a moment try to think like someone as dumb as me... :p

    User sees 3 passwords that the user did not choose themselves. While changing ISPConfig is easy enough via the GUI, many new users will not know how to change the mailman password, and quite likely not know how to change the mysql root user password (tasks that I am sure the both of you could do with your eyes closed, not even looking at the keyboard).

    While you guys know that the passwords are secure & randomly generated because you guys actually wrote the code that does it... many, many, many users like myself don't have the same level of faith in a password that they don't choose themselves. I myself use a password manager for everything and regularly choose much more difficult passwords than what the autoinstaller generated.

    Since, the user is in a "heightened state of awareness" at the end of the autoinstaller, being careful to write down passwords and delete temp files, the web designer in me says," why not provide them with a url point to faqforge that brings the new user to a brief introduction of faqforg along with quick reference answers on how to change their passwords?" More people going to faqforge before making posts, probably saves you guys time and the user doesn't have to search the internet "how to change mysql root user password".

    Perhaps this be a better ending:

    Another, suggestion... perhaps make create a "--verbose" option?

    While the installation appears neat and clean, "seeing" what gets installed makes people feel confident that nothing potentially malicious is happening under the hood (Yes, its open-source, but how many end-users actually verify the code is clean?). Additionally, regarding the warning that I received during the installation, a verbose option could possibly shed more light. While I am sure you are that it is an Alibaba issue... having a verbose option would let me see if anything else was possibly impacted.

    And not intending, to overflow the daily task list, would a "--dry-run" option be a possibility? Maybe a --dry-run option could be apart of the default command, and forcing users to run it first, would allow the installer to output warnings about the current configuration of the server that would affect successful installation of ISPConfig, i.e.
    Once the user, gets rid of all of the --dry-run error messages, the user would feel confident in removing the "--dry-run" option from the install command in order to execute the actual installation.

    With the installer aim for the lowest level user, guys that drool on the keyboard, breathe with their mouth open, and sometimes accidentally swallow bugs (FYI, some bugs actually taste pleasantly salty :confused:). Use a dumb-dumb proof installer to "onboard" them to the product, once on board they are more likely to buy a manual and help the project grow.

    Fellas, you guys are clearly the end all of ISPConfig, I am just offering my "fresh eyeballs" perspective, before they become "old eyeballs".
     
  6. yupthatguy

    yupthatguy Member HowtoForge Supporter

    my bad... skipped right past the debug option.
    Code:
    --debug         Enable verbose logging (logs each command with the exit code)
    
     
  7. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    We are working on updated docs and we could put something about it there. But no must imo.

    You can use --debug :)

    A lot of errors would only occur on the real installation, so I don't see a real use for this.

    Thanks for your feedback.
     

Share This Page