Mount NFS share for NextCloud data

PerpetuumMobile · May 26, 2024, 10:14am

Thank you davidep for the instructions above!
I tried with nextcloud instead of your dokuwiki example:

I mount an NFS share (fstab)
10.0.7.3:/mnt/quattordici/NextCloud /mnt/NextCloud nfs4 defaults,user,exec,_netdev 0 0
then

add-module nextcloud 1
chown nextcloud1:nextcloud1 /mnt/NextCloud 
chmod 700 /mnt/NextCloud

(tried with 777 too)

runagent -m nextcloud1 podman volume create --opt=device=/mnt/NextCloud/ --opt=type=bind nextcloud-app-data
api-cli run configure-module --agent module/nextcloud1 --data - <<EOF
{  "host": "my_host",
    "lets_encrypt": false,
    "password": "my_password"
}
EOF

and I get an error
Job for nextcloud-nginx.service failed because the control process exited with error code.
I assume that is because nginx wants to access the volume nextcloud-app-data as well

/home/nextcloud1/.config/systemd/user/nextcloud-nginx.service
ExecStart=/usr/bin/podman run ...... --volumes-from nextcloud-app:rw,z ${NGINX_IMAGE}

In /mnt/NextCloud/ are files after that (the usual nextcloud content) => nextcloud1 can write there

Could you please give me a hint, how to deal with that?

(the same procedure without runagent -m nextcloud1 podman volume create --opt=device=/mnt/NextCloud/ --opt=type=bind nextcloud-app-data works without error)

davidep · May 26, 2024, 10:36am

In the app log you’d find more details about the error reason.

PerpetuumMobile · May 26, 2024, 11:50am

thank you for the fast reply!
You are right … the last message is:

See "systemctl --user status nextcloud-nginx.service" and "journalctl --user -xeu nextcloud-nginx.service" for details.""

But systemctl is quite short:

× nextcloud-nginx.service - Podman nextcloud-nginx.service
     Loaded: loaded (/home/nextcloud4/.config/systemd/user/nextcloud-nginx.service; enabled; preset: disabled)
     Active: failed (Result: exit-code) since Sun 2024-05-26 09:21:23 UTC; 2h 23min ago
    Process: 13915 ExecStartPre=/bin/rm -f /run/user/1004/nextcloud-.pid /run/user/1004/nextcloud-nginx.ctr-id (code=exited, status=0/SUCCESS)
    Process: 13916 ExecStart=/usr/bin/podman run --conmon-pidfile /run/user/1004/nextcloud-nginx.pid --cidfile /run/user/1004/nextcloud-nginx.ctr-id --cgroups=no-conmon --pod-id-file /run/user/1004/>
    Process: 13924 ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile /run/user/1004/nextcloud-nginx.ctr-id (code=exited, status=0/SUCCESS)

and I do not know how to su in a container:

journalctl --user -xeu nextcloud-nginx.service
**Hint: You are currently not seeing messages from the system.**
**Users in groups 'adm', 'systemd-journal', 'wheel' can see all messages.**
**Pass -q to turn off this notice.**
**No journal files were opened due to insufficient permissions.**

davidep · May 26, 2024, 12:09pm

To read the logs you can either run journalctl as root or navigate to System logs page

https://docs.nethserver.org/projects/ns8/en/latest/log_server.html#system-logs

PerpetuumMobile · May 26, 2024, 12:25pm

… found the Logs => many lines like that

[1:nextcloud4:nextcloud-app] rsync: [receiver] chown "/var/www/html/apps/cloud_federation_api/l10n/.pl.js.jaEHfm" failed: Operation not permitted (1)
I can see these files on my mounted share:

ls -l /mnt/NextCloud/apps/cloud_federation_api/l10n/pl.js
-rw-------. 1 nextcloud4 nextcloud4 664 May 26 12:15 /mnt/NextCloud/apps/cloud_federation_api/l10n/pl.js

with owner nextcloud4

PerpetuumMobile · May 26, 2024, 12:54pm

I verified that at my nextcloud5 instance that does not change the volume:

ls -l /home/nextcloud5/.local/share/containers/storage/volumes/nextcloud-app-data/_data/
....
-rw-r--r--.  1     427761     427761    4103 May 26 09:26 index.php
drwxr-xr-x.  6     427761     427761     125 May 26 09:26 lib
-rw-r--r--.  1 nextcloud5 nextcloud5       0 May 26 09:26 nextcloud-init-sync.lock
-rwxr-xr-x.  1     427761     427761     283 May 26 09:26 occ
drwxr-xr-x.  2     427761     427761      55 May 26 09:26 ocs
....

… only one file belongs to nextcloud5 all others to 427761

so I chown all but nextcloud-init-sync.lock to 427761 in my nextcloud4
=> no success “many” files and folders go back to owner nextcloud4 when I run
api-cli run configure-module...

PerpetuumMobile · May 27, 2024, 8:11am

I could identify two problems:

1.) rsync - chown - access rights on volume
[1:nextcloud#:nextcloud-app] rsync: [receiver] chown "/var/www/html/3rdparty/...." failed: Operation not permitted (1)
ps -ef shows:
nextclo+ 101005 100993 0 07:15 ? 00:00:01 rsync -rlDog --chown www-data:www-data --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/

so I tried in
[root@ns8 ~] rsync -rlDog --chown 1234:1234 testfolder /mnt/NextCloud/
=> testfolder belongs to 1234

then in

runagent -m nextcloud6
[nextcloud#@ns8 state]$ rsync -rlDog --chown 1234:1234 testfolder /mnt/NextCloud/

=> testfolder belongs to owner of parent folder (nextcloud#)

2.) config of additional containers that are startet by nextcloud#
[1:nextcloud#:podman] Error: lsetxattr /home/nextcloud#/.local/share/containers/storage/volumes/nextcloud-app-data/_data/.htaccess: operation not supported

podman is not aware of the --opt=device=/mnt/NextCloud/ --opt=type=bind nextcloud-app-data change