[Proxmox] NFSv4 client saves files as “nobody” and “nogroup” on ZFS Share

I’m running a Proxmox Cluster with PVE1 and PVE2. On PVE2 a VM is running Debian Buster, which is mounting an zfs nfs share from PVE1. Inside the VM a script is running as root saving a backup on this nfs share. If I create a file locally (Test1) on PVE1, the owner is of course root. But since a few weeks the script running inside the VM is creating all files as nobody (Test2).

# ls -all /mnt/nfs/data
drwxr-xr-x  2 root  root       4096 Jul  5 07:19 Test1
drwxr-xr-x  2 nobody nogroup   4096 Jul  5 07:21 Test2

This is because root users are mapped to different user id’s and group’s when changing files on an nfs share. But until now, this was no problom when enabling nfs on a dataset via

zfs set sharenfs=on zpool/data

because the no_root_squash was set by default. But it looks like this was a changed in ZFS on Linux 0.8.3 and the no_root_squash option isn’t set by default anymore. To enable it again use:

zfs set sharenfs='rw,no_root_squash' zpool/data

Another way is exporting the folder via /etc/exports and adding the no_root_squash option.

# sudo nano /etc/exports
/zpool/data/ *(rw,no_subtree_check,sync,insecure,no_root_squash)

Run sudo exportfs -a after editing the exports file to enable these changes immediately.

[Nextcloud] Moving my NC installation

About two years ago I installed Nextcloud via the NextcloudPi script in an LXC Debian Stretch Container on my Proxmox Host. Since last year there is a new Debian release called Buster and I wanted to upgrade my container. But somehow it was not possible… there was something broken and on every upgrade try, there came up a swap error. I searched for hours, but couldn’t find any solutions to this error, so I had to move my whole Nextcloud installation to a new debian buster container. I took the chance to create the new container as unprivileged container. Since I had no experience moving a complete Nextcloud instance, I first read the NC Wiki and had a look at some tutorials. Finaly I followed C. Riegers awesome guide on backing and restoring a nextcloud instance.
Everything went well untill step 9.

root@nc:/var/www/nextcloud# sudo -u www-data php /var/www/nextcloud/occ maintenance:data-fingerprint
An unhandled exception has been thrown:
Doctrine\DBAL\DBALException: Failed to connect to the database: An exception occurred in driver: SQLSTATE[HY000] [1698] Access denied for user 'ncadmin'@'localhost' in /var/www/nextcloud/lib/private/DB/Connection.php:64

As I’ve been restoring on a brand new LXC Buster container, of course a few things were missing. I restored my nextcloud database, but I also had to recreate the “ncadmin” dbuser and grant the right permissions. I looked up the ncadmin password in my nextcloud config.php and added the user.

mysql -u root -p
CREATE USER 'ncadmin'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES on nextcloud.* to ncadmin@localhost;

Next try with step 9.

root@nc:/var/www/nextcloud# sudo -u www-data php /var/www/nextcloud/occ maintenance:data-fingerprint
An unhandled exception has been thrown:
...nextcloud Redis server went away in /var/www/nextcloud/lib/private/Memcache/Redis.php:54

Still no success. Hiting google brought me to this link. C. Rieger was already there. 🙂
While checking /etc/redis/redis.conf I noticed that in my nextcloud config.php there was a different path for redis.sock.

redis.conf

unixsocket /var/run/redis/redis-server.sock

config.php

'host' => '/var/run/redis/redis.sock',

After changing the path I rebooted the container and again tried step 9. Now with success and my Nextcloud instance was back online. I only had to add the new hostname to the trusted domains and could login again. The only thing I couldn’t get to work was the NextcloudPi functionality. Since I was only using the nextcloudpi auto upgrade scripts, I could live without that. I disabled and deinstalled the app from the user interface.

[Proxmox] Adding the pve-no-subscription repo

For receiving updates on Proxmox, you have add ne pve-no-subscription repo.
First find the current pve-enterprise repo:

nano /etc/apt/sources.list.d/pve-enterprise.list

Comment out the pve enterprise repo.

root@pve:~# cat /etc/apt/sources.list.d/pve-enterprise.list
#deb https://enterprise.proxmox.com/debian/pve buster pve-enterprise

To add the no subscription repo, create a new file called pve-no-subscription.list

nano /etc/apt/sources.list.d/pve-no-subscription.list

and insert the repo:

root@pve:~# cat /etc/apt/sources.list.d/pve-no-subscription.list 
# PVE pve-no-subscription repository provided by proxmox.com,
# NOT recommended for production use
deb https://download.proxmox.com/debian/pve buster pve-no-subscription

# security updates
deb https://security.debian.org/debian-security buster/updates main contrib

[Docker] Fefe über Container Technologien

https://blog.fefe.de/?ts=a0d07bd8

“Wisst ihr, was mir in dunklen Zeiten wie dieser Jahreszeit Erheiterung ins Leben bringt? Dieser Spirale zuzugucken:

  1. Unsere Software ist zu komplex, wir haben die Komplexität nicht im Griff! Pass auf, wir machen da ein verteiltes System daraus! Dann sind die Einzelteile weniger komplex. Vielleicht können wir das dann unter Kontrolle bringen.
  2. Das verteilte System braucht viel mehr administrativen Aufwand. Pass auf, den automatisieren wir weg! Wir machen Container! Docker!
  3. Docker-Aufsetzen braucht viel mehr administativen Aufwand. Pass auf, den automatisieren wir weg! Wir machen Kubernetes!
  4. Kubernetes braucht viel mehr administativen Aufwand. Pass auf, den automatisieren wir weg! Wir machen Ansible!
  5. Ansible braucht viel mehr administativen Aufwand. Pass auf, den automatisieren wir weg! Wir machen Chef / Salt!

Frank hat im letzten Alternativlos das wunderbare Wort “Komplexitätsverstärker” eingeführt. Das ist genau, was hier passiert. Am Ende hast du ein Schönwettersystem. Wenn das erste Mal der Wind dreht, dann hast du einen Scherbenhaufen. Niemand kann diese ganze Komplexität mehr durchblicken.”

[WordPress] SyntaxHighlighter Ampersand character

Recently I noticed that the character & is displayed in the SyntaxHighlighter like this: &amp

To fix this, simply add this snippet of the user kaggdesign to /var/www/html/wp-content/plugins/syntaxhighlighter/syntaxhighlighter.php

/**
 * Filter to fix issue with & in SyntaxHighlighter Evolved plugin.
 *
 * @param string $code Code to format.
 * @param array $atts Attributes.
 * @param string $tag Tag.
 *
 * @return string
 */
function kagg_syntaxhighlighter_precode( $code, $atts, $tag ) {
	if ( 'code' === $tag ) {
		$code = wp_specialchars_decode( $code );
	}
	return $code;
}
add_filter( 'syntaxhighlighter_precode', 'kagg_syntaxhighlighter_precode', 10, 3 );

This can be done directly from the webinterface. Just go to Plugins -> Plugin Editor -> select the Plugin SyntaxHighlighter Evolved -> add the snippet to the end

[Proxmox] Scrub cronjob

Default scrub cronjob when installing Proxmox on ZFS:

nocin@pve:~$ cat /etc/cron.d/zfsutils-linux 
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# Scrub the second Sunday of every month.
24 0 8-14 * * root [ $(date +\%w) -eq 0 ] && [ -x /usr/lib/zfs-linux/scrub ] && /usr/lib/zfs-linux/scrub

[Hardware] A guide to monitor response times

Find the article here: A guide to monitor response times

“Response time” is basically the amount of time it takes for a pixel to change (“transition”) from one color to another, typically measured in milliseconds (ms). This is different from framerate or refresh rate of a monitor, typically measured in hertz (hz).

Here are some common refresh rates and their corresponding windows:

  • 60 hz = 1/60 = 16.67 ms
  • 75 hz = 13.33 ms
  • 100 hz = 10.00 ms
  • 120 hz = 8.33 ms
  • 144 hz = 6.94 ms
  • 240 hz = 4.167 ms

Any response time you see on a monitor box will most likely be “G2G” or gray to gray. Unsurprisingly, response times change depending on the color that is currently displayed and the color you wish to transition to.

To fully understand what a monitor is capable of, you have to consider both speed (response times) and accuracy (overshoot).

In theory, a 1 ms monitor with no accuracy issues would provide a very clean image. At 144hz, it would be displaying a frame every 6.94 ms. This means it would be transitioning for 1 ms, and providing a static image for the remaining 5.94 ms.

[ZFS] Destroy snapshots

Snapshots in ZFS aren’t cumulative. They just include the difference between the filesystem at the time you took the snapshot and now.
Meaning if you have snapshots A, B and C, deleting A doesn’t impact the status of the remaining B and C. This is a common point of confusion when coming from other systems where you might have to consolidate snapshots to get to a consistent state.

This means, you can delete snapshots out of the middle of a list and not screw up snapshots before or after the one you deleted. So if you have:

pool/dataset@snap1 
pool/dataset@snap2 
pool/dataset@snap3 
pool/dataset@snap4 
pool/dataset@snap5

You can safely sudo zfs destroy pool/dataset@snap3 and 1, 2, 4, and 5 will all be perfectly fine afterward.

You can estimate the amount of space reclaimed by deleting multiple snapshots by doing a dry run (-n) on zfs destroy like this:

sudo zfs destroy -nv pool/dataset@snap4%snap8
would destroy pool/dataset@snap4
would destroy pool/dataset@snap5
would destroy pool/dataset@snap6
would destroy pool/dataset@snap7
would destroy pool/dataset@snap8
would reclaim 25.2G

List your snapshots (for a specific dataset simply use grep):

sudo zfs list -rt snapshot | grep pool/dataset

If you need to free some space, you can sort zfs snapshots by size:

zfs list -o name,used -s used -t snap

IPad verloren… in Karton


Folgende Mail erreichte mich nach meinem letzten Online Einkauf von B-Ware 😀

Sehr geehrter Herr xxx,

wir nehmen Bezug auf Ihre Bestellung der folgenden Artikel: xxxxxx

Es erreichte uns nun die Mitteilung, dass der Vorbesitzer versehentlich bei der Rücksendung des Widerrufs das IPad eines anderen Shops in der Verpackung eingelegt hatte.
Da wir noch keine Rückmeldung diesbezüglich erhalten haben, möchten wir dies hiermit melden.
Es handelt sich um den Artikel  “XXXXX”.

Wir bitten um kurze Rückmeldung zwecks Retoure.

Mit freundlichen Grüßen


Leider hatte ich kein IPad in meinem Karton. 🙁