My YunoHost server
Hardware: dedicated bare-metal server
YunoHost version: 3.8.4
I have access to my server : Through SSH
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
Description of the issue
I got ( too ) excited about the latest release because of the diagnosis feature and jumped to upgrade my server to the latest release. I upgraded from 3.7.1.1
to 3.8.4.3
context
after the yunohost upgrade ( and playing around with the diagnostic tool ), I naturally proceeded to upgrade the yunohost apps in the system.
I had the following apps lined up for upgrade ( in that order ) :
- hubzilla
- netdata
- synapse
- riot
- wordpress
- diaspora
- spip
The first upgrade of hubzilla
failed because Job for nginx.service failed.
I went diggingā¦
I donāt know what happened, but since the yunohost system upgrade, my nginx
takes exactly 1m41s seconds to do any action - be it reload
, restart
, start
, stop
, whatever; even nginx -t
takes the exact same time to execute.
I also tried running it manually from the command-line and it took the exact same time. I couldnāt figure out what was the source of the problem, but I know it is isolated to nginx
. All other actions on the server run fine and smooth. Due to this issue, systemd
times out nginx
by interrupting a reload command ( one that yunohost app upgrade
runs too ).
I spent too much time ( a whole night ) trying to get to the bottom of this issue; and then finally gave up and increased TimeoutStartSec
for nginx.service
.
the actual problem
I spent too much time digging into the nginx
issue that I forgot that I had pending app upgrades to do as well.
So, once I had increased the timeout for nginx, I came back to running the same upgrade command. This time I get thrown another error : The app hubzilla could not be found in the applications list
. Indeed, it wasnāt there. Thatās when I looked at the previous update logs again.
shine@yunohost:~$ sudo yunohost app upgrade hubzilla netdata synapse riot wordpress diaspora spip
Info: The following apps will be upgraded: hubzilla, netdata, synapse, riot, wordpress, diaspora, spip
Info: Now upgrading hubzillaā¦
Info: [+...................] > Loading installation settings... [00h00m,00s]
Info: [#++.................] > Backing up the app before upgrading (may take a while)... [00h00m,02s]
Info: Upgrading source files...
Info: [###++...............] > Upgrading source files... [00h01m,12s]
Info: [#####++.............] > Upgrading nginx web server configuration... [00h00m,19s]
Warning: Job for nginx.service failed.
Warning: See "systemctl status nginx.service" and "journalctl -xe" for details.
Warning: Invalid argument: --
Warning: [ERR] Upgrade failed.
Warning: dpkg: warning: while removing apache2-bin, directory '/var/lib/apache2' not empty so not removed
Warning: dpkg: warning: while removing dconf-gsettings-backend:amd64, directory '/usr/lib/x86_64-linux-gnu/gio/modules' not empty so not removed
Warning: Job for nginx.service failed.
Warning: See "systemctl status nginx.service" and "journalctl -xe" for details.
Warning: Invalid argument: --
Warning: hubzilla has not been properly removed
Warning: 105993 /!\ Packagers! This app is still using the skipped/protected/unprotected_uris/regex settings which are now obsolete and deprecated... Instead, you should use the new helpers 'ynh_permission_{create,urls,update,delete}' and the 'visitors' group to initialize the public/private access. Check out the documentation at the bottom of yunohost.org/groups_and_permissions to learn how to use the new permission mechanism.
Warning: 106926 Group 'visitors' already has permission 'hubzilla.main' enabled
Warning: 106927 This permission is currently granted to all users in addition to other groups. You probably want to either remove the 'all_users' permission or remove the other groups it is currently granted to.
Warning: 106929 The permission was not updated because the addition/removal requests already match the current state.
Warning: 197503 Job for nginx.service failed.
Warning: 197504 See "systemctl status nginx.service" and "journalctl -xe" for details.
Warning: 197506 Invalid argument: --
Warning: 198056 Could not restore the app 'hubzilla'
Warning: Traceback (most recent call last):
Warning: File "/usr/lib/moulinette/yunohost/backup.py", line 1407, in _restore_app
Warning: env=env_dict)[0]
Warning: File "/usr/lib/moulinette/yunohost/hook.py", line 347, in hook_exec
Warning: raise YunohostError('hook_exec_failed', path=path)
Warning: YunohostError: Could not run script: /tmp/restore38mzEL/restore
Warning: 198123 Here's an extract of the logs before the crash. It might help debugging the error:
Warning: 298921 Job for nginx.service failed.
Warning: 298922 See "systemctl status nginx.service" and "journalctl -xe" for details.
Warning: 299024 Invalid argument: --
Warning: 299191 hubzilla has not been properly removed
Warning: 303451 Nothing was restored
Warning: The app was restored to the way it was before the failed upgrade.
Error: Could not upgrade hubzilla: An error occurred inside the app upgrade script
Info: The operation 'Upgrade the 'hubzilla' app' could not be completed. Please share the full log of this operation using the command 'yunohost log display 20200522-022111-app_upgrade-hubzilla --share' to get help
Warning: Here's an extract of the logs before the crash. It might help debugging the error:
Info: DEBUG - 6694 + '[' '!' -e /etc/fail2ban/filter.d/hubzilla.conf ']'
Info: DEBUG - 6694 ++ realpath /etc/fail2ban/filter.d/hubzilla.conf
Info: DEBUG - 6695 + src_path=/etc/fail2ban/filter.d/hubzilla.conf
Info: DEBUG - 6695 + [[ -z '' ]]
Info: DEBUG - 6696 + dest_path=etc/fail2ban/filter.d/hubzilla.conf
Info: DEBUG - 6696 + [[ -e etc/fail2ban/filter.d/hubzilla.conf ]]
Info: DEBUG - 6697 + local rel_dir=/apps/hubzilla/backup
Info: DEBUG - 6697 + rel_dir=/apps/hubzilla/backup/
Info: DEBUG - 6698 + dest_path=/apps/hubzilla/backup/etc/fail2ban/filter.d/hubzilla.conf
Info: DEBUG - 6698 + dest_path=apps/hubzilla/backup/etc/fail2ban/filter.d/hubzilla.conf
Info: DEBUG - 6698 ++ echo /etc/fail2ban/filter.d/hubzilla.conf
Info: DEBUG - 6699 ++ sed --regexp-extended 's/"/\"\"/g'
Info: DEBUG - 6699 + local src=/etc/fail2ban/filter.d/hubzilla.conf
Info: DEBUG - 6700 ++ echo apps/hubzilla/backup/etc/fail2ban/filter.d/hubzilla.conf
Info: DEBUG - 6700 ++ sed --regexp-extended 's/"/\"\"/g'
Info: DEBUG - 6701 + local dest=apps/hubzilla/backup/etc/fail2ban/filter.d/hubzilla.conf
Info: DEBUG - 6701 + echo '"/etc/fail2ban/filter.d/hubzilla.conf","apps/hubzilla/backup/etc/fail2ban/filter.d/hubzilla.conf"'
Info: DEBUG - 6702 ++ dirname /home/yunohost.backup/tmp/hubzilla-pre-upgrade1/apps/hubzilla/backup/etc/fail2ban/filter.d/hubzilla.conf
Info: DEBUG - 6703 + mkdir --parents /home/yunohost.backup/tmp/hubzilla-pre-upgrade1/apps/hubzilla/backup/etc/fail2ban/filter.d
Info: DEBUG - 6706 + echo '[####################] > Backup script completed for hubzilla. (YunoHost will then actually copy those files to the archive). [00h00m,01s]'
Info: DEBUG - 6707 + ynh_exit_properly
Error: The app 'hubzilla' failed to upgrade, and as a consequence the following apps' upgrades have been cancelled: hubzilla, netdata, synapse, riot, wordpress, diaspora, spip
Error: The operation 'Upgrade the 'hubzilla' app' could not be completed. Please share the full log of this operation using the command 'yunohost log display 20200522-022111-app_upgrade-hubzilla --share' to get help
I could see so many red flags there
-
Invalid argument: --
( second line after theJob for nginx.service failed
) -
hubzilla has not been properly removed
- why? why is an upgrade attempting to remove an app? Could not restore the app 'hubzilla'
So, let me go through all of that together :
- An app upgrade may crash due to many reasons ( even systemd service reloads )
- deleting an app assuming that it can be installed later ( during a supposed app āupgradeā )
- because of the upgrade process failing, the process is terminated
where does that leave me? with one app lesser than I had before I started the upgrade.
thatās not what I was expecting when I ran that command. I thought it was an isolated incident and let it slide.
and then nicely removed hubzilla
from the list of apps and ran the command again ( hoping nothing would break this time ). This time PHP failed to reload
because it couldnāt find the hubzilla path - /var/www/hubzilla
( remember weāre in partial installation state twice now ). and there I lost another app - netdata ( I didnāt care much about hubzilla because it didnāt work for me ; but I loved netdata ). And this happened a third time with synapse ( yes, synapse too ) and this time it was fail2ban
complaining about hubzilla
's jail. Thankfully, that was the last of hubzilla and the remainder of the apps upgraded in peace ( but what good is riot
if I donāt have synapse
running? I could even run riot
locally from my machine; but I need to connect to my homeserver; which I donāt have anymore )
so, hereās a question : why are apps being deleted during a supposed āupgradeā process? Is this a YunoHost thing or under the control of the app developer? I think it is on the systems side, rather than the app.
also, thereās something fundamentally wrong about the way the process status checks are handled during the upgrade process. Otherwise, there shouldnāt be a situation where I even get to this state.
PS : I was able to debug all of this because Iām savvy with the terminal. That wouldnāt be the case with a novice user.
PPS : Iām more than 50% sure that this is how I lost my gitlab app after I had upgraded another minor version earlier; but then I wasnāt using that gitlab instance at all. I had installed it many years ago; but didnāt bother to use it. The only thing it was doing was eat a lot of the available RAM by just simply running. Sometimes Iād go and kill it when the system was choking due to lack of memory. Other times, I just didnāt care. So, when it got āaccidentally deletedā. I thought āgood riddanceā; but thatās definitely not how I felt when I lost my netdata
and synapse
.
is there some way to triage this and get it fixed? we donāt want to break existing users from hitting these issues, do we?