Posts by UKenGB

Quote from votdev

The admin user is only used for web UI login and does not get any emails.

So I guess it is a software that has a UI and the user admin that is sending emails to you. You did never mention what the content of this emails is. It might help to identify the creator of those.

I have email notifications setup to go to admin@home (which works) but these emails were being sent to admin@macserve.home that I may have set up in OMV years ago, but switched to @home as @macserve.home did not work. So I'm wondering if this loop has been going on for years.

Unfortunately I was unable to actually look at any of the messages to help discover their origin.

Anyway, in my attempts to reconfigure postfix on the server, a small change to test something caused 517 emails to suddenly be delivered and the loop stopped. They were rejected mail error messages that have obviously been looping around for quite some time. Anyway the loop was broken and the network as as quiet as it should be.

Also, I have now been able to modify postfix to accept mails to user@macserve.home, so there should never be another loop.

Now I can get back to trying to figure out why my auto backup function is not working as it should and not sending me notification emails, which is what caused me to discover the loop.

Thanks but 'nut' wasn't something I remembered and on checking it is not installed.

If I could find a way to see what the email is that is being sent, it should give me an idea of what is trying to send it. In any case, what is possibly trying to send a message every 7 seconds. Nothing should be creating that much traffic.

i've used postqueue -p to show all the messages in the queue, then postsuper -d all to clear the queue, then postqueue -p to hopefully see an empty queue, but they're all still there.

I rebooted the OMV server and again, something is trying to send an email every 7 seconds. WTF is going on?

OMV has been running unattended for some time without apparent issue, but today I logged in to check a few things, ran the expected updates and all seems good. However, the mail.log has been and still is going crazy trying to send an email to admin@myserver.home, which is bounced (that address doesn't work), but it then repeats the attempt 7 seconds later. And 7 seconds after that and so on. It is being sent From admin@omvserve.home which would be correct, but what the hell is it trying to send to my local email server?

OMV Notifications are configured to email admin@home and this works. In fact mergerfs' weekly report is correctly delivered to admin@home, so looks like OMV configuration is basically ok. However I have a problem with something trying to send an email To admin@myserver.home and I cannot find that address anywhere in the configuration, but it's From admin@omvserve.home which implies it emanates from OMV.

What in OMV tries to send an email every 7 seconds?

No, NFS, but that's not relevant to the problem. The filesystem contains media files, added to by Plex and also a user specifically for that. To keep it all running smoothly, everything needs to be group writable and although I can manually adjust existing files, anything that gets added is wrong and I have to manually adjust. Ok when it's me adding the content, but when Plex is recording, I don't know when it's taking place and trying to ensure correct perms gets harder and harder. So I just want to ensure anything that gets created is created with the required perms. That would make my life a lot simpler.

However, as I mentioned, these are XFS filesystems and as far as I can determine, XFS does not support a umask mount option, so I'll have to do it by user instead. Not absolutely ideal, but acceptable and more important, doable.

One is actually a mergerfs merge and I added a umask option to that mount as it was supposed to work (according to trapexit), but it gets it all wrong and applies the same perms to both files and folders, including all existing ones and then will not allow any changes. So I've reversed that.

As I said, setting umask for the appropriate users will do.

Quote from UKenGB

Ok thanks. I thought modifying the config files was no good as the changes would be lost.

I'll give that a try, Would be great to have it in the GUI though.

Sadly it's not gonna work as I now realise that XFS does not allow a umask mount option and the volumes on which I want to set umask are of course, XFS.

Quote from votdev

You need to modify the <opts> field in the config.xml file. After that, run omv-salt deploy run fstab.

Ok thanks. I thought modifying the config files was no good as the changes would be lost.

I'll give that a try, Would be great to have it in the GUI though.

I want to set the umask for a couple of the filesystems. I can find nowhere in the GUI to add mount options. They exist in config.xml, but don't seem to be configurable from the GUI. How can I add special mount options for a filesystem?

I am exporting a couple of shares over NFS, mounted on a Mac (running Monterey). They are working, but some issues I'd like to fix.

First of all, it's using NFS v.3. OMV does support v 4, 4.1 and 4.2, as does the Mac as a client, but the mounts end up v.3. If I try to force v.4 on the Mac, it cannot mount the shares, some vague error about 'permissions', but that can simply mean the shares are not available.

So if the Mac is unable to mount using v.4, that rather suggests that OMV is sharing them only with v.3. Is this possible? In any case, any suggestions as to how I can get the Mac mounting shares with v.4?

If I put the OMV server to sleep, when it wakes, the shares are not available. Can also happen at other times when it has not been asleep. I have to disable NFS in the OMV GUI and save, then enable NFS again and save. Then I can mount the shares. It's not a major problem, but very irritating so would like to find a solution to this also.

Finally, the biggest issue really is that trying to save a file (open on Mac) over the network to the HFS share can be a problem. About 50% of the time, the save fails with a complaint about 'truncation error'. The last 2 times were video files with some minor tag changes and after this error, they were completely borked. Still the full size on the server, but cannot be played. Opened in several video editing apps to try and see if I could recover them, but no chance. As I said, 'borked'.

Fortunately I have been able to obtain good copies to replace them, but clearly this is a serious problem. I've been using networks of various types for 40 years and I don't think I've ever come across an error like this that has actually trashed the file. This exact process (saving tag edited video file) over an AFP or SMB connection to a Mac server has NEVER had any problem whatsoever.

I don't want to ditch NFS and just use SMB. I'd like to get this NFS connection working. Could do with some assistance as to what I need to do in OMV to make it work.

Quote from chente

This document should clarify all aspects of mergerfs. If this is not the case, you can say so or propose improvements.

https://wiki.omv-extras.org/do…mv6:omv6_plugins:mergerfs

( crashtest )

That's not really what I was saying. The way OMV presents much of its configuration uses the same visual style and as I have explained above, it does not make clear what information belongs to which 'section'. Yes, If I study it and look closely I can figure it out, but good interface design would make this all obvious at first glance. In truth it is not hard to make clear what relates to what and OMV is somewhat obscure in this regard.

This is not a 'complaint' as such as I really appreciate what OMV provides and enables for me, but should be taken as constructive criticism.

Ah, got it. Had another look at creating a new 'merge' in mergerfs plug-in and Filesystems are not the only possible source. I can add folders (shared or otherwise). So that all looks like I can do what I need.

I have to say that this aspect of the OMV GUI is visually hard to grasp. The lines across the 'page' as first glance appear to delineate different sections, each with description and data entry (text or drop down), but in fact each section 'straddles' the line, with no clear distinction between one section and the next. OMV is terrific, but this is not good interface design. Sorry, I have done a fair bit of interface design/development myself over the years and this aspect of the GUI is a terrible design and makes it hard to grasp what is connected to what and in this case obscured from me what I had previously been looking for. There needs to be a clear distinction between each section, keeping Name, Value and Description in a clearly defined group, and easily distinguishable from other sections.

Anyway, thanks for the prod to look at mergerfs again.

I want to combine a couple of directories to a single 'read only' view. I think overlayfs (now a mount command option) should work. Is there any way to configure this in OMV GUI?

I've had a good look, but cannot find anything relevant. Is there a way of setting this up in the GUI?

Yes I do. I think I had to do that before I could even create the 'shared folders' I need. They are all set up and I've tried various user perms, but no matter what I try, saving via FTP doesn't and rsyncd complains the filesystem is 'read only'.

As I said, I can use plain rsync and that works without problem (as does scp), but neither ftp nor rsync daemons can write to anywhere in '/'.

I need remote access to some directories of the '/' filesystem, Specifically:-

I need ftp access so I can edit config files on my Mac and simply save them. This is easy in BBEdit and I've been doing it for years with my Mac server.

I also need to be able to rsync some files to various locations.

No problem with either of the above when the target is one of the other drives on my OpenMediaVault server, but simply fail when the target is within '/'. In the case of ftp, I can easily open the required file, but although 'saving' creates no error, nothing actually is saved. Rsync however complains about the target being a 'read only' filesystem which is nonsense as I have write access with any user from direct login or ssh over the network and files can be copied/sync'd both with scp and/or rsync when not using a defined daemon module - IOW just direct rsync to the specified folder. No problem.

So, the issue only arises when using 'Services' configured in OMV (i.e. FTP and rsync). From which I figure that OMV is placing some overall restriction on remote access to anywhere within '/'. I sort of understand that this could be an issue for unknowledgeable users and publicly accessible servers, but I'm not ignorant in such matters (just how OMV is doing things behind the scenes) and this is my private home network which if under attack means I've got bigger problems than unauthorised access to my media. So…

Could anyone possibly explain how to allow ftp and rsync(d) access to the root filesystem? Would be much appreciated.

Quote from votdev

You need to run

Code

$ omv-salt stage run prepare
$ omv-salt deploy run nginx

Yup, did that.

Logging in to the address I want to use works fine, but when I try to access it via the other address I am trying to block - OMV web gui opens just as happily.

OMV_NGINX_SITE_WEBGUI_LISTEN_IPV4_ADDRESS is set to the address I want to use and I've run all the 'salt' commands that seem to be required, but it's still listening on the address I'm trying to block and the nginx config file shows the listen command is not used for this (not been changed), so I don't even know how it's trying to block that IP address. Whatever, it isn't.

I set the environment variable as per the instructions, but didn't work. Still accepts requests on all addresses.

Is a full restart required?

Quote from votdev

Allowing the user to enter an IP address in the Workbench page does not make sense because IP addresses may change if you use DHCP for example.

In the above posts you have all necessary information to limit access to a specific interface. Use environment variables to customize the nginx listen directive to the IP you are using or create an iptables rule.

From the OMV point of view all necessary tools are available to make your requirement happen.

Well I completely disagree. To not allow the user to set the listen address because "it may change" is restricting control for everyone just for the sake of those for whom it may not always work. It should be up to the user to configure it correctly (like a server should have a static address set). You could always display a warning in the webgui if the IP address is included rather than simply not allowing anyone to suitably configure nginx.

Not only that, but you then go on to explain how it CAN be done (using an unnecessarily convoluted method), hence negating your previous statement that it should not be allowed.

Nginx provides the EXACT method for doing this and for nonsensical reasons you won't allow it. Yes I know about setting the variable, but that should not be necessary.

Sorry, OMV is a great product, but this is dumb.

I could have been clearer. Indeed, nginx cannot bind to any specific 'interface', but each 'server' definition CAN be bound to a specific IP address which is what I am wanting.

Address and Interface can sometimes get used interchangeably, but in nginx's case, it's an important distinction and as I have just a single address assigned to each interface, in my case they are the same thing, but I understand the difference in nginx.

However that does not change the question of how to restrict the OMV webgui to a specified IPaddress, which CAN be done in nginx using 'listen address:port', but OMV's webgui prevents this from being entered and as we know, editing the underlying nginx config files would only be temporary until OMV overwrote the file which would remove the IPaddress portion.

Why can we not allow the entry of 'address:port' in the webgui so that we can actually restrict OMV webgui to a single address?

Quote from votdev

It is not supported because nginx can not be limited to a specifc interface only.

Why do you say that? A listen directive in a 'server' block can be of the format:-

listen IPaddress:port

which specifically restricts nginx to that address and port for that 'server' definition. Whatever other 'server' definitions there are, each can be restricted and since OMV's webgui is simply defined in a 'server' block, I see no reason it cannot be restricted to any specified address (that exists for the actual server of course). The only issue seems to be that the webgui prevents you from entering anything other than just a port number.

Admittedly I am no nginxpert, but the documentation seems very clear on it being able to restrict a 'server' to a single IPaddress.

My OMV server has 2 ethernet interfaces and I want to be able to restrict the webgui to just one of them. I can change the port (and have done so), but the nginx 'Listen' directive can accept IPaddress:port which is exactly what I want. However, the webgui does not allow this type of entry in its port section and if I edit the file directly, it will (eventually) get overwritten by OMV.

Can anyone explain how to restrict the webgui to a specific address and if for some reason it's not possible, why? Seems an entirely reasonable configuration so can see no reason why OMV would specifically not allow this, but cannot see how to actually set it up.