Beiträge von CDuv

Symptoms

I get "communication failure" issues when I want to list the users of my system (but not the groups) or when I wan to edit the ACL of a shared folder.

Exactly 1 minute after the HTTP request is sent, my browser get a 504 Gateway Timeout and Nginx adds a 499 HTTP response code in it's access.log log file.

Context

I have 539 users and 175 groups (including thoses coming from LDAP via nslcd, libnss-ldapd, libpam-ldapd) so I guessed it was a "too-many things to iterate in too-short time" issue.

Debugging

I tested with /usr/sbin/omv-rpc:

time /usr/sbin/omv-rpc "UserMgmt" "getGroupList" '{"start":0,"limit":null,"sortfield":null,"sortdir":null}'
time /usr/sbin/omv-rpc "UserMgmt" "getUserList" '{"start":0,"limit":null,"sortfield":null,"sortdir":null}'

and got the following timings:

• getGroupList:
  Code

  real    0m1.771s
  user    0m0.040s
  sys     0m0.008s

• getUserList:
  Code

  real    1m24.608s
  user    0m0.033s
  sys     0m0.017s

There you go: getting the groups executes in about 2s, but getting the users takes 1m24s, which exceeds the 1 minute time out.

By looking/debugging the following source files (added microtime(true) and logged to /tmp file):

• /usr/share/php/openmediavault/system/user.inc: for getUsers()
• /usr/share/php/openmediavault/system/group.inc: for getGroups()
• /usr/share/openmediavault/engined/rpc/usermgmt.inc: for enumerateUsersByType(), enumerateGroupsByType(), getUserList(), getGroupList()

I got the following execution detail:

• getGroupList:
  Code

  OMV\System\Group::getGroups(): cmd executed in 0.035168
  OMV\System\Group::getGroups(): output of 175 items parsed in 0.000187
  Engined\Rpc\UserMgmt::enumerateGroupsByType(): got list of 175 items in 0.035927
  Engined\Rpc\UserMgmt::enumerateGroupsByType(): result array of 108 items filled in 1.582890
  Engined\Rpc\UserMgmt::getGroupList(): got list of 108 items in 1.619559
  Engined\Rpc\UserMgmt::getGroupList(): groups array of 108 items enriched in 0.079005

• getUserList:
  Code

  OMV\System\User::getUsers(): cmd executed in 0.103545
  OMV\System\User::getUsers(): output of 539 items parsed in 0.000745
  Engined\Rpc\UserMgmt::enumerateUsersByType(): got list of 539 items in 0.105240
  Engined\Rpc\UserMgmt::enumerateUsersByType(): result array of 500 items filled in 84.242414
  Engined\Rpc\UserMgmt::getUserList(): got list of 500 items in 84.348474
  Engined\Rpc\UserMgmt::getUserList(): users array of 500 items enriched in 0.181667

Analysis

The foreach in UserMgmt::enumerateUsersByType() calls UserMgmt::getUserInfo() which instanciates a new OMV\System\User and fetch it's data using new getent or id system calls (about 3 times according to OMV\System\User::getData()).

I think my "bottleneck" is here: 539 users * 3 system calls: *ouch*.

Unless there is a way to add cache to these data (at various levels) I don't think I could get the list of users in less then 1 minute. And I can live with that.

Workaround (yet to be found)

But I would like Nginx/FPM/WebGUI to wait thoses 1m24s because -I've checked- the UserMgmt::getUserList() triggered from the WebGUI does finishes it's job even after Nginx timed-out.

I tried setting the following in Nginx configuration (/etc/nginx/sites-enabled/openmediavault-webgui without luck:

server {
    # [...]
    location ~ \.php$ {
        # [...]
        fastcgi_read_timeout 180s;
        client_header_timeout 180s;
    }
    client_body_timeout 180s;
}

And I could not find anything in the /etc/php/7.3/*/php.ini or /etc/php/7.3/fpm/pool.d/*.conf files.

There is a setting I failed to think about: but which one?

Thanks for any help you could provide.

Versions used

• Debian v10
• Kernel v5.10.0
• openmediavault v5.6.13
• Nginx v1.14.2
• PHP v7.3.29
• PHP-FPM v7.3.29

Hello,

I can log on my Debian Wheezy v7.11 via SSH using the credentials of my LDAP server (OpenLDAP installed somewhere else) and both LDAP users and groups are recognized by `getent` and `id`.
My OMV v2.2.12 sees the groups and their memberships but fails to list the users (other thread).

Is there a way for the Samba server that OMV is running to use PAM as an authentication source?
Then I could avoid installing the openmediavault-ldap plugin into OMV.

Updating the thread because I am now on OMV v2.2.12, Debian Wheezy v7.11 and the problem still exists.

Still getting:

Zitat von /var/log/syslog

nslcd[23135]: [9f63fd] <group(all)> cn=sales,ou=Groupes,dc=example,dc=com: cn: denied by validnames option
nslcd[23135]: [9f63fd] <group(all)> cn=r_and_d,ou=Groupes,dc=example,dc=com: cn: denied by validnames option
nslcd[23135]: [9f63fd] <group(all)> cn=communication,ou=Groupes,dc=example,dc=com: cn: denied by validnames option

and the web UI fails to list the users:

Zitat von Web UI

An error has occured
communication failure

And fails to list the users when modifying a group:

Zitat von Web UI

Error:
Gateway Time-out

I have about 460 users and 60 groups in the LDAP directory.

Debian recognize them (and I can log as them via SSH) :

getent passwd | wc -l

500

getent group | wc -l

120

Could it be a simple slow response issue?
The `getent passwd` commands takes less than a second to run.

Zitat von blublub

I updated via GUI and it works

After the update, what version of Debian and zfsonlinux are installed?

First post should indicates if ZFS plugin is compatible with OpenMediaVault 2.x ("Stone Burner").

I am running OMV v1 ("Kralizec") and willing to update to v2 but I would like to know what issues I will face before upgrading...

I have updated ZFS plugin to to 0.6.4 and ZFS volumes are are now available when creating a shared folder.

Then I was able to create a CIFS/SMB share: but I now have an auth issue when trying to access the SMB share.

Well, it looks like my issue is different from @Moimeme's: the UID and GID I use compatible with default settings.
I cannot test if my users (local and/or LDAP) are displayed or not on the "ACL List" because I cannot add Shared Folders" yet (it's an other issue).

But I've noticed that my /var/log/syslog file gets filled with lot of:

Zitat

nslcd[23135]: [9f63fd] <group(all)> cn=sales,ou=Groupes,dc=example,dc=com: cn: denied by validnames option
nslcd[23135]: [9f63fd] <group(all)> cn=r_and_d,ou=Groupes,dc=example,dc=com: cn: denied by validnames option
nslcd[23135]: [9f63fd] <group(all)> cn=communication,ou=Groupes,dc=example,dc=com: cn: denied by validnames option

and less:

Zitat

nslcd[23135]: [f69c3f] <group/member="john-doe"> cn=sales,ou=Groupes,dc=example,dc=com: cn: denied by validnames option

It really is the first time I run into theses error with PAM-LDAP setup: what would OMV try that would generate this kind of error?

Zitat von davidh2k

The right way (what the ZFS plugin does): Add a new class to the storage function which describes how to work with a ZFS filesystem/volume (I was using volume, but I meant filesystem). Then it will be detected in the WebGUI and you can use it.

The hacky way: mount the zfs filesystem to /media/UUIDofyourZFSfilesystem/ and put it into the /etc/openmediavault/config.xml - this 'could' work and allow you to use the filesystem, but I'm not 100% sure - its up to you to try it out.

Right way:
Could not find the right place to add some PHP class. I've found OMVFilesystems::enumerate() in "/usr/share/php/openmediavault/system.inc" that might seems to be a ugly starting point (it parses the output of command blkid -o full).

Hacky way:
blkid command returns:

Zitat

$ blkid
/dev/sdc1: LABEL="mainVolume" UUID="9626336108252084626" UUID_SUB="8076597734574968212" TYPE="zfs_member"
/dev/sdd1: LABEL="mainVolume" UUID="9626336108252084626" UUID_SUB="3435428460824043642" TYPE="zfs_member"
/dev/sde1: LABEL="mainVolume" UUID="9626336108252084626" UUID_SUB="17615302571643361007" TYPE="zfs_member"
/dev/sdf1: LABEL="mainVolume" UUID="9626336108252084626" UUID_SUB="15140204519545450510" TYPE="zfs_member"
/dev/sdg1: LABEL="mainVolume" UUID="9626336108252084626" UUID_SUB="6967421667606088857" TYPE="zfs_member"
/dev/sda1: UUID="ebf2ce26-202e-7a3a-c5f4-86e605d812d3" UUID_SUB="96e75199-71c4-e24a-849b-bd55dc1e5e01" LABEL="nas-box:0" TYPE="linux_raid_member"
/dev/sda2: UUID="6d58c9bf-cc64-689e-d5db-21235a59d714" UUID_SUB="87014e82-0c5e-914a-b658-666a909c3256" LABEL="nas-box:1" TYPE="linux_raid_member"
/dev/sda3: UUID="741a4382-a855-45bd-845d-50cfe84e12a0" TYPE="swap"
/dev/sdb1: UUID="ebf2ce26-202e-7a3a-c5f4-86e605d812d3" UUID_SUB="5f43b461-9ce4-027e-1d32-86f183bb001f" LABEL="nas-box:0" TYPE="linux_raid_member"
/dev/md0: UUID="f4ef3068-6b28-410e-a051-fc5caf74b20c" TYPE="ext4"
/dev/md1: UUID="6oZ7uv-6BiH-xSSC-X7RQ-K3Hc-W0z1-4031R2" TYPE="LVM2_member"
/dev/mapper/system-fsroot: UUID="7ccb72a6-1e3b-4a69-a55c-b24fad1fc370" TYPE="ext4"
/dev/mapper/system-usr: UUID="3ecd38aa-a5de-4fc6-b8ce-0ccfb8af3550" TYPE="ext4"
/dev/mapper/system-root: UUID="b4cd5b7c-01a3-4083-a168-0bd2f73c56e8" TYPE="ext4"
/dev/mapper/system-tmp: UUID="e272f24d-e5e1-4222-ab2a-47abc8024052" TYPE="ext4"
/dev/mapper/system-var: UUID="ab9b6c30-6c7b-4a2c-a18d-c53afe371056" TYPE="ext4"
/dev/sdh1: LABEL="mainVolume" UUID="9626336108252084626" UUID_SUB="8477587448113775876" TYPE="zfs_member"
/dev/sdb2: UUID="6d58c9bf-cc64-689e-d5db-21235a59d714" UUID_SUB="02826ddb-60ae-190a-eca3-ab188870b550" LABEL="nas-box:1" TYPE="linux_raid_member"
/dev/sdb3: UUID="2b4dc56f-f3ba-49d4-8a0f-00575f0108da" TYPE="swap"

Alles anzeigen

So I've added

<quota>
  <uuid>9626383561025520466</uuid>
  <fsuuid>9626383561025520466</fsuuid>
</quota>

to node /system/storage/filesystem of file /etc/openmediavault/config.xml and restarted openmediavault-engined daemon but it didn't helped the FS to show up on OMV WebGUI.
Is it the right place and procedure?

Zitat von ryecoaaron

Create a shared folder on a different drive and bind mount the zfs volume to that.

I cannot create any Shared folder because there is not a single (ZFS or not) Volume listed:

I'll try both ASAP. Thanks for the help.

Oups: just found out there was another topic with very similar issue:
OMV / LDAP Client

It contains useful infos that might resolve my issue: I will look into and test it ASAP.

Note: I've installed the OpenMediaVault package on a quite fresh Debian Wheezy (7.6).

My Debian box was already configured to do PAM-LDAP auth: users from my LDAP server can SSH to it just fine and both getent passwd and getent group returns the LDAP users and groups.

On OMV WebGUI, the Group tab works: all my groups are displayed with correct members. However the Users tab seems to hangs: after a while the interface displays a modal window with the message:

Zitat

An error has occured
communication failure

As I want to benefits from OMV tools to set perms on Shared Folder I need to fix this.
I've tried to install the OMV LDAP plugin but it broke the PAM auth (could not SSH to the server using LDAP credentials anymore).

What log file should I look into to give you more useful infos on the problem?

I understand this and I'm not looking for a complete ZFS integration, but is there a way to manually create the volume (what is a volume in OMV btw?) so that I can use WebGUI to create the stuff that requires a volume?

Note: I've installed the OpenMediaVault v1.0.8 package on a quite fresh Debian Wheezy (7.6) and I'm using ZFS on Linux to add ZFS file system support for my storage disks (system disks are in ext4).

OMV, Debian and ZFS work great except I cannot create a Shared folder via OMV Web GUI because no volume is listed in the "Volume" drop down menu of the create shared folder form.

I understand it's most likely related to my storage disk using ZFS (it's not even listed on WebGUI): but how can I circumvent this? Is there a way to manually tell OMV I have a volume so he'll let me add a shared folder on the ZFS FS?