Upgrade 16.0.1 -> 17.0.x fails

Behaviour

Steps to reproduce this issue

Initialize a docker-container with crazy-max/nextcloud:16.0.1
Build the same container again with crazy-max/nextcloud:17.0.1 or 17.0.2
Start the container

Expected behaviour

Server migrates everything and resumes normal operation.

Actual behaviour

Something in the startup script goes wrong. I think this is how things go down:

The initialization scripts are launched, all starts well
03-config.sh starts execution
When Setting PHP configuration, things go south I think:
1. sed: bad option in substitution expression
2. and later nginx: [emerg] mkdir() "/var/tmp/nginx/client_body" failed (13: Permission denied), which keeps repeating from there on.

The failure of the startup scripts happens both in the cron container, as well as in the actual nextcloud container.

Configuration

Docker version: 17.09.1-ce, build 0a5102e
Docker compose version if applicable: 1.22.0, build f46880f
Platform (Debian 9, Ubuntu 18.04, ...): QNAP OS
Include all necessary configuration files: See patzm/dockerfiles@9142e90 in the nextcloud subfolder

Docker info

Containers: 14
 Running: 13
 Paused: 0
 Stopped: 1
Images: 41
Server Version: 17.09.1-ce
Storage Driver: overlay
 Backing Filesystem: extfs
 Supports d_type: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 6c000fd07a23e5904618abdbb31f75c44865ef13 (expected: 06b9cb35161009dcb7123345749fef02f7cea8e0)
runc version: 3f2f8b84a77f73d38244dd690525642a72156c64
init version: 949e6fa
Security Options:
 seccomp
  Profile: default
Kernel Version: 4.2.8
Operating System: QTS 4.3.5 (20181013)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.682GiB
Name: tatooine
ID: U4RN:HMOX:E2W7:EW7U:XFQX:ARB7:NLRS:PT44:BWF6:RFAO:5XHH:RVKJ
Docker Root Dir: /share/CACHEDEV1_DATA/Container/container-station-data/lib/docker
Debug Mode (client): false
Debug Mode (server): true
 File Descriptors: 215
 Goroutines: 199
 System Time: 2020-01-20T23:04:39.292518799+01:00
 EventsListeners: 3
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

WARNING: No kernel memory limit support

Logs

...
nextcloud    | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
nextcloud    | [s6-init] ensuring user provided files have correct perms...exited 0.
nextcloud    | [fix-attrs.d] applying ownership & permissions fixes...
nextcloud    | [fix-attrs.d] done.
nextcloud    | [cont-init.d] executing container initialization scripts...
nextcloud    | [cont-init.d] 00-fix-logs.sh: executing...
nextcloud    | [cont-init.d] 00-fix-logs.sh: exited 0.
nextcloud    | [cont-init.d] 01-fix-uidgid.sh: executing...
nextcloud    | [cont-init.d] 01-fix-uidgid.sh: exited 0.
nextcloud    | [cont-init.d] 02-fix-perms.sh: executing...
nextcloud    | Fixing perms...
nextcloud    | [cont-init.d] 02-fix-perms.sh: exited 0.
nextcloud    | [cont-init.d] 03-config.sh: executing...
nextcloud    | Setting timezone to Europe/Berlin...
nextcloud    | Setting PHP-FPM configuration...
nextcloud    | Setting PHP configuration...
nextcloud    | sed: bad option in substitution expression
nextcloud    | Setting Nginx configuration...
nextcloud    | Initializing Nextcloud files/folders...
nextcloud    | [cont-init.d] 03-config.sh: exited 0.
nextcloud    | [cont-init.d] 04-svc-main.sh: executing...
nextcloud    | Bootstrapping configuration...
nextcloud    | The current PHP memory limit is below the recommended value of 512MB.
nextcloud    | [cont-init.d] 04-svc-main.sh: exited 0.
nextcloud    | [cont-init.d] 05-svc-cron.sh: executing...
nextcloud    | [cont-init.d] 05-svc-cron.sh: exited 0.
nextcloud    | [cont-init.d] 06-svc-news-updater.sh: executing...
nextcloud    | [cont-init.d] 06-svc-news-updater.sh: exited 0.
nextcloud    | [cont-init.d] done.
nextcloud    | [services.d] starting services
nextcloud    | [services.d] done.
nextcloud    | nginx: [emerg] mkdir() "/var/tmp/nginx/client_body" failed (13: Permission denied)
nextcloud    | [20-Jan-2020 22:40:16] NOTICE: fpm is running, pid 293
nextcloud    | [20-Jan-2020 22:40:16] NOTICE: ready to handle connections
nextcloud    | nginx: [emerg] mkdir() "/var/tmp/nginx/client_body" failed (13: Permission denied)
nextcloud    | nginx: [emerg] mkdir() "/var/tmp/nginx/client_body" failed (13: Permission denied)
nextcloud    | nginx: [emerg] mkdir() "/var/tmp/nginx/client_body" failed (13: Permission denied)
nextcloud    | nginx: [emerg] mkdir() "/var/tmp/nginx/client_body" failed (13: Permission denied)
nextcloud    | nginx: [emerg] mkdir() "/var/tmp/nginx/client_body" failed (13: Permission denied)
nextcloud    | nginx: [emerg] mkdir() "/var/tmp/nginx/client_body" failed (13: Permission denied)
nextcloud    | nginx: [emerg] mkdir() "/var/tmp/nginx/client_body" failed (13: Permission denied)
nextcloud    | nginx: [emerg] mkdir() "/var/tmp/nginx/client_body" failed (13: Permission denied)
nextcloud    | nginx: [emerg] mkdir() "/var/tmp/nginx/client_body" failed (13: Permission denied)
nextcloud    | nginx: [emerg] mkdir() "/var/tmp/nginx/client_body" failed (13: Permission denied)
nextcloud    | nginx: [emerg] mkdir() "/var/tmp/nginx/client_body" failed (13: Permission denied)
nextcloud    | nginx: [emerg] mkdir() "/var/tmp/nginx/client_body" failed (13: Permission denied)
nextcloud    | nginx: [emerg] mkdir() "/var/tmp/nginx/client_body" failed (13: Permission denied)
nextcloud    | nginx: [emerg] mkdir() "/var/tmp/nginx/client_body" failed (13: Permission denied)
nextcloud    | nginx: [emerg] mkdir() "/var/tmp/nginx/client_body" failed (13: Permission denied)
...

I think these are the relevant lines:

docker-nextcloud/rootfs/etc/cont-init.d/03-config.sh

Lines 62 to 69 in a5f1c04

    
           # PHP 
        
           echo "Setting PHP configuration..." 
        
           sed -e "s/@APC_SHM_SIZE@/$APC_SHM_SIZE/g" \ 
        
             /tpls/etc/php7/conf.d/apcu.ini > /etc/php7/conf.d/apcu.ini 
        
           sed -e "s/@OPCACHE_MEM_SIZE@/$OPCACHE_MEM_SIZE/g" \ 
        
             /tpls/etc/php7/conf.d/opcache.ini > /etc/php7/conf.d/opcache.ini 
        
           sed -e "s/@MEMORY_LIMIT@/$MEMORY_LIMIT/g" -e "s/@TIMEZONE@/$TZ/g" \ 
        
             /tpls/etc/php7/conf.d/override.ini > /etc/php7/conf.d/override.ini

@patzm Like I said in #29, take a look at the CHANGELOG.md about recent changes and specially: 17.0.1-RC3 / 16.0.6-RC3 / 15.0.13-RC3 (2019/11/18)

Oh ok thanks. That makes sense, I will try it in the evening!

So I got further this time.

I entered a disposable container, mounted my data volume (i.e. it wasn't a mounted directory from the host OS), and ran chown -R 1000:1000 /data (I don't overwrite PUID and PGID, the defaults should be the aforementioned). /data is the direct parent of config, data, session, themes, tmp, and userapps.
I used the docker image tag 17.0.2 and updated all containers (docker compose up -d). Nextcloud upgraded, updated all apps, updated the config/config.php.
However I still got the nextcloud | nginx: [emerg] mkdir() "/var/tmp/nginx/client_body" failed (13: Permission denied) errors. I checkted the permissions of /var/tmp, they were owned by nexcloud:nextcloud, i.e. 1000:1000 (according to /etc/passwd) with permissions drwx------. The nginx user has PUID=100 and PGID=101, so I tried chown -R 100:101 /var/tmp/nginx. This didn't work. Only running chmod -R 777 /var/tmp/nginxdid the job. Is this expected? This will now happen every time I restart the container, right? Later, I also realized that the folders that were then created inside were owned bynextcloud, not nginx` 🤔; so why were the previous permissions insufficient?

Additional question: shouldn't nginx use /data/tmp as the temporary directory as indicated in config.php?

@patzm Can you post you compose file, .env files and config.php without sensitive values?

The nginx user has PUID=100 and PGID=101

Yes but nginx is executed by nextcloud user. You can type ps -a in the container to be sure.

Additional question: shouldn't nginx use /data/tmp as the temporary directory as indicated in config.php?

No it's exclusively used by nextcloud.

Looking at linuxserver/docker-letsencrypt#67, it could be an issue linked to your kernel. Can you give me the output of uname -a on your host please?

Looking at linuxserver/docker-letsencrypt#67, it could be an issue linked to your kernel. Can you give me the output of uname -a on your host please?

Linux <hostname> 4.2.8 #1 SMP Sat Oct 13 01:15:25 CST 2018 x86_64 GNU/Linux

@patzm Can you post you compose file, .env files and config.php without sensitive values?

I pushed all local changes to patzm/dockerfiles@2e9e755 in the folder `nextcloud.

@patzm I've changed Nginx temp folders location. Can you test the new image?

@crazy-max, thanks! I just tried it and it worked. I will also test your recent push to 18 👍

Upgrade 17.0.02 to 18.0.0 went smoothly 💪 👍 🚀

@patzm Nice :)

	# PHP
	echo "Setting PHP configuration..."
	sed -e "s/@APC_SHM_SIZE@/$APC_SHM_SIZE/g" \
	/tpls/etc/php7/conf.d/apcu.ini > /etc/php7/conf.d/apcu.ini
	sed -e "s/@OPCACHE_MEM_SIZE@/$OPCACHE_MEM_SIZE/g" \
	/tpls/etc/php7/conf.d/opcache.ini > /etc/php7/conf.d/opcache.ini
	sed -e "s/@MEMORY_LIMIT@/$MEMORY_LIMIT/g" -e "s/@TIMEZONE@/$TZ/g" \
	/tpls/etc/php7/conf.d/override.ini > /etc/php7/conf.d/override.ini