Apps create directories on path of locked dataset, preventing it from mounting
Description
Problem/Justification
Impact
is duplicated by
Activity
Waqar January 19, 2022 at 12:03 PM
i see, there's a race condition where the pod still starts but is then stopped - i have created a new ticket to track that NAS-114378. Thanks for clarifying!
King Ng January 19, 2022 at 8:12 AM
Yes, you are correct and step 2 is not needed. Sorry for the confusion.
Waqar January 19, 2022 at 8:09 AM
i don't follow, when you create the datasets - they should already be unlocked ? So why is step 2 required ?
King Ng January 15, 2022 at 8:27 PMEdited
Let me add more details on top of the steps I previously commented on 03th Jan 2022.
0. Create a new "enc" dataset under the zfs root with default options and encryption with passphase. Create a new "app" dataset under the "enc" with default options and inherited encryption. Create a new "syncthing" dataset under the "app" dataset with default options and inherited encryption.
1. The layout of datasets of interested is now as followed:
2. Unlock the "enc" (and its child datasets) recursively.
3. On the Apps section in the WebUI. Create an app by the "Launch Docker Image" button, and under the "Configure Host Path Volumes" of "Storage", add the path "/mnt/zfs/enc/app/syncthing" into the host path and "/config" to the mount path
4. Reboot
5. On the host system, despite the app having not been started, empty directories with the path of "/mnt/zfs/enc/app/syncthing" are found under the "enc" dataset, despite the "enc" dataset has not been unlocked
6. "enc" refuses to be unlocked, stating the mount point is not empty
7. Removing all the directories under "enc" allows it to be successfully unlocked
Waqar January 7, 2022 at 4:51 AM
i am still not able to reproduce as UI is consuming the API at the end and not doing something directly. It would be nice/better if you could list down explicit steps which i can try and before starting steps please clarify system state like the path which you are mounting, is it a fresh dataset and unlocked etc. Thanks!
Details
Assignee
WaqarWaqarReporter
King NgKing NgLabels
Impact
HighTime remaining
0mComponents
Fix versions
Affects versions
Priority
Low
Details
Details
Assignee
WaqarReporter
King NgLabels
Impact
Time remaining
Components
Fix versions
Affects versions
Priority
LowKatalon Platform
Linked Test Cases, Katalon Defect Results, Katalon Studio Test Results
Katalon Platform
Linked Test Cases, Katalon Defect Results, Katalon Studio Test Results
Katalon Platform
After upgrading to TrueNAS-SCALE-22.02-RC.2, my locked dataset could not be decrypted, stating the directory is not empty. I navigated to the locked dataset directory and found out that folders which are attached to the Apps are created on the path. Folders are unbale to be removed by root, including the WebUI Shell and SSH, as well as the shell environment in the Installer disk. The boot environment has been reverted back to SCALE-22.02-RC.1-2 but the issue presisted.
The issue is suspected to be related to the mount path included in the docker Applications. Both folders that were created and unable to be removed are included in a app that I created using the "Launch docker image". Also, similarly, folders are found to be created in the path of locked dataset in TrueCharts apps mounting location, but the folders are able to be removed in this case.