Hello all,

so, spent the last few hours trying to upgrade from my promos lxc running tk 16.0 to the latest version..and what a nightmare..

I would love to get some feedback here please on what I am doing wrong.

But to cut things short.. even when deploying a fresh 17.1 template and then running turnkey-init it is impossible to complete the setup as, when it comes to setting nextcloud admin password a Redis error pops up..looking through the logs and such redis gets some permissions problem:

redis-server.service: Failed to set up mount namespacing: /run/systemd/unit-root/proc: Permission denied

So, even before getting to the point of migrating my data over it fails,

any hints?

thanks

Forum: 
Jeremy Davis's picture

My guess from what you've reported is that redis doesn't like playing in an unprivileged container? (Obviously assuming that you are running it unprivileged - that is the default in more recent versions of Proxmox). And/or perhaps try enabling nesting for that container in Proxmox?

I say that because namespace issues in LXC are almost always services trying to write to and/or mount places that the host won't allow them to (for security reasons - i.e. protect the host from things the guest might do). That's the double edged sword of running in a container.

It's worth noting that whilst those changes may get it going, ultimately it will reduce the security of your system. Not to zero (nowhere near), because they'd still need to get root on your Nextcloud container before they could attempt to access your Proxmox host, but it does increase the risk.

Having said that, if you control both the host and the guest and you believe the risk of anyone malicious getting root on your Nextcloud container is low (e.g. if it's not publicly available or you're super vigilant updating when security issues occur, etc), then I imagine that the risk would be acceptable.

Another option would be to install from ISO and run it in a VM.

Also, AFAIK Nextcloud considers Redis a requirement these days, but perhaps double check and maybe it's possible to run it without Redis?

Or maybe there's some other workaround to allow Redis to do it's thing within LXC?

I have a local PVE server here, so when I get a chance I'll have a look myself. Maybe I can work out some tweak that we can do to the container build that will make it work, without having any negative effect on the ISO?

Let me know how you go. Out of interest, could you also please note the version of Proxmox you are running?

thanks for the extensive reply!

The strange thing is that I did have redis setup on my 16.0 turnkey version without any problems on an unprivileged container.

Proxmox 6.4-14 but I will update this now and check again.

thanks

After updating to proxmox 7, I can now successfully deploy the nextcloud turnkey iso as a container..it seems nesting is set on per default now.. not sure if my old container had this enabled or not but it still works fine in pxe7..lets see if I can migrate the nextcloud data next.

Jeremy Davis's picture

Ok, cool. Glad to hear that the upgrade to PVE v7.x appears to have made the newer container work properly. Thanks for the follow up.

Good luck with the next steps. Please feel free to post back if you continue to have issues and I'll do my best to help out.

I am running into the same issue.

https://www.turnkeylinux.org/forum/support/fri-20230217-1834/nextcloud-1...

I really hope we can do without nesting in the near future.

 

Add new comment