Since my Disabled service warning before each update issue was closed and I don’t feel like opening a new one and uploading a Debug file…
Does anyone know how I can disable the WebDAV service, even though this service has since many releases ago been removed form the web GUI? It’s just slightly annoying that I keep receiving this warning when updating my SCALE instance. It just happened again when updating to Dragonfish-24.04.0.
In the config .db backup file I still see referenced to webdav…
You could try systemctl status webdav and, if that works, sudo systemctl stop webdav
Edit: Actually I’m not sure if the WebDAV service would just show up as webdav. You could identify it with systemctl list-units --type=service.
Hi, I have reopened the issue because that seems like a bug.
Do you mind attaching your configuration database in there (privately) for investigation?
Thank you
Thanks for reopening @william!
I discovered the reason why this keeps happening to me (and not to everyone).
First I looked for the code which throws the error message, which I found in the precheck method in the scale-build repo. Then I cloned this repo, imported the precheck method and executed it.
git clone https://github.com/truenas/scale-build.git
git checkout release/24.04.0
cd scale-build
python3 -c 'from truenas_install import __main__ as truenas_install; print(truenas_install.precheck("/"))'
This reliably reproduced the following error for me:
(False, ‘There are active configured services on this system that are not present in the new version. Upgrading this system deletes these services and saved settings: WebDAV service. This disrupts any system usage that relies on these active services.’)
I then added some debug logging at line 319.
print("FOUND:", title, "Because of process_name:", process_name)
print(service, title, process_name, cmdline, pid, cgroups)
Which printed:
FOUND: WebDAV Because of process_name: apache2
webdav WebDAV apache2 None 3060659 0::/system.slice/jlmkr-myjail.service/payload/system.slice/docker-beac7c48ad527cbd759f089c21d98d4789f6e4a1e63ac3b71faff9fde3cabe1e.scope
I realized this false-positive is caused by me running apache2 inside a Sandbox.
Inside the precheck method, all processes running as Apps are filtered out like this:
if "kubepods" in cgroups:
continue
But we need to do the same for processes running in Sandboxes.
When running ps -e -o pid,comm,cgroup I see that all processes inside a Sandbox have /payload/ inside the cgroup column.
PID COMMAND CGROUP
1 systemd 0::/init.scope
2 kthreadd -
[...]
439 z_checkpoint_di -
588 dbus-daemon 0::/system.slice/dbus.service
605 systemd-journal 0::/system.slice/systemd-journald.service
622 systemd-udevd 0::/system.slice/systemd-udevd.service/udev
740 irq/125-mei_me -
767 watchdogd -
878 kworker/R-crypt -
912 kworker/R-ttm -
915 card0-crtc0 -
916 card0-crtc1 -
917 card0-crtc2 -
962 asyncio_loop 0::/system.slice/middlewared.service
966 python3 0::/system.slice/middlewared.service
[...]
210241 systemd-nspawn 0::/system.slice/jlmkr-myjail.service/supervisor
210243 systemd 0::/system.slice/jlmkr-myjail.service/payload/init.scope
210294 systemd-journal 0::/system.slice/jlmkr-myjail.service/payload/system.slice/systemd-journald.service
210304 systemd-network 0::/system.slice/jlmkr-myjail.service/payload/system.slice/systemd-networkd.service
210309 systemd-resolve 0::/system.slice/jlmkr-myjail.service/payload/system.slice/systemd-resolved.service
210314 dbus-daemon 0::/system.slice/jlmkr-myjail.service/payload/system.slice/dbus.service
210315 systemd-logind 0::/system.slice/jlmkr-myjail.service/payload/system.slice/systemd-logind.service
210317 containerd 0::/system.slice/jlmkr-myjail.service/payload/system.slice/containerd.service
210318 agetty 0::/system.slice/jlmkr-myjail.service/payload/system.slice/console-getty.service
321129 php-fpm83 0::/system.slice/jlmkr-myjail.service/payload/system.slice/docker-1d026561beb94a2c48222f865728f58d6916e6bc6a9c9bacce642c0152b901d1.scope
[...]
3060659 apache2 0::/system.slice/jlmkr-myjail.service/payload/system.slice/docker-beac7c48ad527cbd759f089c21d98d4789f6e4a1e63ac3b71faff9fde3cabe1e.scope
I suggest we add this to fix the false positive:
if "/payload/" in cgroups:
continue
But I couldn’t find any documentation about the /payload/ part of the cgroup path. This comment by the author of systemd seems to confirm there’ll always be /payload/ in the path though. Yet I’m not 100% this won’t filter out too much.
The same happens on the master branch by the way.
Thank you very much for providing the rundown of the issue and debugging, this was very helpful!