Disable WebDAV service from CLI or by modifying config DB?

Since my Disabled service warning before each update issue was closed and I don’t feel like opening a new one and uploading a Debug file…

Does anyone know how I can disable the WebDAV service, even though this service has since many releases ago been removed form the web GUI? It’s just slightly annoying that I keep receiving this warning when updating my SCALE instance. It just happened again when updating to Dragonfish-24.04.0.

In the config .db backup file I still see referenced to webdav…

You could try systemctl status webdav and, if that works, sudo systemctl stop webdav

Edit: Actually I’m not sure if the WebDAV service would just show up as webdav. You could identify it with systemctl list-units --type=service.

Hi, I have reopened the issue because that seems like a bug.
Do you mind attaching your configuration database in there (privately) for investigation?

Thank you

Thanks for reopening @william!

I discovered the reason why this keeps happening to me (and not to everyone).

First I looked for the code which throws the error message, which I found in the precheck method in the scale-build repo. Then I cloned this repo, imported the precheck method and executed it.

git clone https://github.com/truenas/scale-build.git
git checkout release/24.04.0
cd scale-build
python3 -c 'from truenas_install import __main__ as truenas_install; print(truenas_install.precheck("/"))'

This reliably reproduced the following error for me:

(False, ‘There are active configured services on this system that are not present in the new version. Upgrading this system deletes these services and saved settings: WebDAV service. This disrupts any system usage that relies on these active services.’)

I then added some debug logging at line 319.

                        print("FOUND:", title, "Because of process_name:", process_name)
                        print(service, title, process_name, cmdline, pid, cgroups)

Which printed:

FOUND: WebDAV Because of process_name: apache2
webdav WebDAV apache2 None 3060659 0::/system.slice/jlmkr-myjail.service/payload/system.slice/docker-beac7c48ad527cbd759f089c21d98d4789f6e4a1e63ac3b71faff9fde3cabe1e.scope

I realized this false-positive is caused by me running apache2 inside a Sandbox.

Inside the precheck method, all processes running as Apps are filtered out like this:

                        if "kubepods" in cgroups:

But we need to do the same for processes running in Sandboxes.

When running ps -e -o pid,comm,cgroup I see that all processes inside a Sandbox have /payload/ inside the cgroup column.

      1 systemd         0::/init.scope
      2 kthreadd        -
    439 z_checkpoint_di -
    588 dbus-daemon     0::/system.slice/dbus.service
    605 systemd-journal 0::/system.slice/systemd-journald.service
    622 systemd-udevd   0::/system.slice/systemd-udevd.service/udev
    740 irq/125-mei_me  -
    767 watchdogd       -
    878 kworker/R-crypt -
    912 kworker/R-ttm   -
    915 card0-crtc0     -
    916 card0-crtc1     -
    917 card0-crtc2     -
    962 asyncio_loop    0::/system.slice/middlewared.service
    966 python3         0::/system.slice/middlewared.service
 210241 systemd-nspawn  0::/system.slice/jlmkr-myjail.service/supervisor
 210243 systemd         0::/system.slice/jlmkr-myjail.service/payload/init.scope
 210294 systemd-journal 0::/system.slice/jlmkr-myjail.service/payload/system.slice/systemd-journald.service
 210304 systemd-network 0::/system.slice/jlmkr-myjail.service/payload/system.slice/systemd-networkd.service
 210309 systemd-resolve 0::/system.slice/jlmkr-myjail.service/payload/system.slice/systemd-resolved.service
 210314 dbus-daemon     0::/system.slice/jlmkr-myjail.service/payload/system.slice/dbus.service
 210315 systemd-logind  0::/system.slice/jlmkr-myjail.service/payload/system.slice/systemd-logind.service
 210317 containerd      0::/system.slice/jlmkr-myjail.service/payload/system.slice/containerd.service
 210318 agetty          0::/system.slice/jlmkr-myjail.service/payload/system.slice/console-getty.service
 321129 php-fpm83       0::/system.slice/jlmkr-myjail.service/payload/system.slice/docker-1d026561beb94a2c48222f865728f58d6916e6bc6a9c9bacce642c0152b901d1.scope
 3060659 apache2         0::/system.slice/jlmkr-myjail.service/payload/system.slice/docker-beac7c48ad527cbd759f089c21d98d4789f6e4a1e63ac3b71faff9fde3cabe1e.scope

I suggest we add this to fix the false positive:

                        if "/payload/" in cgroups:

But I couldn’t find any documentation about the /payload/ part of the cgroup path. This comment by the author of systemd seems to confirm there’ll always be /payload/ in the path though. Yet I’m not 100% this won’t filter out too much.

The same happens on the master branch by the way.


Thank you very much for providing the rundown of the issue and debugging, this was very helpful!

1 Like