Thanks for reopening @william!
I discovered the reason why this keeps happening to me (and not to everyone).
First I looked for the code which throws the error message, which I found in the precheck
method in the scale-build repo. Then I cloned this repo, imported the precheck
method and executed it.
git clone https://github.com/truenas/scale-build.git
git checkout release/24.04.0
cd scale-build
python3 -c 'from truenas_install import __main__ as truenas_install; print(truenas_install.precheck("/"))'
This reliably reproduced the following error for me:
(False, ‘There are active configured services on this system that are not present in the new version. Upgrading this system deletes these services and saved settings: WebDAV service. This disrupts any system usage that relies on these active services.’)
I then added some debug logging at line 319.
print("FOUND:", title, "Because of process_name:", process_name)
print(service, title, process_name, cmdline, pid, cgroups)
Which printed:
FOUND: WebDAV Because of process_name: apache2
webdav WebDAV apache2 None 3060659 0::/system.slice/jlmkr-myjail.service/payload/system.slice/docker-beac7c48ad527cbd759f089c21d98d4789f6e4a1e63ac3b71faff9fde3cabe1e.scope
I realized this false-positive is caused by me running apache2 inside a Sandbox.
Inside the precheck
method, all processes running as Apps are filtered out like this:
if "kubepods" in cgroups:
continue
But we need to do the same for processes running in Sandboxes.
When running ps -e -o pid,comm,cgroup
I see that all processes inside a Sandbox have /payload/
inside the cgroup column.
PID COMMAND CGROUP
1 systemd 0::/init.scope
2 kthreadd -
[...]
439 z_checkpoint_di -
588 dbus-daemon 0::/system.slice/dbus.service
605 systemd-journal 0::/system.slice/systemd-journald.service
622 systemd-udevd 0::/system.slice/systemd-udevd.service/udev
740 irq/125-mei_me -
767 watchdogd -
878 kworker/R-crypt -
912 kworker/R-ttm -
915 card0-crtc0 -
916 card0-crtc1 -
917 card0-crtc2 -
962 asyncio_loop 0::/system.slice/middlewared.service
966 python3 0::/system.slice/middlewared.service
[...]
210241 systemd-nspawn 0::/system.slice/jlmkr-myjail.service/supervisor
210243 systemd 0::/system.slice/jlmkr-myjail.service/payload/init.scope
210294 systemd-journal 0::/system.slice/jlmkr-myjail.service/payload/system.slice/systemd-journald.service
210304 systemd-network 0::/system.slice/jlmkr-myjail.service/payload/system.slice/systemd-networkd.service
210309 systemd-resolve 0::/system.slice/jlmkr-myjail.service/payload/system.slice/systemd-resolved.service
210314 dbus-daemon 0::/system.slice/jlmkr-myjail.service/payload/system.slice/dbus.service
210315 systemd-logind 0::/system.slice/jlmkr-myjail.service/payload/system.slice/systemd-logind.service
210317 containerd 0::/system.slice/jlmkr-myjail.service/payload/system.slice/containerd.service
210318 agetty 0::/system.slice/jlmkr-myjail.service/payload/system.slice/console-getty.service
321129 php-fpm83 0::/system.slice/jlmkr-myjail.service/payload/system.slice/docker-1d026561beb94a2c48222f865728f58d6916e6bc6a9c9bacce642c0152b901d1.scope
[...]
3060659 apache2 0::/system.slice/jlmkr-myjail.service/payload/system.slice/docker-beac7c48ad527cbd759f089c21d98d4789f6e4a1e63ac3b71faff9fde3cabe1e.scope
I suggest we add this to fix the false positive:
if "/payload/" in cgroups:
continue
But I couldn’t find any documentation about the /payload/
part of the cgroup path. This comment by the author of systemd seems to confirm there’ll always be /payload/
in the path though. Yet I’m not 100% this won’t filter out too much.
The same happens on the master branch by the way.