Nextcloud doesn't deploy if you follow the TrueNAS scale instructions due to postgres ownership

I did an update of NextCloud today and did a reinstall from scratch to use the new recommendations for the 4 datasets under nextcloud.

Here’s the full log from the postgres pod, but basically it appears to want to have user postgres own the postgres database, but there was nothing in the instructions about having to create a new postgres user and setting ownership of that postgres user.

So either the software is confused or the documentation is wrong.

What’s the solution?

2024-06-24 23:26:42.561866-07:00The files belonging to this database system will be owned by user “postgres”.

2024-06-24 23:26:42.561918-07:00This user must also own the server process.

2024-06-24 23:26:42.561929-07:002024-06-24T23:26:42.561929334-07:00

2024-06-24 23:26:42.561961-07:00The database cluster will be initialized with locale “en_US.utf8”.

2024-06-24 23:26:42.561982-07:00The default database encoding has accordingly been set to “UTF8”.

2024-06-24 23:26:42.561997-07:00The default text search configuration will be set to “english”.

2024-06-24 23:26:42.562024-07:002024-06-24T23:26:42.562024042-07:00

2024-06-24 23:26:42.562039-07:00Data page checksums are disabled.

2024-06-24 23:26:42.562071-07:002024-06-24T23:26:42.562071848-07:00

2024-06-24 23:26:42.562137-07:00fixing permissions on existing directory /var/lib/postgresql/data … ok

2024-06-24 23:26:42.563368-07:00creating subdirectories … ok

2024-06-24 23:26:42.563530-07:00selecting dynamic shared memory implementation … posix

2024-06-24 23:26:42.633349-07:00selecting default max_connections … 20

2024-06-24 23:26:42.863201-07:00selecting default shared_buffers … 400kB

2024-06-24 23:26:42.863249-07:00selecting default time zone … UTC

2024-06-24 23:26:42.864622-07:00creating configuration files … ok

2024-06-24 23:26:42.883708-07:002024-06-25 06:26:42.883 UTC [69] FATAL: data directory “/var/lib/postgresql/data” has wrong ownership

2024-06-24 23:26:42.883774-07:002024-06-25 06:26:42.883 UTC [69] HINT: The server must be started by the user that owns the data directory.

2024-06-24 23:26:42.893279-07:00child process exited with exit code 1

2024-06-24 23:26:42.893343-07:00initdb: removing contents of data directory “/var/lib/postgresql/data”

2024-06-24 23:26:42.896390-07:00running bootstrap script …

I believe what you are stuck on here is the final line of the troubleshooting section in the tutorial: Nextcloud | TrueNAS Documentation Hub

Finally, add the user netdata and group docker (999:999) to the Postgres Data and Postgres Backup datasets, following the same process.

I can add something clarifying this point, but 999 maps to netdata:docker in TrueNAS and postgres in the container.

2 Likes

I did everything in the documentation, including the steps at the end.

I’m going to try to change the ownership of the dataset and see if that works.

stk@truenas:~$ id netdata
uid=999(netdata) gid=997(netdata) groups=997(netdata),4(adm)
stk@truenas:~$ getent group docker
docker:x:999:

There is no user docker, but there should be a group. Hence why 999:999 is netdata:docker in TrueNAS.

Edit: looks like you got there just as I posted :+1:

1 Like

Yup. When I tried to go to credentials to create group docker, it said it already existed, so I then used the getent command to validate it. You were so fast we crossed paths.

So next step is change ownership from root to netdata:docker for the 2 postgres datasets?

1 Like

Getting very close now!!!

2024-06-25 09:19:52.860138-07:002024-06-25 16:19:52.859 UTC [69] FATAL:  data directory "/var/lib/postgresql/data" has invalid permissions
2024-06-25 09:19:52.860208-07:002024-06-25 16:19:52.859 UTC [69] DETAIL:  Permissions should be u=rwx (0700) or u=rwx,g=rx (0750).

So once I set the owner to netdata (Full permission) and group to docker (Read permission) and applied it and verified the permission on the actual files were as specified, it worked.

I wasn’t able to leave owner/group at root:root which is what I got when I followed the instructions.

So I believe the instructions need to be modified so you set the owner and group and make sure you have the permissions right on both.

Here’s what the pgdata ACL now looks like:

This made it work.

Next stumbling block is trying to install Nextcloud Office fails with this error:
image
and this:

You’d think this stuff should work out of the box…:frowning:

I tried the install again and it “magically worked.”

Same deal with the Discover page. At first, it would show nothing. Hit refresh a few times and it shows the app store. Bizzare.

After installing office you have to configure it, but unless you’ve done it before, they leave you stranded. The config is on the Administration page in the Nextcloud Office tab. This is where you specify the IP address and port of the Collabra server.

That did the trick. Now I’m up and running.

2 Likes

Hello,
I am stuck with the same problem.
To be complete, I was stuck in maintenance problem, but I erased the app, and reinstalled it. So I am free from the maintenance problem but I am now stuck in deployment.
I checked the owner of the different datasets I am using for Nextcloud and if I try to save the ACL for the PostGres data and backup, I got

[EPERM] Filesystem permissions on path /mnt/JenniFonZ/AppData prevent access for user “netdata” to the path /mnt/JenniFonZ/AppData/NextCloud/pgdata. This may be fixed by granting the aforementioned user execute permissions on the path: /mnt/JenniFonZ/AppData.

The Owner are already user “netdata” and group “docker” for the data, but not for the backup.
Do you know how I can fix this?
Thank you!

Truenas Scale:
Dragonfish-24.04.2.2

Nextcloud:
App Version:
30.0.0
Chart Version:
2.0.17

This is explicitly stated in the error message you quoted. The path /mnt/JenniFonZ/AppData has permissions on it that prevent netdata user from accessing any paths within it. You need to grant the user netdata at a minimum “execute” or TRAVERSE rights on the path.

And that does not happen automatically when I put them as owner?
OK I will try, thanks.

That would only work if you’ve granted the owner permissions. This is a functional test, we setresuid() to the specified user account and try to chdir into the specified directory. If it fails then your permissions are non-functional.

Thank, so I was able to add them, and so to change the ACL… but my Nextcloud is still blocked in “deploying” mode.
I can see that the container is created but then 20 seconds later.

2024-09-26 17:34:38 Job has reached the specified backoff limit

2024-09-26 17:34:38 Saw completed job: nextcloud-nextcloud-cron-28789410, status: Failed

2024-09-26 17:34:16 Created container nextcloud

Does someone knows how to eliminate the problem
“Job has reached the specified backoff limit” ?
I changed all the permissions, I also noticed for some reasons the group apps disappeared for the ACL of the different datasets used for the data of Nextcloud, and the user apps was multiple times present. So I added the group and just let one user apps.
But Nextcloud keeps “deploying” without ending.