Help with Wasabi mounting

girish

@privsec Did I understand correctly that /mnt/volumes/nextcloud is an rclone wasabi mount and you have also moved the app data directory of nextcloud to this location ? If so, what you have done seems correct. I don't know about the correctness of rclone itself nor do I know about how rclone mounting really works. Does the mount show up in df -h output ?

You say there is a discrepancy between what's the in the filesystem and what's in wasabi, so this looks like some rclone issue?

robi

can you paste the output of:

df -h

mount

How did you set up rclone? (OS pkg, latest, beta)
Is rclone still running?

What version is it?

privsec

@girish It might be an rclone issue

@robi
I installed Rclone by following these steps https://rclone.org/install/

curl https://rclone.org/install.sh | sudo bash
rclone config
3 rclone mount remote:path /path/to/mountpoint --vfs-cache-mode full --daemon

df -h

root@v2202012134940134654:~# df -h
Filesystem      Size  Used Avail Use% Mounted on
udev            3.9G     0  3.9G   0% /dev
tmpfs           798M   11M  788M   2% /run
/dev/sda3       157G   25G  126G  17% /
tmpfs           3.9G     0  3.9G   0% /dev/shm
tmpfs           5.0M     0  5.0M   0% /run/lock
tmpfs           3.9G     0  3.9G   0% /sys/fs/cgroup
/dev/sda2       976M  146M  764M  17% /boot
overlay         157G   25G  126G  17% /var/lib/docker/overlay2/5e80dc05d8a594a5a0c51aa5602ca124b428e0edba09181759e184497e45a875/merged
overlay         157G   25G  126G  17% /var/lib/docker/overlay2/903a9ff390459afb42b38eaa6b07c0f30f4f45fa413e154e35f766d3bcec7893/merged
overlay         157G   25G  126G  17% /var/lib/docker/overlay2/6af811d56e81cce0af9c14fcb1f0eadb6466a4a4eaa6bfd750eed95d5207c688/merged
overlay         157G   25G  126G  17% /var/lib/docker/overlay2/fbdaaedecbb9dbeeb0212e3dadb0cb32697ad523af7cbaf713a25bd567536edb/merged
overlay         157G   25G  126G  17% /var/lib/docker/overlay2/0c70992b7b8b2c704fc0a080263eb8eb09ae8518fc7054518ce58b75b4ad7e0d/merged
overlay         157G   25G  126G  17% /var/lib/docker/overlay2/f0d4d24114f30306a670e596a11d42b5fde57d30cee607746760dba613331055/merged
overlay         157G   25G  126G  17% /var/lib/docker/overlay2/ed4fd11e18c018a69bde9307d18a20f7380621126baf20e6de96949cb2a0cb19/merged
overlay         157G   25G  126G  17% /var/lib/docker/overlay2/c03dea8bf938e7044b8f9eb746dfbdcce955e69534c2c6a82b86c22c5aaaca5c/merged
overlay         157G   25G  126G  17% /var/lib/docker/overlay2/2eb8958e2598de5291a0895da411df947b97a6f873022b5eab415b6b2f8678b6/merged
overlay         157G   25G  126G  17% /var/lib/docker/overlay2/57f8ec7cc792bcc8e7f8c6a3a24c89cc2ef74bfcf794423a422d75aec0825144/merged
tmpfs           798M     0  798M   0% /run/user/0
overlay         157G   25G  126G  17% /var/lib/docker/overlay2/acd1b16c14ff94c587d697ff2a57c1c52df183d034ac7a7067f6a6b251a88977/merged
overlay         157G   25G  126G  17% /var/lib/docker/overlay2/c65f5aa0b3af3f75055a43b3a8d529b0a3fd51d23806538e4c5b8d2173ac4489/merged
overlay         157G   25G  126G  17% /var/lib/docker/overlay2/299711c86c910f26718ad9670963b511d86726d61cb67716d1f8566dbd83addd/merged
overlay         157G   25G  126G  17% /var/lib/docker/overlay2/043dea9ba03986e56e9fbd7f3760faf2dd4538db77839be209c049e74648a0be/merged
overlay         157G   25G  126G  17% /var/lib/docker/overlay2/0d3609e2d1f83f95df827fce2598eb713edf161e1a8bf0a01045621e1061ad95/merged

girish

@privsec From a casual reading of rclone, it seems that it's a FUSE mount. Isn't the mount point supposed to appear in df -h output ? Also, see https://linoxide.com/linux-command/list-mounted-drives-on-linux/ . I think it's not mounted properly (I also don't know if this mount persists reboots, maybe you rebooted in the middle).

privsec

@girish

My mount output was too large. So I have it in this .txt file

Mount.txt

In addition, it is still running and the version is here

root@v2202012134940134654:~# rclone --version
rclone v1.53.3

os/arch: linux/amd64
go version: go1.15.5

girish

@privsec So, the df output says /dev/sda3 157G 25G 126G 17% /. Doesn't this mean, it's working as expected ? I think the Cloudron graphs are probably wrong because we haven't really accounted for this FUSE use case (since it doesn't appear in df output).

What we do is: get df output. Then substract away the du output size of each app. I think in your case, the app is in a FUSE mount, so the code will blindly subtract from the disk output and show wrong numbers.

privsec

@girish If that is the case then how come I see data in the mounted path, but not in the wasabi bucket?

In the data directory I see no files

But via file manager
I see these files
But in wasabi I see

Something isnt right and I dont know what it is

girish

@privsec I remember the Backblaze B2 UI does not always show the latest items in the object store. Could it be similar with Wasabi? If you create a file in the filesystem, do you see it in wasabi immediately? One other idea is to install rclone in another machine and list the remote wasabi mount. What objects/files do you see?

privsec

@girish Nope, I added 7 giggs of files and nothing is in wasabi.

Do you mean set up a second instance of rclone on another machine, set up the remote there and see if rclone syncs the files with the 2nd machine?

Is there a better/different way to do a file mounting?

I only did rclone based off of @robi 's request/recommendation

girish

@privsec You can try s3fs because wasabi even has an article about it - https://wasabi-support.zendesk.com/hc/en-us/articles/115001744651-How-do-I-use-S3FS-with-Wasabi- . Also, for a start, I would test the mount first without Cloudron involved at all, just to make sure it's not Cloudron related.

robi

If we can't validate the rclone mount, don't continue with apps & Cloudron.

Same for s3fs if you're going to try that again.

The reason you see files locally but not remotely is because there's something wrong with the mount or it didn't work, hence all files written are only in a local directory.
Remote is never getting data via the mount.

privsec

@robi
To be clear, are you saying to stop trying? Or are you saying to verify the mount on my Server OS first and then afterwords resume with cloudron?

@girish

I will test the mount outside of cloudron and then report back.

In addition, I will try out s3fs again and try to get that to work for me.

robi

@privsec the latter.

verify the mount on my Server OS first and then afterwords resume with cloudron

privsec

@robi @girish
Ok, noob alert

Other then running rclone lsd remote:bucket and rclone ls wasabi:nextcloud.myprivsec. I do not know how to test rclones connection.

I just created an empty text file called "hello.txt" via touch hello.txt in the mounted folder on my server, and it did not get sent to wasabi.

So then that means that the connection is not working right?

Could this be do to unmounting after a reboot? I believe one occurred after setting the mount up. How do i get this to persist through reboots?

I am going to try out the s3fs once more right now and will report back on that.

robi

@privsec https://rclone.org/commands/rclone_mount/

privsec

Ok, so I went through the s3fs installing and running and now I am getting this

root@vxxxx:~# s3fs xxxx.xxxx /mnt/volumes/nextcloud -o passwd_file=/etc/passwd-s3fs -o url=https://s3.eu-central-1.wasabisys.com -o use_path_request_style -o dbglevel=info -f -o curldbg
[CRT] s3fs.cpp:set_s3fs_log_level(257): change debug level from [CRT] to [INF]
[INF]     s3fs.cpp:set_mountpoint_attribute(4193): PROC(uid=0, gid=0) - MountPoint(uid=0, gid=0, mode=40755)
[CRT] s3fs.cpp:s3fs_init(3378): init v1.82(commit:unknown) with GnuTLS(gcrypt)
[INF] s3fs.cpp:s3fs_check_service(3754): check services.
[INF]       curl.cpp:CheckBucket(2914): check a bucket.
[INF]       curl.cpp:prepare_url(4205): URL is https://s3.eu-central-1.wasabisys.com/myprivsec.nextcloud/
[INF]       curl.cpp:prepare_url(4237): URL changed is https://s3.eu-central-1.wasabisys.com/myprivsec.nextcloud/
[INF]       curl.cpp:insertV4Headers(2267): computing signature [GET] [/] [] []
[INF]       curl.cpp:url_to_host(100): url is https://s3.eu-central-1.wasabisys.com
*   Trying 130.117.252.11...
* TCP_NODELAY set
* Connected to s3.eu-central-1.wasabisys.com (130.117.252.11) port 443 (#0)
* found 138 certificates in /etc/ssl/certs/ca-certificates.crt
* found 414 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384
*        server certificate verification OK
*        server certificate status verification SKIPPED
*        common name: *.s3.eu-central-1.wasabisys.com (matched)
*        server certificate expiration date OK
*        server certificate activation date OK
*        certificate public key: RSA
*        certificate version: #3
*        subject: OU=Domain Control Validated,OU=EssentialSSL Wildcard,CN=*.s3.eu-central-1.wasabisys.com
*        start date: Thu, 24 Jan 2019 00:00:00 GMT
*        expire date: Sat, 23 Jan 2021 23:59:59 GMT
*        issuer: C=GB,ST=Greater Manchester,L=Salford,O=Sectigo Limited,CN=Sectigo RSA Domain Validation Secure Server CA
*        compression: NULL
* ALPN, server accepted to use http/1.1
> GET /myprivsec.nextcloud/ HTTP/1.1
host: s3.eu-central-1.wasabisys.com
User-Agent: s3fs/1.82 (commit hash unknown; GnuTLS(gcrypt))
Accept: */*
Authorization: AWS4-HMAC-SHA256 Credential=xxxxxx/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=xxxxx
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date: 20201206T014829Z

< HTTP/1.1 200 OK
< Content-Type: application/xml
< Date: Sun, 06 Dec 2020 01:48:29 GMT
< Server: WasabiS3/6.2.3223-2020-10-14-51cd02c (head02)
< x-amz-bucket-region: eu-central-1
< x-amz-id-2: xxxxx
< x-amz-request-id: xxxxx
< Transfer-Encoding: chunked
<
* Connection #0 to host s3.eu-central-1.wasabisys.com left intact
[INF]       curl.cpp:RequestPerform(1940): HTTP response code 200

However, files are not updating. If I upload directly to wasabi, they are not showing in the cli, and vice versa.

privsec

@privsec

Ok, I never tried moving files with that screenshot above running.

Now that I have, and I tried moving content over it is looking similar to a packet sniffer as data is transferring over.

So does that mean I have to always ensure that command runs via ssh session?

I feel like thats way to manual and too much upkeep, especially if I have to constantly have an SSH session at all times.

So what am I missing?

privsec

Ok, well I just dont get it.

ITs almost as if wasabi and cloudron are only syncing some information and not all. And honestly, its irritating the crap out of me to the point where I might just cancel the subscription I bought banking on getting nextlcoud and wasabi to work.
This should not be this difficult or problem prone.

App settings

The base directory has no data in it. Which is what I told it to do.

In this photo, it is evident that there is data inside the /mnt/volumes/nextcloud folder

However, in my wasabi bucket, there is no where near as much info

Why is cloudron only syncing a piece of the full app folder?

privsec

In addition, I thought maybe it was a folder/directory issue so I create one deeper level folder called wasabi in my server (fulll path /mnt/volumes/nextcloud/wasabi) and then I ran the command s3fs xxxx /mnt/volumes/nextcloud/wasabi -o passwd_file=/etc/passwd-s3fs -o url=https://s3.eu-central-1.wasabisys.com and then I went to the dashboard for nextcloud and moved the directory

Then I went to wasabi to see if anything got moved to it, and there is nothing.

privsec

And, I cant do the remaining steps either per
https://wasabi-support.zendesk.com/hc/en-us/articles/115001744651-How-do-I-use-S3FS-with-Wasabi-

As when I try to follow these steps, I get this

privsec

And probably my final note,
I cant access the console of nextcloud either. It keeps doing this loop

First this one
And then this one
And hen it goes back to

Keep in mind, this is a brand new, fresh install not even logged into yet, my cache is cleared out as well

girish

@privsec Does the app say "Running" in the Cloudron dashboard? The Web Terminal won't work until the app is running.

girish

@privsec I will probably give s3fs a try tomorrow and see if I can write a guide for it (I have never tried s3fs or rclone mount either, so let's see if I am successful).

privsec

@girish
It is now saying

privsec

@girish Is there another mounting solution?

It is absolutely pivotal that I get the app directories off my servers drive.

girish

@privsec Is the goal here to have a large amount of space external (at correct price) to the server? If you are hosted on a VPS is there an option for you to attach external storage? For example, many VPS providers like time4vps, hetzner etc have quite cheap external disks that can be attached to a server. The reason I ask is even if s3fs or rclone mount does work, it's probably going to be quite slow - for example, I see posts like https://serverfault.com/questions/396100/s3fs-performance-improvements-or-alternative . We have no experience with how well these mounts work and if they work at all. Maybe files go missing, maybe it's unstable, we don't know.

girish

There is also https://forum.rclone.org/ , maybe you can ask there about rclone mounting issues.

girish

So I found some interesting posts:

The point of both of them is that S3FS is not a file system and as such file permissions won't work. It's also not consistent (ie. if you write and read back, it may not be the same). This makes it pretty much unsuitable for making it an app data directory. What might work is if you make it as an external storage inside nextcloud - https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/external_storage_configuration_gui.html. I didn't suggest this earlier because I think you said you didn't want this in your initial post. Can you recheck this? Because I think it will provide what you want. You can just add the wasabi storage space inside nextcloud and it will appear as a folder for your users (you can create 1 bucket for each user or something).

@privsec So, I think it's best not to go down this s3fs route, it won't work reliably.

(If you were banking on s3fs somehow, for refunds etc, not a problem , just reach out to us on support@).

privsec

@girish

Thank you for your detailed responses.

Ill have to play around with the external storage options for nextcloud to see if that will work out or not.

Its an interesting workaround/hack, lol.

robi

There may be another "advanced" way via Minio.

Minio can be used as a storage gateway.

See if you can connect Minio to Wasabi, if you can in gateway mode, then see if you can mount the local Minio instance in Linux, even if s3fs, it would be local.

privsec

@robi But wouldnt that be un-ideal as S3 isnt a FS, and that is what I am wanting?

marcusquinn

@privsec We tried this once and it was unbearably slow. Personally I'd look for ways to reduce the Nextcloud storage needs and use a native mounted drive from the host, and just offer an Archive Wasabi S3 bucket for people to move things no longer needed for regular access to that to save space needs on the main NC.

marcusquinn

@marcusquinn Cyber Duck/Mountain Duck is very good as a platform to making Wasabi/S3 storage quite accessible to users if they need.

privsec

@marcusquinn
I can not get a mounted drive on my host to actually work. I have tried both Rclone and S3FS, both gave me the same result of no errors, but no syncing.

I have decided (atleast for now till I find a better solution) to give each user on nextcloud a wasabi bucket as a external storage drive, and restrict only them to be able to access that bucket.

I am now working on trying to figure out how to remove the built in files for nextcloud to just have the external storage folder listed with the nextcloud folders/files within the wasabi drive.

In regards to Cyber Duck/Mountain Duck, whats the difference between the external storage connection in nextcloud and them ? Is there a performance difference?

marcusquinn

@privsec Sorry, I mean just a mounted local host storage, not mounting external S3, which will have such high latency that it makes NC painful to use.

marcusquinn

@privsec I realise host local storage isn't cheap, and Wasabi is cheap, which is why we tried doing what you are once. Maybe you'll have a different experience but we just found the juice wasn't worth the squeeze, especially with large numbers of small files.

It might work for something like Video storage where there's fewer files but I just don't fancy the slow user experience costs and would always opt for speed over price since time is so much more expensive if users are spending too much waiting on their file services to show results.

marcusquinn

@privsec Just reading this, not sure if you've read? I'm not saying i can't be done, just that we gave up. Maybe this helps? I'm still reading: https://autoize.com/s3-compatible-storage-for-nextcloud/

marcusquinn

From reading the above article, is sounds like it might need to be that Cloudron has 2 x versions of Nextcloud packaged, or at least an option in installing to make it setup for S3 storage.

Probably needs one of the @appdev team to have a read and confirm or deny.

I agree it would be interesting and our past experience might have been what this article above solves.

Let's get more opinions on this, someone else might also have a need and interest and be willing to try themselves too.

privsec

@marcusquinn Ill have to give that article above a read.

Anything I can do to help make launching costs low is sought after, while keeping user experience high

fbartels

@marcusquinn said in Help with Wasabi mounting:

From reading the above article, is sounds like it might need to be that Cloudron has 2 x versions of Nextcloud packaged, or at least an option in installing to make it setup for S3 storage

Ihmo no second app necessary, the drawback is though that the s3 backend can only be enabled before any data is added to the app.

I am however sceptical if adding network latency for file access is such a smart idea. Especially for a php application.

privsec

So after reviewing this article, Cloudron does not respect the nextcloud config in this manner.

When I include that piece of info in the config file, nextcloud either error's out or it does not use the S3 bucket as its primary storage.

robi

@privsec
I am giving you advanced options, as you already know what is ideal.

ie. Get a VPS with a large amount of disk mounted locally.

marcusquinn

TBH I can see the advantages for having a separate Nextcloud instance with just the Files app enabled as web interface for S3 to allow users to have it available as a slower cold-storage option, with having a faster standard NC setup for their daily hot-storage needs.

So, I wouldn't dismiss this aim, just with speed cautions, and the cautions in the article that the storage would then be unbrowsable directly without the NC database metadata interface, so it also has mass disruption risks if that were lost.

robi

@marcusquinn said in Help with Wasabi mounting:

@privsec Just reading this, not sure if you've read? I'm not saying i can't be done, just that we gave up. Maybe this helps? I'm still reading: https://autoize.com/s3-compatible-storage-for-nextcloud/

This is along the same lines as my advanced object store usage option above.

I didn't know this was possible from within NC, but it appears they engineered it in. Very smart & clever.

They are essentially caching everything recent in /tmp and background syncing to the object store over time.
The user experience is good as it's all mostly local, and the capacity is greatly extended as the Object Store is vast.

I've designed this for other use cases at IBM, and wrote their Redbook on it, hence advanced prior knowledge.

For this article to be applied in Cloudron, we'd need a new packaged NC App that is configured for this before the setup/install. Then one can point it at a local Minio instance or external S3 object store.

girish

@robi We have tried the setup of using S3 as objectstorage before in nextcloud and it just doesn't perform well. It also makes a very large number of s3 requests and for things like AWS this costs some real $$$. Other services like DO Spaces will promptly rate limit. Overall, the whole setup is unstable. It looks good on paper but doesn't work reliably for serious use.

for example: https://help.nextcloud.com/t/high-aws-s3-costs-due-to-nextcloud-requests/68687 and https://help.nextcloud.com/t/high-traffic-to-primary-storage-s3-from-nextcloud/83185 .

robi

@girish yes, the article explicitly warns about this, pointing out that AWS is not a good place to do this as it's not a part of the bandwidth alliance.

This is not a problem with NC, but of the underlying architecture chosen.

There is a way to make this work well, but one must understand all the pieces, as if you ignore one, it will be the lowest common denominator and bottleneck.

It is an Enterprise Deployment afterall.

marcusquinn

@girish This article suggests there's an old and a new way to do this, so I wonder if we're all talking about the same thing?

https://autoize.com/s3-compatible-storage-for-nextcloud/

robi

@marcusquinn said in Help with Wasabi mounting:

@girish This article suggests there's an old and a new way to do this, so I wonder if we're all talking about the same thing?

https://autoize.com/s3-compatible-storage-for-nextcloud/

old = adding an additional S3 store from within NC running locally.
new = setting up NC with S3 as primary storage.

girish

@robi @marcusquinn Both methods have been there for a some time. I have investigated this a year or so ago, for example, this and this. Back then, it was not really stable. It will create a lot of oid:xx files in the object backend and AFAIK there is no easy way to change an installation from one storage to another (it's setup once at install time). All this means, that as @robi pointed out, this is really targeted at enterprises and people having full time dedicated sysadmins and nextcloud support contract. Don't get me wrong, I am sure it can be made to work but it's not something we want to support (best to pay nextcloud for this)

marcusquinn

@girish Fair enough. Thanks.

cdolson

@robi I've managed to get this working using Digital Ocean Spaces on my Cloudron Nextcloud installation by following the instructions at this resource. This involved simply editing the config/config.php file to include the following:

'objectstore' => 
array (
  'class' => '\\OC\\Files\\ObjectStore\\S3',
  'arguments' => 
  array (
    'bucket' => 'yourbucketname',
    'key' => 'YOURKEY',
    'secret' => 'YOURSECRET',
    'hostname' => 'nyc3.digitaloceanspaces.com',
    'region' => 'nyc3',
    'port' => 443,
    'use_ssl' => true,
    'use_path_style' => true,
  ),
),
);

I added this to the very end of my config.php, and before the last closing );

Functionality tested and working. Uploads and downloads happen directly within the DO Spaces bucket. Configuration persists between reboots.

I am new to Cloudron, so I am not certain if these changes will persist after updates to the Nextcloud app or Cloudron.

privsec

@cdolson How are the speeds?

Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.

Solved Help with Wasabi mounting