Smarter healthcheck behaviour on restart

Cloudron sends health check notifications for each app ("App xxx is down / back online"). In normal use, this is quite useful, but when working on my Cloudron machine (rebooting it, or whatever), I then get a flood of emails for each application, so my inbox looks like:

Aaa is back up
Bbb is back up
Ccc is back up
Aaa is down
Bbb is down
Ccc is down

Suggested improvements:

• Perhaps it might make sense to delay the activation of health check alerts until (host or app) uptime is over a certain value?
• Consider merging notifications for multiple applications into one (or at least, one mail)

I think you may want to use "healthCheckPath": "/health", rather than /metrics, as that endpoint is actually designed for this use.

Some other confusion: influxd 1.x uses a different configuration format, so I think config.json isn't really useful, as JSON is 2.x and up (I am not certain, I have only used 1.x so far).

Run /app/code/influxd config to get a snapshot of the default configuration.

Once I had that in place, lastly, for whatever reason, I had to pass the config file explicitly as a parameter rather than using the environment variable you were trying: exec "/app/code/influxd" -config /app/data/influxd.conf in start.sh.

Some other configuration recommendations/thoughts:

• I think you should probably also recommend (or somehow, require) authentication, along with creating a default user account, since this is probably going to be run on public-facing servers. For 1.x, see here.
• You should also consider setting reporting-disabled = "true" in the configuration, to prevent phoning home. See the documentation notes here.

Large filenames cause problems, especially with blob-based storage (e.g. S3-compatible services have a key limit of 1024). This gives problems quite easily with hierarchical storage like syncthing where one might have a set of nested folders that quite easily hit that key limit, especially combined with encryption.

Disabling encryption altogether is not desirable in many cases, but it could be worthwhile to allow disabling filename encryption, in some cases.

(As a longer term project, it may also be worth considering ways to circumvent this limit altogether.)

See https://forum.cloudron.io/topic/3050/backup-feedback-minio/ for the initial discussion leading to this request.

https://github.com/damoeb/rss-proxy

Looks like an interesting tool. Also has a docker-based workflow, so might not be too hard to package up

A number of applications don't have LDAP. This is unfortunate, but what really makes me nervous is the "admin/changeme" credentials that are used by default in a number of applications.

I understand why this is, but I don't think it's a great solution. I think that a better solution for these cases would be to suggest (or perhaps even require) that a password should be provided during setup, ideally before the image is ever started, so there's no window where someone can log in and cause mischief.

I guess this would require an install step per-app (to e.g. chuck the password through htpasswd, or whatever the application requires, and then figure out where in the target image to stick the password...) - but I think this would be way better than the current day situation, if not quite as perfect as the grand single-signon utopia I'd like to see.

First things first, thanks so much. I've wanted to play with HASS for a long time, but never really felt comfortable with running it myself, because it's quite... involved

I've set it up, and things seem to work remarkably well so far, with one exception. I tried to add a Sonos integration, but it doesn't seem to be able to find my system.

The documentation (over at https://www.home-assistant.io/integrations/sonos/) has a mention of Docker networking specifically, so I wonder if this might be something that needs some more tweaking/customisation in Cloudron.

I tried allowing port 1400 via ports.json, but so far, without success... Maybe there's some more firewalling blocking things (i.e. mDNS reply or something like that), not yet sure.

Just opening a thread so it's tracked, anyway, I'll update if I figure anything out.

@doodlemania2 I will try to do so if / when I can get the time to finish poking around, and verify that it actually works once I finish. I just had a child last week, so spare time is a bit hard to come by at present

Some feedback, based on having tried out surfer (great little app, by the way!)

• The "App passwords" dropdown for a surfer instance mentions SFTP, which seems a little wrong.
• It might be useful to mention _webdav in the documentation, as an alternative for interacting with surfer?
• It would be great to be able to customize the handling of some mimetypes. For example, when uploading a QML file, surfer will serve it up with application/octet-stream, rather than a text type, which makes browsers offer to download it, which is a bit annoying given how they are basically just text.

Lastly, a small script here for anyone who wants basic "upload this file" functionality but cannot use npm for whatever reason. You are expected to have a file ~/.surfer/auth with two lines (user/pass), and ~/.server/server which contains the bare hostname to upload to. You can use Cloudron's app passwords feature to avoid using your "regular" password, for some added paranoia.

#!/usr/bin/env bash
set -euo pipefail

user=$(head -n1 ~/.surfer/auth)
password=$(tail -n1 ~/.surfer/auth)
server=$(cat ~/.surfer/server)

# the file to upload...
FILE=up.sh.txt
curl -T "$FILE" -u "$user:$password" https://$server/_webdav/
echo "Uploaded to https://$server/$(basename $FILE)"

I haven't had a chance to look at authentication (or anything else, really) yet unfortunately. Life's been busy.

I did push up what I appear to be running, though, I haven't had a chance to test it independently (I am not using your repo directly, but a rather customised setup, so I copied my changes into it by hand).

You can see my fork here: https://github.com/rburchell/cloudron-influxdb

@nebulon My thinking for write protection was actually that it could - literally - use filesystem permissions rather than introducing a database. Check if the file is writable before deleting/writing, and fail if it isn't writable (or offer to override, which will have to chmod +w it)

Sometimes, there are notifications, like this one:

Failed to new certs of xxx: Unexpected status: invalid. Renewal will be retried in 12 hours

These often require extra context to understand what went wrong, or how to rectify the problem (for many backup failures, for example).

It would be great if the notification provided some sort of a pointer to jump into Cloudron's logs at the time of the event in this case, to dig into the problem further.

@nebulon The way I was thinking about this working would be to leave this entirely up to the apps rather than involving box/db in this much at all. Come up with a decent abstraction for it, and offering that as part of the manifest perhaps? Something like this:

"credentialSetup": {
	"path": "/app/code/foo",
        "arguments": [ "--user", "CLOUDRON_INSTALL_USER", " --password", "CLOUDRON_INSTALL_PASSWORD" ],
	"username": {
	    "default": "admin",
	    "canChangeAtInstallation": true,
	    "canChangeAfterInstallation": true,
	},
	"password": {
	    "default": "changeme",
	    "canChangeAtInstallation": true,
	    "canChangeAfterInstallation": true,
	}
}

Use would be as follows.

On install, check for credentialSetup presence.
If it's not present, then don't do anything.
If it's present, validate it (path must be present).

If at least one canChangeAtInstallation is true, then show a workflow asking them to set up an account/password before allowing the thing to be started.
The initial value for fields is set to its default if present (we should ideally not provide a default password, but it's just there for completeness).
If a field doesn't have canChangeAtInstallation, then it is set to read-only.

(The same logic exists for AfterInstallation, but it's separate in my manifest suggestion, as I can imagine that some apps won't be able to allow changing either user or password easily. But this could also be done later, as a separate feature. I think the installation flow is the most important part.)

When the user enters the login information, run credentialSetup.path in the image, replacing CLOUDRON_INSTALL_USER and CLOUDRON_INSTALL_PASSWORD in any of the arguments with the user-provided information.

Treat exit code 0 as "login information was successfully set", anything else is an error (and intercept anything on stderr back to send back to the user).

--

This will rely on then updating apps to have a helper script to actually make this work, but it's a low priority task anyway...

... and I guess it would also mean that older box's wouldn't be able to install apps updated to use this, unless they still also defaulted to admin/changeme on the image itself, but that's not really a problem I think.

I'm also a big fan of automatic reboots. Both to keep things updated, but also because in my opinion, the more often something restarts, the less likely you are to get bitten by somehow relying on stale state.

(Meaning, you're more likely to notice that something no longer restarts immediately after it breaks, rather than 3-4 months down the line when you no longer remember what you changed :))

Hi,

I noticed that beam.smp is using a lot of CPU inside my cloudron instance. I tracked this down to belonging to onlyoffice, and doing some further digging, I found this post that might be interesting.

tl;dr:

When I set the number of scheduler threads to 1 the CPU usage dropped from 23 % to 3 %.

Setting RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS="+S 1:1" apparently does the trick, and there's a linked issue on the onlyoffice github that appears to do exactly that as a part of their Dockerfile.

I'm unsure how to test this, but perhaps this may be the same issue / fix for Cloudron's case, too?

@girish yeah, well, since when has following the rules ever been fun?

I would guess that they say that because if your actions misbehave, or want to, they can interfere with the running gitea instance, so yeah, a separate host would be nice. but I don't know if cloudron has the ability to provision multiple containers for a single app?

I haven't seen the high cpu usage as such

Might be that this is due to the differences in HW config we're running on? As I understand it, this will "scale up" based on the number of cores you have. I'm running on a Threadripper, which has rather a few of them.

Trying to install the fixed version now, observations:

• Before install, beam.smp is taking up a steady 6% CPU
• After upgrading (via cloudron update --app xxx --appstore-id com.onlyoffice.coudronapp@1.6.1), CPU use is more or less nonexistent: I no longer see it in the top consumers at all

So I think this looks successful

I will move this key length limitation as a feature request. I don't know of a way around it without either a) maintaining an offline index of file names or b) disabling file name encryption altogether.

Yes, I think that there's no other solution, at least, not that I've been able to come up with.

Is disabling filename encrpytion acceptable to you? If so, that is atleast easier to add than a.

That would for sure be more ideal than it not working, so I can make a feature request for it

In terms of the "just work" factor, it would be nicer to have this just handled transparently ('a') though, but I can understand it isn't at all straightforward. Might be worth studying some different backup tools to see how this is handled, and sticking this into the list as a longer term project.

For 2, this seems like a Cloudron bug. How big is your data roughly?

Pretty big then, much smaller now. At the time I was testing the limits to see if I could break things, so I had around 400G stored I think (most of it in a single syncthing instance), don't recall the exact amount.

Just brain-dumping from trial and error session...

For authentication, start without auth first. Then connect influx client, and run:

CREATE USER admin WITH PASSWORD 'foobar' WITH ALL PRIVILEGES;

Then, you can safely enable auth (set the config keys `http/auth-enabled, http/pprof-auth-enabled to true), and will need that user/pass to run any queries.

Not sure if there's an easier way or not... If there isn't, perhaps this could be done via start.sh somehow - detect that a given launch is the first one (if the db doesn't exist yet) - start it, create an admin user, then stop & restart with auth enabled.

A few other small suggestions while I'm thinking of it:

• It would be nice if the admin UI had the ability to multiselect (and perhaps "select all") files, to delete a bunch of stuff at once.
• It would be neat if it were possible to write-protect a file to prevent it being overwritten or deleted without removing the write protection

@nebulon said in OpenHAB not starting after installation:

gosu cloudron:cloudron /app/code/runtime/bin/karaf daemon

Weird.. When I ran /app/pkg/start.sh in recovery mode, I got this:

==> Ensure directories
==> Changing ownership
==> Starting OpenHAB
Killed

When I started the last command by hand, it actually seemed to run okay (at least, no output, and it didn't get killed...

I had a hunch that maybe it was getting OOM killed, and sure enough, I raised the memory allocation to 512m, and it now seems to start successfully, so maybe the default allocation (256m I think it was?) is just a little too low to start, sometimes?