Collabora Online Development Edition in unprivileged CT of Proxmox

T

Thatoo

Member
Jun 11, 2021
32
0
11
37
Hello,

I have installed Collabora Online Development Edition in unprivileged CT of Proxmox (and Nextcloud on an other CT) :
LOOLWSD 6.4.10 (git hash: b4fa48ef)
Collabora Office 6.4-45 (git hash: a21347f)
It is on a "Debian GNU/Linux 10 (buster)" unprivileged CT of Proxmox with pve-manager/6.4-13/9f411e79 (running kernel: 5.4.106-1-pve)

It works very well except when I want to "print" or "download as" PDF. I can download as .odt, .doc, .docx but no pdf.

The reason I come her is that it works on a Yunohost instance though, both collabora ad Nextcloud being on Yunohost... And when I look for the same error, pve CT is coming back...

If I look at the log, "tail -f /var/log/syslog" when I open a document in nextcloud (on one proxmox CT) with the help of collabora online (installed on an other proxmox CT), and I click on "download as" PDF, I can read :

Code: 
Aug  3 17:59:26 collabora loolwsd[204]: wsd-00204-01092 2021-08-03 15:59:26.231988 [ docbroker_011 ] WRN  Waking up dead poll thread [HttpSynReqPoll], started: false, finished: false| ./net/Socket.hpp:682
Aug  3 17:59:26 collabora loolwsd[204]: wsd-00204-01092 2021-08-03 15:59:26.268800 [ docbroker_011 ] WRN  Waking up dead poll thread [HttpSynReqPoll], started: false, finished: false| ./net/Socket.hpp:682
Aug  3 17:59:26 collabora loolwsd[204]: kit-01093-00380 2021-08-03 15:59:26.274974 [ kit_spare_012 ] ERR  mknod(/opt/lool/child-roots/4hECWeZGdMLEg5Oy//tmp/dev/random) failed. Mount must not use nodev flag. (EPERM: Operation not permitted)| common/JailUtil.cpp:247
Aug  3 17:59:26 collabora loolwsd[204]: kit-01093-00380 2021-08-03 15:59:26.275003 [ kit_spare_012 ] ERR  mknod(/opt/lool/child-roots/4hECWeZGdMLEg5Oy//tmp/dev/urandom) failed. Mount must not use nodev flag. (EPERM: Operation not permitted)| common/JailUtil.cpp:259
Aug  3 17:59:26 collabora loolwsd[204]: E: lt_string_value: assertion `string != ((void *)0)' failed
Aug  3 17:59:26 collabora loolwsd[204]: E: lt_string_value: assertion `string != ((void *)0)' failed
Aug  3 17:59:26 collabora loolwsd[204]: E: lt_string_value: assertion `string != ((void *)0)' failed
Aug  3 17:59:26 collabora loolwsd[204]: E: lt_string_value: assertion `string != ((void *)0)' failed
Aug  3 17:59:37 collabora loolwsd[204]: wsd-00204-00384 2021-08-03 15:59:37.068519 [ websrv_poll ] ERR  Download file [/opt/lool/child-roots/hhP2paa4qZCvm3gS/tmp/user/docs/jSrj6gllE7WeuHfbPLUlpKfDTWGOXxUgWa2R9eb6fVouZiCX2vjxTe3FTkS7PgIP/HAG Proposition amélioration sécurité incendie.pdf] not found.| wsd/LOOLWSD.cpp:3371

I read that it could be linked with the fact that my CT is an unprivileged CT or that I should add "nesting=1" to /etc/pve/lxc/xxx.conf . https://github.com/CollaboraOnline/richdocumentscode/issues/72
What do you think?
I have tried both, "nesting=1" didn't do anything. Restoring a backup of my unprivileged CT to a privileged CT resulted in a non functional collabora online CT (I mean, nextcloud could not connect to it, I don't really understand why...).
Any idea?
 
Last edited:
there is a 'mknod' feature for containers - can you try enabling that for the container in question?
 
  • Like
Reactions: Stoiko Ivanov and Thatoo
I will try that.
By the way,
I have installed Collabora Online with the same settings on a VM in Proxmox instead of an unprivileged CT and it does work perfectly!
So I guess the problem come from proxmox unprivileged CT...
 
yes, VMs and containers work very differently, and the former are a lot more isolated and can thus run with less restrictions within that isolation.
 
  • Like
Reactions: Thatoo
hi,
i'm new to proxmox and linux and i don't have much experience. i think i have the same problem as thatoo.
nextcloud is running in an unpreviled lxc container with ubuntu 20.04 and collabora in docker and everything works fine except print and pdf export.
unfortunately the solution with mknod=1 doesn't seem to work for me if i enable the option "create device nodes". got the same problem while pdf export. also i run into the problem that i can't restore the container backup unpreviled anymore because of the mknod-option.
do you have any other ideas about the problem? unfortunately, i haven't found much more about it.
@Thatoo: did you change anything else besides mknod=1? did you reinstall collabora/docker again afterwards? container changed to previleged, or something?
would be great if you could help me! thanks in advance.
 
I face the same problem than you. I can't restore a CT for which I have added
Code: 
features: mknod=1
So what I always do before updating this CT is that I restore the CT to a state before I added it, then I update the CT (all software in it), I do a new backup and then I add again
Code: 
features: mknod=1
I never backup after adding it.

It is the only modification I did. The difference with you is that I didn't use docker at all. I installed CODE using debian package following this page https://www.collaboraoffice.com/code/linux-packages/ .

I hope it will help you.
Except this issue, nextcloud and collabora are working very weel together within Proxmox.
 
Last edited:
Which error do you get if you try to restore a CT with "features: mknod=1"? Is it expected that restore fails for "custom" features?
 
hey @Thatoo,
thanks for your quick reply! that helps a lot!

i think then it will be the docker container that mknod is not doing anything for me.
i probably won't be able to avoid splitting my single container and putting collabora in an extra container so that the backup for nextcloud can continue to run automatically. if collabora is separate, i won't have to backup it daily.
I am then only not quite clear how I have to deal with port 80 for lets encrypt to serve 2 containers with the same port. probably nginx also in an extra container and then forward somehow?
but that is a new construction site.
whenever i think my nextcloud is finally running smoothly, i get this tiny little thing like pdf export and have to rebuild everything again.
well, you learn best by making mistakes. ;)
anyway: now i have an idea how to proceed. best thanks again!

@XueSheng
during the restore comes the error:
tar: ./var/spool/postfix/dev/urandom: Cannot mknod: Operation not permitted
tar: ./var/spool/postfix/dev/random: Cannot mknod: Operation not permitted

and afterwards no container is created.
i found a little bit about this in the forums, but have not yet had the time to look into it further.
 
XueSheng said:
Which error do you get if you try to restore a CT with "features: mknod=1"? Is it expected that restore fails for "custom" features?
Click to expand...
Here is the error I get
Code: 
tar: ./opt/lool/child-roots/vBNNXFeTQ11TM8yp/tmp/dev/random: Cannot mknod: Operation not permitted
tar: ./opt/lool/child-roots/vBNNXFeTQ11TM8yp/tmp/dev/urandom: Cannot mknod: Operation not permitted
tar: ./var/spool/postfix/dev/random: Cannot mknod: Operation not permitted
tar: ./var/spool/postfix/dev/urandom: Cannot mknod: Operation not permitted
Total bytes read: 2370949120 (2.3GiB, 517MiB/s)
tar: Exiting with failure status due to previous errors
TASK ERROR: unable to restore CT 117 - command 'lxc-usernsexec -m u:0:100000:65536 -m g:0:100000:65536 -- tar xpf - --zstd --totals --one-file-system -p --sparse --numeric-owner --acls --xattrs '--xattrs-include=user.*' '--xattrs-include=security.capability' '--warning=no-file-ignored' '--warning=no-xattr-write' -C /var/lib/lxc/117/rootfs --skip-old-files --anchored --exclude './dev/*'' failed: exit code 2
 
iring said:
hey @Thatoo,
thanks for your quick reply! that helps a lot!

i think then it will be the docker container that mknod is not doing anything for me.
i probably won't be able to avoid splitting my single container and putting collabora in an extra container so that the backup for nextcloud can continue to run automatically. if collabora is separate, i won't have to backup it daily.
I am then only not quite clear how I have to deal with port 80 for lets encrypt to serve 2 containers with the same port. probably nginx also in an extra container and then forward somehow?
but that is a new construction site.
whenever i think my nextcloud is finally running smoothly, i get this tiny little thing like pdf export and have to rebuild everything again.
well, you learn best by making mistakes. ;)
anyway: now i have an idea how to proceed. best thanks again!

@XueSheng
during the restore comes the error:
tar: ./var/spool/postfix/dev/urandom: Cannot mknod: Operation not permitted
tar: ./var/spool/postfix/dev/random: Cannot mknod: Operation not permitted

and afterwards no container is created.
i found a little bit about this in the forums, but have not yet had the time to look into it further.
Click to expand...
I indeed have a reverse proxy nginx but if you have only nextcloud and collabora, you don't need it.
You can create two CT :
- one for nextcloud listening port 80 and 443 with SSL/TLS Lets'encrypt
- one with collabora online listening only to port 80 with a local IP (within your proxmox)
Then you only need to be sure that your two CT are on the same network 192.168.1.33 and 192.168.1.44 for example and that inside both CT, you edit /etc/hosts writing
192.168.1.33 nextcloud.example.com
192.168.1.44 collabora.example.com
with the good url you chose at install of both nextcloud and collabora.

The only limitation for that is that only nextcloud within your proxmox will be able to use this collabora online CT. But it's a way to start.
 
ok, also a good suggestion.
i think i prefer to do it right with nginx one more time, but i have to get more familiar with the whole stuff and then think about it again.
i'll let you know how it continues.

thanks a lot for your help and the tips!
 
Hi folks, ended up here via google search for a problem I am having with Nextcloud/Collabora running in an LXD Container.

Seems like the same error mentioned here.

Since I am running in an LXD/LXC env that was installed via snap on ubuntu, all of my config items are in /snap/lxd/...

Also it seems like we are now supposed to edit configs using command lines which verify the inputs. I am trying to make these suggestions by they are not taking.

Any ideas? Thanks.

me@i9-9900k-ub:/etc$ lxc config set nextcloud lxc.apparmor.profile unconfined Error: Invalid config: Unknown configuration key: lxc.apparmor.profile me@i9-9900k-ub:/etc$ lxc config set nextcloud apparmor.profile unconfined Error: Invalid config: Unknown configuration key: apparmor.profile me@i9-9900k-ub:/etc$ lxc config set nextcloud mknod 1 Error: Invalid config: Unknown configuration key: mknod me@i9-9900k-ub:/etc$ lxc config set nextcloud features:mknod 1 Error: Invalid config: Unknown configuration key: features:mknod
 
PVE doesn't use LXD (just the underlying LXC library and tools built on top of that) - you might have more luck in the LXD support channels ;)
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back