Slave install - Unison not working

Discussion in 'Installation/Configuration' started by francoisPE, Nov 30, 2020.

  1. francoisPE

    francoisPE Member HowtoForge Supporter

    Hello,
    I am setting up a mirror server to my ispconfig server.
    I follow ISPC3.1 manual even if I am with ispc3.2.1 on ubuntu 20.04
    Everything is running well except unison :
    I run /root/scripts/unison.sh (= "/usr/bin/unison web" in script of ispc manual)
    and it gives :
    "
    connexion ok, to be copied status ok
    [...]
    Failed: Error in setting file ownership: Operation not permitted [chown(/var/www/clients/client0/web1)]
    Failed [clients/client0/web1]: Error in setting file ownership: Operation not permitted [chown(/var/www/clients/client0/web1)]
    [BGN] Copying properties for clients/client0/web2 from //ns3.xxx.fr//var/www to /var/www
    Failed: Error in setting file ownership: Operation not permitted [chown(/var/www/clients/client0/web2)]
    [...]
    Failed: Error in renaming /var/www/php-fcgi-scripts/web12/.unison..php-fcgi-starter.1ec24bc6dbe29bc1beb1e07b9b7a4460.unison.tmp to /var/www/php-fcgi-scripts/web12/.php-fcgi-starter: Operation not permitted [rename(/var/www/php-fcgi-scripts/web12/.unison..php-fcgi-starter.1ec24bc6dbe29bc1beb1e07b9b7a4460.unison.tmp)]
    80% 00:00 ETAFailed [php-fcgi-scripts/web12/.php-fcgi-starter]: Error in renaming /var/www/php-fcgi-scripts/web12/.unison..php-fcgi-starter.1ec24bc6dbe29bc1beb1e07b9b7a4460.unison.tmp to /var/www/php-fcgi-scripts/web12/.php-fcgi-starter:
    Operation not permitted [rename(/var/www/php-fcgi-scripts/web12/.unison..php-fcgi-starter.1ec24bc6dbe29bc1beb1e07b9b7a4460.unison.tmp)]
    "

    I already saw that it is impossible to create a dir in /var/www/clients/client0/webxx
    even with "sudo -u webxx mkdir /var/www/clients/client0/web1/test"

    Is there something wrong in my conf ?
    I didn't find out anything on that in FAQ
    Many Thanks
     
  2. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Possibly this is due to being set immutable. I've never used unison, just tossing ideas out.
     
  3. nhybgtvfr

    nhybgtvfr Active Member

    i would think unison probably shouldn't be trying to sync /var/www/clients/client0/web1 itself, but /var/www/clients/client0/web1/web
    any files or folders directly in web1 should only be created by ispconfig as part of the domains/subdomain/aliasdomain/jailkit configuration
     
  4. francoisPE

    francoisPE Member HowtoForge Supporter

    I think so but how to workaround as I follow ispconfig manual...
     
  5. nhybgtvfr

    nhybgtvfr Active Member

    i'm not sure, i'd assume you ideally want to sync all of /var/www or at least all of /var/www/clients.
    i've not tried using unison to do this.
    maybe if you change the sync path to /var/www/clients/client*/web*/web so it doesn't actually sync the immutable folder itself? i'm not how unison would handle wildcards.
    you'd also have to do the same for the private folder, and any other vhost subdomains that get put directly in /web##/<vhost folder> rather than /web##/web/<vhost folder> which end up having any name, so you can't really script it in advance.
    i can't see any other way apart from removing the immutable bit from all the web## folders. the immutable bit limits what root can do, so running your existing script as root won't suddenly start working.
    but removing the immutable bit could be too insecure, especially for live servers.

    to be honest, i think for something like this, using shared storage, nfs share, or similar might be easier.
     
  6. francoisPE

    francoisPE Member HowtoForge Supporter

    I understand immutable bit issue but try chattr without success.
    Is there a solution to unable that ispc function during unison process adding it in cronjob...
    If not, i wouldn't use unison but another code... which one ?
    Why ispc manual propose unison : is there something to take care with unison ?
     
  7. francoisPE

    francoisPE Member HowtoForge Supporter

    Looking into ispconfig / system/ server config/permission, I discover this option :
    "Make web folders immutable (extended attributes)"
    I would if unison is working since this option is implemented ?
     
  8. nhybgtvfr

    nhybgtvfr Active Member

    well, if used, unison is going to be running pretty much continuously, so i suspect you'll have to disable that, otherwise you'll be running chattr -i and chattr +i constantly.
     
  9. francoisPE

    francoisPE Member HowtoForge Supporter

    Sure, I am now thinking about rsync. I don't know if I will face same issue.
    May be would be good to modify ispconfig manual on that particular topic.

    thank a lot
     
  10. nhybgtvfr

    nhybgtvfr Active Member

    rsync is unidirectional. unison would be bidirectional.
    you can't guarantee the files will only change on the same server 100% of the time. so you need a bidirectional sync.

    also, if set, the immutable bit limits actions for all users including root, rsync would also be affected.
     
  11. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

  12. francoisPE

    francoisPE Member HowtoForge Supporter

  13. francoisPE

    francoisPE Member HowtoForge Supporter

    I dig, and, dig again !
    the only solution I found is to remove immutable bit through chattr -i AND remove option in ispconfig : system> server config> web> permission > "Make web folders immutable (extended attributes)"
    thanks for your help :)
     
  14. nhybgtvfr

    nhybgtvfr Active Member

    after changing the 'make web folders immutable' setting in ispconfig, did you resync websites? possibly also need to resync clients and resellers.
    i don't think just changing the setting in ispconfig will have any effect on folders that already exist, I would assume that at minimum, a website resync is needed.
     
  15. francoisPE

    francoisPE Member HowtoForge Supporter

    You are right : first, I run chattr and next change immutable bit setting.
    I didn't try "resync clients and reseller" because I didn't understand what this option is for ! Tool panel in manual doc is not in line with Ispconfig 3.2...
    Thanks for this tip !;)
     

Share This Page