Conversation
JoshData
force-pushed
the
jammyjellyfish2204
branch
from
f69a309 to
3998214
Compare
|
Should I submit 22.04 PRs to the new branch? |
|
Go for it. :) Right now, Nextcloud doesn't appear to be installing correctly and it seems the PHP apcu apt package is built incorrectly. It has the module for PHP 8.1 instead of 8.0. I'm not sure if these are related, but probably. (https://bugs.launchpad.net/ubuntu/+source/php-apcu/+bug/1957261) |
|
I haven't tried installing yet, but I did discover |
|
I think that's something different. |
|
That is indeed different. apc is an older extension that was replaced by apcu, however, not all apc functions are supported in apcu, and the apcu-bc extension adds the missing pieces. This is only really relevant for legacy apps running on newer PHP versions, as apcu has been around for a long time now, and some of what the old extension did provide is now handled by zend opcache, which is newer/better. |
|
I wonder if they will fix this. After all, the bug is so far only affecting two people... |
|
What about installing from pecl/pear (I never know the difference) until it's fixed? |
|
How should we post issues or questions on this release? For example, I just ran This is after a fresh install, no edits, yet, and not a restore. Maybe we should have a v60 milestone? |
|
Yes, please post issues with this PR here. I have no idea what that opendmarc configuration dialog is about, so I don't have any response to that now, but we'll have to figure it out eventually. Installing apuc from pecl/pear is a good idea and a fine workaround so we can keep developing this PR, but with luck Ubuntu will fix that before April. |
|
Good evening, Best, |
|
FWIW Everyone has probably realized by now that jammy will ship with PHP 8.1, not 8.0 so the apcu issue should go away. However Nextcloud does not currently support 8.1: Roundcube also appears to lack support for 8.1 because the test matrix for the 1.5 branch only includes php up to version 8.0, but master includes 8.1. No specific bug or issue that I could find, though. I did not check the Roundcube plugins. |
|
For Roundcube it looks like in the 1.6-beta milestone the PHP 8.1 tasks are complete with one still open in 1.6-rc milestones. A quick skimming of the plugins and I didn't see any open issues or PRs mentioning 8.1. |
|
Has anyone seen this before in Ubuntu? This is after running Package configuration
┌────┤ Daemons using outdated libraries ├─────┐
│ │
│ │
│ Which services should be restarted? │
│ │
│ [ ] dbus.service │
│ [*] dovecot.service │
│ [*] multipathd.service │
│ [*] named.service │
│ [ ] networkd-dispatcher.service │
│ [*] nginx.service │
│ [*] nsd.service │
│ [*] ntp.service │
│ [*] opendkim.service │
│ [*] packagekit.service │
│ [*] php8.0-fpm.service │
│ [*] polkit.service │
│ [*] postfix@-.service │
│ [*] rsyslog.service │
│ [*] ssh.service │
│ [ ] systemd-logind.service │
│ [*] udisks2.service │
│ [ ] unattended-upgrades.service │
│ [*] upower.service │
│ [ ] user@1000.service │
│ │
│ │
│ <Ok> <Cancel> │
│ │
└─────────────────────────────────────────────┘ Maybe need to document something for new users. |
|
|
Uh oh. It's actually much worse for us than that. Since Nextcloud only (officially) supports upgrades from consecutive versions, we need there to be two consecutive versions that support PHP 7.2 (which we have on Ubuntu 18.04 now) and PHP 8.1. Nextcloud 20 is the last version to support 7.2. (We have that version on Mail-in-a-Box now.) So unless Nextcloud backports PHP 8.1 support to Nextcloud 21 (unlikely, since they're up to 23) or backports PHP 7.2 support to any of the newer versions (even less likely), we can't perform the upgrade. So this is very bad. |
|
I'll wait a bit to see if Ubuntu changes course and goes back to PHP 8.0, but if they proceed with 8.1 what we'll have to do is release a new version for Ubuntu 18.04 that adds a PHP PPA and install 7.3, 7.4 or 8.0. (Even 7.3 would be enough to move to the current latest version of Nextcloud and presumably would be lower risk than installing 8.0, so it would probably be 7.3.) |
|
Sury several years back Sury started making all of the packages so that even the main repo won't interfere with each other (e.g., |
|
IMHO, it seems unlikely php 8.0 would be included with jammy because it would leave just 6 or 7 months of active php support assuming an April release. |
|
It might be worth removing haveged in this PR. Doing some research on it's relevance today it seems like the consensus even from the developer is newer kernels don't need it: Given 22.04 will ship with kernel 5.15, I think this dependency can be removed and streamline things ever so slightly. |
Nice catch. I'd happily accept a PR to this branch removing it. (If no one does it, I will.) |
|
Here you go #2090 :) |
|
FWIW, I ran php static analyzers phan and phpcompatibility against the three roundcube plugins (html_notifier, rcmcarddav, and persistent_login). Phan only does backward compatibility checks, so not that useful and unfortunately phpcompatibility does not yet support php 8.1. Anyway, no compatibility issues were found at least up to php 8.0 for those plugins. |
|
Exakat supports compatibility checks for 8.1. It's very thorough! |
|
I don't see any compatibility checks for php 8.1, or at least it's not listed in the rulesets section of |
|
That's odd, as it definitely exists! Docs for it start here: https://exakat.readthedocs.io/en/latest/Reference/Rulesets.html#ruleset-compatibilityphp81 I note that the output you posted is from an old version 2.3.0; it's currently at 2.3.6. |
|
Further complication - Roundcube 1.6 will no longer support PHP 7.2. See: roundcube/roundcubemail#7976 |
Perhaps the crash when loading the status page is causing gunicorn to timeout. |
|
Or, 30 seconds isn't long enough to load the status page and gunicorn is killing it. |
|
The .well-known redirects for CardDAV and CalDAV point to the wrong URL. It should just be "dav" Same problem in the main branch--so maybe we wait, but it is a pretty simple fix:
The ZPush redirects could use some love too, but isn't that broken anyways? At any rate, I just commited a fix for both in the nextcloud24 PR so we can wait if we don't think its urgent. |
|
I am having some success getting the daemon to hang during status checks, which causes gunicorn to terminate the worker process (and for me I end up with 3 process after the gunicorn restarts the worker, one of which must be killed with prejudice). This seems to only happen using the web interface, not from the command line. In reading the multiprocessing pool docs, it says If I change daemon.py's /system/status POST handler, and add pool.close() and pool.join() after run_checks(), it seems to avoid the hang. |
That's interesting, because it looks like the code is using the pool as a context manager: |
|
yes, I noticed that too, and tried a bunch of other stuff thinking the cleanup was automatic, but nothing worked. the docs say close/terminate must be called manually, so I guess that holds. |
|
Hmm. Found this article https://superfastpython.com/multiprocessing-pool-context-manager/ and it would suggest you are right.
I've patched this on my server as well and things seem to be running better with the change and I don't see any obvious problems. |
|
Feel free to add the commit to one of your PRs, or I can add a new PR later today. |
|
great |
|
There's another timeout that causes a gunicorn worker to get killed which doesn't appear to be documented or configurable. That is, when I pause my VM for an hour, then continue (eg. closing my laptop and opening it a while later), a new gunicorn worker is created (and old one is killed). It's probably not a use case we care about, just documenting it as it's different than the old behavior. |
multiprocessing.Pool's exit() function, which is automatically called by python's 'with' builtin when the scope is closed, calls terminate() (see https://github.com/python/cpython/blob/3.10/Lib/multiprocessing/pool.py) . That should prevent a hang during garbage collection according to the docs. However, the process clearly hangs in practice, and I don't think we want to terminate either so close()/join() still makes sense and seems to work. |
The command is used in mailinabox-postgrey-whitelist. Reported missing (on systems that don't install it by default) in #2083.
|
The postgrey changes will be great for this upcoming migration! |
I don't believe this will help for this migration (it will for future ones and reinstalls). This branch (what will be v0.60?) should only be run is after you have reinstalled to 22.04 and copied your /home/userdata/. You could backup your /var/lib/postgrey/ before you migrate and stop postgrey and copy/chown/chmod the files afterward. (I did this from 14.04 ->18.04) |
|
Good point. I wasn't thinking too deeply about it and forgot the change would have to be on the current, not future release. |
| "ssl_cipher_list=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" \ | ||
| "ssl_prefer_server_ciphers=no" \ | ||
| "ssl_dh_parameters_length=2048" | ||
| "ssl_dh_parameters_length=2048" \ |
There was a problem hiding this comment.
ssl_dh_parameters_length is a pre 2.3 option https://doc.dovecot.org/configuration_manual/dovecot_ssl_configuration/
It results in a log warning to /var/log/maillog
Sep 29 16:14:43 config: Warning: Obsolete setting in /etc/dovecot/conf.d/10-ssl.conf:91: ssl_dh_parameters_length is no longer needed
Should we exclude the option?, I imagine it now uses the length from ssl_dh
…than 'service nsd restart' I am not sure if this was the problem but nsd didn't serve updated zonefiles on my box and 'service nsd restart' must have been used, so maybe it doesn't reload zones.
|
Merged! Announcement at https://discourse.mailinabox.email/t/version-60-for-ubuntu-22-04-is-about-to-be-released/9558. Fingers crossed it works. Please report any critical installation bugs here (or open a new PR if you have a fix). Anything else can go in the discussion link above or a new issue here on GitHub, probably. I'll update the website tomorrow. Thanks to everyone who participated, especially everyone who opened pull requests. I really appreciated it. |
16 participants
This is a draft PR combining #1752, #2008, and some additional changes to prepare for switching our support to Ubuntu 22.04, which is the next long-term support release coming in April.