this post was submitted on 24 Sep 2024
68 points (80.4% liked)

Selfhosted

40407 readers
332 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

And it failed spectacularly.

We only needed a simple form, but we wanted to be fancy, so we used "nextcloud forms".

The docker image automatically updated the install to nextcloud 30, but the forms app requires nextcloud 29 or lower. No warning whatsoever. It's an official app, couldn't they wait that it was ready for NC 30 before launching it? The newsletter boasts "NC hub 9 is the best thing after sliced bread" yet i don't see any difference both in visual or performance compared to NC hub 2

Conclusion: we made our business to rely on nextcloud forms as a signup form, but the only reason we were using it was disabled who knows how many weeks ago.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 31 points 2 months ago (2 children)

The docker image automatically updated the install to nextcloud 30, but the forms app requires nextcloud 29 or lower.

Lol. Do not blame others for your incompetence. If you have automatically updates enabled then that is your fault when it breaks things. Just pin the major version with a tag like nextcloud:29 or something. Upgrading major versions automatically in production is a terrible decision.

[–] [email protected] 17 points 2 months ago (2 children)

Docker images should never self update - that's an anti pattern. They should be static code. The only time I would expect a docker image to "auto update" is if I was using the "latest" or "stable" tag and Compose/Kubernetes/I repull the image - but the image should never update itself.

Yes, OP bit off more than they could chew. Nextcloud, however, is breaking the entire purpose of Docker images by having an auto-updater at all.

[–] [email protected] 17 points 2 months ago (1 children)

If you say

Thing:latest

and then redeploy your compose file or what not,

well, you're getting the latest!

[–] scottmeme -1 points 2 months ago (1 children)

I run latest with watchtower on so much shit

[–] [email protected] 2 points 2 months ago (1 children)

That is a very bad idea. Use the stable tag instead. Better yet, create an Ansible playbook that updates the containers in bulk and then manually run it when you have time.

[–] scottmeme 2 points 2 months ago* (last edited 2 months ago) (1 children)

Naw I mostly do it for my own personal shit, can't be fucked to update Plex 3 times a week and so on with other homelab stuff. Everything production is tagged with gitops version managed kubernetes manifests

Edit: should also mention I build quite a bit of the software being deployed

[–] [email protected] 0 points 2 months ago (1 children)

Plex doesn't get updates 3 times a week

[–] scottmeme 1 points 2 months ago

My point being I don't want to update that sort of stuff that can be automated.

[–] [email protected] 1 points 2 months ago (1 children)

What are you talking about? If you are not manual (or by something like watchtower) pull the newest image it will not update by itself.

I have never seen an auto-update feature by nextcloud itself, can you pls link to it?

[–] [email protected] 4 points 2 months ago (1 children)

I don't have the link here, but essentially yes, nextcloud can update it's own app code in it's image because you have to mount the code to your own filesystem. This means that between docker images you can have a mismatch of the code that you have stored and the code that the image is expecting, which frequently causes mismatches for me. This is an antipattern. The code should be stored in the image, not as a volume mount. There should never be a mismatch of code in a docker image - that's the whole point. The configuration could be out of date sure, or if there's a data file that's needed, that's expected. The actual running code thought, that should never be on a mountable volume.

Next time you update the image you will probably be greeted with a "Nextcloud needs to update". That should not exist. You already pulled the image, that should be everything you need to do. The caveats are extensions, kind of a grey area in my book, but I know it's not a clean pattern with those either. (The best one I've seen lets you pin the extension version with environment variables or a config file, and then once again you are in control of when they update, and no running code is stored outside of the image.)

[–] [email protected] 2 points 2 months ago (1 children)

You can disable the web updater in the config which is the default when deploying via docker. The only time i had a mismatch is when i migrated from a nativ debian installation to a docker one and fucked up some permissions. And that was during tinkering while migrating it. Its solid for me ever since.

Again, there is no official nextcloud auto updater, OP chose to use an auto updater which bricked OPs setup (a plugin was disabled).

[–] [email protected] 2 points 2 months ago

Thanks, I'll disable that. I'm extra salty right now because I had to rollback a bad version and had to rebuild some of my config over the last week. I got into version hell because the code on the volume (which is why I'm pissed at it) said that I couldn't run the image that I had set. So I pinned an earlier version, but then there were extensions that were pinned to a later one and said that I couldn't rollback and didn't start. I had to end up redoing the whole drive manually, forcing specific versions in the version.php and the config.php to finally make it work (Why is it in two places). Then after all that I had to run the upgrade command. Extremely annoying, and a waste of time for me. Other docker containers if I need to pin a version? I just.. pin the version. Nextcloud is the only one I've seen where they store code on my volume and then pin specific versions to it.

[–] [email protected] -1 points 2 months ago (1 children)

They're releasing a new version every two month or so and dropping them rapidly from support, pinning it with a tag means that in 12 months the install would be exploitable.

Now, I did directly to production because this is low priority stuff, but it would have happened even with a testing stage. I would have never noticed that the forms apps was disabled, the system disabled it without any notification.

You would expect that an official app supports the latest release, no?

This wasn't an app released by a nobody in their free time, this is a main feature heavily advertised in their blog. Look by yourself:

https://nextcloud.com/blog/nextcloud-forms-to-keep-your-surveys-private/

It's not unreasonable to get pissed when 6 months after that blog post it doesn't support the latest release anymore.

[–] [email protected] 6 points 2 months ago (1 children)

They're releasing a new version every two month or so and dropping them rapidly from support, pinning it with a tag means that in 12 months the install would be exploitable.

The lifecycle can be found with a single online search. Here https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule

Releases are maintained for roughly a year.

Set yourself a notification if you forget it otherwise.

[–] [email protected] 3 points 2 months ago (1 children)

Exactly, they have a release schedule, why their own plugin, that they're heavily promoting as a feature, isn't following that? If for some reason the forms app isn't ready for that date, why not postponing the launch instead of having it broken for who know how many months?

It's not a plugin made by someone else in their free time. They knew that by updating to NC 30 that feature that was marketed just 6 months ago would be disabled, so at least have the decency to write it in the release notes. I subscribe to the newsletter and the RSS for what, just enjoy the marketing buzzwords?

It's like if Microsoft releases an operating system with a buggy and broken taskbar because of a rushed self imposed deadline and fixes it one year later.

[–] [email protected] 1 points 2 months ago (1 children)

Okay, let's be angry at the company and frown a lot at what happened. Gurr, bad company, evil.

And now think of what you'd rather have - a working system, or a reason to be angry? If you have something that integrated with something else, lock it down at a specific version so you control the upgrade and know those versions work 100% of the time together. "Latest" is just asking for trouble - be it in a docker image, in dependencies or elsewhere. It's absolutely not a "best practice" if it isn't even a code smell or an outright bug. You could've had a slightly outdated version, which won't be "exploitable" - you wouldn't have enough time to exploit anything in that time, especially with smaller companies and obscure exploits.

Instead of putting out the fire, you could've been now looking into the upgrade, seeing on UAT or Test or whatever that forms aren't supported, chilling till they are supported or complaining that they aren't.

Upgrades breaking shit is like programming / devops 101, and a huge reason for technical debt in very old projects. Leaving all that to chance is just irressponsible.

[–] [email protected] -1 points 2 months ago (1 children)

the upgrade command is sent manually, it's not automated and it's not unattended. It would have made ZERO difference if i tagged 29 and then in test tagged 30. The upgrade would have not failed, it would have given ZERO warnings, I would have seen that everything worked as expected (because who tests the useless survey that is filled once a semester?) and I would have pushed the update to production.

[–] [email protected] 2 points 2 months ago (1 children)

Who tests the useless survey? Everyone with regression tests. Like dude, everything you talk about has been written "in blood" from years of hosting production systems. If the useless survey is needed, then write a test for it, or a testcase to manually try it. Don't just upgrade, see that the app is up and push to prod, that's not testing, that's asking for trouble.

[–] [email protected] 1 points 2 months ago

I'm not arguing that my procedure is right (it is not), I'm arguing that nextcloud rushed the release in an incredibly unprofessional way.

When it's the last time that Canonical, in the hurry to release Ubuntu xx.yy broke snapd without?

When it's the last time that Apple, in the hurry to release iOS xx, made it totally incompatible with iMovie and had no timeline on when it would be fixed?

When it's the last time that Microsoft pushed a Windows update that disabled Microsoft office and left it unfixed for months?

Nextcloud decided to take care of the forms app. They decided to promote it as a selling point. They decided when to release the update. They decided to still push the update even if their own form app didn't get any new release in 4 months and isn't compatible.

They aren't contractually obligated to release a new, indistinguishable version (except some new bits that make it incompatible) every quarter.

Not ready? Delay one week. Still not ready? Delay an additional week. It came out that it needs a complete rewrite and it will take months? Write a note in the blog saying that feature is no more a selling point but now it is deprecated/unmaintained/unsupported and it will be automatically disabled without confirmation.

As someone said, a good app is only late until it ships, a bad app is bad until it's patched. Why being perpetually bad with updates that nobody is asking?