authentication failure [...] msg=path "/run/proxmox-backup/shmem" is not on tmpfs

[fila612]

Hi,

I've tried to install the latest docker image to my Synology via Portainer. there were 4 Folders created on the host system and mapped into docker volumes:

These 4 volumes are created with following options (in Portainer called "drive options":

after start the container, logs seems to be fine and data were created in the folders.

But, the login (admin/pbspbs) is not working: in PBS2/logs/api I found a file "auth.log" including this: 2022-02-13T09:39:05+00:00: authentication failure; rhost=[::ffff:172.17.0.1]:52784 user=admin@pbs msg=path "/run/proxmox-backup/shmem" is not on tmpfs

I think there is something wrong what I did, but I'm not sure what. Also I checked the tmpfs inside the container:

any suggestions how to handle this?

[ayufan]

@fila612 Synology uses pretty outdated linux kernel: https://github.com/ayufan/pve-backup-server-dockerfiles/pull/15. You might apply this patch yourself and recompile.

[fila612]

Thanks for the tip, unfortunately my knowledge is not sufficient for this. Will there be this patch in your image later?

[ayufan]

I would prefer if this patch is being sent upstream. This would be best. If not accepted I might adapt that, but this is some additional maintenance burden :(

On Sun, Feb 13, 2022 at 11:15 AM fila612 @.***> wrote:

Thanks for the tip, unfortunately my knowledge is not sufficient for this. Will there be this patch in your image later?

— Reply to this email directly, view it on GitHub https://github.com/ayufan/pve-backup-server-dockerfiles/issues/16#issuecomment-1037987659, or unsubscribe https://github.com/notifications/unsubscribe-auth/AASOSQK5I2G233XKEMSZK4LU26ADZANCNFSM5OIUX3KQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you commented.Message ID: @.***>

[fila612]

understand, so I'm not able to do anything (sorry) thanks for your quick help, should this issue be closed or it is better to leave it open until the handling regarding the patch is decided (upstream or adaption)?

[ayufan]

Leave it for now.

[pandada8]

I came across the same problem today on a ubuntu system with kernel 5.4.0-88-generic. It can be solved by creating tmpfs mountpoint at /run

following docker-compose file can be an example

version: '2.1'

services:
  pbs:
    image: ayufan/proxmox-backup-server:latest
    network_mode: host
    mem_limit: 2G
    volumes:
      - /mnt/datastore/backup/pbs:/backups
      - ./etc:/etc/proxmox-backup
      - ./logs:/var/log/proxmox-backup
      - ./lib:/var/lib/proxmox-backup
    tmpfs:
      - /run
    restart: unless-stopped
    stop_signal: SIGHUP

I also have a Synology NAS and I tried the above docker-compose config. It runs just fine.

[fila612]

hm, strange... I had also created the volumes as tmpfs, what is the difference between yours and mines? See screenshots above, running "df -h" displays tmpfs.....

[ayufan]

The need for tmpfs is documented in here:

• https://github.com/ayufan/pve-backup-server-dockerfiles#changelog
• https://github.com/ayufan/pve-backup-server-dockerfiles/blob/master/docker-compose.yml#L13

[fila612]

Thanks @pandada8 for the hint of the Mountpoint "/run"

that was the issue why its not working on my "Synology-Docker-Portainer" machine....:) Point is: I had created the container completely via Portainer, but the Mountpoint "/run" cannot be created in the Portainer GUI, or maybe its possible, but I don't know how to do it.

nevertheless, if I use Portainer stack (=docker compose) the PBS is working on my Synology!!! 😄

if someone are interested to my Portainer Stack content: HINT: the paths have to be validated by your own environment. i have created following folders on my HOST-System /volume1/Sicherung/Backups/PBS2 /volume1/docker/PBS2/etc /volume1/docker/PBS2/log /volume1/docker/PBS2/lib

services: pbs: image: ayufan/proxmox-backup-server:latest network_mode: "bridge" ports:

• "8007:8007" volumes:
• backups:/backups
• pbs_etc:/etc/proxmox-backup
• pbs_log:/var/log/proxmox-backup
• pbs_lib:/var/lib/proxmox-backup tmpfs:
• /run restart: unless-stopped stop_signal: SIGHUP environment: TZ: Europe/Berlin devices:
• /dev/sda
• /dev/sdb cap_add:
• SYS_RAWIO volumes: backups: driver: local driver_opts: type: tmpfs o: bind device: /volume1/Sicherung/Backups/PBS2 pbs_etc: driver: local driver_opts: type: tmpfs o: bind device: /volume1/docker/PBS2/etc pbs_log: driver: local driver_opts: type: tmpfs o: bind device: /volume1/docker/PBS2/log pbs_lib: driver: local driver_opts: type: tmpfs o: bind device: /volume1/docker/PBS2/lib

[ayufan]

Yes, you need to pre-create paths.

[fila612]

from my side issue can be closed. solution: Portainer-stack or docker compose instead of Portainer-GUI ;)

[ayufan]

@fila612

Maybe all those details (about tmpfs and pre-create) we could add to README for next generation? :)

[SAOPP]

Hi!

I try to replace my own pbs 1x container with your. And as I see faced with kernel trouble... I run it on my openmediavault server, with current kernel 4.19.0-0.bpo.9-amd64, and in logs of container I get: Error: mkstemp "/run/proxmox-backup/proxy.tmp_XXXXXX" failed: ENOENT: No such file or directory And very shot time after my credentials is active, I mean very shot time before pbs re-ask to sig-in, not sure if it affialted with kernel and tmpfs /run, any suggestion? Thanks.

[SAOPP]

Btw, here is my stack:

volumes:
  pbs_etc:
    driver: local
  pbs_logs:
    driver: local
  pbs_lib:
    driver: local

  pbs:
    image: ayufan/proxmox-backup-server:latest
    container_name: proxmox-backup-server
    hostname: proxmox-backup-server
    cap_add:
      - SYS_RAWIO
    devices:
      - /dev/sdd
    mem_limit: 2G
    networks:
      - omv
    environment:
      - TZ=Europe/Kiev
    volumes:
      - pbs_etc:/etc/proxmox-backup
      - pbs_logs:/var/log/proxmox-backup
      - pbs_lib:/var/lib/proxmox-backup
      - /sharedfolders/proxmox-backup:/storage
    tmpfs:
      - /run
    ports:
      - 8007:8007
    restart: unless-stopped
    stop_signal: SIGHUP
    logging:
      driver: "json-file"
      options:
        max-size: "50m"

[SAOPP]

I think question 'bout re-ask credentails I can dropped. I think it was 'coz I runned two containers at one time and get /etc/shadow:ro volume in my own pbs container, not sure, but right now I don't face with it.

And one more thing, at the first start of the container, I didn't has get error with mkstemp, all seems fine:

And one more... :) I just now is saw it, the error says 'bout proxy tmp session file, I correctly understood? So maybe it's normal in this case?

[manoloxxl]

Hi,

with LibreElec as Docker host there is the same issue. I've resolved it with the help from some threads here.

I've created the volumes this way:

and used the following stack file:

version: '3.9'

volumes:
  pbs-etc:
    driver: local
  pbs-logs:
    driver: local
  pbs-lib:
    driver: local
  backups:
    driver: local
    driver_opts:
      type: ''
      o: bind
      device: /storage/sambashare/NASHDD1/Backup/Proxmox/Docker

services:
  pbs:
    image: ayufan/proxmox-backup-server
    container_name: proxmox-backup-server
    hostname: proxmox-backup-server
    network_mode: host
    mem_limit: 4G
    volumes:
      - pbs-etc:/etc/proxmox-backup
      - pbs-logs:/var/log/proxmox-backup
      - pbs-lib:/var/lib/proxmox-backup
      - backups:/backups
    tmpfs: /run
    cap_add: # smartctl support
      - SYS_RAWIO
    devices:
      - /dev/sda
      - /dev/sdb
      - /dev/sdc
    restart: unless-stopped
    stop_signal: SIGHUP
    environment:
      - TZ=Europe/Berlin

This was working for me.

[scyto]

@SAOPP can you share your full stack (you seem to be missing some parts).

I have followed this thread and I get a different variant of the error message:

2023-08-24T00:28:51+00:00: authentication failure; rhost=[::ffff:172.25.0.1]:33743 user=admin@pam msg=open tmpfile in "/run/proxmox-backup/shmem" failed - EISDIR: Is a directory

(dh -f in the container shows tmpfs is mounted)

[SAOPP]

@SAOPP can you share your full stack (you seem to be missing some parts).

My stack is not changed, above: https://github.com/ayufan/pve-backup-server-dockerfiles/issues/16#issuecomment-1107463256

[LateWiksi]

How to get it work with Synology DS233 NAS (Disk Station v7.2.1-69067)

As a tip for other. You can run docker commands via Synology NAS CLI, so just simply: Remove the exisiting Proxmox Backup Server container "proxmox-backup1" docker rm [container] docker rm proxmox-backup1

Re-create Proxmox Backup Server container "proxmox-backup1" docker create --tmpfs /run -p 8007:8007 --name proxmox-backup1 ayufan/proxmox-backup-server:latest

Start newly created container docker start proxmox-backup1

Now you should be able to access Proxmox Backup Server via GUI: https://:8007 and login with default credentials admin / pbspbs NOTE. When logging in change login realm to "Proxmox Backup authentication server", because Linux PAM is not used.