Kazino43 Posted April 22, 2023 Share Posted April 22, 2023 (edited) Hi, I have constant, but small I/O on one drive of the array. Unfortunately 'iotop' isn't available in 6.12 because of the missing nerd pack, therefore just made a screenshot with 'top'. As you can see, it seems like gzip and tar are using the CPU heavily. Can I somehow see which apllication/folder they are accessing? I could think of the Appdata-Backup, because I had compression on, but the IO/CPU load is now constant for longer time. Any help is really appreciated! Edit: In combination with this thread: I now got really worried: I get those 'nginx open socket alerts' in combination with avahi-daemon entries: Really don't know how to start with this one, it seems kind of weird and scary, when you don't really understand what the log is mentioning. Edit2: It gets even scarier, I wanted to stop the array, but it is refusing to, see the log: What to do in the first step now? Edit3: //deleted Edit 4: As it seems, some docker what just really miss configured and therfore these entries pop'ed up. The only thing I am unsure is to why gzip and tar was being used. The only explanmation would be because of Appdata-Backup plugin running with the compress-option=true, will monitor with disabled compress-function Edited April 22, 2023 by Kazino43 Quote Link to comment
Kazino43 Posted April 22, 2023 Author Share Posted April 22, 2023 (edited) This is the log from the start of Unraid, after ca. 5 minutes some avahi logs appear about open port and then the Unraid server runs crazy, exactly after this two entries: Apr 22 11:32:05 Tower nginx: 2023/04/22 11:32:05 [alert] 19732#19732: *2619 open socket #11 left in connection 7 Apr 22 11:32:05 Tower nginx: 2023/04/22 11:32:05 [alert] 19732#19732: *2621 open socket #17 left in connection 8 Apr 22 11:32:05 Tower nginx: 2023/04/22 11:32:05 [alert] 19732#19732: aborting There is no DNS-service and nginx docker running on this server, so I don't get it. Edited April 22, 2023 by Kazino43 Quote Link to comment
giveitago Posted April 22, 2023 Share Posted April 22, 2023 The first log lines where docker is creating and bringing down network interfaces in quick succession looks like a badly configured docker instance to me with auto-start. In those logs I would interpret avahi-daemon is normally responding to the creation of removal of network interfaces. If you want to diagnose I would disable autostart on all your docker containers, reboot the box, then go through one at a time and start a container and monitor logs for 3 - 4 mins. Then you can see which is the dodgy docker container Quote Link to comment
marco_yang Posted April 22, 2023 Share Posted April 22, 2023 There's a plug-in called file activity which monitors the file moving. I am not sure if it can help but worth a try. Quote Link to comment
Kazino43 Posted April 22, 2023 Author Share Posted April 22, 2023 Docker service and VM Manager are disabled, but I still get this one in frequent manner (every 2-8 minutes): Apr 22 18:01:26 Tower nginx: 2023/04/22 18:01:26 [alert] 29181#29181: *137972 open socket #4 left in connection 9 Apr 22 18:01:26 Tower nginx: 2023/04/22 18:01:26 [alert] 29181#29181: *137976 open socket #13 left in connection 10 Apr 22 18:01:26 Tower nginx: 2023/04/22 18:01:26 [alert] 29181#29181: *137978 open socket #14 left in connection 11 Apr 22 18:01:26 Tower nginx: 2023/04/22 18:01:26 [alert] 29181#29181: *137980 open socket #25 left in connection 12 Apr 22 18:01:26 Tower nginx: 2023/04/22 18:01:26 [alert] 29181#29181: *137982 open socket #26 left in connection 13 Apr 22 18:01:26 Tower nginx: 2023/04/22 18:01:26 [alert] 29181#29181: *137984 open socket #29 left in connection 14 Apr 22 18:01:26 Tower nginx: 2023/04/22 18:01:26 [alert] 29181#29181: aborting Nginx was never downloaded by myself actively, nor did I run a nginx reverse proxy manager. It is poping up although docker services are disabled as mentioned. Quote Link to comment
BRiT Posted April 22, 2023 Share Posted April 22, 2023 AFAIK, Nginx is what the base web ui uses. Quote Link to comment
Kazino43 Posted April 22, 2023 Author Share Posted April 22, 2023 That would make sense, since I was watching the log and was connected. When I left, no additional nginx logs were made. Never noticed that one. Next problem that appeared: I cannot stop the array. I am already in safe mode. I don't know why this all started from today. I tried: and: Why is it now not even unmounting the array? I am not accessing anything. Could please just someone help me. Don't tell my I lost all my Unraid system and don't know if it was "hacked" + eventuall data loss. What is going on today?? :((( Quote Link to comment
remotevisitor Posted April 22, 2023 Share Posted April 22, 2023 Is the current directory for your shell in a user share? If so this would prevent the user shares from being stopped. Quote Link to comment
Kazino43 Posted April 23, 2023 Author Share Posted April 23, 2023 (edited) It was „mover“. It didn‘t finish gracefully, thats why it has been stuck. Can someone for the sake of peace post me your result running this first: ls /etc/passw* Possibly you should also have a backup.conf which is called „passwd-„ Are there any differences running: diff /etc/passwd{,-} In mine, all ‚x‘ are substituted with a ‚!‘ instead. Is this normal? Besides this change of one character, everything is the same. Edited April 23, 2023 by Kazino43 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.