Installer rework

[ingoratsdorf]

fixing out of memory issues
TMPFS runs out of memory, so removing size limits.
Fixing some order of execution

Summary by CodeRabbit

• Bug Fixes

  • Prevented mount conflicts by safely unmounting/remounting log and API directories.
  • Ensured required directories and log files are created to avoid runtime errors.
  • Corrected file ownership for user notifications to prevent permission issues.

• Chores

  • Improved startup script output with clearer banners and progress messages.
  • Switched tmpfs mounts to secure defaults (noexec, nosuid, nodev) without fixed sizes.
  • Expanded default log set and ensured plugin log directory exists for better diagnostics.

[coderabbitai]

Walkthrough

The Ubuntu 24 startup script’s log/api tmpfs setup was reworked: it now prints banners, unmounts existing mounts, ensures directories and multiple log files exist, mounts tmpfs without explicit sizes using noexec/nosuid/nodev, creates additional log assets, and sets specific ownership for api/user_notifications.json, with updated sequencing and echoes.

Changes

Cohort / File(s)	Summary
Ubuntu 24 installer script install/ubuntu24/start.ubuntu24.sh	Rewrote log/api mount flow: explicit unmount steps, tmpfs mounts without size options using noexec,nosuid,nodev; directory ensures for log/api; creation of multiple log files and log/plugins; creation of api/user_notifications.json; added permission fix (root:www-data) for user_notifications.json; re-ordered and expanded progress output.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant U as Operator
  participant S as start.ubuntu24.sh
  participant OS as OS Mount Utils
  participant FS as Filesystem

  U->>S: Run script
  S->>S: Print banners / progress
  S->>OS: Unmount ${INSTALL_DIR}/log
  OS-->>S: Unmounted or not mounted
  S->>OS: Unmount ${INSTALL_DIR}/api
  OS-->>S: Unmounted or not mounted
  S->>FS: Ensure dirs: log/, log/plugins/, api/
  FS-->>S: Dirs present
  S->>OS: Mount tmpfs on log (noexec,nosuid,nodev)
  OS-->>S: Mounted
  S->>OS: Mount tmpfs on api (noexec,nosuid,nodev)
  OS-->>S: Mounted
  S->>FS: Create log files (app.log, stderr.log, …)
  FS-->>S: Files created
  S->>FS: Create api/user_notifications.json
  FS-->>S: File created
  S->>FS: chown root:www-data user_notifications.json
  FS-->>S: Ownership set
  S-->>U: Done (echo status)

  note over S,OS: Changed flow: explicit unmounts, size-less tmpfs, added file setup and chown

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

I hopped through logs where buffers bloom,
Unmounted clouds to make more room.
With tmpfs skies and nosuid moons,
I nest new files in tidy dunes.
A chown here—permissions sing—
Ubuntu 24, we spring! 🐇✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "Installer rework" is brief and directly related to the primary changes in install/ubuntu24/start.ubuntu24.sh (tmpfs mount sizing removal, mount/unmount ordering, log file and permission adjustments), so it reflects the installer-focused scope of the changes; it is somewhat broad but not misleading.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

install/ubuntu24/start.ubuntu24.sh (2)

146-149: Guard umounts to avoid noisy failures and handle busy mounts.

If the mount points aren’t mounted (fresh install) or are busy, plain umount will error and spam logs. Prefer checking with mountpoint and falling back to a lazy unmount.

-umount "${INSTALL_DIR}/log"
-umount "${INSTALL_DIR}/api"
+for m in "${INSTALL_DIR}/log" "${INSTALL_DIR}/api"; do
+  if mountpoint -q "$m"; then
+    umount "$m" || { echo "[INSTALL] Warning: failed to unmount $m (may be busy)"; umount -l "$m" || true; }
+  fi
+done

---

158-169: Ensure writable permissions for www-data without overexposing.

You chown api/user_notifications.json to root:www-data but don’t grant group write. If the web app writes to it, set mode 660. Also set group and setgid on log dirs so new files inherit www-data group, avoiding later broad a+rwx.

-touch "${INSTALL_DIR}"/log/{app.log,execution_queue.log,app_front.log,app.php_errors.log,stderr.log,stdout.log,db_is_locked.log}
-touch "${INSTALL_DIR}"/api/user_notifications.json
+touch "${INSTALL_DIR}"/log/{app.log,execution_queue.log,app_front.log,app.php_errors.log,stderr.log,stdout.log,db_is_locked.log}
+chgrp www-data "${INSTALL_DIR}"/log/{app.log,execution_queue.log,app_front.log,app.php_errors.log,stderr.log,stdout.log,db_is_locked.log}
+chmod 664 "${INSTALL_DIR}"/log/{app.log,execution_queue.log,app_front.log,app.php_errors.log,stderr.log,stdout.log,db_is_locked.log}
+install -o root -g www-data -m 660 /dev/null "${INSTALL_DIR}/api/user_notifications.json"
 # Create plugins sub-directory if it doesn't exist in case a custom log folder is used
 mkdir -p "${INSTALL_DIR}"/log/plugins
+
+# Keep www-data group for new files in log dirs
+chgrp -R www-data "${INSTALL_DIR}/log"
+chmod 2775 "${INSTALL_DIR}/log" "${INSTALL_DIR}/log/plugins"

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9482e7a and 3a4235a.

📒 Files selected for processing (1)

• install/ubuntu24/start.ubuntu24.sh (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: docker_dev

🔇 Additional comments (1)

install/ubuntu24/start.ubuntu24.sh (1)

141-145: Banners/readability: LGTM.

The added banners make the installer flow clearer.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Make tmpfs sizing configurable and fail fast on mount errors.

Dropping hard limits aligns with the PR goal, but allow opt-in sizing via env to prevent host-wide OOM in constrained setups, and stop on mount failure instead of continuing.

-echo "[INSTALL] Mounting log and api folders as tmpfs"
-mount -t tmpfs -o noexec,nosuid,nodev tmpfs "${INSTALL_DIR}/log"
-mount -t tmpfs -o noexec,nosuid,nodev tmpfs "${INSTALL_DIR}/api"
+echo "[INSTALL] Mounting log and api folders as tmpfs"
+# Optional sizing via env: TMPFS_LOG_SIZE/TMPFS_API_SIZE (e.g., "128m" or "20%")
+LOG_TMPFS_OPTS=${LOG_TMPFS_OPTS:-"noexec,nosuid,nodev${TMPFS_LOG_SIZE:+,size=${TMPFS_LOG_SIZE}}"}
+API_TMPFS_OPTS=${API_TMPFS_OPTS:-"noexec,nosuid,nodev${TMPFS_API_SIZE:+,size=${TMPFS_API_SIZE}}"}
+mount -t tmpfs -o "$LOG_TMPFS_OPTS" tmpfs "${INSTALL_DIR}/log" \
+  || { echo "[INSTALL] ERROR: failed to mount ${INSTALL_DIR}/log tmpfs"; exit 1; }
+mount -t tmpfs -o "$API_TMPFS_OPTS" tmpfs "${INSTALL_DIR}/api" \
+  || { echo "[INSTALL] ERROR: failed to mount ${INSTALL_DIR}/api tmpfs"; exit 1; }

Run after install to confirm mounts:

---

🏁 Script executed:

#!/bin/bash
mount | awk '$3 ~ /(\/app\/log|\/app\/api)/'

Length of output: 43

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail
FILE="install/ubuntu24/start.ubuntu24.sh"
echo "PWD: $(pwd)"
if [ -f "$FILE" ]; then
  echo "FOUND: $FILE"
  echo "---- lines 140-170 ----"
  nl -ba "$FILE" | sed -n '140,170p'
  echo "---- grep for tmpfs mounts in file ----"
  rg -n "mount -t tmpfs" "$FILE" || true
else
  echo "$FILE not found, searching repository for start.*.sh under install/"
  rg -n --hidden "start.*\\.sh" install || true
  echo "---- searching repo for tmpfs mounts ----"
  rg -n "mount -t tmpfs" || true
fi

Length of output: 130

---

🏁 Script executed:

#!/bin/bash
FILE="install/ubuntu24/start.ubuntu24.sh"
echo "PWD: $(pwd)"
echo "ls install/ubuntu24:"
ls -la install/ubuntu24 2>/dev/null || true

if [ -f "$FILE" ]; then
  echo "FOUND: $FILE"
  echo "---- lines 140-170 ----"
  if command -v sed >/dev/null 2>&1; then
    sed -n '140,170p' "$FILE" 2>/dev/null || true
  elif command -v awk >/dev/null 2>&1; then
    awk 'NR>=140 && NR<=170{print NR ":" $0}' "$FILE" || true
  else
    tail -n +140 "$FILE" | head -n 31 || true
  fi

  echo "---- grep for 'mount -t tmpfs' in file ----"
  grep -n -- 'mount -t tmpfs' "$FILE" 2>/dev/null || echo "no match in file"

  echo "---- grep for 'tmpfs' in file ----"
  grep -n -- 'tmpfs' "$FILE" 2>/dev/null || echo "no tmpfs occurrences in file"

else
  echo "$FILE not found; searching install/ for start*.sh"
  if command -v rg >/dev/null 2>&1; then
    rg -n --hidden "start.*\.sh" install || true
  else
    find install -type f -name "start*.sh" -print || true
  fi

  echo "---- searching repo for 'mount -t tmpfs' ----"
  if command -v rg >/dev/null 2>&1; then
    rg -n 'mount -t tmpfs' || true
  else
    grep -nR -- 'mount -t tmpfs' . || true
  fi
fi

echo "---- check mount availability (sandbox) ----"
if command -v mount >/dev/null 2>&1; then
  echo "mount found at: $(command -v mount)"
  mount | awk '$3 ~ /(\/app\/log|\/app\/api)/' || true
else
  echo "mount: not found in this sandbox; cannot verify live mounts"
fi

Length of output: 2115

---

Make tmpfs sizing configurable and fail fast on mount errors.

File: install/ubuntu24/start.ubuntu24.sh (around lines 153–155) — add env-configurable sizes and exit if mounts fail.

-echo "[INSTALL] Mounting log and api folders as tmpfs"
-mount -t tmpfs -o noexec,nosuid,nodev tmpfs "${INSTALL_DIR}/log"
-mount -t tmpfs -o noexec,nosuid,nodev tmpfs "${INSTALL_DIR}/api"
+echo "[INSTALL] Mounting log and api folders as tmpfs"
+# Optional sizing via env: TMPFS_LOG_SIZE/TMPFS_API_SIZE (e.g., "128m" or "20%")
+LOG_TMPFS_OPTS=${LOG_TMPFS_OPTS:-"noexec,nosuid,nodev${TMPFS_LOG_SIZE:+,size=${TMPFS_LOG_SIZE}}"}
+API_TMPFS_OPTS=${API_TMPFS_OPTS:-"noexec,nosuid,nodev${TMPFS_API_SIZE:+,size=${TMPFS_API_SIZE}}"}
+mount -t tmpfs -o "$LOG_TMPFS_OPTS" tmpfs "${INSTALL_DIR}/log" \
+  || { echo "[INSTALL] ERROR: failed to mount ${INSTALL_DIR}/log tmpfs"; exit 1; }
+mount -t tmpfs -o "$API_TMPFS_OPTS" tmpfs "${INSTALL_DIR}/api" \
+  || { echo "[INSTALL] ERROR: failed to mount ${INSTALL_DIR}/api tmpfs"; exit 1; }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	echo "[INSTALL] Mounting log and api folders as tmpfs"
	mount -t tmpfs -o noexec,nosuid,nodev tmpfs "${INSTALL_DIR}/log"
	mount -t tmpfs -o noexec,nosuid,nodev tmpfs "${INSTALL_DIR}/api"
	echo "[INSTALL] Mounting log and api folders as tmpfs"
	# Optional sizing via env: TMPFS_LOG_SIZE/TMPFS_API_SIZE (e.g., "128m" or "20%")
	LOG_TMPFS_OPTS=${LOG_TMPFS_OPTS:-"noexec,nosuid,nodev${TMPFS_LOG_SIZE:+,size=${TMPFS_LOG_SIZE}}"}
	API_TMPFS_OPTS=${API_TMPFS_OPTS:-"noexec,nosuid,nodev${TMPFS_API_SIZE:+,size=${TMPFS_API_SIZE}}"}
	mount -t tmpfs -o "$LOG_TMPFS_OPTS" tmpfs "${INSTALL_DIR}/log" \
	|| { echo "[INSTALL] ERROR: failed to mount ${INSTALL_DIR}/log tmpfs"; exit 1; }
	mount -t tmpfs -o "$API_TMPFS_OPTS" tmpfs "${INSTALL_DIR}/api" \
	|| { echo "[INSTALL] ERROR: failed to mount ${INSTALL_DIR}/api tmpfs"; exit 1; }