CrowdSec does not start

transocean · April 7, 2024, 11:02am

NethServer Version: NS 8
Module: CrowdSec

Hello friends of the NS 8,

I configured my NS 8 at the weekend so that I can now actually start replacing the NS 7. But I can only do this in deep sorrow. I have just installed CrowdSec, booted the machine once and then set up CrowdSec. When saving the settings, an alarm comes up. The message in detail looks like this:

Screenshot 2024-04-07 125832

<7>cscli parsers install crowdsecurity/whitelists
Error: no container with name or ID “crowdsec1” found: no such container
Traceback (most recent call last):
File “/var/lib/nethserver/crowdsec1/actions/configure-module/30Enable_ban_onlocal_network”, line 12, in
agent.run_helper(“cscli”, “parsers”, action, “crowdsecurity/whitelists”).check_returncode()
File “/usr/lib64/python3.11/subprocess.py”, line 502, in check_returncode
raise CalledProcessError(self.returncode, self.args, self.stdout,
subprocess.CalledProcessError: Command ‘(‘cscli’, ‘parsers’, ‘install’, ‘crowdsecurity/whitelists’)’ returned non-zero exit status 125.

Thanks as always for your help…

Uwe

LayLow · April 7, 2024, 11:13am

Can you show the volume(s):

Anything interesting in the logfiles when selecting app cowdsec1 and Node1?

transocean · April 7, 2024, 11:29am

Here is a part of the logfile.

2024-04-07T12:49:02+02:00 [1:crowdsec1:agent@crowdsec1] task/module/crowdsec1/3065be74-0217-445e-946f-89960b7e5bd0: configure-module/20configure is starting
2024-04-07T12:49:02+02:00 [1:crowdsec1:agent@crowdsec1] task/module/crowdsec1/3065be74-0217-445e-946f-89960b7e5bd0: configure-module/30Enable_ban_onlocal_network is starting
2024-04-07T12:49:02+02:00 [1:crowdsec1:agent@crowdsec1] cscli parsers install crowdsecurity/whitelists
2024-04-07T12:49:02+02:00 [1:crowdsec1:agent@crowdsec1] Error: no container with name or ID “crowdsec1” found: no such container
2024-04-07T12:49:02+02:00 [1:crowdsec1:agent@crowdsec1] Traceback (most recent call last):
2024-04-07T12:49:02+02:00 [1:crowdsec1:agent@crowdsec1] File “/var/lib/nethserver/crowdsec1/actions/configure-module/30Enable_ban_onlocal_network”, line 12, in
2024-04-07T12:49:02+02:00 [1:crowdsec1:agent@crowdsec1] agent.run_helper(“cscli”, “parsers”, action, “crowdsecurity/whitelists”).check_returncode()
2024-04-07T12:49:02+02:00 [1:crowdsec1:agent@crowdsec1] File “/usr/lib64/python3.11/subprocess.py”, line 502, in check_returncode
2024-04-07T12:49:02+02:00 [1:crowdsec1:agent@crowdsec1] raise CalledProcessError(self.returncode, self.args, self.stdout,
2024-04-07T12:49:02+02:00 [1:crowdsec1:agent@crowdsec1] subprocess.CalledProcessError: Command ‘(‘cscli’, ‘parsers’, ‘install’, ‘crowdsecurity/whitelists’)’ returned non-zero exit status 125.
2024-04-07T12:49:02+02:00 [1:crowdsec1:agent@crowdsec1] task/module/crowdsec1/3065be74-0217-445e-946f-89960b7e5bd0: action “configure-module” status is “aborted” (1) at step 30Enable_ban_onlocal_network
2024-04-07T12:53:21+02:00 [1:crowdsec1:crowdsec1-upgrade-hub] Error: no container with name or ID “crowdsec1” found: no such container
2024-04-07T12:59:48+02:00 [1:crowdsec1:agent@crowdsec1] task/module/crowdsec1/f1789566-3ffd-4661-8627-3e1ee19c0a37: get-status/20read is starting
2024-04-07T12:59:48+02:00 [1:crowdsec1:agent@crowdsec1] task/module/crowdsec1/f1789566-3ffd-4661-8627-3e1ee19c0a37: action “get-status” status is “completed” (0) at step validate-output.json
2024-04-07T13:07:46+02:00 [1:crowdsec1:agent@crowdsec1] task/module/crowdsec1/f28c46e5-a93d-48f3-a011-2eeb990a0489: get-configuration/20read is starting
2024-04-07T13:07:47+02:00 [1:crowdsec1:agent@crowdsec1] task/module/crowdsec1/f28c46e5-a93d-48f3-a011-2eeb990a0489: action “get-configuration” status is “completed” (0) at step validate-output.json
2024-04-07T13:08:00+02:00 [1:crowdsec1:agent@crowdsec1] task/module/crowdsec1/c67f6d20-fa78-491f-8540-b28a45cbcc65: configure-module/20configure is starting
2024-04-07T13:08:00+02:00 [1:crowdsec1:agent@crowdsec1] task/module/crowdsec1/c67f6d20-fa78-491f-8540-b28a45cbcc65: configure-module/30Enable_ban_onlocal_network is starting
2024-04-07T13:08:00+02:00 [1:crowdsec1:agent@crowdsec1] cscli parsers install crowdsecurity/whitelists
2024-04-07T13:08:00+02:00 [1:crowdsec1:agent@crowdsec1] Error: no container with name or ID “crowdsec1” found: no such container
2024-04-07T13:08:00+02:00 [1:crowdsec1:agent@crowdsec1] File “/var/lib/nethserver/crowdsec1/actions/configure-module/30Enable_ban_onlocal_network”, line 12, in
2024-04-07T13:08:00+02:00 [1:crowdsec1:agent@crowdsec1] Traceback (most recent call last):
2024-04-07T13:08:00+02:00 [1:crowdsec1:agent@crowdsec1] agent.run_helper(“cscli”, “parsers”, action, “crowdsecurity/whitelists”).check_returncode()
2024-04-07T13:08:00+02:00 [1:crowdsec1:agent@crowdsec1] File “/usr/lib64/python3.11/subprocess.py”, line 502, in check_returncode
2024-04-07T13:08:00+02:00 [1:crowdsec1:agent@crowdsec1] raise CalledProcessError(self.returncode, self.args, self.stdout,
2024-04-07T13:08:00+02:00 [1:crowdsec1:agent@crowdsec1] subprocess.CalledProcessError: Command ‘(‘cscli’, ‘parsers’, ‘install’, ‘crowdsecurity/whitelists’)’ returned non-zero exit status 125.
2024-04-07T13:08:00+02:00 [1:crowdsec1:agent@crowdsec1] task/module/crowdsec1/c67f6d20-fa78-491f-8540-b28a45cbcc65: action “configure-module” status is “aborted” (1) at step

LayLow · April 7, 2024, 11:55am

(sorry correction of path)
Is the crowdsec1 directory and contents available at /var/lib/nethserver/crowdsec1 (when you ssh in)?

transocean · April 7, 2024, 12:18pm

I think so.

Screenshot 2024-04-07 141726

LayLow · April 7, 2024, 12:42pm

[quote=“transocean, post:5, topic:23291”]
think
I am guessing too by trying eliminating.

I’ve got this, 1 extra file, but not sure if it relevant.

drwxr-xr-x 8 root root 4096 Apr 3 11:34 **actions**
drwxr-xr-x 2 root root 4096 Apr 3 11:34 **bin**
-rw-r--r-- 1 root root 1378 Apr 3 11:34 crowdsec-firewall-bouncer.service
-rw-r--r-- 1 root root 1554 Apr 3 11:34 crowdsec.service
drwxr-xr-x 2 root root 4096 Apr 3 11:34 **etc**
drwxr-xr-x 5 root root 4096 Apr 3 11:34 **events**
drwx------ 4 root root 4096 Apr 7 14:08 **state**
drwxr-xr-x 2 root root 4096 Apr 3 11:34 **templates**
drwxr-xr-x 2 root root 4096 Apr 3 11:34 **update-module.d**

transocean · April 7, 2024, 1:10pm

But then the file should have disappeared after the reboot. CrowSec was previously set to enabled and active.

LayLow · April 7, 2024, 2:03pm

Sorry, further analysis is out of my league. Let’s wait for other. You could re-install, but you loose forensics.

transocean · April 7, 2024, 3:27pm

So will i do.

Thank you

Uwe

dnutan · April 7, 2024, 6:07pm

Any result from these?

runagent -m crowdsec1 podman ps
runagent -m crowdsec1 systemctl status --user crowdsec

transocean · April 7, 2024, 6:26pm

Hi @dnutan,

hier is the output of the commands:

Screenshot 2024-04-07 202029
Screenshot 2024-04-07 202146

LayLow · April 7, 2024, 6:33pm

JFYI

I happen to have a similar issue with Dokuwiki this afternoon. ‘Unit dokuwiki.service could not be found’.

I re-installed… BUT it made me wonder about the numbering schema.

transocean · April 7, 2024, 6:44pm

Let me guess… Now the instance is not 1, but 2?

LayLow · April 7, 2024, 6:46pm

If you are asking me, yes.

Reading about restoring instances in other threads, it seems that every instance operation (new/delete/move/restore) will increase the counter.

transocean · April 7, 2024, 6:48pm

I’ve noticed that too. Unattractive, but not disruptive to the actual function. It’s probably more of a cosmetic issue.

LayLow · April 7, 2024, 6:50pm

Not sure regarding restoring backups and instance labelling etc. But that’s for another thread

mrmarkuz · April 7, 2024, 6:56pm

Crowdsec is rootful so in this case we don’t need the --user part:

runagent -m crowdsec1 systemctl status crowdsec1

dnutan · April 7, 2024, 6:57pm

My bad, the service command was incorrect.

runagent -m crowdsec1 systemctl status crowdsec1

but either way the podman container crowdsec1 is missing

EDIT: the container doesn’t show until the service is started.

transocean · April 7, 2024, 6:58pm

runagent -m crowdsec1 systemctl status crowdsec1
× crowdsec1.service - crowdsec server
Loaded: loaded (/etc/systemd/system/crowdsec1.service; enabled; preset: disabled)
Active: failed (Result: exit-code) since Sun 2024-04-07 15:22:27 CEST; 5h 34min ago
Process: 1061 ExecStartPre=/bin/rm -f /run/crowdsec1.pid /run/crowdsec1.cid (code=exited, status=0>
Process: 1062 ExecStartPre=/bin/mkdir -vp crowdsec_config/postoverflows/s01-whitelist (code=exited>
Process: 1063 ExecStartPre=/bin/mkdir -vp crowdsec_config/parsers/s02-enrich (code=exited, status=>
Process: 1064 ExecStartPre=/usr/local/bin/runagent -m crowdsec1 expand-configuration (code=exited,>
Process: 1076 ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile /run/crowdsec1.cid (code=exite>
CPU: 400ms

Apr 07 15:22:27 tdho-comserv systemd[1]: crowdsec1.service: Scheduled restart job, restart counter is >
Apr 07 15:22:27 tdho-comserv systemd[1]: Stopped crowdsec server.
Apr 07 15:22:27 tdho-comserv systemd[1]: crowdsec1.service: Start request repeated too quickly.
Apr 07 15:22:27 tdho-comserv systemd[1]: crowdsec1.service: Failed with result ‘exit-code’.
Apr 07 15:22:27 tdho-comserv systemd[1]: Failed to start crowdsec server.

mrmarkuz · April 7, 2024, 7:03pm

You could restart crowdsec and follow the logs in the web UI to hopefully get more info about why the container doesn’t start.

runagent -m crowdsec1 systemctl restart crowdsec1