Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

os-crowdsec fails to start after upgrade to OPNsense 24.1.7 #3985

Closed
3 tasks done
marcogiorgio opened this issue May 16, 2024 · 3 comments · Fixed by #3986
Closed
3 tasks done

os-crowdsec fails to start after upgrade to OPNsense 24.1.7 #3985

marcogiorgio opened this issue May 16, 2024 · 3 comments · Fixed by #3986
Labels
upstream Third party issue

Comments

@marcogiorgio
Copy link

marcogiorgio commented May 16, 2024
edited

Important notices
Before you add a new report, we ask you kindly to acknowledge the following:

Describe the bug
As the title suggests, I noticed that the crowdsec plugin can't start after upgrading to OPNsense 24.1.7 (plugin version: 1.0.8)
I see this in System->Log Files->General

/usr/local/etc/rc.d/crowdsec: WARNING: failed to start crowdsec

To Reproduce
Steps to reproduce the behavior:

  1. Upgrade OPNsense to 24.1.7
  2. Notice that you cannot start the crowdsec plugin

Expected behavior
Crowdsec plugin running

Relevant log files
Let me know where I can find the relevant logs you need

Environment
OPNsense 24.1 (amd64)
@Monviech
Copy link
Sponsor Member

Monviech commented May 17, 2024
edited

Hello, I have upgraded too and don't have any errors.

First try if the template reload works: configctl template reload OPNsense/CrowdSec from the OPNsense CLI.

Afterwards you invoke: configctl crowdsec restart

Afterwards, check the logfile tail -n 200 /var/log/crowdsec/crowdsec.log, it will show the last 200 entries. You can then look for level=warn or level=err in the output or use grep.

tail -n 200 /var/log/crowdsec/crowdsec.log | grep -i -e "level=warn" -e "level=err"

@fichtner
Copy link
Member

this is the LAPI mode...

freebsd/freebsd-ports@0581f05#diff-8a5cd6963e2d7b8aa6ccc3a5bc2f54ab97a9b30f8eebfbf6aaab66bae688c9d8R35

problem introduced above ^^^ command is now daemon and flags are pushed to daemon command which fails

Also discussed here: https://www.reddit.com/r/opnsense/comments/1ctcit4/comment/l4fbeob/?context=3

CC @mmetc

@fichtner fichtner added the upstream Third party issue label May 17, 2024
@mmetc
Copy link
Contributor

mmetc commented May 17, 2024

thanks! when I tested I didn't think the flag would be applied twice!

There is no need to use a flag, we can disable the service in a config file.

quick fix:

  1. edit /etc/rc.conf.d/crowdsec and remove crowdsec_flags
  2. in /usr/local/etc/crowdsec/config.yaml, set
api:
 ...
 server:
   enable: false
   ...

PR available at #3986

Thanks again

@fichtner fichtner linked a pull request May 18, 2024 that will close this issue
crowdsec: 1.0.9 (fix service start when lapi is disabled) #3986
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
upstream Third party issue
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

crowdsec: 1.0.9 (fix service start when lapi is disabled) crowdsecurity/plugins
4 participants
@fichtner @marcogiorgio @Monviech @mmetc