Is there anyone who can help to fix this, please ?
UPDATE: now fixed and working !
UPDATE: Topic title changed from
Crowdsec: initial packages v1.2.0 for OpenWrt
UPDATE:
This work is still an active development phase on OpenWrt...
As the wiki specific information on OpenWrt Wiki dedicated page.
CrowdSec is an attractive and innovative solution, so I understand you want to give a try, but you must look to the Official CrowdSec documentation if you need more than what is available to the OpenWrt packages where I try to made some end users and user friendly, but completely unsupported and personal but in progress additions !
So, Enjoy, use it at your own risks, or made it better by yourself.
How can I enable (force) a CONFIG value from a Package Makefile ?
Is it only possible to ?
I need the toolchain (binutils) to being built with EXTRA as :
And feel free to report here about OpenWrt packages, or ask directly at CrowdSec community https://discourse.crowdsec.net/ for specific usage and recommendation !
installing owns console is this expected behavior?
console-hangs
dca632 /usbstick 54°# opkg install crowdsec
Installing crowdsec (1.2.0-1) to root...
Downloading http://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a72/packages/crowdsec_1.2.0-1_aarch64_cortex-a72.ipk
Configuring crowdsec.
WARN[14-10-2021 07:16:13 PM] can't load CAPI credentials from '/etc/crowdsec/online_api_credentials.yaml' (missing field)
INFO[14-10-2021 07:16:13 PM] push and pull to Central API disabled
INFO[14-10-2021 07:16:13 PM] Machine 'MACHINE' successfully added to the local API
INFO[14-10-2021 07:16:13 PM] API credentials dumped to '/etc/crowdsec/local_api_credentials.yaml'
WARN[14-10-2021 07:16:14 PM] can't load CAPI credentials from '/etc/crowdsec/online_api_credentials.yaml' (missing field)
INFO[14-10-2021 07:16:14 PM] push and pull to Central API disabled
INFO[14-10-2021 07:16:16 PM] Successfully registered to Central API (CAPI)
INFO[14-10-2021 07:16:16 PM] Central API credentials dumped to '/etc/crowdsec/online_api_credentials.yaml'
WARN[14-10-2021 07:16:16 PM] Run 'sudo systemctl reload crowdsec' for the new configuration to be effective.
INFO[14-10-2021 07:16:17 PM] Wrote new 147807 bytes index to /etc/crowdsec/hub/.index.json
INFO[14-10-2021 07:16:18 PM] crowdsecurity/syslog-logs : OK
INFO[14-10-2021 07:16:18 PM] /etc/crowdsec/parsers/s00-raw doesn't exist, create
INFO[14-10-2021 07:16:18 PM] Enabled parsers : crowdsecurity/syslog-logs
INFO[14-10-2021 07:16:18 PM] crowdsecurity/geoip-enrich : OK
INFO[14-10-2021 07:16:18 PM] downloading data 'https://crowdsec-statics-assets.s3-eu-west-1.amazonaws.com/GeoLite2-City.mmdb' in '/srv/crowdsec/data/GeoLite2-City.mmdb'
^CInterrupted. Writing out status database.
seems to be from your uci-defaults/99_crowdsec last line;
edit: console finally exited after 2mins... how big is the download... (is interactive/uci-defaults the best way to handle this... firstboot internet connectivity might cause some issues here)
60M... slow servers maybe...
dca632 /usbstick 55°# du -chs /srv/crowdsec/data/*
5.7M /srv/crowdsec/data/GeoLite2-ASN.mmdb
53.2M /srv/crowdsec/data/GeoLite2-City.mmdb
136.0K /srv/crowdsec/data/crowdsec.db
59.0M total
Yes,
It had some pre-install command integrated.
I must write a full OpenWrt documentation, but you may look at the default crowdsec documentations since I wrote OpenWrt specific…
The /srv/crowdsec must exist in a persistent storage.
I look at this ASAP…
Some initial commands may have been moved while PR reviews !
It need to be ready after installation, but I think there is no problem, since the Crowdsec package is not integrate in a firmware image for now.
it may not be a default package... but it's not unreasonable to assume that people will attempt to include it by default when they create their own images...
the question(s) is(are);
how does the daemon behave when/if these commands fail on firstboot?
does the daemon / init script inform the user?
does the daemon / init script re-attempt?
[ 41.389597] welcomeback localversion="3.5.75-7" > localversion="3.5.95-5"
[ 42.033515] 99_crowdsec-ucidefault start
[ 42.366744] EXT4-fs (sda1): mounted filesystem with ordered data mode. Opts:
[ 42.936193] 99_crowdsec-ucidefault finished
[ 45.786811] bcmgenet fd580000.ethernet: configuring instance for external RGMII (RX delay)
[ 45.795668] bcmgenet fd580000.ethernet eth0: Link is Up - 1Gbps/Full - flow control off
[ 45.796957] br-lan: port 1(eth0) entered blocking state
[ 45.809008] br-lan: port 1(eth0) entered disabled state
[ 45.814410] device eth0 entered promiscuous mode
[ 45.820181] br-lan: port 1(eth0) entered blocking state
[ 45.825423] br-lan: port 1(eth0) entered forwarding state
[ 46.791390] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan: link becomes ready
[ 47.115424] netlink: 'iw': attribute type 302 has an invalid length.
...(eth1 is WAN)
[ 49.544213] IPv6: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready
[ 49.550994] r8152 2-2:1.0 eth1: carrier on
[root@dca632 /usbstick/_CROWDSEC 52°]# ps w | grep crowd | grep -v grep
[root@dca632 /usbstick/_CROWDSEC 53°]# logread | grep crowd
[root@dca632 /usbstick/_CROWDSEC 53°]# cat /var/log/crowdsec.log
time="15-10-2021 16:50:19" level=info msg="Crowdsec v1.2.0-openwrt-openwrt"
time="15-10-2021 16:50:19" level=info msg="Loading prometheus collectors"
time="15-10-2021 16:50:19" level=fatal msg="crowdsec init: Failed to load hub index : unable to read index file: open /etc/crowdsec/hub/.index.json: no such file or directory"
Yes, it is why I have said I will look at your first report...
I may propose a crowdsec-data package to integrate the first install data download.
Or move this download further...
Or simply remove the first initial installation I have integrate in the package to simplify the usage for the user, and let him do all by itself reading the documentations...
I do not understand how you have installed the package ?
If you let it fully install and then reboot, is it okay ?
Because you have interrupt the install, the commands did not complete...
What the firstboot do here ?
The script is also apply at installation, and then uneeded at firstboot.
It will only be used at firstboot if you integrate the package in a custom firmware, what is it not supported for now, as I have already said.