C
CrowdSec3mo ago
TornaxO7

`runtime stderr: creating `/etc/crowdsec/acquis.d`: openat2 `etc/crowdsec/acquis.d`: No such file or

Hi! I'm trying to setup through docker but I'm getting the following error message: 
Error: crun: creating `/etc/crowdsec/acquis.d`: openat2 `etc/crowdsec/acquis.d`: No such file or directory: OCI runtime attempted to invoke a command that was not found
Error: crun: creating `/etc/crowdsec/acquis.d`: openat2 `etc/crowdsec/acquis.d`: No such file or directory: OCI runtime attempted to invoke a command that was not found
I'm using NixOS so the config is written in nix but I hope it's fine: 
{ ... }:
let
  utils = import ../../../utils.nix;

  names = utils.createContainerNames "crowdsec" [ "server" "firewall-bouncer" ];

  binds = rec {
    data = "/var/lib/crowdsec/data";
    conf = "/etc/crowdsec";
    acquis = "${conf}/acquis.d";
  };

  ports = {
    server = 49180;
  };
in
{
  systemd = {
    tmpfiles.rules = [
      "d ${binds.data} 0750 - - -"
      "d ${binds.conf} 0750 - - -"
      "L+ ${binds.acquis} - - - - ${./acquis.d}"
    ];
  };

  virtualisation.oci-containers.containers = {
    "${names.containers.server}" = {
      image = "crowdsecurity/crowdsec:latest-debian";

      volumes = [
        "${binds.acquis}:/etc/crowdsec/acquis.d"
        "${binds.data}:/var/lib/crowdsec/data/"
        "${binds.conf}:/etc/crowdsec"

        # required for journalctl
        "/var/log/journal:/run/log/journal"
      ];

      environment = {
        COLLECTIONS = "crowdsecurity/linux\
          crowdsecurity/traefik\
          LePresidente/grafana
        ";
      };

      ports = [
        "127.0.0.1:${toString ports.server}:8080"
      ];
    };
{ ... }:
let
  utils = import ../../../utils.nix;

  names = utils.createContainerNames "crowdsec" [ "server" "firewall-bouncer" ];

  binds = rec {
    data = "/var/lib/crowdsec/data";
    conf = "/etc/crowdsec";
    acquis = "${conf}/acquis.d";
  };

  ports = {
    server = 49180;
  };
in
{
  systemd = {
    tmpfiles.rules = [
      "d ${binds.data} 0750 - - -"
      "d ${binds.conf} 0750 - - -"
      "L+ ${binds.acquis} - - - - ${./acquis.d}"
    ];
  };

  virtualisation.oci-containers.containers = {
    "${names.containers.server}" = {
      image = "crowdsecurity/crowdsec:latest-debian";

      volumes = [
        "${binds.acquis}:/etc/crowdsec/acquis.d"
        "${binds.data}:/var/lib/crowdsec/data/"
        "${binds.conf}:/etc/crowdsec"

        # required for journalctl
        "/var/log/journal:/run/log/journal"
      ];

      environment = {
        COLLECTIONS = "crowdsecurity/linux\
          crowdsecurity/traefik\
          LePresidente/grafana
        ";
      };

      ports = [
        "127.0.0.1:${toString ports.server}:8080"
      ];
    };
4 Replies
CrowdSec
CrowdSec3mo ago
Important Information
This post has been marked as resolved. If this is a mistake please press the red button below or type /unresolve
© Created By WhyAydan for CrowdSec ❤️
iiamloz
iiamloz3mo ago
I dont use nixos so I dont know how much I can help, but inside the container in the init script that is when the acquis.d folder is copied across so I dont know if crun is complaining about the host side or the container side as typically most container system creates a blank directory if the directory does not exist on the host side.
TornaxO7
TornaxO7OP3mo ago
hm... in my case I've already created the directory because I've already added some things acquisitions But I'm confused why the docker container tries to access etc/crowdsec/acquis.d instead of /etc/crowdsec/acquis.d ok, if I'm seeing that right, a acquis.yaml is required at least I'm getting a fatal error if there's no such file but the acquis.yaml file is allowed to be empty interesting behaviour ok, I think I found the issue: I somehow mixed up the volumes...
CrowdSec
CrowdSec3mo ago
Resolving runtime stderr: creating /etc/crowdsec/acquis.d: openat2 etc/crowdsec/acquis.d: No such file or This has now been resolved. If you think this is a mistake please run /unresolve`

Did you find this page helpful?