Cannot install Crowdsec on Ubuntu 20.04.4 & 18.04.6

I am trying out Crowdsec and install always fails. I am running 18.04.6 on an Intel SBC and Ubuntu 20.04.4 in a container. I have added the repository from here for both systems.

When I install Crowdsec via apt, both fail with the following. (I have also tried installing with deb package and that fails with the same error.):

Updating hub
INFO[21-06-2022 11:12:30 PM] Wrote new 364391 bytes index to /etc/crowdsec/hub/.index.json 
Created symlink /etc/systemd/system/ → /lib/systemd/system/crowdsec.service.
Job for crowdsec.service failed because the control process exited with error code.
See "systemctl status crowdsec.service" and "journalctl -xe" for details.
dpkg: error processing package crowdsec (--configure):
 installed crowdsec package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
E: Sub-process /usr/bin/dpkg returned an error code (1)

I cannot run Crowdsec at this point, and so I then uninstall it and get this error:

(Reading database ... 17927 files and directories currently installed.)
Removing crowdsec (1.3.4) ...
FATA[21-06-2022 11:13:58 PM] Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? 
Removed /etc/systemd/system/

This is VERY strange because I am not running Docker and so have no idea why it is asking if the daemon is running.

As a result, I can never install or run Crowdsec. Interestingly, installing the old version via AWS seemed to work, but that is an older version. (The problem is that that version did not have bouncer packages.)

Any ideas?

Update: This thread talks about a similar issue and a poster suggests that this a Crowdsec package error. It is 15 months later. Is the package still broken?


The packages are the most common way of installation, so it should be working :slight_smile:
Can you share your crowdsec.log and/or the output of journalctl -xe ?

I’d be curious to know what broke the install.


Interestingly, the 20.04 box installed fine this AM. No idea why. The 18.04 server is having the same problem. Here is some data:

host@host:~$ sudo systemctl status crowdsec.service
● crowdsec.service - Crowdsec agent
   Loaded: loaded (/etc/systemd/system/crowdsec.service; enabled; vendor preset: enabled)
   Active: activating (auto-restart) (Result: exit-code) since Wed 2022-06-22 07:54:00 EDT; 18s ago
  Process: 20764 ExecStartPre=/usr/bin/crowdsec -c /etc/crowdsec/config.yaml -t (code=exited, status=1/FAILURE)

Jun 22 07:54:00 asbc systemd[1]: crowdsec.service: Failed with result 'exit-code'.
Jun 22 07:54:00 asbc systemd[1]: Failed to start Crowdsec agent.

journalctl -xe

-- Unit crowdsec.service has begun starting up.
Jun 22 07:56:01 asbc crowdsec[20854]: time="2022-06-22T07:56:01-04:00" level=warning msg="Deprecation warning: the pid_dir 
Jun 22 07:56:02 asbc systemd[1]: crowdsec.service: Control process exited, code=exited status=1
Jun 22 07:56:02 asbc systemd[1]: crowdsec.service: Failed with result 'exit-code'.
Jun 22 07:56:02 asbc systemd[1]: Failed to start Crowdsec agent.
-- Subject: Unit crowdsec.service has failed
-- Defined-By: systemd
-- Support:
-- Unit crowdsec.service has failed.

These do not feel helpful…

I would just add that I get the same failure whenever I try to run crowdsec. It will never start and will show that error.

Well, I figured this out on my own. Something is up with the installation/removal process. You cannot do an “apt remove crowdsec” since it left files in place which I think broke this.

The result of the above is that I needed to manually remove all crowdsec folders and files myself because apt did not do that. Once I did that, I was able to install it properly.

Advice to crowdsec team: Review your “apt remove” code to ensure that it actually removes all the crowdsec files.

Hello @jl_678,

Thanks for investigating !

Debian’s default policy is for apt not to remove configuration files and we stick to it so far … even if sometimes it can bite.

In the future apt-get remove --purge XXXX can be handy as it as well removes the configuration files etc (we ensured it’s working as expected in crowdsec’s case).

Yes agreed, we have made changes for this in the upcoming 1.4 that ideally is going to make this easier (note: in the previous versions you have to look into /var/log/crowdsec.log to see the real error messages most of the time).

@jl_678 : Which version was previously installed ? I didn’t manage to reproduce the apt installapt removeapt install (broken) cycle.


Thank you for the research! I appreciate it.

To answer your question, I was following the multi-server install in this blog.

The repo linked in the blog is outdated. As I recall, it installed 1.09. The problem is that I realized that it was old and then tried to upgrade to 1.34 which may have caused further problems.

I guess it was user error as I kept uninstalling and reinstalling without purge which meant that every subsequent install still used the broken config files.

In the end, I manually purged by removing all crowdsec files and reinstalling.


I guess the 3 major version gap was a bit too tough for our installer to handle :sweat_smile:
However, I’ll keep in mind to check that the error are properly displayed via journalctl in case of fatal error.

Yes. And might I suggest that you update the repo linked in that blog post?

The instructions are fine otherwise.