Unable to retrieve latest crowdsec version

Hi,

I am new to crowdsec and walked through a tutorial about setting it up with traefik and a bouncer. All things worked fine but the other containers won’t start as it depends on an healthcheck from crowdsec which failed. Looking into the log output I get the following:

time="2024-01-30T20:04:57+01:00" level=warning msg="Unable to retrieve latest crowdsec version: Get \"https://version.crowdsec.net/latest\": dial tcp: lookup version.crowdsec.net on 127.0.0.11:53: read udp 127.0.0.1:45661->127.0.0.11:53: i/o timeout, using hub branch 'master'"

and

time="2024-01-30T20:05:07+01:00" level=fatal msg="failed to update hub: failed http request for hub index: Get \"https://hub-cdn.crowdsec.net/master/.index.json\": dial tcp: lookup hub-cdn.crowdsec.net on 127.0.0.11:53: read udp 127.0.0.1:41818->127.0.0.11:53: i/o timeout"

BTW the container is running some time and after attaching to it with:

docker exec -it crowdsec bash

i get kicked out of the container session and after running docker ps I can see the container isn’t running anymore.

Any idea what this can be about?

Thanks in advance

Hi,

From your error outputs I can see a DNS failure (timeout).
So, something’s may be wrong with your Docker network.

Sorry I was going to reply sooner, @smu44 is right the docker DNS is timing out. If you use a custom DNS solution for your network might be best to not bind to all listeners.

No problem.

Yeah I thought of that as well and don‘t know where things got wrong. In had to prune the docker ecosystem because it didn‘t copy my host resolv.conf. Always got 127.0.011 in the resolv.conf of the crowdsec container. Not even adding the dns server in the compose file added it.

After that and running compose again, it worked.

Do you maybe know what caused the wrong resolv.conf? I found nothing about it on the web.

I’ve been using crowdsec for almost 2 years now and this happens to me sporadically. I can’t determine the actual root cause - but my system will be working fine for months and then break with this error. I forget the exact steps I took last time, but restarting the Docker service and resolv.conf were both involved. I have the issue again and will document better.

What I’ve never been able to figure out is why this demands exiting the container when it should be functional regardless of whether or not it can learn of version of updates. This behavior makes troubleshooting extremely difficult. Not to mention, as a dependency for my reverse proxy, takes all my other services down with it.

This came up as a search result for me; I’ve been using CrowdSec for a year or so, but two of my servers dropped off the air after an update of some docker components.

Restarting CrowdSec or the entire docker stack didn’t work.

I had to restart the server.

Server was still working, but without CrowdSec working, and so all CrowdSec protected websites weren’t available; luckily they were only the control planes for services that were still up and running.