Wizard stalled line 594 : dev/urandom | tr -dc 'a-zA-Z0-9' |`

tranbert · February 17, 2021, 9:08am

Bonjour… (il n’y a pas de categorie Français donc allons y en globish)

On my cloud instances /ovh Debian 10 buster, the install wizard hangs on line 594 :

${CSCLI_BIN_INSTALLED} machines add --force "$(cat /etc/machine-id)" --password "$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)" -f "${CROWDSEC_CONFIG_PATH}/${CLIENT_SECRETS}"

And also for Hub bouncer auto-install, hangs on :

SUFFIX=`tr -dc "A-Za-z0-9" </dev/urandom | head -c 8`
API_KEY=`cscli bouncers add cs-firewall-bouncer-${SUFFIX} -o raw'

My guess is that dev/urandom | tr -dc 'a-zA-Z0-9' | fails in script. I’ve manage to install Crowdsec by manually generate the lines :

cscli machines add --force 0ef30****************efb187ce --password 3212r************************4 -f /etc/crowdsec/local_api_credentials.yaml

using cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1 on command line

or install bouncer via :
# SUFFIX=tr -dc "A-Za-z0-9" </dev/urandom | head -c 8
# echo $SUFFIX
VlSKOSAs

Am I alone with this bug ??? Any clues about these errors ?

kaa · February 17, 2021, 11:12am

Hi (Bonjour aussi),

I tried to reproduce the issue on our ovh instance, with no luck: the wizard installation process went smoothly. Can you share with us the exact commercial offer you are using ? I’ll try to reproduce this with the exact same setup.

That being said, /dev/urandom call shouldn’t block…

Other question: Is this command blocks on your server:
dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64 -w 0 | rev | cut -b 2- | rev

If it doesn’t, we’ll consider swap the command in the wizards for this.

Your feeback is very appreciated.

Regards,

tranbert · February 17, 2021, 3:43pm

re-Hi donc.

It’s ovh public cloud instances sandbox s1-2 and s1-4 + OVH VPS 2016 SSD 1 + VPS 2018 SSD 1

All debian in 9/10…

I’m trying now on a S1-2 debian jessie… hangs… top :

  20   0    5968    700    620 R 48.4  0.0   1:38.77 cat /dev/urandom                                                                                                                                              
   20   0    5836    696    616 S  2.3  0.0   0:04.13 tr -dc a-zA-Z0-9                                                                                                                                              
 20   0    5820    664    580 S  0.3  0.0   0:01.27 fold -w 32

and :

dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64 -w 0 | rev | cut -b 2- | rev......

ok
zI7tAGCUjFfxxIJ+BQWEGQZdQ7/ZeuwJ+SX0Q7CuRXQ

tranbert · February 17, 2021, 3:48pm

Edited wizard.sh with this line… Ok.

02/17/2021:04:46:35 PM][INF] crowdsec_wizard: Installing patterns
INFO[0000] Machine '244b714165db48e8b6d0eb0a0286881e' created successfully 
INFO[0000] API credentials dumped to '/etc/crowdsec/local_api_credentials.yaml' 
[02/17/2021:04:46:35 PM][INF] crowdsec_wizard: Crowdsec LAPI registered
INFO[0002] Successfully registered to Central API (CAPI) 
INFO[0002] API credentials dumped to '/etc/crowdsec/online_api_credentials.yaml' 
WARN[0002] Run 'sudo systemctl reload crowdsec' for the new configuration to be effective 
[02/17/2021:04:46:38 PM][INF] crowdsec_wizard: Crowdsec CAPI registered
Created symlink from /etc/systemd/system/multi-user.target.wants/crowdsec.service to /etc/systemd/system/crowdsec.service.
[02/17/2021:04:46:44 PM][INF] crowdsec_wizard: Enabling and starting crowdsec daemon

tranbert · February 17, 2021, 4:23pm

And install.sh from cs-firewall-bouncer line 81

SUFFIX=`tr -dc A-Za-z0-9 </dev/urandom | head -c 8`

replaced by :

SUFFIX=`dd if=/dev/urandom bs=8 count=1 2>/dev/null | base64 -w 0 | rev | cut -b 2- | rev`

Is Ok too (forgot to bs:6 oops) :

cs-firewall-bouncer-okco8jtqFoo | /v1/decisions/stream | GET | 2

kaa · February 18, 2021, 9:46am

Thank you very much for your feedback. An issue has been created. I believe this should be fixed in the future.