search

amnezia-vpn / amnezia-client

Amnezia VPN Client (Desktop+Mobile)
https://amnezia.org
GNU General Public License v3.0
4.3k stars 280 forks source link

Amnezia VPN client fails with ErrorCode 202 during server installation until manual installing of apparmor and apparmor-utils to the server #925

Open bogser7 opened 1 month ago

bogser7 commented 1 month ago

Desktop OS: Windows 10 Server OS: Debian 12

Deployed new VPS with Debian 12 and got ErrorCode 202 "Docker container missing" from Amnezia VPN client during server installation. The problem has gone after apt install apparmor apparmor-utils. Shouldn't Amnezia VPN install apparmor and apparmor-utils automatically?

Here is the log from Amnezia VPN client when ErrorCode 202 occurred:

2024-08-03 08:14:07 debug ServerController::Run script
2024-08-03 08:14:07 debug sudo docker ps --format '{{.Names}} {{.Ports}}'
2024-08-03 08:14:07 debug SSH chanel opened
2024-08-03 08:14:08 debug ServerController::runScript finished

2024-08-03 08:14:08 debug ServerController::setupContainer amnezia-awg
2024-08-03 08:14:08 debug ServerController::Run script
2024-08-03 08:14:08 debug if which apt-get > /dev/null 2>&1; then LOCK_FILE="/var/lib/dpkg/lock-frontend";\
elif which dnf > /dev/null 2>&1; then LOCK_FILE="/var/run/dnf.pid";\
elif which yum > /dev/null 2>&1; then LOCK_FILE="/var/run/yum.pid";\
elif which pacman > /dev/null 2>&1; then LOCK_FILE="/var/lib/pacman/db.lck";\
else echo "Packet manager not found"; echo "Internal error"; exit 1; fi;\
if command -v fuser > /dev/null 2>&1; then sudo fuser $LOCK_FILE 2>/dev/null; else echo "fuser not installed"; fi
2024-08-03 08:14:08 debug SSH chanel opened
2024-08-03 08:14:08 debug ServerController::runScript finished

2024-08-03 08:14:08 debug ServerController::Run script
2024-08-03 08:14:08 debug if which apt-get > /dev/null 2>&1; then pm=$(which apt-get); silent_inst="-yq install"; check_pkgs="-yq update"; docker_pkg="docker.io"; dist="debian";\
elif which dnf > /dev/null 2>&1; then pm=$(which dnf); silent_inst="-yq install"; check_pkgs="-yq check-update"; docker_pkg="docker"; dist="fedora";\
elif which yum > /dev/null 2>&1; then pm=$(which yum); silent_inst="-y -q install"; check_pkgs="-y -q check-update"; docker_pkg="docker"; dist="centos";\
elif which pacman > /dev/null 2>&1; then pm=$(which pacman); silent_inst="-S --noconfirm --noprogressbar --quiet"; check_pkgs="> /dev/null 2>&1"; docker_pkg="docker"; dist="archlinux";\
else echo "Packet manager not found"; exit 1; fi;\
echo "Dist: $dist, Packet manager: $pm, Install command: $silent_inst, Check pkgs command: $check_pkgs, Docker pkg: $docker_pkg";\
if [ "$dist" = "debian" ]; then export DEBIAN_FRONTEND=noninteractive; fi;\
if ! command -v sudo > /dev/null 2>&1; then $pm $check_pkgs; $pm $silent_inst sudo; fi;\
if ! command -v fuser > /dev/null 2>&1; then sudo $pm $check_pkgs; sudo $pm $silent_inst psmisc; fi;\
if ! command -v lsof > /dev/null 2>&1; then sudo $pm $check_pkgs; sudo $pm $silent_inst lsof; fi;\
if ! command -v docker > /dev/null 2>&1; then \
  sudo $pm $check_pkgs; sudo $pm $silent_inst $docker_pkg;\
  sleep 5; sudo systemctl enable --now docker; sleep 5;\
fi;\
if [ "$(systemctl is-active docker)" != "active" ]; then \
  sudo $pm $check_pkgs; sudo $pm $silent_inst $docker_pkg;\
  sleep 5; sudo systemctl start docker; sleep 5;\
fi;\
if ! command -v sudo > /dev/null 2>&1; then echo "Failed to install sudo, command not found"; exit 1; fi;\
docker --version
2024-08-03 08:14:08 debug SSH chanel opened
2024-08-03 08:14:08 debug ServerController::runScript finished

2024-08-03 08:14:08 debug ServerController::installDockerWorker Dist: debian, Packet manager: /usr/bin/apt-get, Install command: -yq install, Check pkgs command: -yq update, Docker pkg: docker.io

Docker version 
20.10.24+dfsg1, build 297e128

2024-08-03 08:14:08 debug ServerController::setupContainer installDockerWorker finished
2024-08-03 08:14:08 debug ServerController::Run script
2024-08-03 08:14:08 debug which lsof &>/dev/null || true && sudo lsof -i -P -n 2>/dev/null | grep -E ':32152 ' | grep -i udp
2024-08-03 08:14:08 debug SSH chanel opened
2024-08-03 08:14:08 debug ServerController::runScript finished

2024-08-03 08:14:08 debug ServerController::Run script
2024-08-03 08:14:08 debug which lsof &>/dev/null || true && sudo lsof -i -P -n 2>/dev/null | grep -E ':32152 ' | grep -i udp
2024-08-03 08:14:09 debug SSH chanel opened
2024-08-03 08:14:09 debug ServerController::runScript finished

2024-08-03 08:14:09 debug ServerController::Run script
2024-08-03 08:14:09 debug CUR_USER=$(whoami);\
sudo mkdir -p /opt/amnezia/amnezia-awg;\
sudo chown $CUR_USER /opt/amnezia/amnezia-awg;\
if ! sudo docker network ls | grep -q amnezia-dns-net; then sudo docker network create \
  --driver bridge \
  --subnet=172.29.172.0/24 \
  --opt com.docker.network.bridge.name=amn0 \
  amnezia-dns-net;\
fi
2024-08-03 08:14:09 debug SSH chanel opened
2024-08-03 08:14:09 debug ServerController::runScript finished

2024-08-03 08:14:09 debug ServerController::setupContainer prepareHostWorker finished
2024-08-03 08:14:09 debug ServerController::Run script
2024-08-03 08:14:09 debug sudo docker stop amnezia-awg;\
sudo docker rm -fv amnezia-awg;\
sudo docker rmi amnezia-awg
2024-08-03 08:14:10 debug SSH chanel opened
2024-08-03 08:14:10 debug ServerController::runScript finished

2024-08-03 08:14:10 debug ServerController::setupContainer removeContainer finished
2024-08-03 08:14:10 debug buildContainerWorker start
2024-08-03 08:14:10 debug ServerController::Run script
2024-08-03 08:14:10 debug sudo rm /opt/amnezia/amnezia-awg/Dockerfile
2024-08-03 08:14:10 debug SSH chanel opened
2024-08-03 08:14:10 debug ServerController::runScript finished

2024-08-03 08:14:11 debug ServerController::Run script
2024-08-03 08:14:11 debug sudo docker build --no-cache --pull -t amnezia-awg /opt/amnezia/amnezia-awg
2024-08-03 08:14:11 debug SSH chanel opened
2024-08-03 08:14:16 debug ServerController::runScript finished

2024-08-03 08:14:16 debug ServerController::setupContainer buildContainerWorker finished
2024-08-03 08:14:16 debug ServerController::Run script
2024-08-03 08:14:16 debug sudo docker run -d \
--log-driver none \
--restart always \
--privileged \
--cap-add=NET_ADMIN \
--cap-add=SYS_MODULE \
-p 32152:32152/udp \
-v /lib/modules:/lib/modules \
--sysctl="net.ipv4.conf.all.src_valid_mark=1" \
--name amnezia-awg \
amnezia-awg
2024-08-03 08:14:16 debug SSH chanel opened
2024-08-03 08:14:18 debug sudo docker network connect amnezia-dns-net amnezia-awg
2024-08-03 08:14:18 debug SSH chanel opened
2024-08-03 08:14:18 debug ServerController::runScript finished

2024-08-03 08:14:18 debug ServerController::setupContainer runContainerWorker finished
2024-08-03 08:14:18 debug ServerController::Run script
2024-08-03 08:14:18 debug sudo docker exec -i amnezia-awg mkdir -p  "$(dirname /opt/amnezia/HSRIcWWW1vFkNB9b.sh)"
2024-08-03 08:14:19 debug SSH chanel opened
2024-08-03 08:14:19 debug ServerController::runScript finished

2024-08-03 08:14:19 debug ServerController::Run script
2024-08-03 08:14:19 debug sudo docker cp /tmp/rwLyvsMiSEhHnhRK.tmp amnezia-awg://opt/amnezia/HSRIcWWW1vFkNB9b.sh
2024-08-03 08:14:19 debug SSH chanel opened
2024-08-03 08:14:19 debug ServerController::runScript finished

Output from sudo docker run hello-world before installing apparmor and apparmor-utils:

Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
c1ec31eb5944: Pull complete
Digest: sha256:1408fec50309afee38f3535383f5b09419e6dc0925bc69891e79d84cc4cdcec6
Status: Downloaded newer image for hello-world:latest
docker: Error response from daemon: AppArmor enabled on system but the docker-default profile could not be loaded: running `apparmor_parser apparmor_parser --version` failed with output:
error: exec: "apparmor_parser": executable file not found in $PATH.

Output from sudo docker run hello-world after apt install apparmor apparmor-utils:

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/
bogser7 commented 1 month ago

In addition to the above I face the same problem with Debian 11 as well, but there are no problems with Ubuntu 24.04.

dmatora commented 1 month ago

same problem debian 11.8 what's the workaround? apt install apparmor apparmor-utils didn't help how do you get the log?

bogser7 commented 1 month ago

You can enable logging in Amnezia VPN client settings.

AleksejEgorov commented 1 month ago

OK, same trouble. client log:

2024-08-14 17:58:24 debug ServerController::installDockerWorker Dist: debian, Packet manager: /usr/bin/apt-get, Install command: -yq install, Check pkgs command: -yq update, Docker pkg: docker.io

Docker version 
27.1.1, build 6312585

2024-08-14 17:58:24 debug ServerController::setupContainer installDockerWorker finished
2024-08-14 17:58:24 debug ServerController::Run script
2024-08-14 17:58:24 debug which lsof &>/dev/null || true && sudo lsof -i -P -n 2>/dev/null | grep -E ':31147 ' | grep -i udp
2024-08-14 17:58:24 debug SSH chanel opened
2024-08-14 17:58:24 debug ServerController::runScript finished

2024-08-14 17:58:24 debug ServerController::Run script
2024-08-14 17:58:24 debug which lsof &>/dev/null || true && sudo lsof -i -P -n 2>/dev/null | grep -E ':31147 ' | grep -i udp
2024-08-14 17:58:25 debug SSH chanel opened
2024-08-14 17:58:25 debug ServerController::runScript finished

2024-08-14 17:58:25 debug ServerController::Run script
2024-08-14 17:58:25 debug CUR_USER=$(whoami);\
sudo mkdir -p /opt/amnezia/amnezia-awg;\
sudo chown $CUR_USER /opt/amnezia/amnezia-awg;\
if ! sudo docker network ls | grep -q amnezia-dns-net; then sudo docker network create \
  --driver bridge \
  --subnet=172.29.172.0/24 \
  --opt com.docker.network.bridge.name=amn0 \
  amnezia-dns-net;\
fi
2024-08-14 17:58:25 debug SSH chanel opened
2024-08-14 17:58:25 debug ServerController::runScript finished

2024-08-14 17:58:25 debug ServerController::setupContainer prepareHostWorker finished
2024-08-14 17:58:25 debug ServerController::Run script
2024-08-14 17:58:25 debug sudo docker stop amnezia-awg;\
sudo docker rm -fv amnezia-awg;\
sudo docker rmi amnezia-awg
2024-08-14 17:58:25 debug SSH chanel opened
2024-08-14 17:58:25 debug ServerController::runScript finished

2024-08-14 17:58:25 debug ServerController::setupContainer removeContainer finished
2024-08-14 17:58:25 debug buildContainerWorker start
2024-08-14 17:58:25 debug ServerController::Run script
2024-08-14 17:58:25 debug sudo rm /opt/amnezia/amnezia-awg/Dockerfile
2024-08-14 17:58:26 debug SSH chanel opened
2024-08-14 17:58:26 debug ServerController::runScript finished

2024-08-14 17:58:26 debug ServerController::Run script
2024-08-14 17:58:26 debug sudo docker build --no-cache --pull -t amnezia-awg /opt/amnezia/amnezia-awg
2024-08-14 17:58:26 debug SSH chanel opened
2024-08-14 17:58:38 debug ServerController::runScript finished

2024-08-14 17:58:38 debug ServerController::setupContainer buildContainerWorker finished
2024-08-14 17:58:38 debug ServerController::Run script
2024-08-14 17:58:38 debug sudo docker run -d \
--log-driver none \
--restart always \
--privileged \
--cap-add=NET_ADMIN \
--cap-add=SYS_MODULE \
-p 31147:31147/udp \
-v /lib/modules:/lib/modules \
--sysctl="net.ipv4.conf.all.src_valid_mark=1" \
--name amnezia-awg \
amnezia-awg
2024-08-14 17:58:38 debug SSH chanel opened
2024-08-14 17:58:40 debug sudo docker network connect amnezia-dns-net amnezia-awg
2024-08-14 17:58:40 debug SSH chanel opened
2024-08-14 17:58:40 debug ServerController::runScript finished

2024-08-14 17:58:40 debug ServerController::setupContainer runContainerWorker finished
2024-08-14 17:58:41 debug ServerController::Run script
2024-08-14 17:58:41 debug sudo docker exec -i amnezia-awg mkdir -p  "$(dirname /opt/amnezia/OBaNufkAi9IedAmr.sh)"
2024-08-14 17:58:41 debug SSH chanel opened
2024-08-14 17:58:41 debug ServerController::runScript finished

2024-08-14 17:58:41 debug ServerController::Run script
2024-08-14 17:58:41 debug sudo docker cp /tmp/nr6ZxWHKK5GZnAJZ.tmp amnezia-awg://opt/amnezia/OBaNufkAi9IedAmr.sh
2024-08-14 17:58:41 debug SSH chanel opened
2024-08-14 17:58:41 debug ServerController::runScript finished

And during deployment I see this lines in journalctl -xeou docker:

Aug 14 16:50:40 serverhostname dockerd[1156]: time="2024-08-14T16:50:40.490119452+02:00" level=info msg="No non-localhost DNS nameservers are left in resolv.conf. Using default external servers"
Aug 14 16:50:51 serverhostname dockerd[1156]: time="2024-08-14T16:50:51.174894568+02:00" level=error msg=/moby.buildkit.v1.Control/Solve error="rpc error: code = Unknown desc = process \"/bin/sh -c apk add --no-cache bash curl dumb-init\" did not complete successfully: exit code: 2"
Aug 14 16:50:52 serverhostname dockerd[1156]: time="2024-08-14T16:50:52.781927000+02:00" level=error msg="Not continuing with pull after error: errors:\ndenied: requested access to the resource is denied\nunauthorized: authentication required\n"
Aug 14 16:50:52 serverhostname dockerd[1156]: time="2024-08-14T16:50:52.782455887+02:00" level=info msg="Ignoring extra error returned from registry" error="unauthorized: authentication required"
dmatora commented 1 month ago

Mine were caused by ARM CPU. Solved by switching to x86 droplet.