search

crowdsecurity / crowdsec

CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
https://crowdsec.net
MIT License
8.9k stars 461 forks source link

[Docker Image] No ARM64 v8 Support? #2898

Open SanaRinomi opened 7 months ago

SanaRinomi commented 7 months ago

What happened?

Trying to install the crowdsec container on a Raspberry Pi 4 resulted in an error saying that there was no matching manifest for linux/arm64/v8.

Output: no matching manifest for linux/arm64/v8 in the manifest list entries

EDIT: The Raspberry Pi 4 I have is Model B Revision 1.5

What did you expect to happen?

A crowdsec container.

How can we reproduce it (as minimally and precisely as possible)?

Attempt to run the crowdsec container on a Raspberry Pi 4.

Anything else we need to know?

No response

Crowdsec version

[v1.6.0-1](https://hub.docker.com/layers/crowdsecurity/crowdsec/v1.6.0-1/images/sha256-171f6e80bec56f38cf4d1e57fb3d95e3305e35eeca7f3466c9017d3b48b2b615?context=explore)

OS version

```console # On Linux: $ cat /etc/os-release PRETTY_NAME="Ubuntu 22.04.4 LTS" NAME="Ubuntu" VERSION_ID="22.04" VERSION="22.04.4 LTS (Jammy Jellyfish)" VERSION_CODENAME=jammy ID=ubuntu ID_LIKE=debian HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" $ uname -a Linux sanapi 5.15.0-1048-raspi #51-Ubuntu SMP PREEMPT Thu Feb 22 10:30:12 UTC 2024 aarch64 aarch64 aarch64 GNU/Linux ```

Enabled collections and parsers

No response

Acquisition config

No response

Config show

No response

Prometheus metrics

No response

Related custom configs versions (if applicable) : notification plugins, custom scenarios, parsers etc.

No response

github-actions[bot] commented 7 months ago

@SanaRinomi: Thanks for opening an issue, it is currently awaiting triage.

In the meantime, you can:

  1. Check Crowdsec Documentation to see if your issue can be self resolved.
  2. You can also join our Discord.
  3. Check Releases to make sure your agent is on the latest version.
Details I am a bot created to help the [crowdsecurity](https://github.com/crowdsecurity) developers manage community feedback and contributions. You can check out my [manifest file](https://github.com/crowdsecurity/crowdsec/blob/master/.github/governance.yml) to understand my behavior and what I can do. If you want to use this for your project, you can check out the [BirthdayResearch/oss-governance-bot](https://github.com/BirthdayResearch/oss-governance-bot) repository.
mmetc commented 7 months ago

v8 is the same as arm64, I'm not sure what we should change here @sabban ?

https://github.com/containerd/containerd/blob/v1.4.3/platforms/database.go#L83

https://github.com/crowdsecurity/crowdsec/blob/fd2bb8927cc8288bb6494f945abcdd67883f0905/.github/workflows/publish-docker-release.yml#L34

alessandromrc commented 6 months ago

@mmetc I guess the problem comes down to not having "linux/arm/v8" for Raspberry Pi 4/5 and other ARM based machines that run on the same Architecture..

@SanaRinomi not sure if you're able to run the workflow on your machine directly and add "linux/arm/v8" to the list, since I don't have the material time to really look into all this.

PS. the output of uname -a on a RPi 4/5 should be similar to this: Linux raspberrypi5 6.6.22-v8-16k+ #1747 SMP PREEMPT Wed Mar 27 17:06:56 GMT 2024 aarch64 GNU/Linux

LaurenceJJones commented 6 months ago

Could you try by forcing the platform?

docker pull --platform linux/arm64 crowdsecurity/crowdsec:latest
nvtkaszpir commented 4 months ago

no issues here - pulling works as expected (but it fetches linux/arm64)

pi@hormex:~ $ cat /proc/cpuinfo
processor   : 0
BogoMIPS    : 108.00
Features    : fp asimd evtstrm crc32 cpuid
CPU implementer : 0x41
CPU architecture: 8
CPU variant : 0x0
CPU part    : 0xd08
CPU revision    : 3

processor   : 1
BogoMIPS    : 108.00
Features    : fp asimd evtstrm crc32 cpuid
CPU implementer : 0x41
CPU architecture: 8
CPU variant : 0x0
CPU part    : 0xd08
CPU revision    : 3

processor   : 2
BogoMIPS    : 108.00
Features    : fp asimd evtstrm crc32 cpuid
CPU implementer : 0x41
CPU architecture: 8
CPU variant : 0x0
CPU part    : 0xd08
CPU revision    : 3

processor   : 3
BogoMIPS    : 108.00
Features    : fp asimd evtstrm crc32 cpuid
CPU implementer : 0x41
CPU architecture: 8
CPU variant : 0x0
CPU part    : 0xd08
CPU revision    : 3

Revision    : d03114
Serial      : 10000000664323d5
Model       : Raspberry Pi 4 Model B Rev 1.4
pi@hormex:~ $ cat /etc/os-release 
PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
NAME="Debian GNU/Linux"
VERSION_ID="12"
VERSION="12 (bookworm)"
VERSION_CODENAME=bookworm
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
pi@hormex:~ $ uname -a
Linux hormex 6.6.28+rpt-rpi-v8 #1 SMP PREEMPT Debian 1:6.6.28-1+rpt1 (2024-04-22) aarch64 GNU/Linux
pi@hormex:~ $ docker info
Client: Docker Engine - Community
 Version:    26.1.1
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.14.0
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.27.0
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 1
  Running: 0
  Paused: 0
  Stopped: 1
 Images: 2
 Server Version: 26.1.1
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: e377cd56a71523140ca6ae87e30244719194a521
 runc version: v1.1.12-0-g51d5e94
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.6.28+rpt-rpi-v8
 Operating System: Debian GNU/Linux 12 (bookworm)
 OSType: linux
 Architecture: aarch64
 CPUs: 4
 Total Memory: 7.627GiB
 Name: hormex
 ID: 081515a1-9c0e-4808-a80e-ed928f68f95a
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: No memory limit support
WARNING: No swap limit support

pi@hormex:~ $ docker pull crowdsecurity/crowdsec:latest
latest: Pulling from crowdsecurity/crowdsec
bca4290a9639: Pull complete 
255e62d57790: Pull complete 
ca93b82201e7: Pull complete 
ee8f8fb73d7d: Pull complete 
245280eddf2d: Pull complete 
a230048fc640: Pull complete 
ee3a4e5fdd33: Pull complete 
397f676459e6: Pull complete 
f09fb8f21c47: Pull complete 
593b986d47c1: Pull complete 
Digest: sha256:37a2e6e11988a52dd14eb7f6aabd20e2f50698c9747f220cf87915e958e9a76a
Status: Downloaded newer image for crowdsecurity/crowdsec:latest
docker.io/crowdsecurity/crowdsec:latest

and the image runs fine. I suggesting updating os and docker?

alessandromrc commented 4 months ago

no issues here - pulling works as expected (but it fetches linux/arm64)

pi@hormex:~ $ cat /proc/cpuinfo
processor : 0
BogoMIPS  : 108.00
Features  : fp asimd evtstrm crc32 cpuid
CPU implementer   : 0x41
CPU architecture: 8
CPU variant   : 0x0
CPU part  : 0xd08
CPU revision  : 3

processor : 1
BogoMIPS  : 108.00
Features  : fp asimd evtstrm crc32 cpuid
CPU implementer   : 0x41
CPU architecture: 8
CPU variant   : 0x0
CPU part  : 0xd08
CPU revision  : 3

processor : 2
BogoMIPS  : 108.00
Features  : fp asimd evtstrm crc32 cpuid
CPU implementer   : 0x41
CPU architecture: 8
CPU variant   : 0x0
CPU part  : 0xd08
CPU revision  : 3

processor : 3
BogoMIPS  : 108.00
Features  : fp asimd evtstrm crc32 cpuid
CPU implementer   : 0x41
CPU architecture: 8
CPU variant   : 0x0
CPU part  : 0xd08
CPU revision  : 3

Revision  : d03114
Serial        : 10000000664323d5
Model     : Raspberry Pi 4 Model B Rev 1.4
pi@hormex:~ $ cat /etc/os-release 
PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
NAME="Debian GNU/Linux"
VERSION_ID="12"
VERSION="12 (bookworm)"
VERSION_CODENAME=bookworm
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
pi@hormex:~ $ uname -a
Linux hormex 6.6.28+rpt-rpi-v8 #1 SMP PREEMPT Debian 1:6.6.28-1+rpt1 (2024-04-22) aarch64 GNU/Linux
pi@hormex:~ $ docker info
Client: Docker Engine - Community
 Version:    26.1.1
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.14.0
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.27.0
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 1
  Running: 0
  Paused: 0
  Stopped: 1
 Images: 2
 Server Version: 26.1.1
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: e377cd56a71523140ca6ae87e30244719194a521
 runc version: v1.1.12-0-g51d5e94
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.6.28+rpt-rpi-v8
 Operating System: Debian GNU/Linux 12 (bookworm)
 OSType: linux
 Architecture: aarch64
 CPUs: 4
 Total Memory: 7.627GiB
 Name: hormex
 ID: 081515a1-9c0e-4808-a80e-ed928f68f95a
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: No memory limit support
WARNING: No swap limit support
pi@hormex:~ $ docker pull crowdsecurity/crowdsec:latest
latest: Pulling from crowdsecurity/crowdsec
bca4290a9639: Pull complete 
255e62d57790: Pull complete 
ca93b82201e7: Pull complete 
ee8f8fb73d7d: Pull complete 
245280eddf2d: Pull complete 
a230048fc640: Pull complete 
ee3a4e5fdd33: Pull complete 
397f676459e6: Pull complete 
f09fb8f21c47: Pull complete 
593b986d47c1: Pull complete 
Digest: sha256:37a2e6e11988a52dd14eb7f6aabd20e2f50698c9747f220cf87915e958e9a76a
Status: Downloaded newer image for crowdsecurity/crowdsec:latest
docker.io/crowdsecurity/crowdsec:latest

and the image runs fine. I suggesting updating os and docker?

They are using Ubuntu and not Raspberry Pi OS...

nvtkaszpir commented 4 months ago

Yes and I am aware of that. The reporter of the issue did not provide more details about the hardware or software - especially docker version is missing or the details about docker config, because seems there is an issue that docker is not translating linux/arm64/v8 into linux/arm64 image as an fallback.

Repo owners could make additional build for platform as linux/arm/v8 but adding every new platform should be backed with ability to test it on that platform, and the best way to do it just to have exact info about the setups people had issues with.