search

hackerschoice / segfault

359 stars 41 forks source link

Cannot deploy segfault #15

Closed pielgrzym closed 1 year ago

pielgrzym commented 2 years ago

Hi,

Thanks for this great project. I'm trying to deploy it on my own VM (using the instruction in main README.md), however I ran into two issues:

  1. Building sf-guest fails during running guest/setup.sh - in line 33 it's trying to chmod /usr/share/www but the directory does not exist. I think it might be related to default SF_PACKAGES (MINI BASE NET) that don't include the webserver? Anyways - I just added an mkdir -p /usr/share/www \ before that line and container was built without a problem.
  2. Unfortunately next step fails - when running docker-compose up I get following error:
 SF_SEED="$(head -c 1024 /dev/urandom | tr -dc '[:alpha:]' | head -c 32)" && \
echo "SF_SEED=${SF_SEED}" && \
SF_BASEDIR=$(pwd) SF_SEED=${SF_SEED} SF_SSH_PORT=2222 SF_USER_PASSWORD=<yeah> SF_DEBUG=1 docker-compose up -d 
SF_SEED=<redacted>
WARNING: The SF_REDIS_AUTH variable is not set. Defaulting to a blank string.
Creating network "sf-redis-net" with driver "bridge"
Creating network "sf-dns-doh" with driver "bridge"
Creating network "sf-vpn" with driver "bridge"
Creating network "sf-guest" with driver "bridge"
Creating network "sf-access" with driver "bridge"
Creating network "segfault_incoming-net" with driver "bridge"
Creating network "sf-dmz" with driver "bridge"
Building segfault
Sending build context to Docker daemon  2.291MB
Step 1/4 : FROM alpine
 ---> 9c6f07244728
Step 2/4 : COPY /fs-root/ /
 ---> e2c61000356e
Step 3/4 : RUN  apk add --no-cache --upgrade    && apk add --no-cache       docker-cli      redis       bash        xauth       openssh-server      jq  && echo "/bin/segfaultsh" >>/etc/shells
 ---> Running in a61d344d7ece
fetch https://dl-cdn.alpinelinux.org/alpine/v3.16/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.16/community/x86_64/APKINDEX.tar.gz
OK: 6 MiB in 14 packages
fetch https://dl-cdn.alpinelinux.org/alpine/v3.16/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.16/community/x86_64/APKINDEX.tar.gz
(1/23) Installing ncurses-terminfo-base (6.3_p20220521-r0)
(2/23) Installing ncurses-libs (6.3_p20220521-r0)
(3/23) Installing readline (8.1.2-r0)
(4/23) Installing bash (5.1.16-r2)
Executing bash-5.1.16-r2.post-install
(5/23) Installing ca-certificates (20220614-r0)
(6/23) Installing docker-cli (20.10.18-r1)
(7/23) Installing oniguruma (6.9.8-r0)
(8/23) Installing jq (1.6-r1)
(9/23) Installing openssh-keygen (9.0_p1-r2)
(10/23) Installing openssh-server-common (9.0_p1-r2)
(11/23) Installing openssh-server (9.0_p1-r2)
(12/23) Installing redis (7.0.5-r0)
Executing redis-7.0.5-r0.pre-install
Executing redis-7.0.5-r0.post-install
(13/23) Installing libxau (1.0.9-r0)
(14/23) Installing libxdmcp (1.1.3-r0)
(15/23) Installing libxcb (1.15-r0)
(16/23) Installing libx11 (1.8-r0)
(17/23) Installing libxext (1.3.4-r0)
(18/23) Installing libice (1.0.10-r0)
(19/23) Installing libuuid (2.38-r1)
(20/23) Installing libsm (1.2.3-r0)
(21/23) Installing libxt (1.2.1-r0)
(22/23) Installing libxmu (1.1.3-r0)
(23/23) Installing xauth (1.1.2-r0)
Executing busybox-1.35.0-r17.trigger
Executing ca-certificates-20220614-r0.trigger
OK: 61 MiB in 37 packages
Removing intermediate container a61d344d7ece
 ---> 55721589da3c
Step 4/4 : CMD ["/bin/docker_sshd.sh"]
 ---> Running in 2542118e2730
Removing intermediate container 2542118e2730
 ---> b55b48909fbe
Successfully built b55b48909fbe
Successfully tagged sf-host:latest
WARNING: Image for service segfault was built because it did not already exist. To rebuild this image you must use `docker-compose build` or `docker-compose up --build`.
Creating segfault_dns-doh_1            ... done
Creating segfault_router-fix-network_1 ... done
Creating segfault_sf-redis_1           ... done
Creating segfault_router_1             ... done
Creating segfault_dnsmasq_1            ... 
Creating segfault_sf-portd_1           ... 
Creating segfault_dnsmasq_1            ... done
Creating segfault_sf-portd_1           ... done
Creating segfault_sf-destructor_1      ... error
Creating segfault_nginx_1              ... done
ERROR: for segfault_sf-destructor_1  Cannot start service sf-destructor: Container b61f865bff58d90efd9f8150f6af4e5416148b2b7349509959efae11fbe0dc1d is restarting, wait until the container is running
Creating sf-host                       ... done
Creating segfault_gsnc_1               ... done
Creating sf-mullvad                    ... done
Creating sf-nordvpn                    ... done
Creating sf-cryptostorm                ... done
Creating segfault_tor_1                ... done

ERROR: for sf-destructor  Cannot start service sf-destructor: Container b61f865bff58d90efd9f8150f6af4e5416148b2b7349509959efae11fbe0dc1d is restarting, wait until the container is running
ERROR: Encountered errors while bringing up the project.

I'm running on Debian unstable: docker 20.10.19 && docker-compose 1.29.2

pielgrzym commented 2 years ago

Here is additional error I got before I tried rebuilding sf-destroy with SF_DEBUG=1:

ERROR: for sf-destructor  Cannot start service sf-destructor: failed to create shim task: OCI runtime create failed: runc create failed: unable to create new parent process: namespace path: lstat /proc/108382/ns/pid: no such file or directory: unknown
pielgrzym commented 2 years ago

So I tried running provision/init-linux.sh and it finishes (I guess redis container is not starting when I don't create proper redis auth as in sf command). I can't ssh into the segfault server - I get tons of various docker interface related logs (bringing up/down etc) until my ssh times out. I guess there is some tor issue or maybe outbound connectivity issue?

DeadPackets commented 2 years ago

Try latest version, seems to be deploying fine for me.

SkyperTHC commented 1 year ago

This should be fixed in 0.3.8p1. Please test again and let me know.