firewall does not start

[tril0byte]

admin@myNode:~ $ sudo systemctl status firewall ● firewall.service - myNode Firewall Loaded: loaded (/etc/systemd/system/firewall.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Sat 2020-01-18 22:11:02 PST; 13h ago Main PID: 513 (code=exited, status=1/FAILURE)

Jan 18 22:11:00 myNode systemd[1]: Starting myNode Firewall... Jan 18 22:11:00 myNode mynode[513]: + ufw default deny incoming Jan 18 22:11:02 myNode mynode[513]: ERROR: '/etc/default/ufw' is not writable Jan 18 22:11:02 myNode systemd[1]: firewall.service: Main process exited, code=exited, status=1/FAILURE Jan 18 22:11:02 myNode systemd[1]: firewall.service: Failed with result 'exit-code'. Jan 18 22:11:02 myNode systemd[1]: Failed to start myNode Firewall.

[tehelsper]

This is very unusual. Is your SD card possibly corrupt? Do you have a /etc/default/ufw file?

[tril0byte]

The SD card is not read-only after it finishes booting, it's a race condition, during startup it's read-only and then later gets mounted read-write.

Jan 18 22:10:58 myNode kernel: EXT4-fs (mmcblk0p2): mounted filesystem with ordered data mode. Opts: (null) Jan 18 22:10:58 myNode kernel: VFS: Mounted root (ext4 filesystem) readonly on device 179:2.

Mounting the FS read-only before fsck is common on Linux distros. It gets remounted read-write after checking for errors in a normal boot sequence.

I highly recommend you physically install myNode on a RPi4 platform, and read through "sudo journalctl" for all the warnings that come up, it's quite extensive...

e.g. Jan 18 22:10:58 myNode systemd[1]: File /lib/systemd/system/systemd-journald.service:12 configures an IP firewall (IPAddressDeny any), but the local system does not support BPF/cgroup based firewalling. Jan 18 22:10:58 myNode systemd[1]: Proceeding WITHOUT firewalling in effect! (This warning is only shown for the first loaded unit using IP firewalling.)

Jan 18 22:10:59 myNode systemd[1]: systemd-timesyncd.service: Failed to run 'start' task: Read-only file system Jan 18 22:10:59 myNode systemd[1]: systemd-timesyncd.service: Failed with result 'resources'. Jan 18 22:10:59 myNode systemd[1]: Failed to start Network Time Synchronization. (Possibly related to #50 )

Jan 18 22:10:58 myNode systemd-tmpfiles[347]: rm_rf(/tmp): Read-only file system

Jan 18 22:11:00 myNode systemd[1]: tor@default.service: Failed to run 'start-pre' task: Read-only file system Jan 18 22:11:00 myNode systemd[1]: tor@default.service: Failed with result 'resources'. Jan 18 22:11:00 myNode systemd[1]: Failed to start Anonymizing overlay network for TCP.

Jan 18 22:11:01 myNode mynode_gen_cert.sh[511]: cp: cannot remove '/mnt/hdd/mynode/settings/https/myNode.local.crt': Read-only Jan 18 22:11:01 myNode mynode_gen_cert.sh[511]: cp: cannot remove '/mnt/hdd/mynode/settings/https/myNode.local.csr': Read-only Jan 18 22:11:01 myNode mynode_gen_cert.sh[511]: cp: cannot remove '/mnt/hdd/mynode/settings/https/myNode.local.key': Read-only Jan 18 22:11:01 myNode mynode_gen_cert.sh[511]: cp: cannot remove '/mnt/hdd/mynode/settings/https/myNode.local.pem': Read-only

Jan 18 22:11:02 myNode mynode[513]: ERROR: '/etc/default/ufw' is not writable

There are also errors with containerd failing to start due to read-only filesystem. Possibly related to the reason Docker won't work on my system and why the netdata doesn't start #117

The FS gets mounted read-write at some point (appears to be by one of the mynode scripts) and is writable by the time I login by SSH.

[tril0byte]

I do have the ufw config file now, and the firewall rules load at each boot, but only because I ran "systemctl start firewall" after logging in by SSH once.

[tril0byte]

might need to scatter around some After=systemd-remount-fs.service

[tril0byte]

I tried systemd-remount-fs.service in both mynode.service and timesyncd.service to no avail.

However, I was able to fix everything by adding "rw" to the cmdline.txt on the mmcblk0p1

admin@myNode:~ $ sudo mount /dev/mmcblk0p1 /media admin@myNode:~ $ cat /media/cmdline.txt dwc_otg.lpm_enable=0 console=serial0,115200 console=tty1 root=PARTUUID=ae7f5dfe-02 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait rw

Yes, Docker started, Netdata started, WebSSH started, Tor started correctly, and LND is starting as well, none of which ever happened before. No more read-only errors occur in the journalctl log.

[tehelsper]

OK, that's still really unusual. As far as I know, I don't think this has happened to anyone else before.

Do you see the exact same output if you cat /boot/cmdline.txt

[tril0byte]

admin@myNode:~ $ cat /boot/cmdline.txt usb-storage.quirks=1058:261b:u

[tril0byte]

I've already tried writing the same image to the same microSD card, and I've tried a hard disk and an SSD. We could therefore presume my microSD card is a problem, but since it's brand new, my only suspicion would be perhaps it's too fast, and systemd is booting up faster on it than any other SD card that's been tested with myNode, exposing race conditions in the systemd unit files. I will plan to try myNode on a different microSD card and compare, unles you have further ideas.

My conclusion from this experience was that nobody had ever tested this image file ( https://mynodebtc.com/device/mynode_images/mynode_raspi4_0-1-74.img.gz ) on a Raspberry Pi 4 4GB - have you?

[tril0byte]

tried several other micro SD cards and they all worked. Tested the first SD card with badblocks and no issues. Still trying to reproduce earlier issue.

[tril0byte]

I still haven't figured out what went wrong before. Somehow I ended up with a myNode that would start out read-only, was missing or had an empty /etc/fstab and thus wouldn't mount the /boot partition. The root FS was tiny and had less than 1 GB free space (didn't grow the partition). And nothing worked. It seems the read-only issue was the cause of this missing firewall so I'll close this issue. It was probably the cause of the time sync issue I noted in my comment in #50 so my issue may be different than the reporter of that issue.

[pyskell]

I encountered the same issue. I did 4 things that may have caused it, in descending order of likelihood:

1. Wrote the sd card image with dd if=mynode_raspi4_0-2-07.img of=/dev/sdb bs=1M
2. Pre-formatted my SSD as ext4
3. (Really unlikely) Forgot to plug in the Raspberry Pi 4 to my router
4. (Also unlikely) Didn't realize how hard you need to push the usb-c power cable into the Pi, it wasn't fully in but was still powering it.

Unfortunately didn't save any logs. Rewriting my sd card right now. Will post if I encounter again.

Fixed. What may have fixed it:

1. Wrote the sd card image with Suse's imagewriter
2. Erased the SSD ext4 partition
3. Pi ethernet cable connected lol
4. Power cable properly plugged in

[RobertHosking]

I encountered a similar issue. My HDD was also formatted in ext4. Its possible my partition was just in a bad state because I'm not very experienced using command line to format disks. I used a computer with a GUI to create a FAT4 partition on the drive and it worked.