WARNING: failed to start ntopng

psychogun commented 2 months ago

Important notices Before you add a new report, we ask you kindly to acknowledge the following:

[x] I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
[x] I have searched the existing issues, open and closed, and I'm convinced that mine is new.
[x] The title contains the plugin to which this issue belongs

Describe the bug My dashboard in Grafana which shows me individual traffic of devices and VLANs stopped working / reporting data after a update on my firewall. Grafana reads a bucket in InfluxDB v1. Data is flowing to InfluxDB from ntopng. I found out that ntopng is unable to start.

OPNsense 24.7.3_1
os-ntopng 1.3

A clear and concise description of what the bug is, including last known working version (if any).

Tip: to validate your setup was working with the previous version, use opnsense-revert (https://docs.opnsense.org/manual/opnsense_tools.html#opnsense-revert)

To Reproduce Steps to reproduce the behavior:

Go to System > Firmware > Plugins
Search for ntopng and install "os-ntopng", the same with redis.
In OPNsense, click Services > Redis and enable / start Redis. Let everything be default.
Services > ntopng > Enable ntopng, click Save / Apply
An error Message does not pop up, but there is for a brief moment a load bar flashing "Please wait...".

Expected behavior

To be able to start ntopng.
To be able to see in front of me the error message ("Please wait... shows for about a second and goes away").

Screenshots If applicable, add screenshots to help explain your problem.

Relevant log files (Read the first section from bottom and up; at 00:47 Redis was not yet running)

2024-08-27T00:48:43 Warning ntopng  27/Aug/2024 00:48:43 [Ntop.cpp:3890] WARNING: Unable to find timezone: using UTC    
2024-08-27T00:48:40 Notice  root    /usr/local/etc/rc.d/ntopng: WARNING: failed to start ntopng 
2024-08-27T00:48:40 Warning ntopng  27/Aug/2024 00:48:40 [Ntop.cpp:3890] WARNING: Unable to find timezone: using UTC    
2024-08-27T00:47:27 Notice  root    /usr/local/etc/rc.d/ntopng: WARNING: failed to start ntopng 
2024-08-27T00:47:27 Error   ntopng  27/Aug/2024 00:47:27 [Redis.cpp:157] ERROR: to specify a redis server other than the default    
2024-08-27T00:47:27 Error   ntopng  27/Aug/2024 00:47:27 [Redis.cpp:154] ERROR: Please start it and try again or use -r 
2024-08-27T00:47:27 Error   ntopng  27/Aug/2024 00:47:27 [Redis.cpp:153] ERROR: ntopng requires redis server to be up and running   
2024-08-27T00:47:26 Error   ntopng  27/Aug/2024 00:47:26 [Redis.cpp:98] ERROR: Connection error [Connection refused]    
2024-08-27T00:47:25 Error   ntopng  27/Aug/2024 00:47:25 [Redis.cpp:98] ERROR: Connection error [Connection refused]    
2024-08-27T00:47:24 Error   ntopng  27/Aug/2024 00:47:24 [Redis.cpp:98] ERROR: Connection error [Connection refused]

Additional context

/usr/local/etc/rc.d/ntopng start
Certificates generated /usr/local/share/ntopng/httpdocs/ssl/ntopng-cert.pem
Starting ntopng.
md5sum: invalid option -- q
usage: md5sum [-bctwz] [files ...]
usage: grep [-abcDEFGHhIiLlmnOopqRSsUVvwxz] [-A num] [-B num] [-C num]
    [-e pattern] [-f file] [--binary-files=value] [--color=when]
    [--context=num] [--directories=action] [--label] [--line-buffered]
    [--null] [pattern] [file ...]
xargs: md5sum: terminated with signal 13; aborting
01/Sep/2024 02:01:59 [Ntop.cpp:4052] WARNING: Unable to find timezone: using UTC
01/Sep/2024 02:01:59 [Redis.cpp:171] Successfully connected to redis 127.0.0.1@0
01/Sep/2024 02:01:59 [Redis.cpp:171] Successfully connected to redis 127.0.0.1@0
ld-elf.so.1: /usr/local/lib/libgcrypt.so.20: Undefined symbol "gpgrt_add_post_log_func"
/usr/local/etc/rc.d/ntopng: WARNING: failed to start ntopng

Maybe something wrong with libgcrypt.so? Let me reinstall it?

find /usr/local/lib -name "libgcrypt.so*"
/usr/local/lib/libgcrypt.so
/usr/local/lib/libgcrypt.so.20
/usr/local/lib/libgcrypt.so.20.5.0

Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
SunnyValley repository is up to date.
All repositories are up to date.
The following 2 package(s) will be affected (of 0 checked):

Installed packages to be REINSTALLED:
    libgcrypt-1.11.0 [OPNsense]
    libgpg-error-1.48 [SunnyValley]

Number of packages to be reinstalled: 2

1 MiB to be downloaded.

Proceed with this action? [y/N]: y
[1/2] Fetching libgcrypt-1.11.0.pkg: 100%  818 KiB 837.5kB/s    00:01   
[2/2] Fetching libgpg-error-1.48.pkg: 100%  361 KiB 369.5kB/s    00:01   
Checking integrity... done (0 conflicting)
[1/2] Reinstalling libgpg-error-1.48...
[1/2] Extracting libgpg-error-1.48: 100%
[2/2] Reinstalling libgcrypt-1.11.0...
[2/2] Extracting libgcrypt-1.11.0: 100%

Although the libraries are reinstalled, I am still not able to run ntopng. Probably has something to do with ld-elf.so.1: /usr/local/lib/libgcrypt.so.20: Undefined symbol "gpgrt_add_post_log_func", but I do not know how to proceed.

Environment


OPNsense 24.7.3_1```

doktornotor commented 2 months ago

Installed packages to be REINSTALLED:
    libgcrypt-1.11.0 [OPNsense]
    libgpg-error-1.48 [SunnyValley]

I don't think mixing related libraries from different repositories is particularly good. Does it work properly once you have disabled all third-party repos?

fichtner commented 2 months ago

You probably need libgpg-error-1.50 which is indeed in our repo...

doktornotor commented 2 months ago

Well the thing is it is not getting pulled in... Can readily reproduce the broken dependencies with another repo as well:

# pkg install os-ntopng
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating mimugmail repository catalogue...
mimugmail repository is up to date.
All repositories are up to date.
The following 19 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        groff: 1.23.0_3 [OPNsense]
        hidapi: 0.14.0 [OPNsense]
        hiredis: 1.2.0.15 [OPNsense]
        libgcrypt: 1.11.0 [OPNsense]
        libgpg-error: 1.49 [mimugmail]
        libmaxminddb: 1.10.0 [OPNsense]
        libpaper: 1.1.28_1 [OPNsense]
        libunwind: 20240221 [OPNsense]
        libzmq4: 4.3.5_2 [OPNsense]
        lua54: 5.4.6_1 [OPNsense]
        mysql80-client: 8.0.39 [OPNsense]
        ndpi: 4.10.d20240807,1 [OPNsense]
        norm: 1.5r6_3 [OPNsense]
        ntopng: 6.2.d20240813,1 [OPNsense]
        openpgm: 5.2.122_6 [OPNsense]
        os-ntopng: 1.3 [OPNsense]
        psutils: 1.17_6 [OPNsense]
        uchardet: 0.0.8_1 [OPNsense]
        zstd: 1.5.6 [OPNsense]

Number of packages to be installed: 19

The process will require 187 MiB more space.
17 MiB to be downloaded.

fichtner commented 2 months ago

wrong priority on mimugmail? pkg used to ignore priority years ago and always tried to grab the latest packages. I don't see anything I can do from our side.

doktornotor commented 2 months ago

Apparently. Best to file a bug with those repos.

# grep priority /usr/local/etc/pkg/repos/*.conf
/usr/local/etc/pkg/repos/OPNsense.conf:  priority: 11,
/usr/local/etc/pkg/repos/mimugmail.conf:  priority: 190,

fichtner commented 2 months ago

I asked @mimugmail to lower it below 11 a while ago, and indeed it is:

https://www.routerperformance.net/mimugmail.conf

doktornotor commented 2 months ago

Fix it locally here. Apparently, these repos also keep stepping on each other's toes.

Not sure, wouldn't this be an item for some of those health audits? Spit out some warning if there are repositories added with higher priority than OPNsense. 🤔

fichtner commented 2 months ago

fair point, but it needs to be funnelled through opnsense-verify... meh, I'll do it by showing the priority for each repo enabled

doktornotor commented 2 months ago

Hmmm, but... https://github.com/opnsense/plugins/blob/70ecb2abd5a26d45978f901ae3dcec95144f81c5/vendor/sunnyvalley/src/etc/pkg/repos/SunnyValley.conf.shadow.in#L5

😕

fichtner commented 2 months ago

https://github.com/opnsense/update/commit/acb13c2d4b

# opnsense-verify -l
FreeBSD (Priority: 0)
OPNsense (Priority: 11)
mimugmail (Priority: 5)

psychogun commented 2 months ago

I did not notice that it was from different repositories. Is there a quick fix I can try?

doktornotor commented 2 months ago

The quick fix is setting priority in /usr/local/etc/pkg/repos/SunnyValley.conf to 10 or lower.

psychogun commented 2 months ago

# grep priority /usr/local/etc/pkg/repos/*.conf
/usr/local/etc/pkg/repos/OPNsense.conf:  priority: 11,
/usr/local/etc/pkg/repos/SunnyValley.conf:  priority: 7,

It is already < 10.

How I got it working was to add the force flag:

pkg install -f -r OPNsense libgcrypt libgpg-error
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
The following 2 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
    libgpg-error: 1.48 -> 1.50 [OPNsense]

Installed packages to be REINSTALLED:
    libgcrypt-1.11.0 [OPNsense]

Number of packages to be upgraded: 1
Number of packages to be reinstalled: 1

168 KiB to be downloaded.

Proceed with this action? [y/N]: y

fichtner commented 2 months ago

Ok, close then?

opnsense / plugins

WARNING: failed to start ntopng #4219