The configuration:
set container name suricata allow-host-networks set container name suricata arguments '-q 1' set container name suricata capability net-admin set container name suricata capability sys-admin set container name suricata capability sys-nice set container name suricata memory '1024' set container name suricata image jasonish/suricata:6.0.14 set container name suricata volume ETC source '/config/suricata/etc' set container name suricata volume ETC destination '/etc/suricata' set container name suricata volume LOGS source '/config/suricata/logs' set container name suricata volume LOGS destination '/var/log/suricata' set container name suricata volume RULES source '/config/suricata/rules' set container name suricata volume RULES destination '/var/lib/suricata/rules/'
Checking container:
vyos@VyOS-Test01# run sh container CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 7347697ca3c4 docker.io/jasonish/suricata:6.0.14 -q 1 2 minutes ago Up 2 minutes suricata
Executing the podman command:
vyos@VyOS-Test01# sudo podman restart suricata ERRO[0002] Cleaning up container 7347697ca3c48fd3bc1eebd054504036fe51bfeaaf2b581b15e6bbf1af44e6ec: unmounting container 7347697ca3c48fd3bc1eebd054504036fe51bfeaaf2b581b15e6bbf1af44e6ec storage: cleaning up container 7347697ca3c48fd3bc1eebd054504036fe51bfeaaf2b581b15e6bbf1af44e6ec storage: unmounting container 7347697ca3c48fd3bc1eebd054504036fe51bfeaaf2b581b15e6bbf1af44e6ec root filesystem: removing mount point "/usr/lib/live/mount/persistence/container/storage/overlay/d5de3349ae4e7a6453c988bcc437c822509b972f214a26683add88d4eac091e0/merged": directory not empty Error: crun: executable file `/docker-entrypoint.sh` not found in $PATH: No such file or directory: OCI runtime attempted to invoke a command that was not found [edit] vyos@VyOS-Test01# run sh container CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [edit]
Journal logs:
Aug 23 05:39:55 VyOS-Test01 systemd[1]: Started vyos-container-suricata.service - VyOS Container suricata. Aug 23 05:39:55 VyOS-Test01 vyos-configd[751]: Sending response 1 Aug 23 05:39:55 VyOS-Test01 sudo[3714]: pam_unix(sudo:session): session closed for user root Aug 23 05:39:55 VyOS-Test01 suricata[3783]: Checking for capability sys_nice: yes Aug 23 05:39:55 VyOS-Test01 suricata[3783]: Checking for capability net_admin: yes Aug 23 05:39:55 VyOS-Test01 suricata[3783]: 23/8/2024 -- 05:39:55 - <Notice> - This is Suricata version 6.0.14 RELEASE running in SYSTEM mode Aug 23 05:39:56 VyOS-Test01 systemd[1]: opt-vyatta-config-tmp-new_config_3300.mount: Deactivated successfully. Aug 23 05:39:56 VyOS-Test01 suricata[3783]: 23/8/2024 -- 05:39:56 - <Notice> - all 3 packet processing threads, 4 management threads initiali> Aug 23 05:39:57 VyOS-Test01 sudo[3841]: vyos : TTY=pts/0 ; PWD=/home/vyos ; USER=root ; COMMAND=/usr/bin/mv /tmp/config.boot.3825 /opt/vy> Aug 23 05:39:57 VyOS-Test01 sudo[3841]: pam_unix(sudo:session): session opened for user root(uid=0) by vyos(uid=1002) Aug 23 05:39:57 VyOS-Test01 sudo[3841]: pam_unix(sudo:session): session closed for user root Aug 23 05:39:57 VyOS-Test01 sudo[3844]: vyos : TTY=pts/0 ; PWD=/home/vyos ; USER=root ; COMMAND=/usr/sbin/logrotate -f -s /opt/vyatta/etc> Aug 23 05:39:57 VyOS-Test01 sudo[3844]: pam_unix(sudo:session): session opened for user root(uid=0) by vyos(uid=1002) Aug 23 05:39:57 VyOS-Test01 sudo[3844]: pam_unix(sudo:session): session closed for user root Aug 23 05:39:57 VyOS-Test01 commit[3848]: Successful change to active configuration by user vyos on /dev/pts/0 Aug 23 05:40:01 VyOS-Test01 CRON[3850]: pam_unix(cron:session): session opened for user smmsp(uid=116) by (uid=0) Aug 23 05:40:01 VyOS-Test01 CRON[3851]: (smmsp) CMD (test -x /etc/init.d/sendmail && test -x /usr/share/sendmail/sendmail && test -x /usr/lib> Aug 23 05:40:01 VyOS-Test01 CRON[3850]: pam_unix(cron:session): session closed for user smmsp Aug 23 05:40:05 VyOS-Test01 sudo[3946]: vyos : TTY=pts/0 ; PWD=/home/vyos ; USER=root ; COMMAND=/usr/libexec/vyos/op_mode/container.py sh> Aug 23 05:40:05 VyOS-Test01 sudo[3946]: pam_unix(sudo:session): session opened for user root(uid=0) by vyos(uid=1002) Aug 23 05:40:05 VyOS-Test01 sudo[3946]: pam_unix(sudo:session): session closed for user root Aug 23 05:42:33 VyOS-Test01 sudo[4026]: vyos : TTY=pts/0 ; PWD=/home/vyos ; USER=root ; COMMAND=/usr/libexec/vyos/op_mode/container.py sh> Aug 23 05:42:33 VyOS-Test01 sudo[4026]: pam_unix(sudo:session): session opened for user root(uid=0) by vyos(uid=1002) Aug 23 05:42:33 VyOS-Test01 sudo[4026]: pam_unix(sudo:session): session closed for user root Aug 23 05:44:13 VyOS-Test01 sudo[4042]: vyos : TTY=pts/0 ; PWD=/home/vyos ; USER=root ; COMMAND=/usr/bin/podman restart suricata Aug 23 05:44:13 VyOS-Test01 sudo[4042]: pam_unix(sudo:session): session opened for user root(uid=0) by vyos(uid=1002) Aug 23 05:44:13 VyOS-Test01 podman[4044]: 2024-08-23 05:44:13.632665482 +0000 UTC m=+0.038648547 container restart 7347697ca3c48fd3bc1eebd054> Aug 23 05:44:13 VyOS-Test01 systemd[1]: tmp-crun.Ci5g0B.mount: Deactivated successfully. Aug 23 05:44:13 VyOS-Test01 suricata[3783]: 23/8/2024 -- 05:44:13 - <Notice> - Signal Received. Stopping engine. Aug 23 05:44:15 VyOS-Test01 suricata[3783]: 23/8/2024 -- 05:44:15 - <Notice> - (RX-NFQ#1) Treated: Pkts 0, Bytes 0, Errors 0 Aug 23 05:44:15 VyOS-Test01 suricata[3783]: 23/8/2024 -- 05:44:15 - <Notice> - (RX-NFQ#1) Verdict: Accepted 0, Dropped 0, Replaced 0 Aug 23 05:44:15 VyOS-Test01 systemd[1]: libpod-7347697ca3c48fd3bc1eebd054504036fe51bfeaaf2b581b15e6bbf1af44e6ec.scope: Deactivated successful> Aug 23 05:44:15 VyOS-Test01 systemd[1]: libpod-7347697ca3c48fd3bc1eebd054504036fe51bfeaaf2b581b15e6bbf1af44e6ec.scope: Consumed 2.755s CPU ti> Aug 23 05:44:15 VyOS-Test01 conmon[3783]: conmon 7347697ca3c48fd3bc1e <nwarn>: Failed to open cgroups file: /sys/fs/cgroup/machine.slice/libp> Aug 23 05:44:15 VyOS-Test01 podman[4044]: 2024-08-23 05:44:15.330415656 +0000 UTC m=+1.736398751 container stop 7347697ca3c48fd3bc1eebd054504> Aug 23 05:44:15 VyOS-Test01 conmon[3783]: conmon 7347697ca3c48fd3bc1e <nwarn>: stdio_input read failed Input/output error Aug 23 05:44:15 VyOS-Test01 podman[4044]: 2024-08-23 05:44:15.34161293 +0000 UTC m=+1.747596025 container died 7347697ca3c48fd3bc1eebd0545040> Aug 23 05:44:15 VyOS-Test01 systemd[1]: vyos-container-suricata.service: Main process exited, code=killed, status=9/KILL Aug 23 05:44:15 VyOS-Test01 systemd[1]: tmp-crun.o2fD5w.mount: Deactivated successfully. Aug 23 05:44:15 VyOS-Test01 systemd[1]: usr-lib-live-mount-persistence-container-storage-overlay-d5de3349ae4e7a6453c988bcc437c822509b972f214a> Aug 23 05:44:15 VyOS-Test01 systemd[1]: tmp-crun.Sf0Itf.mount: Deactivated successfully. Aug 23 05:44:15 VyOS-Test01 systemd[1]: Started libpod-7347697ca3c48fd3bc1eebd054504036fe51bfeaaf2b581b15e6bbf1af44e6ec.scope - libcrun conta> Aug 23 05:44:15 VyOS-Test01 systemd[1]: libpod-7347697ca3c48fd3bc1eebd054504036fe51bfeaaf2b581b15e6bbf1af44e6ec.scope: Deactivated successful> Aug 23 05:44:15 VyOS-Test01 conmon[4059]: conmon 7347697ca3c48fd3bc1e <nwarn>: Failed to get console terminal settings Aug 23 05:44:15 VyOS-Test01 conmon[4059]: conmon 7347697ca3c48fd3bc1e <nwarn>: runtime stderr: executable file `/docker-entrypoint.sh` not fo> Aug 23 05:44:15 VyOS-Test01 conmon[4059]: conmon 7347697ca3c48fd3bc1e <error>: Failed to create container: exit status 1 Aug 23 05:44:15 VyOS-Test01 sudo[4042]: pam_unix(sudo:session): session closed for user root Aug 23 05:44:15 VyOS-Test01 podman[4057]: 2024-08-23 05:44:15.711209293 +0000 UTC m=+0.205431042 container remove 7347697ca3c48fd3bc1eebd0545> Aug 23 05:44:15 VyOS-Test01 podman[4057]: Error: cleaning up storage: removing container 7347697ca3c48fd3bc1eebd054504036fe51bfeaaf2b581b15e6> Aug 23 05:44:15 VyOS-Test01 systemd[1]: vyos-container-suricata.service: Control process exited, code=exited, status=125/n/a Aug 23 05:44:15 VyOS-Test01 systemd[1]: vyos-container-suricata.service: Failed with result 'signal'. Aug 23 05:44:15 VyOS-Test01 systemd[1]: vyos-container-suricata.service: Scheduled restart job, restart counter is at 1. Aug 23 05:44:15 VyOS-Test01 systemd[1]: Stopped vyos-container-suricata.service - VyOS Container suricata. Aug 23 05:44:15 VyOS-Test01 systemd[1]: Starting vyos-container-suricata.service - VyOS Container suricata... Aug 23 05:44:15 VyOS-Test01 podman[4081]: time="2024-08-23T05:44:15Z" level=warning msg="The input device is not a TTY. The --tty and --inter> Aug 23 05:44:15 VyOS-Test01 podman[4081]: time="2024-08-23T05:44:15Z" level=warning msg="Unmounting container \"suricata\" while attempting t> Aug 23 05:44:15 VyOS-Test01 podman[4081]: Error: removing storage for container "suricata": removing mount point "/usr/lib/live/mount/persist> Aug 23 05:44:16 VyOS-Test01 podman[4081]: 2024-08-23 05:44:15.968156521 +0000 UTC m=+0.058205106 image pull 3981ebe57e30a593c39a761cb5e753614> Aug 23 05:44:16 VyOS-Test01 systemd[1]: vyos-container-suricata.service: Control process exited, code=exited, status=125/n/a Aug 23 05:44:16 VyOS-Test01 systemd[1]: vyos-container-suricata.service: Failed with result 'exit-code'. Aug 23 05:44:16 VyOS-Test01 systemd[1]: Failed to start vyos-container-suricata.service - VyOS Container suricata. Aug 23 05:44:16 VyOS-Test01 systemd[1]: vyos-container-suricata.service: Scheduled restart job, restart counter is at 2. Aug 23 05:44:16 VyOS-Test01 systemd[1]: Stopped vyos-container-suricata.service - VyOS Container suricata. Aug 23 05:44:16 VyOS-Test01 systemd[1]: Starting vyos-container-suricata.service - VyOS Container suricata... Aug 23 05:44:16 VyOS-Test01 systemd[1]: usr-lib-live-mount-persistence-container-storage-overlay\x2dcontainers-7347697ca3c48fd3bc1eebd0545040> Aug 23 05:44:16 VyOS-Test01 podman[4100]: time="2024-08-23T05:44:16Z" level=warning msg="The input device is not a TTY. The --tty and --inter> Aug 23 05:44:16 VyOS-Test01 podman[4100]: time="2024-08-23T05:44:16Z" level=warning msg="Unmounting container \"suricata\" while attempting t> Aug 23 05:44:16 VyOS-Test01 podman[4100]: Error: removing storage for container "suricata": removing mount point "/usr/lib/live/mount/persist> Aug 23 05:44:16 VyOS-Test01 podman[4100]: 2024-08-23 05:44:16.468422328 +0000 UTC m=+0.047160950 image pull 3981ebe57e30a593c39a761cb5e753614> Aug 23 05:44:16 VyOS-Test01 systemd[1]: vyos-container-suricata.service: Control process exited, code=exited, status=125/n/a Aug 23 05:44:16 VyOS-Test01 systemd[1]: vyos-container-suricata.service: Failed with result 'exit-code'. Aug 23 05:44:16 VyOS-Test01 systemd[1]: Failed to start vyos-container-suricata.service - VyOS Container suricata. Aug 23 05:44:16 VyOS-Test01 systemd[1]: vyos-container-suricata.service: Scheduled restart job, restart counter is at 3. Aug 23 05:44:16 VyOS-Test01 systemd[1]: Stopped vyos-container-suricata.service - VyOS Container suricata. Aug 23 05:44:16 VyOS-Test01 systemd[1]: Starting vyos-container-suricata.service - VyOS Container suricata... Aug 23 05:44:16 VyOS-Test01 podman[4119]: time="2024-08-23T05:44:16Z" level=warning msg="The input device is not a TTY. The --tty and --inter> Aug 23 05:44:16 VyOS-Test01 podman[4119]: time="2024-08-23T05:44:16Z" level=warning msg="Unmounting container \"suricata\" while attempting t> Aug 23 05:44:16 VyOS-Test01 podman[4119]: Error: removing storage for container "suricata": removing mount point "/usr/lib/live/mount/persist> Aug 23 05:44:16 VyOS-Test01 podman[4119]: 2024-08-23 05:44:16.948894298 +0000 UTC m=+0.042025846 image pull 3981ebe57e30a593c39a761cb5e753614> Aug 23 05:44:16 VyOS-Test01 systemd[1]: vyos-container-suricata.service: Control process exited, code=exited, status=125/n/a Aug 23 05:44:17 VyOS-Test01 systemd[1]: vyos-container-suricata.service: Failed with result 'exit-code'. Aug 23 05:44:17 VyOS-Test01 systemd[1]: Failed to start vyos-container-suricata.service - VyOS Container suricata. Aug 23 05:44:17 VyOS-Test01 systemd[1]: vyos-container-suricata.service: Scheduled restart job, restart counter is at 4. Aug 23 05:44:17 VyOS-Test01 systemd[1]: Stopped vyos-container-suricata.service - VyOS Container suricata. Aug 23 05:44:17 VyOS-Test01 systemd[1]: Starting vyos-container-suricata.service - VyOS Container suricata... Aug 23 05:44:17 VyOS-Test01 podman[4138]: time="2024-08-23T05:44:17Z" level=warning msg="The input device is not a TTY. The --tty and --inter> Aug 23 05:44:17 VyOS-Test01 podman[4138]: 2024-08-23 05:44:17.462338524 +0000 UTC m=+0.039654783 image pull 3981ebe57e30a593c39a761cb5e753614> Aug 23 05:44:17 VyOS-Test01 podman[4138]: time="2024-08-23T05:44:17Z" level=warning msg="Unmounting container \"suricata\" while attempting t> Aug 23 05:44:17 VyOS-Test01 podman[4138]: Error: removing storage for container "suricata": removing mount point "/usr/lib/live/mount/persist> Aug 23 05:44:17 VyOS-Test01 systemd[1]: vyos-container-suricata.service: Control process exited, code=exited, status=125/n/a Aug 23 05:44:17 VyOS-Test01 systemd[1]: vyos-container-suricata.service: Failed with result 'exit-code'. Aug 23 05:44:17 VyOS-Test01 systemd[1]: Failed to start vyos-container-suricata.service - VyOS Container suricata. Aug 23 05:44:17 VyOS-Test01 systemd[1]: vyos-container-suricata.service: Scheduled restart job, restart counter is at 5. Aug 23 05:44:17 VyOS-Test01 systemd[1]: Stopped vyos-container-suricata.service - VyOS Container suricata. Aug 23 05:44:17 VyOS-Test01 systemd[1]: Starting vyos-container-suricata.service - VyOS Container suricata... Aug 23 05:44:17 VyOS-Test01 podman[4157]: time="2024-08-23T05:44:17Z" level=warning msg="The input device is not a TTY. The --tty and --inter> Aug 23 05:44:17 VyOS-Test01 podman[4157]: time="2024-08-23T05:44:17Z" level=warning msg="Unmounting container \"suricata\" while attempting t> Aug 23 05:44:18 VyOS-Test01 podman[4157]: Error: removing storage for container "suricata": removing mount point "/usr/lib/live/mount/persist> Aug 23 05:44:18 VyOS-Test01 podman[4157]: 2024-08-23 05:44:17.971692402 +0000 UTC m=+0.062170116 image pull 3981ebe57e30a593c39a761cb5e753614> Aug 23 05:44:18 VyOS-Test01 systemd[1]: vyos-container-suricata.service: Control process exited, code=exited, status=125/n/a Aug 23 05:44:18 VyOS-Test01 systemd[1]: vyos-container-suricata.service: Failed with result 'exit-code'. Aug 23 05:44:18 VyOS-Test01 systemd[1]: Failed to start vyos-container-suricata.service - VyOS Container suricata. Aug 23 05:44:18 VyOS-Test01 systemd[1]: vyos-container-suricata.service: Scheduled restart job, restart counter is at 6. Aug 23 05:44:18 VyOS-Test01 systemd[1]: Stopped vyos-container-suricata.service - VyOS Container suricata. Aug 23 05:44:18 VyOS-Test01 systemd[1]: vyos-container-suricata.service: Start request repeated too quickly. Aug 23 05:44:18 VyOS-Test01 systemd[1]: vyos-container-suricata.service: Failed with result 'exit-code'. Aug 23 05:44:18 VyOS-Test01 systemd[1]: Failed to start vyos-container-suricata.service - VyOS Container suricata. Aug 23 05:44:26 VyOS-Test01 sudo[4241]: vyos : TTY=pts/0 ; PWD=/home/vyos ; USER=root ; COMMAND=/usr/libexec/vyos/op_mode/container.py sh> Aug 23 05:44:26 VyOS-Test01 sudo[4241]: pam_unix(sudo:session): session opened for user root(uid=0) by vyos(uid=1002) Aug 23 05:44:26 VyOS-Test01 sudo[4241]: pam_unix(sudo:session): session closed for user root
Also after the restart container commands do successfully load:
vyos@VyOS-Test01:~$ show configuration commands | grep container
vyos@VyOS-Test01:~$ conf
WARNING: There was a config error on boot: saving the configuration now could overwrite data.
You may want to check and reload the boot config
[edit]
vyos@VyOS-Test01# load /config/config.boot
Loading configuration from '/config/config.boot'
Load complete. Use 'commit' to make changes effective.
[edit]
vyos@VyOS-Test01# coma
Invalid command: [coma]
[edit]
vyos@VyOS-Test01# compare
+ container {
+ name suricata {
+ allow-host-networks
+ arguments "-q 1"
+ capability "net-admin"
+ capability "sys-admin"
+ capability "sys-nice"
+ image "jasonish/suricata:6.0.14"
+ memory "1024"
+ volume ETC {
+ destination "/etc/suricata"
+ source "/config/suricata/etc"
+ }
+ volume LOGS {
+ destination "/var/log/suricata"
+ source "/config/suricata/logs"
+ }
+ volume RULES {
+ destination "/var/lib/suricata/rules/"
+ source "/config/suricata/rules"
+ }
+ }
+ }
[edit]
vyos@VyOS-Test01# commit
[ container ]
VyOS had an issue completing a command.
We are sorry that you encountered a problem while using VyOS.
There are a few things you can do to help us (and yourself):
- Contact us using the online help desk if you have a subscription:
https://support.vyos.io/
- Make sure you are running the latest version of VyOS available at:
https://vyos.net/get/
- Consult the community forum to see how to handle this issue:
https://forum.vyos.io
- Join us on Slack where our users exchange help and advice:
https://vyos.slack.com
When reporting problems, please include as much information as possible:
- do not obfuscate any data (feel free to contact us privately if your
business policy requires it)
- and include all the information presented below
Report time: 2024-08-23 05:53:12
Image version: VyOS 1.4.0
Release train: sagitta
Built by: Sentrium S.L.
Built on: Tue 04 Jun 2024 09:23 UTC
Build UUID: 5e6ae0c4-4d17-4b69-9247-b4ba44a3e3c2
Build commit ID: 35dd8ae6522c78-dirty
Architecture: x86_64
Boot via: installed image
System type: VMware guest
Hardware vendor: VMware, Inc.
Hardware model: VMware Virtual Platform
Hardware S/N: VMware-56 4d f4 7a e2 3a 16 69-d8 92 3a 5f 27 86 6f 46
Hardware UUID: 7af44d56-3ae2-6916-d892-3a5f27866f46
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/container.py", line 493, in <module>
apply(c)
File "/usr/libexec/vyos/conf_mode/container.py", line 466, in apply
cmd(f'systemctl restart vyos-container-{name}.service')
File "/usr/lib/python3/dist-packages/vyos/utils/process.py", line 155, in cmd
raise OSError(code, feedback)
PermissionError: [Errno 1] failed to run command: systemctl restart vyos-container-suricata.service
returned:
exit code: 1
noteworthy:
cmd 'systemctl restart vyos-container-suricata.service'
returned (out):
returned (err):
Job for vyos-container-suricata.service failed because the control process exited with error code.
See "systemctl status vyos-container-suricata.service" and "journalctl -xeu vyos-container-suricata.service" for details.
[[container]] failed
Commit failed
[edit]
vyos@VyOS-Test01#
[edit]
vyos@VyOS-Test01#
[edit]
vyos@VyOS-Test01# run sh container
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[edit]A temporary workaround could be used:
sudo podman rm <CONTAINER NAME>
vyos@VyOS-Test01# sudo podman rm suricata
suricata
[edit]
vyos@VyOS-Test01# compare
+ container {
+ name suricata {
+ allow-host-networks
+ arguments "-q 1"
+ capability "net-admin"
+ capability "sys-admin"
+ capability "sys-nice"
+ image "jasonish/suricata:6.0.14"
+ memory "1024"
+ volume ETC {
+ destination "/etc/suricata"
+ source "/config/suricata/etc"
+ }
+ volume LOGS {
+ destination "/var/log/suricata"
+ source "/config/suricata/logs"
+ }
+ volume RULES {
+ destination "/var/lib/suricata/rules/"
+ source "/config/suricata/rules"
+ }
+ }
+ }
[edit]
vyos@VyOS-Test01# commit
[edit]
vyos@VyOS-Test01# run sh container
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9dad3ea7522a docker.io/jasonish/suricata:6.0.14 -q 1 14 seconds ago Up 13 seconds suricata
[edit]
vyos@VyOS-Test01#