Hardware: Digital Ocean VPS YunoHost version: 4.3.2.2 I have access to my server : SSH on a VPS Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
Description of my issue
Hello, I’m getting an error while trying to install Nextcloud on my yunohost.
It looks like it has to do with fail2ban:
2021-11-11 13:21:21,081: WARNING - [Error] Nov 11 13:08:46 systemd[1]: /lib/systemd/system/fail2ban.service:12: PIDFile= references path below legacy directory /var/run/, updating /var/run/fail2ban/fail2ban.pid → /run/fail2ban/fail2ban.pid; please update the unit file accordingly.
2021-11-11 13:21:21,082: WARNING - Nov 11 13:08:50 systemd[1]: Reloading Fail2Ban Service.
2021-11-11 13:21:21,082: WARNING - Nov 11 13:08:50 fail2ban-client[26834]: NOK: ("No failure-id group in 'Regex to match into the log for a failed login'",)
2021-11-11 13:21:21,083: WARNING - Nov 11 13:08:50 fail2ban-client[26834]: No failure-id group in 'Regex to match into the log for a failed login'
2021-11-11 13:21:21,083: WARNING - Nov 11 13:08:50 systemd[1]: fail2ban.service: Control process exited, code=exited, status=255/EXCEPTION
I had a look at my /lib/systemd/system/fail2ban.service,
# cat /lib/systemd/system/fail2ban.service
[Unit]
Description=Fail2Ban Service
Documentation=man:fail2ban(1)
After=network.target iptables.service firewalld.service ip6tables.service ipset.service
PartOf=firewalld.service
[Service]
Type=simple
ExecStartPre=/bin/mkdir -p /var/run/fail2ban
ExecStart=/usr/bin/fail2ban-server -xf start
# if should be logged in systemd journal, use following line or set logtarget to sysout in fail2ban.local
# ExecStart=/usr/bin/fail2ban-server -xf --logtarget=sysout start
ExecStop=/usr/bin/fail2ban-client stop
ExecReload=/usr/bin/fail2ban-client reload
PIDFile=/var/run/fail2ban/fail2ban.pid
Restart=on-failure
RestartPreventExitStatus=0 255
[Install]
WantedBy=multi-user.target
My Nexctloud installed with no problems, but it has been a while back. Maybe this check got stricter.
You could try changing the path in the way suggested in the logging, by removing the /var-bit; the one is a symlink to the other:
# ls -hals /var/run
0 lrwxrwxrwx 1 root root 4 Jan 24 2019 /var/run -> /run
@wbk thanks. I tried with your fail2ban service file (and running daemon-reload) and also modifying the unit file to reference fail2ban by /run/fail2ban instead of /var/run/fail2ban,
but neither helped
seeing the same error when installing nextcloud and unable to install
@ljf here is the result of journalctl -u fail2ban:
-- Logs begin at Wed 2021-11-10 19:45:02 UTC, end at Thu 2021-11-11 16:38:26 UTC. --
Nov 11 09:52:24 mfowler.info systemd[1]: /lib/systemd/system/fail2ban.service:12: PIDFile= references path below legacy directory /var/run/, updating /var/run/fail2ban/fail2ba
Nov 11 09:52:24 mfowler.info systemd[1]: /lib/systemd/system/fail2ban.service:12: PIDFile= references path below legacy directory /var/run/, updating /var/run/fail2ban/fail2ba
Nov 11 09:52:24 mfowler.info systemd[1]: /lib/systemd/system/fail2ban.service:12: PIDFile= references path below legacy directory /var/run/, updating /var/run/fail2ban/fail2ba
Nov 11 09:52:24 mfowler.info systemd[1]: /lib/systemd/system/fail2ban.service:12: PIDFile= references path below legacy directory /var/run/, updating /var/run/fail2ban/fail2ba
Nov 11 09:52:25 mfowler.info systemd[1]: /lib/systemd/system/fail2ban.service:12: PIDFile= references path below legacy directory /var/run/, updating /var/run/fail2ban/fail2ba
Nov 11 11:59:51 mfowler.info systemd[1]: Reloading Fail2Ban Service.
Nov 11 12:00:16 mfowler.info fail2ban-client[24616]: NOK: ("No failure-id group in 'Regex to match into the log for a failed login'",)
Nov 11 12:00:16 mfowler.info fail2ban-client[24616]: No failure-id group in 'Regex to match into the log for a failed login'
Nov 11 12:00:16 mfowler.info systemd[1]: fail2ban.service: Control process exited, code=exited, status=255/EXCEPTION
Nov 11 12:00:16 mfowler.info systemd[1]: Reload failed for Fail2Ban Service.
Nov 11 12:00:24 mfowler.info systemd[1]: /lib/systemd/system/fail2ban.service:12: PIDFile= references path below legacy directory /var/run/, updating /var/run/fail2ban/fail2ba
Nov 11 12:00:31 mfowler.info systemd[1]: Reloading Fail2Ban Service.
Nov 11 12:00:31 mfowler.info fail2ban-client[27645]: NOK: ("No failure-id group in 'Regex to match into the log for a failed login'",)
Nov 11 12:00:31 mfowler.info fail2ban-client[27645]: No failure-id group in 'Regex to match into the log for a failed login'
Nov 11 12:00:31 mfowler.info systemd[1]: fail2ban.service: Control process exited, code=exited, status=255/EXCEPTION
Nov 11 12:00:31 mfowler.info systemd[1]: Reload failed for Fail2Ban Service.
Nov 11 12:01:16 mfowler.info systemd[1]: /lib/systemd/system/fail2ban.service:12: PIDFile= references path below legacy directory /var/run/, updating /var/run/fail2ban/fail2ba
Nov 11 12:01:23 mfowler.info systemd[1]: Stopping Fail2Ban Service...
And here is the result of systemctl status fail2ban:
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2021-11-11 16:38:23 UTC; 4min 17s ago
Docs: man:fail2ban(1)
Process: 17847 ExecReload=/usr/bin/fail2ban-client reload (code=exited, status=255/EXCEPTION)
Main PID: 2910 (fail2ban-server)
Tasks: 1 (limit: 2375)
Memory: 20.8M
CGroup: /system.slice/fail2ban.service
└─2910 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
Nov 11 16:40:58 mfowler.info systemd[1]: /lib/systemd/system/fail2ban.service:12: PIDFile= references path below legacy directory /var/run/, updating /var/run/fail2ban/fail2ba
Nov 11 16:40:59 mfowler.info systemd[1]: /lib/systemd/system/fail2ban.service:12: PIDFile= references path below legacy directory /var/run/, updating /var/run/fail2ban/fail2ba
Nov 11 16:40:59 mfowler.info systemd[1]: /lib/systemd/system/fail2ban.service:12: PIDFile= references path below legacy directory /var/run/, updating /var/run/fail2ban/fail2ba
Nov 11 16:41:00 mfowler.info systemd[1]: /lib/systemd/system/fail2ban.service:12: PIDFile= references path below legacy directory /var/run/, updating /var/run/fail2ban/fail2ba
Nov 11 16:41:00 mfowler.info systemd[1]: /lib/systemd/system/fail2ban.service:12: PIDFile= references path below legacy directory /var/run/, updating /var/run/fail2ban/fail2ba
Nov 11 16:41:09 mfowler.info systemd[1]: Reloading Fail2Ban Service.
Nov 11 16:41:09 mfowler.info fail2ban-client[17847]: NOK: ("No failure-id group in 'Regex to match into the log for a failed login'",)
Nov 11 16:41:09 mfowler.info fail2ban-client[17847]: No failure-id group in 'Regex to match into the log for a failed login'
I’ve tried running systemctl restart fail2ban a few times, which works, but the error comes back after trying to update or install an app, as described above.
Cool, I can simply replicate the error, in terminal, by running:
fail2ban-client reload
which gives the output:
NOK: ("No failure-id group in 'Regex to match into the log for a failed login'",)
No failure-id group in 'Regex to match into the log for a failed login'
now to figure out which configuration actually causes this error…
I ran fail2ban-client -d
to get an output of all my fail2ban configurations,
and found a setting which matched the error message I was seeing.
The setting came from archivebox, an app that I had packaged for yunohost. While developing the package, I must have made an invalid fail2ban configuration at some point, which somehow stayed around. I guess this didn’t cause any problems until I updated yunohost, and then somehow it became an issue.
Sorry for wasting anyone’s time to read through this when it ended up to be my specific issue.
I was able to fix the issue by removing the stale archivebox fail2ban configurations from /etc/fail2ban/filter.d and /etc/fail2ban/jail.d