Unable to login after v6 update (getrandom() Error)

Help docker
1

Been running successfully on previous versions and just updated to v6 (2025.02.2). Swapped out variables and from what I can see after allowing the upgrade to update the system everything is working, except for I cant login to the system anymore.

I see in the log:
[i] Assigning password defined by Environment Variable

so I dont appear to have botched the password variable however I noticed in the log errors with "getrandom() failed" in multiple spots on boot and when I attempt to login specifically get the sequence:

ERROR: getrandom() failed in create_password()
ERROR: getrandom() failed in generateSID()
ERROR: getrandom() failed in generateSID()
INFO: Local URI: "/admin/"                
INFO: Local URI: "/admin/login"

It appears that the new v6 is having an issue with instantiating something with random so that it can't calculate the hashes preventing login since it then can't compare null hashes?

1 Like
2

Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:

pihole -d

or if you run your Pi-hole as a Docker container:

docker exec -it <pihole-container-name-or-id> pihole -d

where you substitute <pihole-container-name-or-id> as required.

3

https://tricorder.pi-hole.net/7Ooatjo7/

4

Where did you see these errors? Which log?
Can you post some lines before and after the message?

5

I guess I should specify this is the terminal log from startup when I launch the container

2025-02-20 18:36:49.683 MST [54M] INFO: ########## FTL started on pihole-pihole! ########## 
2025-02-20 18:36:49.683 MST [54M] INFO: FTL branch: master 
2025-02-20 18:36:49.683 MST [54M] INFO: FTL version: v6.0.1 
2025-02-20 18:36:49.683 MST [54M] INFO: FTL commit: 62904aef 
2025-02-20 18:36:49.683 MST [54M] INFO: FTL date: 2025-02-20 23:07:18 +0000 
2025-02-20 18:36:49.683 MST [54M] INFO: FTL user: root 
2025-02-20 18:36:49.683 MST [54M] INFO: Compiled for linux/amd64 (compiled on CI) using cc (Alpine 14.2.0) 14.2.0 
2025-02-20 18:36:49.686 MST [54M] ERROR: getrandom() failed in create_password()
2025-02-20 18:36:49.686 MST [54M] INFO: 2 FTLCONF environment variables found (1 used, 0 invalid, 1 ignored)
2025-02-20 18:36:49.686 MST [54M] INFO: [✓] FTLCONF_webserver_api_password is used
2025-02-20 18:36:49.687 MST [54M] WARNING: [?] FTLCONF_LOCAL_IPV4 is unknown, did you mean any of these?
2025-02-20 18:36:49.687 MST [54M] WARNING: - FTLCONF_debug_all
6

Thanks. This is the docker log.

I will investigate if this is also happening with other users (bug in the image) or if this is just happening with you (in this case we will need more information).

I will probably only answer tomorrow.

7

Understood, I see [2025.02.3] just released, should I upgrade or hold off?

8

Go ahead.

If the new image fixes the issue and no one else complains about it, it was probably a local issue in your machine.

9

No difference, still seeing the docker log getrandom errors and unable to login to admin side

10

Option 1:
There is an error in the images created for your architecture.

Option 2:
There is something wrong in your host OS.

We need more information to find out what is happening:

  • we need to wait to see if other users have the same issue

  • Please provide more details about your host machine, specially CPU architecture and OS version. Also, post your compose file used to start the container.

11

I am running this via Container Manager on a Synology system so its a bit abstracted.

  • CPU is INTEL Atom C2538 so should be an x86 architecture
  • OS version is specifically DSM 7.2.2-72806 Update 3, container manager 20.10.23-1437 (both of which are latest)

It isn't using a default compose but this is the json settings that exports (with api password redacted):

{
   "CapAdd" : null,
   "CapDrop" : null,
   "cmd" : "",
   "cpu_priority" : 50,
   "enable_publish_all_ports" : false,
   "enable_restart_policy" : true,
   "enable_service_portal" : null,
   "enabled" : false,
   "entrypoint_default" : "/s6-init",
   "env_variables" : [
      {
         "key" : "PATH",
         "value" : "/opt/pihole:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
      },
      {
         "key" : "DNSMASQ_USER",
         "value" : "root"
      },
      {
         "key" : "FTL_CMD",
         "value" : "no-daemon"
      },
      {
         "key" : "phpver",
         "value" : "php"
      },
      {
         "key" : "PHP_ERROR_LOG",
         "value" : "/var/log/lighttpd/error.log"
      },
      {
         "key" : "S6_KEEP_ENV",
         "value" : "1"
      },
      {
         "key" : "S6_BEHAVIOUR_IF_STAGE2_FAILS",
         "value" : "2"
      },
      {
         "key" : "S6_CMD_WAIT_FOR_SERVICES_MAXTIME",
         "value" : "0"
      },
      {
         "key" : "FTLCONF_LOCAL_IPV4",
         "value" : "0.0.0.0"
      },
      {
         "key" : "PHP_ENV_CONFIG",
         "value" : "/etc/lighttpd/conf-enabled/15-fastcgi-php.conf"
      },
      {
         "key" : "PIHOLE_DOCKER_TAG",
         "value" : "latest"
      },
      {
         "key" : "S6_OVERLAY_VERSION",
         "value" : "v2.1.0.2"
      },
      {
         "key" : "PIHOLE_INSTALL",
         "value" : "/etc/.pihole/automated install/basic-install.sh"
      },
      {
         "key" : "S6_LOGGING",
         "value" : "0"
      },
      {
         "key" : "FTLCONF_webserver_api_password",
         "value" : "<redacted>"
      },
      {
         "key" : "S6OVERLAY_RELEASE",
         "value" : "https://github.com/just-containers/s6-overlay/releases/download/v2.1.0.2/s6-overlay-amd64.tar.gz"
      },
      {
         "key" : "TZ",
         "value" : "America/Phoenix"
      }
   ],
   "exporting" : false,
   "id" : "e9620bad85c7a48f312abdb85efbb57dde3adf5af0ebe8cbfe1dd9cca0ae0324",
   "image" : "pihole/pihole:latest",
   "is_ddsm" : false,
   "is_package" : false,
   "labels" : {
      "org.opencontainers.image.created" : "2025-02-21T01:58:45.763Z",
      "org.opencontainers.image.description" : "Pi-hole in a docker container",
      "org.opencontainers.image.licenses" : "NOASSERTION",
      "org.opencontainers.image.revision" : "29b604af3f1e65523dbb0971749efed236e151fa",
      "org.opencontainers.image.source" : "https://github.com/pi-hole/docker-pi-hole",
      "org.opencontainers.image.title" : "docker-pi-hole",
      "org.opencontainers.image.url" : "https://github.com/pi-hole/docker-pi-hole",
      "org.opencontainers.image.version" : "2025.02.3"
   },
   "links" : [],
   "memory_limit" : 0,
   "name" : "pihole-pihole",
   "network" : [
      {
         "driver" : "bridge",
         "name" : "bridge"
      }
   ],
   "network_mode" : "bridge",
   "port_bindings" : [
      {
         "container_port" : 443,
         "host_port" : 8989,
         "type" : "tcp"
      },
      {
         "container_port" : 53,
         "host_port" : 53,
         "type" : "tcp"
      },
      {
         "container_port" : 53,
         "host_port" : 53,
         "type" : "udp"
      },
      {
         "container_port" : 80,
         "host_port" : 8988,
         "type" : "tcp"
      }
   ],
   "privileged" : false,
   "shortcut" : {
      "enable_shortcut" : false,
      "enable_status_page" : false,
      "enable_web_page" : false,
      "web_page_url" : ""
   },
   "use_host_network" : false,
   "version" : 2,
   "volume_bindings" : [
      {
         "host_volume_file" : "/docker/pihole/etc-pihole",
         "is_directory" : true,
         "mount_point" : "/etc/pihole/",
         "type" : "rw"
      },
      {
         "host_volume_file" : "/docker/pihole/etc-dnsmasq.d",
         "is_directory" : true,
         "mount_point" : "/etc/dnsmasq.d/",
         "type" : "rw"
      },
      {
         "host_volume_file" : "/docker/pihole/var-log-pihole",
         "is_directory" : true,
         "mount_point" : "/var/log/pihole/",
         "type" : "rw"
      }
   ]
}
12

A post was split to a new topic: Webinterface not fully loading

14

Yes, this is interesting, it probably means your system does not have enough entropy for cryptograhically sound randomness. Could you try if that has changed by now by trying

docker exec -it <pihole-container-name-or-id> pihole-FTL --config webserver.api.password "your-password-here"

?If it still doesn't work then there may be some setting in place that prevents your container from sourcing secure randomness from the host.

15
16

I have exact the same issue:

 2025-02-21 20:08:00.655 UTC [58M] ERROR: getrandom() failed in generate_password()
 2025-02-21 20:08:00.655 UTC [58M] ERROR: Failed to generate CLI password hash

Hardware:
Synology DS1517+

  • CPU INTEL Atom C2538 x86 architecture
  • OS Linux version 3.10.108 (root@build7) (gcc version 8.5.0 (GCC) ) #42962 SMP Fri Mar 24 00:28:41 CST 2023

In portainer I have used these for compose:

services:
  pihole:
    image: pihole/pihole
    container_name: pi-hole
    network_mode: host
    security_opt:
      - no-new-privileges:false
    restart: on-failure:5
    volumes:
      - /volume1/docker/pihole/dnsmasq.d:/etc/dnsmasq.d:rw
      - /volume1/docker/pihole/pihole:/etc/pihole:rw
    environment:
      TZ: europe/brussels
      FTLCONF_webserver_api_password: pihole
      FTLCONF_webserver_port: 8181
      FTLCONF_debug_api: 'true'
      DNSMASQ_USER: root # root is required for Synology NAS'ses
      PIHOLE_UID: 1027
      PIHOLE_GID: 101
    cap_add:
      - SYS_TIME
      - SYS_NICE
17

Dropped the parameter to test, get result:

getrandom() failed in create_password()
*************
Trying to compare a NULL (L) string in writeFTLtoml() (app/src/config/toml_writer.c:104)

Interestingly the password worked however after using the config command

I reset the container and i think it was actually just no passwords set so it has open access upon further review and it was just when I submitted the cached login page it took me to the dashboard

18

I have a DS415+ and pihole V6 crashes as soon as I try to load admin page. I just tried with blank password and it works.

19

Fantastic this has worked for me too :+1:

20

All, I'm trying to put together a list of occurrences of this issue, so far - with one exception - the issue appears to be occurring on Intel Atom processors

The following spreadsheet is open for anyone to edit - if you have this issue please add to it (if I've already added your details from this thread, please confirm them on the sheet and fill out anything I have missed)

Just a note here, slightly off topic but possibly relevant, this may no longer be true - I am running with default DNSMASQ_USER of pihole on my DS218+

21

This should finally be resolved by the not-yet-but-soon-to-be-released Pi-hole FTL v6.0.4 containing two fallback layers for secure randomness generation covering cases like we are seeing here with ancient kernels still running on present devices but also ones with modern kernels where this feature has been removed (for whatever reason).

Once FTL v6.0.4 has been released, please don't forget to go back to master using

sudo pihole checkout ftl master

or use the correct dockertag again to avoid staying on the special branch which won't receive any further updates from this point on.

Thank you all for helping to nail this down, providing detailed information and confirming our proposed fix so swiftly. This was really some great bug hunting!