-
Notifications
You must be signed in to change notification settings - Fork 485
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add autoregistration functionality to agents #3319
Comments
@ViktorOrda: Thanks for opening an issue, it is currently awaiting triage. In the meantime, you can:
DetailsI am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository. |
@ViktorOrda: There are no 'kind' label on this issue. You need a 'kind' label to start the triage process.
DetailsI am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository. |
Please note the PR you are referencing is not general release yet, you can either use the I will read the rest of your issue, I thought I'll point this out early so you can see why it may not have worked. Edit: Okay, I can see the issue is the docker_script has no way to pass the registration method to the container runtime, plus also at the moment I dont see any calls to |
Just for documentation skake I dump some ideas here: crowdsec/docker/docker_start.sh Lines 277 to 284 in 5d414f5
We check if LAPI is disabled then set the configuration via env vars that are passed into the container, if we have a registration token these could be randomly generated instead 🤷🏻 so we should add an if check firstly if these vars exist then set them? then there should be a if check on the registration key and if this is passed we run
We might want to rename the varaible as you might want to spin up a LAPI only that sets the configuration as this token but 🤷🏻 |
Also because I never asked, are you using some orchestration software like kubernetes for auto scaling? |
We use AWS ECS Fargate as orchestrator |
IMO env for LAPI (i.e. |
Yeah I came to the same conclusion whilst I was editing my comments 👍🏻 For now a workaround seems unlikely, as technically you could just modify the startup script and add the checks (we need to test and validate it before we merge anything hence the conf_set_if "$LOCAL_API_URL" '.url = strenv(LOCAL_API_URL)' "$lapi_credentials_path"
if istrue "$DISABLE_LOCAL_API"; then
# we only use the envvars that are actually defined
# in case of persistent configuration
if [ "$AGENT_USERNAME" != "" ] then;
conf_set_if "$AGENT_USERNAME" '.login = strenv(AGENT_USERNAME)' "$lapi_credentials_path"
fi
if [ "$AGENT_PASSWORD" != "" ] then;
conf_set_if "$AGENT_PASSWORD" '.password = strenv(AGENT_PASSWORD)' "$lapi_credentials_path"
fi
if [ "$AGENT_AUTO_REGISTRATION_TOKEN" != "" ] then;
if [ "$AGENT_USERNAME" != "" ] then;
cscli lapi register --url "$LOCAL_API_URL" --token "$AGENT_AUTO_REGISTRATION_TOKEN" --machine "$AGENT_USERNAME"
else
cscli lapi register --url "$LOCAL_API_URL" --token "$AGENT_AUTO_REGISTRATION_TOKEN"
fi
fi
fi |
Was thinking about the same during investigation 🙂 |
I use Helm to set up CrowdSec. The agent’s registration works fine, but validation doesn’t wait-for-lapi-and-register container: crowdsec-agent container: Go by this instruction |
@burylo as I can see, your message is not related to the initial issue. Moreover, it just confirms that agent autoregistration feature is not implemented - is is replaced by |
What would you like to be added?
In this #3202 PR possibility to automatically register machines in LAPI was introduced. As far as I can see, there are no such automatical fuctionality for agents: as pointed in the docs, after LAPI configuration one should manually register agent machine. We wanna use containerized solution with autoscaling, so agents autoregistration is crucial for us.
I've tried several ways to implement such a solution locally:
Even if container started without any errors, this solution is not suitable for us - we use AWS Fargate as container runtime, so container restart would lead to its re-creation.
password
parameter doesn't work (expected 😄)Why is this needed?
It would be great to have possibility to pass autoregistration token to agent machines (either via local_api_credentials.yaml or via env vars)
The text was updated successfully, but these errors were encountered: