From 5f62d738fc584b2e20ed6b1fae39ddc4ebc99045 Mon Sep 17 00:00:00 2001 From: AlteredCoder <64792091+AlteredCoder@users.noreply.github.com> Date: Fri, 1 Jul 2022 16:56:13 +0200 Subject: [PATCH] Add no-capi flag and review some logs (#1628) * Add no-capi flag and review some logs --- cmd/crowdsec/main.go | 2 ++ cmd/crowdsec/serve.go | 11 +++++++++++ pkg/apiserver/apic.go | 6 +++--- pkg/apiserver/apiserver.go | 1 + pkg/parser/stage.go | 4 ++-- pkg/parser/unix_parser.go | 11 ++++++++--- tests/bats/04_nocapi.bats | 9 +++++++++ 7 files changed, 36 insertions(+), 8 deletions(-) diff --git a/cmd/crowdsec/main.go b/cmd/crowdsec/main.go index e2a9515f2..a3b56e4e1 100644 --- a/cmd/crowdsec/main.go +++ b/cmd/crowdsec/main.go @@ -66,6 +66,7 @@ type Flags struct { DisableAgent bool DisableAPI bool WinSvc string + DisableCAPI bool } type labelsMap map[string]string @@ -192,6 +193,7 @@ func (f *Flags) Parse() { flag.BoolVar(&f.TestMode, "t", false, "only test configs") flag.BoolVar(&f.DisableAgent, "no-cs", false, "disable crowdsec agent") flag.BoolVar(&f.DisableAPI, "no-api", false, "disable local API") + flag.BoolVar(&f.DisableCAPI, "no-capi", false, "disable communication with Central API") flag.StringVar(&f.WinSvc, "winsvc", "", "Windows service Action : Install, Remove etc..") flag.StringVar(&dumpFolder, "dump-data", "", "dump parsers/buckets raw outputs") flag.Parse() diff --git a/cmd/crowdsec/serve.go b/cmd/crowdsec/serve.go index 41133ef45..0d1df3707 100644 --- a/cmd/crowdsec/serve.go +++ b/cmd/crowdsec/serve.go @@ -67,6 +67,10 @@ func reloadHandler(sig os.Signal, cConfig *csconfig.Config) error { } if !cConfig.DisableAPI { + if flags.DisableCAPI { + log.Warningf("Communication with CrowdSec Central API disabled from args") + cConfig.API.Server.OnlineClient = nil + } apiServer, err := initAPIServer(cConfig) if err != nil { return errors.Wrap(err, "unable to init api server") @@ -250,6 +254,13 @@ func Serve(cConfig *csconfig.Config, apiReady chan bool, agentReady chan bool) e } if !cConfig.DisableAPI { + if cConfig.API.Server.OnlineClient == nil || cConfig.API.Server.OnlineClient.Credentials == nil { + log.Warningf("Communication with CrowdSec Central API disabled from configuration file") + } + if flags.DisableCAPI { + log.Warningf("Communication with CrowdSec Central API disabled from args") + cConfig.API.Server.OnlineClient = nil + } apiServer, err := initAPIServer(cConfig) if err != nil { return errors.Wrap(err, "api server init") diff --git a/pkg/apiserver/apic.go b/pkg/apiserver/apic.go index 4cfeb544a..1adc51afe 100644 --- a/pkg/apiserver/apic.go +++ b/pkg/apiserver/apic.go @@ -131,7 +131,7 @@ func (a *apic) Push() error { var cache models.AddSignalsRequest ticker := time.NewTicker(a.pushInterval) - log.Infof("start crowdsec api push (interval: %s)", PushInterval) + log.Infof("Start push to CrowdSec Central API (interval: %s)", PushInterval) for { select { @@ -463,7 +463,7 @@ func setAlertScenario(add_counters map[string]map[string]int, delete_counters ma func (a *apic) Pull() error { defer types.CatchPanic("lapi/pullFromAPIC") - log.Infof("start crowdsec api pull (interval: %s)", PullInterval) + log.Infof("Start pull from CrowdSec Central API (interval: %s)", PullInterval) toldOnce := false for { @@ -553,7 +553,7 @@ func (a *apic) SendMetrics() error { log.Errorf("unable to send metrics (%s), will retry", err) } log.Infof("capi metrics: metrics sent successfully") - log.Infof("start crowdsec api send metrics (interval: %s)", MetricsInterval) + log.Infof("Start send metrics to CrowdSec Central API (interval: %s)", MetricsInterval) ticker := time.NewTicker(a.metricsInterval) for { select { diff --git a/pkg/apiserver/apiserver.go b/pkg/apiserver/apiserver.go index ef2baff4e..d67c0bdc4 100644 --- a/pkg/apiserver/apiserver.go +++ b/pkg/apiserver/apiserver.go @@ -323,6 +323,7 @@ func (s *APIServer) Run(apiReady chan bool) error { s.httpServerTomb.Go(func() error { go func() { apiReady <- true + log.Infof("CrowdSec Local API listening on %s", s.URL) if s.TLS != nil && s.TLS.CertFilePath != "" && s.TLS.KeyFilePath != "" { if err := s.httpServer.ListenAndServeTLS(s.TLS.CertFilePath, s.TLS.KeyFilePath); err != nil { log.Fatal(err) diff --git a/pkg/parser/stage.go b/pkg/parser/stage.go index 5c51cde95..3bc7bdd32 100644 --- a/pkg/parser/stage.go +++ b/pkg/parser/stage.go @@ -122,14 +122,14 @@ func LoadStages(stageFiles []Stagefile, pctx *UnixParserCtx, ectx EnricherCtx) ( nodes = append(nodes, node) nodesCount++ } - log.WithFields(log.Fields{"file": stageFile.Filename}).Infof("Loaded %d parser nodes", nodesCount) + log.WithFields(log.Fields{"file": stageFile.Filename, "stage": stageFile.Stage}).Infof("Loaded %d parser nodes", nodesCount) } for k := range tmpstages { pctx.Stages = append(pctx.Stages, k) } sort.Strings(pctx.Stages) - log.Infof("Loaded %d nodes, %d stages", len(nodes), len(pctx.Stages)) + log.Infof("Loaded %d nodes from %d stages", len(nodes), len(pctx.Stages)) return nodes, nil } diff --git a/pkg/parser/unix_parser.go b/pkg/parser/unix_parser.go index 7faa3b4dc..62a04f633 100644 --- a/pkg/parser/unix_parser.go +++ b/pkg/parser/unix_parser.go @@ -77,15 +77,20 @@ func LoadParsers(cConfig *csconfig.Config, parsers *Parsers) (*Parsers, error) { Load the actual parsers */ - log.Infof("Loading parsers %d stages", len(parsers.StageFiles)) + log.Infof("Loading parsers from %d files", len(parsers.StageFiles)) parsers.Nodes, err = LoadStages(parsers.StageFiles, parsers.Ctx, parsers.EnricherCtx) if err != nil { return parsers, fmt.Errorf("failed to load parser config : %v", err) } - log.Infof("Loading postoverflow Parsers") - parsers.Povfwnodes, err = LoadStages(parsers.PovfwStageFiles, parsers.Povfwctx, parsers.EnricherCtx) + if len(parsers.PovfwStageFiles) > 0 { + log.Infof("Loading postoverflow parsers") + parsers.Povfwnodes, err = LoadStages(parsers.PovfwStageFiles, parsers.Povfwctx, parsers.EnricherCtx) + } else { + parsers.Povfwnodes = []Node{} + log.Infof("No postoverflow parsers to load") + } if err != nil { return parsers, fmt.Errorf("failed to load postoverflow config : %v", err) diff --git a/tests/bats/04_nocapi.bats b/tests/bats/04_nocapi.bats index 5e60cc0cd..a4d254070 100644 --- a/tests/bats/04_nocapi.bats +++ b/tests/bats/04_nocapi.bats @@ -28,6 +28,15 @@ config_disable_capi() { yq e 'del(.api.server.online_client)' -i "${CONFIG_YAML}" } +@test "without capi: crowdsec LAPI should run without capi (-no-capi flag)" { + yq e '.common.log_media="stdout"' -i "${CONFIG_YAML}" + + run -124 --separate-stderr timeout 1s "${CROWDSEC}" -no-capi + + run -0 echo "${stderr}" + assert_output --partial "Communication with CrowdSec Central API disabled from args" +} + @test "without capi: crowdsec LAPI should still work" { config_disable_capi run -124 --separate-stderr timeout 1s "${CROWDSEC}"