Add no-capi flag and review some logs (#1628)

* Add no-capi flag and review some logs
This commit is contained in:
AlteredCoder 2022-07-01 16:56:13 +02:00 committed by GitHub
parent 492e0dfeb1
commit 5f62d738fc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 36 additions and 8 deletions

View file

@ -66,6 +66,7 @@ type Flags struct {
DisableAgent bool
DisableAPI bool
WinSvc string
DisableCAPI bool
}
type labelsMap map[string]string
@ -192,6 +193,7 @@ func (f *Flags) Parse() {
flag.BoolVar(&f.TestMode, "t", false, "only test configs")
flag.BoolVar(&f.DisableAgent, "no-cs", false, "disable crowdsec agent")
flag.BoolVar(&f.DisableAPI, "no-api", false, "disable local API")
flag.BoolVar(&f.DisableCAPI, "no-capi", false, "disable communication with Central API")
flag.StringVar(&f.WinSvc, "winsvc", "", "Windows service Action : Install, Remove etc..")
flag.StringVar(&dumpFolder, "dump-data", "", "dump parsers/buckets raw outputs")
flag.Parse()

View file

@ -67,6 +67,10 @@ func reloadHandler(sig os.Signal, cConfig *csconfig.Config) error {
}
if !cConfig.DisableAPI {
if flags.DisableCAPI {
log.Warningf("Communication with CrowdSec Central API disabled from args")
cConfig.API.Server.OnlineClient = nil
}
apiServer, err := initAPIServer(cConfig)
if err != nil {
return errors.Wrap(err, "unable to init api server")
@ -250,6 +254,13 @@ func Serve(cConfig *csconfig.Config, apiReady chan bool, agentReady chan bool) e
}
if !cConfig.DisableAPI {
if cConfig.API.Server.OnlineClient == nil || cConfig.API.Server.OnlineClient.Credentials == nil {
log.Warningf("Communication with CrowdSec Central API disabled from configuration file")
}
if flags.DisableCAPI {
log.Warningf("Communication with CrowdSec Central API disabled from args")
cConfig.API.Server.OnlineClient = nil
}
apiServer, err := initAPIServer(cConfig)
if err != nil {
return errors.Wrap(err, "api server init")

View file

@ -131,7 +131,7 @@ func (a *apic) Push() error {
var cache models.AddSignalsRequest
ticker := time.NewTicker(a.pushInterval)
log.Infof("start crowdsec api push (interval: %s)", PushInterval)
log.Infof("Start push to CrowdSec Central API (interval: %s)", PushInterval)
for {
select {
@ -463,7 +463,7 @@ func setAlertScenario(add_counters map[string]map[string]int, delete_counters ma
func (a *apic) Pull() error {
defer types.CatchPanic("lapi/pullFromAPIC")
log.Infof("start crowdsec api pull (interval: %s)", PullInterval)
log.Infof("Start pull from CrowdSec Central API (interval: %s)", PullInterval)
toldOnce := false
for {
@ -553,7 +553,7 @@ func (a *apic) SendMetrics() error {
log.Errorf("unable to send metrics (%s), will retry", err)
}
log.Infof("capi metrics: metrics sent successfully")
log.Infof("start crowdsec api send metrics (interval: %s)", MetricsInterval)
log.Infof("Start send metrics to CrowdSec Central API (interval: %s)", MetricsInterval)
ticker := time.NewTicker(a.metricsInterval)
for {
select {

View file

@ -323,6 +323,7 @@ func (s *APIServer) Run(apiReady chan bool) error {
s.httpServerTomb.Go(func() error {
go func() {
apiReady <- true
log.Infof("CrowdSec Local API listening on %s", s.URL)
if s.TLS != nil && s.TLS.CertFilePath != "" && s.TLS.KeyFilePath != "" {
if err := s.httpServer.ListenAndServeTLS(s.TLS.CertFilePath, s.TLS.KeyFilePath); err != nil {
log.Fatal(err)

View file

@ -122,14 +122,14 @@ func LoadStages(stageFiles []Stagefile, pctx *UnixParserCtx, ectx EnricherCtx) (
nodes = append(nodes, node)
nodesCount++
}
log.WithFields(log.Fields{"file": stageFile.Filename}).Infof("Loaded %d parser nodes", nodesCount)
log.WithFields(log.Fields{"file": stageFile.Filename, "stage": stageFile.Stage}).Infof("Loaded %d parser nodes", nodesCount)
}
for k := range tmpstages {
pctx.Stages = append(pctx.Stages, k)
}
sort.Strings(pctx.Stages)
log.Infof("Loaded %d nodes, %d stages", len(nodes), len(pctx.Stages))
log.Infof("Loaded %d nodes from %d stages", len(nodes), len(pctx.Stages))
return nodes, nil
}

View file

@ -77,15 +77,20 @@ func LoadParsers(cConfig *csconfig.Config, parsers *Parsers) (*Parsers, error) {
Load the actual parsers
*/
log.Infof("Loading parsers %d stages", len(parsers.StageFiles))
log.Infof("Loading parsers from %d files", len(parsers.StageFiles))
parsers.Nodes, err = LoadStages(parsers.StageFiles, parsers.Ctx, parsers.EnricherCtx)
if err != nil {
return parsers, fmt.Errorf("failed to load parser config : %v", err)
}
log.Infof("Loading postoverflow Parsers")
if len(parsers.PovfwStageFiles) > 0 {
log.Infof("Loading postoverflow parsers")
parsers.Povfwnodes, err = LoadStages(parsers.PovfwStageFiles, parsers.Povfwctx, parsers.EnricherCtx)
} else {
parsers.Povfwnodes = []Node{}
log.Infof("No postoverflow parsers to load")
}
if err != nil {
return parsers, fmt.Errorf("failed to load postoverflow config : %v", err)

View file

@ -28,6 +28,15 @@ config_disable_capi() {
yq e 'del(.api.server.online_client)' -i "${CONFIG_YAML}"
}
@test "without capi: crowdsec LAPI should run without capi (-no-capi flag)" {
yq e '.common.log_media="stdout"' -i "${CONFIG_YAML}"
run -124 --separate-stderr timeout 1s "${CROWDSEC}" -no-capi
run -0 echo "${stderr}"
assert_output --partial "Communication with CrowdSec Central API disabled from args"
}
@test "without capi: crowdsec LAPI should still work" {
config_disable_capi
run -124 --separate-stderr timeout 1s "${CROWDSEC}"