Question : If using WebConsole with a registered instance, how can I update/upgrade my Crowdsec instance without any lost of statistics ?
How can I re-register to same instance ID ?
Do I need to remove the CAPI register and do it only if never did ?
cscli -c /etc/crowdsec/config.yaml capi register
Did my local machine-id will be used ?
In the OpenWrt Package, I execute this commands at post-install (first install but also update / upgrade…) :
I did some cleanup (empty id machine and re-register of the new software with same id as before) !
May be this was a mistake to re-register ?
root@LPM:~/custom/1.2.0# cscli machines list
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
NAME IP ADDRESS LAST UPDATE STATUS VERSION
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
5244e15d7908402192135ac72b4acb10yqGbFd9bcN233Mpf 10.4.2.16 2021-09-20T05:26:59+02:00 ✔️ v1.1.1-debian-pragmatic-linux-73e0bbaf93070f4a640eb5a22212b5dcf26699de
2f827bc3cfb84cb0b1e59a5ae3f1492dIdIeA8T6UWmvJqhV 10.4.2.159 2021-08-16T15:33:13+02:00 ✔️ v1.1.1-debian-pragmatic-linux-73e0bbaf93070f4a640eb5a22212b5dcf26699de
fd738d07d6d54d8ca63b14fba8078980fy4ABpU4hSONMAyO 127.0.0.1 2021-09-20T15:32:27+02:00 ✔️ v1.2.0-openwrt-openwrt
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Logs show me now an error : time="20-09-2021 15:32:25" level=error msg="Failed to notify(sent: false): <nil>"
I do not understand how to upgrade from 1.1.1 to 1.2.0 all 3 nodes of my testing platform !
I have two remote Debian and one central OpenWrt.
OpenWrt is the main routeur/firewall gateway.
Debian servers hosts Nginx and NextCloud.
The OpenWrt upgrade may have been problematic because of my postinstall script, where I have redone the main local api register…
I have a made a backup with cscli config backup on it before testing the package.
The Debian are just standard Debian packages which were upgraded via apt !
But looks like to been no more recognised any more as already validated on central CrowdSec !?
I clean the machines list just keeping the localhost (latest registered by faulty multiples cscli machines add -a)
redone the (with changing to my own OpenWrt IP !)
sudo cscli lapi register -u http://10.0.0.1:8080
Then OpenWrt seen again the servers :
root@LPM:~/custom/1.2.0# cscli machines list
-------------------------------------------------------------------------------------------------------------------------
NAME IP ADDRESS LAST UPDATE STATUS VERSION
-------------------------------------------------------------------------------------------------------------------------
db3e872e345f48848d0d85ab5c529947GWkbyXJtyNnJziiS 127.0.0.1 2021-09-20T16:22:51+02:00 ✔️ v1.2.0-openwrt-openwrt
5244e15d7908402192135ac72b4acb10Xd83eOd8jss8u3Cs 10.4.2.16 2021-09-20T16:32:33+02:00 🚫
2f827bc3cfb84cb0b1e59a5ae3f1492dLk6Uqo3ipKhWLWjU 10.4.2.159 2021-09-20T16:32:44+02:00 🚫
-------------------------------------------------------------------------------------------------------------------------
root@LPM:~/custom/1.2.0# cscli machines list
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
NAME IP ADDRESS LAST UPDATE STATUS VERSION
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
db3e872e345f48848d0d85ab5c529947GWkbyXJtyNnJziiS 127.0.0.1 2021-09-20T16:22:51+02:00 ✔️ v1.2.0-openwrt-openwrt
5244e15d7908402192135ac72b4acb10Xd83eOd8jss8u3Cs 10.4.2.16 2021-09-20T16:34:22+02:00 ✔️ v1.2.0-debian-pragmatic-linux-0ecfe7568790a15791011da27eb24e96e7d4a39f
2f827bc3cfb84cb0b1e59a5ae3f1492dLk6Uqo3ipKhWLWjU 10.4.2.159 2021-09-20T16:34:25+02:00 ✔️ v1.2.0-debian-pragmatic-linux-0ecfe7568790a15791011da27eb24e96e7d4a39f
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
root@LPM:~/custom/1.2.0# cscli metrics
INFO[20-09-2021 04:39:16 PM] Local Api Metrics:
+----------------------+--------+------+
| ROUTE | METHOD | HITS |
+----------------------+--------+------+
| /v1/alerts | POST | 1 |
| /v1/decisions/stream | GET | 100 |
| /v1/watchers | POST | 2 |
| /v1/watchers/login | POST | 24 |
+----------------------+--------+------+
INFO[20-09-2021 04:39:16 PM] Local Api Machines Metrics:
+--------------------------------------------------+------------+--------+------+
| MACHINE | ROUTE | METHOD | HITS |
+--------------------------------------------------+------------+--------+------+
| 5244e15d7908402192135ac72b4acb10Xd83eOd8jss8u3Cs | /v1/alerts | POST | 1 |
+--------------------------------------------------+------------+--------+------+
INFO[20-09-2021 04:39:16 PM] Local Api Bouncers Metrics:
+------------------------------+----------------------+--------+------+
| BOUNCER | ROUTE | METHOD | HITS |
+------------------------------+----------------------+--------+------+
| cs-firewall-bouncer-yvYwOGfW | /v1/decisions/stream | GET | 100 |
+------------------------------+----------------------+--------+------+
the console still not shows correct updated informations (version and status)…
It looks to communicate, the registered ID is unchanged, the online_api_credentials.yaml is the same and cscli capi status said sucess
Okay, so I need to study another installation method for the OpenWrt Package.
More generic usage need to be managed.
I cannot use wizard.sh, because of missing commands, so I need to package them as requirements.
I can get then a little inspiration from the Debian post/pres remove/install script, look the OpenWrt packaging have some equivalents features.
I can do a simplest installation for now, by simply removing initial setup and let the user customize is CrowdSec for his own use.
In case of a first installation, the default /etc/crowdsec/local_api_credentials.yaml will not contain login: nor password: strings and values.
In case of upgrade, because these 2 values will be present, the grep will return 1 and the cscli machines add will not been executed !
I also have to add a test on /var/lib/dbus/machine-id because it is present only since OpenWrt 21.02.x and absent in 19.07.x !
May be something like this :