Hello there, we have builded an architecture of 4 crowdsec agents running on 4 proxy nodes and connected to a separate postgres database. They’re all have configured to communicate with that Postgres running on a separate node. Each of the agents running an independent LAPI, but they’re all sharing the same DB, and when one of the nodes will ban/unban an IP address, the other nodes will immediately update their rules. Now we’re looking to build a button that will use crowdsec APIs and unban our customer who ended up in blacklist.
Now my question is: Is this a good way or approach of using crowdsec independently, rather than having one LAPI node? Because in this article “How to set up a CrowdSec multi-server installation”, it explains on how to set up multiple nodes to communicate with LAPI node. We don’t want to have an LAPI node to be a single point of failure, so that is the reason we want them to be independent. Unfortunately there is not much I could find regarding my question. So wanted to see if I can get some answers here.
I am currently in the same process of trying different approaches and understanding the architecture.
There are probably a handful of different ways to build a multi-server approach depending on your own existing project architecture, the problem you want to solve, etc.
What are pros/cons on having one dedicated LAPI server (as outlined in the official blog post) to just use multiple agents with one database backend?
Hi, I would like to construct a similar scenario. Does it work well? My main concern is LAPI redundancy. Each crowdsec installation would use the LAPI on the localhost and store the events, etc., in Postgres. If I understood other posts correctly, it should work as long as only one host does flush in the database and the others do not. Or is it done differently nowadays?
Hey, it works fine. As per the flushing, do you refer the decisions and alerts deletion? If that’s the case, then I have not seen anything out of sort. It’s able to write decisions once the alert is written and clear the decision once the ban is expired.
Are you planning to use shared user for all LAPI agents or you will have an individual user per agent?
what do you mean with “Are you planning to use shared user for all LAPI agents or you will have an individual user per agent?”?
I use LAPI on each agent/host and the crowdsec connects to DB (Postgres) with the same user…
