Pārlūkot izejas kodu

update docker image + documentation (#602)

Co-authored-by: erenJag <erenJag>
erenJag 4 gadi atpakaļ
vecāks
revīzija
18ff3a3a30
5 mainītis faili ar 21 papildinājumiem un 21 dzēšanām
  1. 2 2
      Dockerfile
  2. 6 6
      docker/README.md
  3. 1 1
      docker/config.yaml
  4. 6 4
      docker/docker_start.sh
  5. 6 8
      docs/v1.X/docs/docker/README.md

+ 2 - 2
Dockerfile

@@ -6,11 +6,12 @@ WORKDIR /go/src/crowdsec
 COPY . .
 
 RUN apk update && apk add git jq gcc libc-dev make bash gettext
-RUN BUILD_VERSION="$(git describe --tags `git rev-list --tags --max-count=1`)" make release
+RUN BUILD_VERSION="$(git describe --tags `git rev-list --tags --max-count=1`)-docker" make release
 RUN /bin/bash wizard.sh --docker-mode
 RUN cscli hub update && cscli collections install crowdsecurity/linux
 
 FROM alpine:latest
+RUN wget https://github.com/mikefarah/yq/releases/download/v4.4.1/yq_linux_amd64 -O /usr/bin/yq && chmod +x /usr/bin/yq
 COPY --from=build /etc/crowdsec /etc/crowdsec
 COPY --from=build /var/lib/crowdsec /var/lib/crowdsec
 COPY --from=build /usr/local/bin/crowdsec /usr/local/bin/crowdsec
@@ -18,5 +19,4 @@ COPY --from=build /usr/local/bin/cscli /usr/local/bin/cscli
 COPY --from=build /go/src/crowdsec/docker/docker_start.sh /
 COPY --from=build /go/src/crowdsec/docker/config.yaml /etc/crowdsec/config.yaml
 
-
 ENTRYPOINT /bin/sh docker_start.sh

+ 6 - 6
docker/README.md

@@ -31,17 +31,15 @@ The container is built with specific docker [configuration](https://github.com/c
 You should apply following configuration before starting it :
 
 * Specify collections|scenarios|parsers/postoverflows to install via the environment variables (by default [`crowdsecurity/linux`](https://hub.crowdsec.net/author/crowdsecurity/collections/linux) is installed)
-* Mount volumes to specify your configuration
 * Mount volumes to specify your log files that should be ingested by crowdsec (set up in acquis.yaml)
 * Mount other volumes : if you want to share the database for example
 
 ```shell
-docker run -d -v config.yaml:/etc/crowdsec/config.yaml \
-    -v acquis.yaml:/etc/crowdsec/acquis.yaml \
+docker run -d -v acquis.yaml:/etc/crowdsec/acquis.yaml \
     -e COLLECTIONS="crowdsecurity/sshd"
     -v /var/log/auth.log:/var/log/auth.log \
     -v /path/mycustom.log:/var/log/mycustom.log \
-    --name crowdsec <built-image-tag>
+    --name crowdsec crowdsecurity/crowdsec
 ```
 
 #### Example
@@ -83,9 +81,11 @@ docker run -d -v config.yaml:/etc/crowdsec/config.yaml \
     -v /path/myDatabase.db:/var/lib/crowdsec/data/crowdsec.db \
     -e COLLECTIONS="crowdsecurity/apache2 crowdsecurity/sshd" \
     -p 8080:8080 -p 6060:6060 \
-    --name crowdsec <built-image-tag>
+    --name crowdsec crowdsecurity/crowdsec
 ```
 
+If you want to be able to restart/stop your container and keep the same DB `-v /path/myDatabase.db:/var/lib/crowdsec/data/crowdsec.db` you need to add a volume on local_api_credentials.yaml `-v /path/local_api_credentials.yaml:/etc/crowdsec/local_api_credentials.yaml`.
+
 ### Environment Variables
 
 * `COLLECTIONS`             - Collections to install from the [hub](https://hub.crowdsec.net/browse/#collections), separated by space : `-e COLLECTIONS="crowdsecurity/linux crowdsecurity/apache2"`
@@ -99,7 +99,7 @@ docker run -d -v config.yaml:/etc/crowdsec/config.yaml \
 * `TEST_MODE`               - Only test configs (default: `false`) : `-e TEST_MODE="<true|false>"`
 * `DISABLE_AGENT`           - Only test configs (default: `false`) : `-e DISABLE_AGENT="<true|false>"`
 * `DISABLE_LOCAL_API`       - Disable local API (default: `false`) : `-e DISABLE_API="<true|false>"`
-* `REGISTER_TO_ONLINE_API`  - Register to Online API (default: `false`) : `-e REGISTER_TO_ONLINE_API="<true|false>"`
+* `DISABLE_ONLINE_API`      - Disable Online API registration for signal sharing (default: `false`) : `-e DISABLE_ONLINE_API="<true|false>"`
 * `LEVEL_TRACE`             - Trace-level (VERY verbose) on stdout (default: `false`) : `-e LEVEL_TRACE="<true|false>"`
 * `LEVEL_DEBUG`             - Debug-level on stdout (default: `false`) : `-e LEVEL_DEBUG="<true|false>"`
 * `LEVEL_INFO`              - Info-level on stdout (default: `false`) : `-e LEVEL_INFO="<true|false>"`

+ 1 - 1
docker/config.yaml

@@ -16,7 +16,7 @@ crowdsec_service:
   parser_routines: 1
 cscli:
   output: human
-  hub_branch: wip_lapi
+  hub_branch: master
 db_config:
   log_level: info
   type: sqlite

+ 6 - 4
docker/docker_start.sh

@@ -6,10 +6,12 @@ if [ $? == 1 ]; then
     cscli machines add --force --auto -f /etc/crowdsec/local_api_credentials.yaml
 fi
 
-if [ "$REGISTER_TO_ONLINE_API" == "true" ] || [ "$REGISTER_TO_ONLINE_API" == "TRUE" ] && [ "$CONFIG_FILE" == "" ] ; then
-    cat /etc/crowdsec/config.yaml | grep online_api_credentials.yaml
-    if [ $? == 1 ]; then
-        sed -ri 's/^(\s*)(#credentials_path\s*:\s*$)/\1credentials_path: \/etc\/crowdsec\/online_api_credentials.yaml/' /etc/crowdsec/config.yaml
+# registration to online API for signal push
+if [ "$DISABLE_ONLINE_API" == "" ] && [ "$CONFIG_FILE" == "" ] ; then
+    CONFIG_EXIST=$(yq eval '.api.server.online_client | has("credentials_path")' /etc/crowdsec/config.yaml)
+    if [ "$CONFIG_EXIST" != "true" ]; then
+        yq eval '.api.server.online_client = {"credentials_path": "/etc/crowdsec/online_api_credentials.yaml"}' /etc/crowdsec/config.yaml > /etc/crowdsec/config2.yaml
+        mv /etc/crowdsec/config2.yaml /etc/crowdsec/config.yaml
         cscli capi register > /etc/crowdsec/online_api_credentials.yaml
     fi
 fi

+ 6 - 8
docs/v1.X/docs/docker/README.md

@@ -31,17 +31,15 @@ The container is built with specific docker [configuration](https://github.com/c
 You should apply following configuration before starting it :
 
 * Specify collections|scenarios|parsers/postoverflows to install via the environment variables (by default [`crowdsecurity/linux`](https://hub.crowdsec.net/author/crowdsecurity/collections/linux) is installed)
-* Mount volumes to specify your configuration
 * Mount volumes to specify your log files that should be ingested by crowdsec (set up in acquis.yaml)
 * Mount other volumes : if you want to share the database for example
 
 ```shell
-docker run -d -v config.yaml:/etc/crowdsec/config.yaml \
-    -v acquis.yaml:/etc/crowdsec/acquis.yaml \
+docker run -d -v acquis.yaml:/etc/crowdsec/acquis.yaml \
     -e COLLECTIONS="crowdsecurity/sshd"
     -v /var/log/auth.log:/var/log/auth.log \
     -v /path/mycustom.log:/var/log/mycustom.log \
-    --name crowdsec <built-image-tag>
+    --name crowdsec crowdsecurity/crowdsec
 ```
 
 #### Example
@@ -83,10 +81,10 @@ docker run -d -v config.yaml:/etc/crowdsec/config.yaml \
     -v /path/myDatabase.db:/var/lib/crowdsec/data/crowdsec.db \
     -e COLLECTIONS="crowdsecurity/apache2 crowdsecurity/sshd" \
     -p 8080:8080 -p 6060:6060 \
-    --name crowdsec <built-image-tag>
+    --name crowdsec crowdsecurity/crowdsec
 ```
 
-If you want to be able to restart/stop your container and keep the same DB `-v /path/myDatabase.db:/var/lib/crowdsec/data/crowdsec.db` you need to add a volume on local_api_credentials.yaml `-v /path/local_api_credentials.yaml:/etc/crowdsec/local_api_credentials.yaml`
+If you want to be able to restart/stop your container and keep the same DB `-v /path/myDatabase.db:/var/lib/crowdsec/data/crowdsec.db` you need to add a volume on local_api_credentials.yaml `-v /path/local_api_credentials.yaml:/etc/crowdsec/local_api_credentials.yaml`.
 
 ### Environment Variables
 
@@ -101,7 +99,7 @@ If you want to be able to restart/stop your container and keep the same DB `-v /
 * `TEST_MODE`               - Only test configs (default: `false`) : `-e TEST_MODE="<true|false>"`
 * `DISABLE_AGENT`           - Only test configs (default: `false`) : `-e DISABLE_AGENT="<true|false>"`
 * `DISABLE_LOCAL_API`       - Disable local API (default: `false`) : `-e DISABLE_API="<true|false>"`
-* `REGISTER_TO_ONLINE_API`  - Register to Online API (default: `false`) : `-e REGISTER_TO_ONLINE_API="<true|false>"`
+* `DISABLE_ONLINE_API`      - Disable Online API registration for signal sharing (default: `false`) : `-e DISABLE_ONLINE_API="<true|false>"`
 * `LEVEL_TRACE`             - Trace-level (VERY verbose) on stdout (default: `false`) : `-e LEVEL_TRACE="<true|false>"`
 * `LEVEL_DEBUG`             - Debug-level on stdout (default: `false`) : `-e LEVEL_DEBUG="<true|false>"`
 * `LEVEL_INFO`              - Info-level on stdout (default: `false`) : `-e LEVEL_INFO="<true|false>"`
@@ -128,4 +126,4 @@ Please read [contributing](https://docs.crowdsec.net/Crowdsec/v1/contributing/)
 
 ## License
 
-This project is licensed under the MIT License - see the [LICENSE](https://github.com/crowdsecurity/crowdsec/blob/master/LICENSE) file for details.
+This project is licensed under the MIT License - see the [LICENSE](https://github.com/crowdsecurity/crowdsec/blob/master/LICENSE) file for details.