blotus
c6e40191dd
Revert "docker: pre-download all hub items and data, opt-in hub updat… ( #2947 )
2024-04-18 15:33:51 +02:00
mmetc
0e8a1c681b
docker: pre-download all hub items and data, opt-in hub update/upgrade ( #2933 )
...
* docker: pre-download all hub items and data, opt-in hub update/upgrade
* docker/bars: don't purge anything before pre-downloading hub
* Docker: README update
2024-04-08 14:53:12 +02:00
mmetc
3921c3f480
CI: rename workflows, improve docker build and tests ( #2798 )
2024-01-31 12:07:27 +01:00
mmetc
311dfdee1f
Decouple docker image from package release ( #2791 )
...
- entry point fixes for 1.6.0
- correctly override BUILD_VERSION argument
- manual release workflow
2024-01-29 22:05:26 +01:00
Laurence Jones
2fb6f209aa
Update docker_start.sh ( #2780 )
...
* Update docker_start.sh
* disable 'set -e' in docker entrypoint
---------
Co-authored-by: marco <marco@crowdsec.net>
2024-01-24 22:51:33 +00:00
blotus
bc3a179af9
Add env vars to install/remove appsec-{configs,rules} in docker image ( #2664 )
2023-12-14 16:54:12 +01:00
he2ss
4a4b309790
docker: add new env var to enable console_management ( #2599 )
2023-12-12 10:24:03 +01:00
mmetc
4acb4f8df3
cwhub: context type ( #2631 )
...
* add hub type "context"
* cscli lapi: log.Fatal -> fmt.Errorf; lint
* tests for context.yaml
* load console context from hub
* original & compiled context
* deprecate "cscli lapi context delete"
$ cscli lapi context delete
Command "delete" is deprecated, please manually edit the context file.
* cscli completion: add appsec-rules, appsec-configs, explain, hubtest
2023-12-07 16:20:13 +01:00
mmetc
8bb7da3994
docker tests: force local machine creation ( #2636 )
...
This is required from 1.5.6 to overwrite the local credentials file
2023-12-05 11:52:04 +01:00
mmetc
ffcab0b2bc
Refactor hub management and cscli commands ( #2545 )
2023-11-24 15:57:32 +01:00
mmetc
7ffa0cc787
docker: replace cp -an with rsync to allow bind-mount of files in /etc/crowdsec ( #2611 )
...
fix for https://github.com/crowdsecurity/crowdsec/issues/2480
2023-11-23 11:08:14 +01:00
mmetc
643445b7cf
docker: allow GID with no persistent sqlite db ( #2381 )
2023-07-28 16:01:50 +02:00
mmetc
5cb7013575
Check cscli preconditions with crowdsec-cli/require package ( #2388 )
2023-07-27 17:02:20 +02:00
mmetc
4137482f65
docker: always merge .yaml.local in conf_get() ( #2272 )
...
With this change, all queries to the configuration will return the
values from .local if they are set. However, conf_set will only write
to .yaml and never to .local. This means users can potentially override
values that are supposed to be under control of the entrypoint
(credentials and things set from envvars).
2023-06-23 15:49:09 +02:00
mmetc
e1400d28f1
support capi_whitelists.yaml ( #2224 )
2023-05-25 10:02:33 +02:00
mmetc
0c5d233563
Minor cleanup and dead code removal ( #2166 )
2023-04-12 16:57:38 +02:00
mmetc
f39fbf07fa
Docker: don't re-register local agent if not needed ( #2141 )
2023-03-27 15:38:38 +02:00
mmetc
68d4bdc1bd
Docker: correct behavior of AGENTS_ALLOWED_OU, BOUNCERS_ALLOWED_OU ( #2140 )
2023-03-24 11:23:04 +01:00
mmetc
3bf95e1a83
docker: skip temporary installation of disabled items ( #2018 )
2023-01-26 17:13:57 +01:00
mmetc
b0f370bae2
fix docker support for legacy vars ( #2021 )
2023-01-26 17:12:40 +01:00
he2ss
ce60c7b056
docker: add cri-logs collection by default to support CRI log format ( #2005 )
2023-01-20 16:02:04 +00:00
Yip Rui Fung
ecb5562b57
Fix docker_start.sh not properly handling env vars ( #1993 )
...
For example, the COLLECTIONS environment variable is supposed to do a space separated list.
But with the unquoted call to cscli_if_clean without quotes on the $COLLECTIONS environment variable, only the first entry is passed to it.
As a result, only the first entry is installed.
Would likely affect all call sites to cscli_if_clean
2023-01-14 19:56:27 +01:00
mmetc
d986ae0ee5
fix yq behavior with bind-mount config.yaml ( #1968 )
...
Co-authored-by: Thibault "bui" Koechlin <thibault@crowdsec.net>
2023-01-09 21:47:25 +01:00
mmetc
dfc4126384
Docker config/auth/TLS refactoring from from v1.4.4 ( #1967 )
2023-01-04 16:43:35 +01:00
mmetc
72c1753fb7
fix tls communication with lapi and user/pw auth ( #1956 )
...
allow self-signed TLS encryption with user/pw auth
docker:
- remove defaults for certificate file locations
- new envvar INSECURE_SKIP_VERIFY
- register agent before TLS settings (cscli machine add removes them
from the credentials file)
2022-12-29 22:00:11 +01:00
mmetc
f68bc113a7
docker: separate CLIENT_* and LAPI_* variables for tls certificates ( #1929 )
2022-12-16 20:41:39 +01:00
mmetc
409721414b
docker: fix/improve support for persistent configurations ( #1915 )
...
set all defaults in config.yaml and leave environment variables empty. This way when they are set we know that we must override the values in config.yaml.
ignore tainted objects when calling install/upgrade/remove
use_wal is false by default
2022-12-10 22:09:25 +01:00
mmetc
10ee07cea0
docker: correctly extract BOUNCER_KEY_* ( fix #1912 ) ( #1913 )
2022-12-06 16:03:28 +01:00
mmetc
f2528f3e29
add USE_WAL to docker arguments ( #1899 )
2022-11-30 14:28:33 +01:00
mmetc
d15014f82e
silence harmless "machines delete" error in dockerfile ( #1904 )
2022-11-30 14:19:20 +01:00
mmetc
fde9640364
Docker refactoring, tls setup ( #1869 )
2022-11-28 10:35:12 +01:00
mmetc
b0889d7751
docker build flavors: slim, with-plugins, with-geoip, full ( #1862 )
2022-11-08 12:28:57 +01:00
AlteredCoder
59fc403e32
fix docker_start without using jq ( #1855 )
...
* fix docker_start without using jq
2022-11-07 10:07:26 +01:00
Stephane de Labrusse
daae241ff9
fix #1794 (TLS is forced even when -e USE_TLS="false")
2022-10-07 16:31:03 +02:00
he2ss
3c6834fc18
docker_start: improve start script ( #1599 )
2022-06-22 11:31:55 +02:00
he2ss
ec4e193cbb
docker: add enroll on startup ( #1463 )
...
* docker: add enroll on startup
2022-04-20 13:35:22 +02:00
Adam
33ef6eaea6
Register bouncers on container init ( #1341 )
...
* Register bounces on init
2022-04-04 10:18:44 +02:00
Chad Jones
19817083d1
Docker prestage - correct database directory ( #1312 )
2022-03-07 10:35:32 +01:00
Andreas Krüger
d18620858e
Create debian docker package including journalctl/systemd ( #1233 )
...
* Create debian docker package with journalctl
Co-authored-by: he2ss <hamza.essahely@gmail.com>
2022-02-15 17:10:15 +01:00
Andreas Krüger
02765a74fa
Add LOCAL_API_URL to register auto an agent ( #1231 )
2022-02-03 12:26:20 +01:00
Andreas Krüger
8c878b0669
Add TLS functionality from env variables ( #1227 )
...
* Add TLS functionality settings from env variables
2022-02-02 13:20:12 +01:00
Andreas Krüger
ead0a06f0c
Set custom hostname for local agent credentials ( #1229 )
...
* Set custom hostname for local agent credentials
2022-02-02 10:12:54 +01:00
Andreas Krüger
d5f17ee377
Set LOCAL_API_URL on regeneration of local agent ( #1226 )
...
The local agent credentials file contains the URL for the local API endpoint. If you set it through the environment variable, it is not honored when regenerating the URL for the localhost machine.
This PR will set the LOCAL_API_URL on the regeneration of credentials if it's defined.
2022-02-01 17:45:04 +01:00
Adam
d2bd01d009
Prestage files and copy on init to fix bind mount issues ( #1216 )
2022-02-01 12:35:57 +01:00
Shivam Sandbhor
4bf996a716
Make docker start executable ( #1031 )
...
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
2021-11-02 10:24:30 +01:00
mmetc
f10187bd6d
typos ( #1036 )
2021-11-02 09:19:22 +01:00
he2ss
4d4d6d802c
fix #1008 + regenerate localhost credentials on start ( #1009 )
2021-10-14 17:02:38 +02:00
he2ss
990599a0b5
update docker entrypoint script ( #982 )
2021-09-21 10:54:05 +02:00
he2ss
ff400c9bca
fix docker image + install whitelists on build ( #968 )
...
* fix docker image + install whitelists on build
2021-09-13 10:48:48 +02:00
he2ss
88846ac115
update docker image documentation + docker start script ( #965 )
...
* update docker image documentation + docker start script
2021-09-10 14:59:22 +02:00