Machines management
Crowdsec is composed of different components that communicate via a local API. To access this API, the various components (crowdsec agent, cscli and bouncers) need to be authenticated.
This documentation should be relevant mostly for administrators that would like to setup distributed architectures. Single machine setup users can likely skip this part.
There are two kind of access to the local api :
machines: it's a login/password authentication used by cscli and CrowdSec, this one allows to post, get and delete decisions and alerts.bouncers: it's a token authentication used by bouncers to query the decisions, and only allows to perform get on decisions.
Machines authentication
The cscli machines command interacts directly with the database (machines add and delete are not implemented in the API), and thus it must have the correct database configuration.
$ cscli machines list
You can view the registered machines with list, as well as add or delete them :
sudo cscli machines add mytestmachine -a
INFO[0004] Machine 'mytestmachine' created successfully
INFO[0004] API credentials dumped to '/etc/crowdsec/local_api_credentials.yaml'
sudo cscli machines delete 82929df7ee394b73b81252fe3b4e5020
cscli machines example
sudo cscli machines list
----------------------------------------------------------------------------------------------------------------------------------
NAME IP ADDRESS LAST UPDATE STATUS VERSION
----------------------------------------------------------------------------------------------------------------------------------
82929df7ee394b73b81252fe3b4e5020 127.0.0.1 2020-10-31T14:06:32+01:00 ✔️ v0.3.6-3d6ce33908409f2a830af6551a7f5e37f2a4728f
----------------------------------------------------------------------------------------------------------------------------------
sudo cscli machines add -m mytestmachine -a
INFO[0004] Machine 'mytestmachine' created successfully
INFO[0004] API credentials dumped to '/etc/crowdsec/local_api_credentials.yaml'
sudo cscli machines list
----------------------------------------------------------------------------------------------------------------------------------
NAME IP ADDRESS LAST UPDATE STATUS VERSION
----------------------------------------------------------------------------------------------------------------------------------
82929df7ee394b73b81252fe3b4e5020 127.0.0.1 2020-10-31T14:06:32+01:00 ✔️ v0.3.6-3d6ce33908409f2a830af6551a7f5e37f2a4728f
mytestmachine 127.0.0.1 2020-11-01T11:37:19+01:00 ✔️ v0.3.6-6a18458badf8ae5fed8d5f1bb96fc7a59c96163c
----------------------------------------------------------------------------------------------------------------------------------
sudo cscli machines delete -m 82929df7ee394b73b81252fe3b4e5020
sudo cscli machines list
---------------------------------------------------------------------------------------------------------
NAME IP ADDRESS LAST UPDATE STATUS VERSION
---------------------------------------------------------------------------------------------------------
mytestmachine 127.0.0.1 2020-11-01T11:37:19+01:00 ✔️ v0.3.6-6a18458badf8ae5fed8d5f1bb96fc7a59c96163c
---------------------------------------------------------------------------------------------------------
Machine register
It is also possible to register to a local API from a remote machine with cscli lapi and then validate the machine on the local API machine.
- CrowdSec Agent Machine
- CrowdSec Local API Machine
sudo cscli lapi register --url [crowdsec_local_api_url] --machine [your_machine_name]
sudo cscli machines list
sudo cscli machines validate [machine_name]