crowdsec icon indicating copy to clipboard operation
crowdsec copied to clipboard

Published 20 hours ago verified publisher icon crowdsecurity

Improvement/cscli config test

Open LaurenceJJones opened this issue 3 years ago • 5 comments

Is your feature request related to a problem? Please describe. There is no issue just Crowdsec has the ability to test the configuration before starting, however, a user might not run this as this feature as it is not documented.

/usr/bin/crowdsec -c /etc/crowdsec/config.yaml -t

Describe the solution you'd like Provide a cscli command to invoke this command and provide the input back to the user terminal or document / reinforce the need to run this command before restarting the service? A user may want to be informed they have made a mistake before trying to restart the service meaning Crowdsec will be down for some time whilst they troubleshoot.

Example of what you imagine

cscli config test
cscli -c /tmp/otherconfig.yaml config test

LaurenceJJones avatar Jun 30 '22 20:06 LaurenceJJones

WIP https://github.com/LaurenceJJones/crowdsec/tree/cs-config-test

LaurenceJJones avatar Jun 30 '22 21:06 LaurenceJJones

If we provide -t to crowdsec, it uses the configuration for the method of logging (file | stdout). Should we provide an argument EG -stdout to override this for programmatic purposes?

I was thinking of making -t make stdout the default, however, this may cause confusion when a user goes to restart through systemctl as there be no logs.

LaurenceJJones avatar Jul 01 '22 08:07 LaurenceJJones

Thank you Laurence,

just my 2c re: -stdout. I'm a strong believer of having as many configuration options as possible available through flags, as well as environment variables. However, in crowdsec we don't have a unified mapping between the two, it requires code each time and we decide it case by case. We could have a generic way to do it but it would need to work with two tools that don't use the same flag library (crowdsec and cscli) and it would be hard to do that without breaking compatibility.

Having said that, a "-log-media stdout" flag would be a clear reference to the configuration option it's overriding. It's not extremely useful without -log-dir and friends, but at least it's clear. There's also the incorrect reference to stdout when the logs are actually going to stderr, but it's a minor inconvenience.

mmetc avatar Jul 02 '22 20:07 mmetc

@mmetc I agree that multiple configuration levels allow for "no configuration file" input! Does it make more sense for the configurations to be added where applicable for the overall PR or collate all of them into a single PR so they can be merged as one?

LaurenceJJones avatar Jul 02 '22 21:07 LaurenceJJones

I'm not sure what you mean, I think for bin/crowdsec we should keep them to the useful minimum for now. Overriding log_media has its uses, but the other log options may not be worth it. Keep in mind you can also reference environment variables in config.yaml, or (from 1.4) override them with config.yaml.local

mmetc avatar Jul 02 '22 21:07 mmetc

Closing due to decision to enrich the docs about crowdsec -t flag

LaurenceJJones avatar Oct 06 '22 15:10 LaurenceJJones