crowdsec
crowdsec copied to clipboard
crowdsecurity
Improvement/Provide a cron that upgrades the hub and the collections/parsers/scenarios/....
Does
#!/bin/bash
cscli hub update
cscli hub upgrade
cscli collections upgrade -a
cscli parsers upgrade --all
cscli scenarios upgrade -a
systemctl reload crowdsec
about cover everything?
There are still a few issues
- crowdsec does not reload the configuration after hub upgrade
- the package manager doesn't know about the cron job, so it won't be able to update it, or see if the user made changes
- wizard.sh is soon going be a /bin/sh script - not bash - for compatibility with other distributions. It won't be called nor sourced from the postinst file. Also passing arguments to sourced files (the -n for noop) only works with bash
For these reasons, it would be better to follow each distribution's guidelines and install the cron job like we would install any other file:
- https://fedoraproject.org/wiki/Packaging:CronFiles
- https://www.debian.org/doc/manuals/maint-guide/dother.en.html#crond
A minimal cron.daily/crowdsec-hub would look like:
#!/bin/sh
cscli --error hub update && cscli --error hub upgrade
systemctl reload crowdsec
exit 0
I'm not convinced that systems installed with wizard.sh should have cron jobs, but if they do, they might not have systemd. That part is WIP.
What do you think? @sabban ?
Hi @mridullpandey
It's been merged here https://github.com/crowdsecurity/crowdsec/blob/master/config/crowdsec.cron.daily
Any suggestion? We're releasing soon
Thanks
@tasiotas there are several drawbacks to running a process manager and cron in a container, we'll try and find a better option for both docker and k8s
@tasiotas there are several drawbacks to running a process manager and cron in a container, we'll try and find a better option for both docker and k8s
Is there a issue that can be tracked for this? Is there a "proper" way to do this as of today?
