Yes, it is why I have said I will look at your first report...
I may propose a crowdsec-data package to integrate the first install data download.
Or move this download further...
Or simply remove the first initial installation I have integrate in the package to simplify the usage for the user, and let him do all by itself reading the documentations...
I do not understand how you have installed the package ?
If you let it fully install and then reboot, is it okay ?
Because you have interrupt the install, the commands did not complete...
What the firstboot do here ?
The script is also apply at installation, and then uneeded at firstboot.
It will only be used at firstboot if you integrate the package in a custom firmware, what is it not supported for now, as I have already said.
of course that will work... the issue i'm bringing to your attention is when your packages are included within peoples images, which is a typical operation for most packages...
it's only feedback... not questions/direct suggestions... code has a wonderful way of making whats important self evident (clear) over time... so feel free to ignore my observations...
how/if/when/whether to address these 'possible' issues are purely up to you...
I don't now if there is any way, without coding, that can check the "online" internet mode ?
Like the hotplug way of the @vgaetera scripts...
It may be simple to check like this way, and let the initscript do the missing firstboot commands...
Or add a test in the default script and postpone the commands...
Same for service init, there is no standard/default way to check online status before do the job or postpone it, AFAIK ?
This is may be a good tweak to add.
This looks like a wise move to me... ( a few logger messages if someone upgrades without including /srv/crowdsec or similar seem important also - if needed... I did not test for this yet )
( p.s. take your time... you did a good job on this... considering most users will be advanced users anyway... I think pushing it into the repo's in it's current state was a good move... get some exposure, learn how people use it... and tweak based on practical needs, now it's more available... you'll likely get more help over time too! )
edit: looks like crowdsec-firewall-bouncer may have some issues also...
How is this supposed to be bootstrapped? I cannot get it to run:
❯ crowdsec
WARN[0000] can't load CAPI credentials from '/etc/crowdsec/online_api_credentials.yaml' (missing field)
INFO[0000] push and pull to Central API disabled
time="16-10-2021 17:55:26" level=fatal msg="starting outputs error : authenticate watcher (): Post \"http://127.0.0.1:8081/v1/watchers/login\": API error: ent: machine not found"
I've changed the port to 8081 since 8080 is used by docker.
@jmarcet
Can you please, post the content of /etc/crowdsec/online_api_credentials.yaml
The file look to miss a content !?
Can you do a ls on /etc/crowdsec also please ?
You may try cscli -c /etc/crowdsec/config.yaml capi register -f /etc/crowdsec/online_api_credentials.yaml it will reset the register in central API.
Then restart the service with service crowdsec restart and also check the log, if needed, in /var/log/crowdsec...
Stange that the API was not registered at install, may be because of the already used port !
Will check this.
Thanks for the feedback !
Do you have Crowdsec working fine ?
Crowdsec-firewall-bouncer needs crowdsec.
Can you share your /etc/crowdsec/config.yaml
And /etc/crowdsec/local_api_credentials.yaml
And /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
You may have the service already started and then use cscli command line.
You can then check the registered status and redo it if needed.
I will look to the necessary commands.
You may also need to register your host with:
cscli -c /etc/crowdsec/config.yaml machines add -a -f /etc/crowdsec/local_api_credentials.yaml
I do not get the point why your install script do not execute...