A default behavior of cscli machines add is very misleading

[wrobelda]

/kind enhancement

What would you like to be added?

I spent some 60 minutes trying to understand how the crowdsec on my local OPNSense instance should work with a remote agent.

Specifically, I had everything working fine on the OPNSense instance itself and then followed up by adding a new, external agent, per the instructions. I then configured the agent with new credentials and everything was working fine — I could see two entries listed by cscli machines list, with two separate IP addresses and heartbeats.

However, this was only for a few seconds, until the local (the OPNSense's own) machine reconnected to the LAPI, at which point both machines started showing the same IP address.

It took me a while to understand that the local_api_credentials.yaml is used by the local crowdsec instance, only, while the machines are actually configured in the crowdsec.db database, and that by adding a new machine I am also replacing the one previously configured in local_api_credentials.yaml.

So, at this point, I believe the docs as is are misleading, as they suggest the instructions are for adding a new machine and have no mentioning of the configuration for local setup being altered, too. In fact, I would actually say that the cscli machines add default behavior is, in fact, misleading, since it also suggests I am merely adding a new machine, while I am inherently modifying the local setup to use those newly-generated credentials.

It is additionally confusing that the Machine register section does not mention that this approach does not modify local_api_credentials.yaml and seems to only suggest that it is merely an alternative approach to the aforementioned one.

This issue was somewhat reported before here and closed with #1149, however I believe this does not solve the problem and the actual solution should be:

1. making the Add option to print machine creds #1149 behavior a default one
2. and/or extending the documentation to explain the purpose of the local_api_credentials.yaml and the difference between it and what the crowdsec.db database contains, as well as the difference between adding a machine directly or using a registration process.

Why is this needed?

The default cscli machines behavior is misleading and the documentation absolutely does not help in understanding it.

[github-actions]

@wrobelda: Thanks for opening an issue, it is currently awaiting triage.

In the meantime, you can:

1. Check Crowdsec Documentation to see if your issue can be self resolved.
2. You can also join our Discord.
3. Check Releases to make sure your agent is on the latest version.

Details

I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository.

[github-actions]

@wrobelda: There are no 'kind' label on this issue. You need a 'kind' label to start the triage process.

• /kind feature
• /kind enhancement
• /kind bug
• /kind packaging

Details

I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository.

[mmetc]

Thanks @wrobelda

Yes we should avoid this situation. Changing the default is done in #2594

we have yet to decide, if we change the behavior, how to avoid breaking the current installation scripts -- or implement an alternative.