update docker image documentation + docker start script (#965)

* update docker image documentation  + docker start script

docker/README.md

@@ -81,7 +81,10 @@ If you want to be able to restart/stop your container and keep the same DB `-v /
 * `TEST_MODE`               - Only test configs (default: `false`) : `-e TEST_MODE="<true|false>"`
 * `TZ`                      - Set the [timezone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) to ensure logs have a local timestamp.
 * `DISABLE_AGENT`           - Only test configs (default: `false`) : `-e DISABLE_AGENT="<true|false>"`
-* `DISABLE_LOCAL_API`       - Disable local API (default: `false`) : `-e DISABLE_API="<true|false>"`
+* `DISABLE_LOCAL_API`       - Disable local API (default: `false`) : `-e DISABLE_LOCAL_API="<true|false>"`
+* `AGENT_USERNAME`          - Agent username (to register if is LAPI or to use if it's an agent) : `-e AGENT_USERNAME="machine_id"`
+* `AGENT_PASSWORD`          - Agent password (to register if is LAPI or to use if it's an agent) : `-e AGENT_PASSWORD="machine_password"`
+* `LOCAL_API_URL`           - To specify when an agent needs to connect to a LAPI crowdsec (To use only when `DISABLE_LOCAL_API` is set to `true`) : `-e LOCAL_API_URL="http://lapi-address:8080"`
 * `DISABLE_ONLINE_API`      - Disable Online API registration for signal sharing (default: `false`) : `-e DISABLE_ONLINE_API="<true|false>"`
 * `LEVEL_TRACE`             - Trace-level (VERY verbose) on stdout (default: `false`) : `-e LEVEL_TRACE="<true|false>"`
 * `LEVEL_DEBUG`             - Debug-level on stdout (default: `false`) : `-e LEVEL_DEBUG="<true|false>"`

docker/docker_start.sh

@@ -1,9 +1,27 @@
 #!/bin/sh
 
-# Check if the container has already been started
-cscli machines list | grep 127.0.0.1
-if [ $? == 1 ]; then
-    cscli machines add --force --auto -f /etc/crowdsec/local_api_credentials.yaml
+# Check if the container has already been started (ignore if agent is disabled)
+if [ "$DISABLE_AGENT" == "" ] ; then
+    echo "Check if the container has already been started (ignore if agent is disabled)"
+    cscli machines list | grep localhost
+    if [ $? == 1 ]; then
+        cscli lapi register --machine localhost
+    fi
+    if [ "$AGENT_USERNAME" != "" ] && [ "$AGENT_PASSWORD" != "" ] && [ "$LOCAL_API_URL" != "" ] ; then
+        echo "set up lapi credentials for agent"
+        CONFIG_PATH=$(yq eval '.api.client.credentials_path' /etc/crowdsec/config.yaml)
+        echo "url: $LOCAL_API_URL" > $CONFIG_PATH
+        echo "login: $AGENT_USERNAME" >> $CONFIG_PATH
+        echo "password: $AGENT_PASSWORD" >> $CONFIG_PATH
+    fi
+fi
+
+# Check if lapi need to register automatically an agent
+echo Check if lapi need to register automatically an agent
+if [ "$DISABLE_LOCAL_API" == "" ] && [ "$AGENT_USERNAME" != "" ] && [ "$AGENT_PASSWORD" != "" ] ; then
+    echo registering agent $AGENT_USERNAME to lapi 
+    echo AGENT PASSWORD : $AGENT_PASSWORD
+    cscli machines add $AGENT_USERNAME --password $AGENT_PASSWORD
 fi
 
 # registration to online API for signal push
@@ -27,7 +45,7 @@ fi
 
 ## Install collections, parsers & scenarios
 cscli hub update
-cscli collections upgrade crowdsecurity/linux
+cscli collections upgrade crowdsecurity/linux || true
 if [ "$COLLECTIONS" != "" ]; then
     cscli collections install $COLLECTIONS
 fi
@@ -58,7 +76,7 @@ fi
 if [ "$DISABLE_AGENT" == "true" ] || [ "$DISABLE_AGENT" == "TRUE" ]; then
     ARGS="$ARGS -no-cs"
 fi
-if [ "$DISABLE_API" == "true" ] || [ "$DISABLE_API" == "TRUE" ]; then
+if [ "$DISABLE_LOCAL_API" == "true" ] || [ "$DISABLE_LOCAL_API" == "TRUE" ]; then
     ARGS="$ARGS -no-api"
 fi
 if [ "$LEVEL_TRACE" == "true" ] || [ "$LEVEL_TRACE" == "TRUE" ]; then
@@ -71,4 +89,4 @@ if [ "$LEVEL_INFO" == "true" ] || [ "$LEVEL_INFO" == "TRUE" ]; then
     ARGS="$ARGS -info"
 fi
 
-exec crowdsec $ARGS
+exec crowdsec $ARGS