C
CrowdSec9mo ago
m3tc0n

Inactive bouncers

Hi, I opened my console yesterday and saw this. I didnt do anything to my setup. Somehow my CF and Traefik bouncers went inactive and active again. I also see the IP addresses now at the end of the bouncer names. What could be the cause and how to remove the inactive bouncers?
No description
7 Replies
CrowdSec
CrowdSec9mo ago
Important Information
This post has been marked as resolved. If this is a mistake please press the red button below or type /unresolve
© Created By WhyAydan for CrowdSec ❤️
blotus
blotus9mo ago
The ip at the end of the bouncer means you are using the same API key for multiple bouncers: before 1.6.4, this was not supported, as bouncer would "steal" decisions from each others. We've added support for this in 1.6.4, and we create a new bouncer automatically if we detect usage from multiples servers. actually looking at the names, and the fact the 2 previous bouncers appear as inactive you were probably not sharing the key, but the IPs of the bouncers changed. As we rely on the source IP to "guess" that a key is shared, crowdsec automaticaly created new bouncers for you to properly keep track of everything If it's actually what happened, you are in a edge case we didn't really consider (we assume static IPs for bouncers). If you try to delete the inactive bouncers, because they are considered to be the "parent" bouncers for the 2 others, it will also delete them. If you run cscli bouncers list, you will see the old IPs of the bouncer
m3tc0n
m3tc0nOP9mo ago
Thanks for your reply and sorry for my late response. New bouncers were created everytime I rebooted my server. The bouncers didnt and still dont have static IPs. I have reinstalled the bouncers and everything is OK now, but I fear that when I reboot my server again, new bouncers are getting created again. Edit: is the only way to prevent this happening in de future to give the bouncers a static IP address?
blotus
blotus9mo ago
Yes it is. It's a side effect of the changes we made to allow sharing API keys, I'm not sure we have an easy way to avoid this behaviour :/
m3tc0n
m3tc0nOP9mo ago
No problem. I remover the patent bouncers, gave them a static IP address and readded them. Thanks
CrowdSec
CrowdSec9mo ago
Resolving Inactive bouncers This has now been resolved. If you think this is a mistake please run /unresolve
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View

Did you find this page helpful?