Cant list allowlists?
I tried to list allowlists with 'cscli allowlist list' and get the following error:
Error: Get "http://localhost:8080/v1/allowlists?with_content=true": API error: ent: machine not foun
I'm using cscli from the LAPI pod on 1.6.11. I was able to create and add IPs to an allowlist but can't list them. I also can't 'cscli allowlist inspect <my list>'. Any ideas?
4 Replies
Important Information
Thank you for getting in touch with your support request. To expedite a swift resolution, could you kindly provide the following information? Rest assured, we will respond promptly, and we greatly appreciate your patience. While you wait, please check the links below to see if this issue has been previously addressed. If you have managed to resolve it, please use run the command
/resolve or press the green resolve button below.Log Files
If you possess any log files that you believe could be beneficial, please include them at this time. By default, CrowdSec logs to /var/log/, where you will discover a corresponding log file for each component.
Guide Followed (CrowdSec Official)
If you have diligently followed one of our guides and hit a roadblock, please share the guide with us. This will help us assess if any adjustments are necessary to assist you further.
Screenshots
Please forward any screenshots depicting errors you encounter. Your visuals will provide us with a clear view of the issues you are facing.
© Created By WhyAydan for CrowdSec ❤️
Oh, maybe one can only view allowlists from the agent ? I'm a little confused though because I was able to create it from the LAPI pod, and then I can 'list' it from the agent pod.
And I guess I can only add and remove entries from LAPI, not from agent? is this expected, or is something wrong?
😕 hmm all containers should be able to list them, unless your LAPI pod has had it credentials delete from the machine database.
You can see the creds via
cat /etc/crowdsec/local_api_credentials.yaml and then you can run cscli machines list. However, I guess those credentials have been deleted, as they are not needed for the LAPI to work.Hmm, yeah, I think you're right. I had run 'cscli machine prune' to clean up some old LAPI pods that no longer exist, and it removed the current ones too. I guess that explains the WHY, but not sure how to appropriately manage this. k8s pods are ephemeral, but LAPI instances count against the enterprise license, and so any time they're replaced they'll need to be pruned again manually, from what I've heard.