Moving to new 25.7 machine how do I preserve my crowdsec configurations - Agents

[sparticle]

I am moving over to a new machine. Setup OOtB then install all of the plugins from my old installation as importing the config does not install them automatically.

Once rebooted the crowdsec configuration does not seem to work as none of my network crowdsec agents can connect to the opnsense crowdsec lapi.

The setup config seems to have come across fine all of the options are configured exactly as my old opnsense installation.

I really don't want to have to manually go around all of the network servers with the crowdsec agent running and start again.

Are there some crowdsec config files I have to manually bring across from the old installation.

Any help appreciated.

[sparticle]

Really, no one has experienced this.


When I bring up the new 25.7 instance and import the backed up config. The Crowdsec config looks exactly the same as the old OPNSense system. But the network devices that are running and reporting via the new LAPI connection are not there anymore and are not reported.

Checking on the command line, the network machines don't exist.

[cookiemonster]

I did have it on an OPN re-install. Few machines so it was simple to re-register.
Best I can think of is to suggest to ask their channels referenced here: https://docs.crowdsec.net/u/getting_started/health_check
That said and without wanting to lead you astray, from my limited understanding https://doc.crowdsec.net/docs/next/local_api/intro , it needs them re-registering for it to be clean, but for what you want (which I think is reasonable) maybe I can help you compare. My setup is currently working. I suspect (do not actually know) that is not only the config that is needed but a collection of files in the /usr/local/etc/crowdsec/ directory. Maybe you can get away with the same local_api_credentials.yaml if all else is identical. Worth a comparison I think.

[sparticle]

Hey @cookiemonster many thanks for taking the time to respond I saw that the credentials files were different on the OPNSense old vs new. I will take a look at the docs but I think you might be right and I have to manually re-register all of the network agents! PITA!

For other benefits I will post back here the solution.

Cheers

[sylaan]

Hi,

Did you end up fixing this ?

Best regards

[jonny5]

You will have to re-register your agents (clients/parsers/blockers) on any CrowdSec Server setup, you cannot migrate. This is true too if you switch DBs for the Server as it stores this in the DB.

That said, if you deploy the CrowdSec Server outside of the OPNSense and just use the CrowdSec Agents (Parser and Blocker) features on the OPNSense, you can more or less have a 'hard coded' deployed to work list of agents as you can seed the agents on Docker Compose deploy via the Environment element of the 'docker-compose.yml' file.

The other option would be to have a script that creates your machines and bouncers (the parser and blocker/bouncer agents) in the Server. Once you have that, just maintain your IaC (Infrastructure as Code) to match your environment and if you have to rebuild, you can have your setup tool-kit.