diff --git a/support_bundle/README.md b/support_bundle/README.md new file mode 100644 index 00000000..55a9e475 --- /dev/null +++ b/support_bundle/README.md @@ -0,0 +1,12 @@ +# On-Premise Support Bundle script + +## Usage example +Specify your current namespace with `-n` flag. + +``` +export API_TOKEN="xxxxx-xxxxx-xxxx-xxxxx" + +./get_support_bundle.sh -a $API_TOKEN -n sysdigcloud +``` + +*NOTE:* For cases where the access to the API endpoint is limited/restricted use `-la` or `--local-api` flag. diff --git a/support_bundle/get_support_bundle.sh b/support_bundle/get_support_bundle.sh index 6d76a2a1..2e00e300 100755 --- a/support_bundle/get_support_bundle.sh +++ b/support_bundle/get_support_bundle.sh @@ -8,6 +8,7 @@ catch() { #generate sysdigcloud support bundle on kubernetes +API_LOCAL="" LABELS="" CONTEXT="" CONTEXT_OPTS="" @@ -26,6 +27,7 @@ print_help() { printf "\t%s\n" "-c,--context: Specify the kubectl context. If not set, the current context will be used." printf "\t%s\n" "-d,--debug: Enables Debug" printf "\t%s\n" "-l,--labels: Specify Sysdig pod role label to collect (e.g. api,collector,worker)" + printf "\t%s\n" "-la,--local-api: Uses kubectl port-forward feature for being able to access APIs for advanced data collection (for env that cannot reach APIs via domain/FQDN)" printf "\t%s\n" "-n,--namespace: Specify the Sysdig namespace. (default: ${NAMESPACE})" printf "\t%s\n" "-s,--since: Specify the timeframe of logs to collect (e.g. -s 1h)" printf "\t%s\n" "-sa,--secure-api-key: Provide the Secure Superuser API key for advanced data collection" @@ -59,6 +61,9 @@ parse_commandline() { LABELS="$2" shift ;; + -la|--local-api) + API_LOCAL="true" + ;; -n|--namespace) test $# -lt 2 && die "Missing value for the optional argument '$_key'." 1 NAMESPACE="$2" @@ -146,12 +151,32 @@ main() { exit 1 fi + echo "$(kubectl ${CONTEXT_OPTS} ${KUBE_OPTS} get deployment sysdigcloud-api -ojsonpath='{.spec.template.spec.containers[0].image}' | awk -F: '{ print $2 }')" > ${LOG_DIR}/backend_version.txt + BACKEND_VERSION=$(kubectl ${CONTEXT_OPTS} ${KUBE_OPTS} get deployment sysdigcloud-api -ojsonpath='{.spec.template.spec.containers[0].image}' | awk -F: '{ print $2 }' | awk -F. '{ print $1 }') || true + # If API key is supplied, check the backend version, and send a GET to the relevant endpoints. if [[ ! -z ${API_KEY} ]]; then - BACKEND_VERSION=$(kubectl ${CONTEXT_OPTS} ${KUBE_OPTS} get deployment sysdigcloud-api -ojsonpath='{.spec.template.spec.containers[0].image}' | awk 'match($0, /[0-9]\.[0-9]\.[0-9](\.[0-9]+)?/) {print substr($0, RSTART, RLENGTH)}') || true - echo ${BACKEND_VERSION} > ${LOG_DIR}/backend_version.txt - if [[ "$BACKEND_VERSION" =~ ^(6) ]]; then - API_URL=$(kubectl ${CONTEXT_OPTS} ${KUBE_OPTS} get cm sysdigcloud-collector-config -ojsonpath='{.data.collector-config\.conf}' | awk 'p&&$0~/"/{gsub("\"","");print} /{/{p=0} /sso/{p=1}' | grep serverName | awk '{print $3}') + if [[ "$BACKEND_VERSION" =~ ^(7|6)$ ]]; then + if [[ "$API_LOCAL" == "true" ]]; then + kubectl ${CONTEXT_OPTS} ${KUBE_OPTS} port-forward service/sysdigcloud-api 8080 > /dev/null 2>&1 & + + # Store the port-forward pid in order to kill the process once we finish + pid=$! + + # kill the port-forward regardless of how this script exits + trap '{ + # echo killing $pid + kill $pid + }' EXIT + + # wait for port-forward to become available + while ! curl -s localhost:8080 > /dev/null 2>&1 ; do + sleep 0.2 + done + API_URL="http://127.0.0.1:8080" + else + API_URL=$(kubectl ${CONTEXT_OPTS} ${KUBE_OPTS} get cm sysdigcloud-collector-config -ojsonpath='{.data.collector-config\.conf}' | grep serverName | head -1 | awk '{print $3}' | sed 's/"//g') + fi # Check that the API_KEY for the Super User is valid and exit CURL_OUT=$(curl -fks -H "Authorization: Bearer ${API_KEY}" -H "Content-Type: application/json" "${API_URL}/api/license" >/dev/null 2>&1) && RETVAL=$? && error=0 || { RETVAL=$? && error=1; } if [[ ${error} -eq 1 ]]; then @@ -159,8 +184,27 @@ main() { exit 1 fi curl -ks -H "Authorization: Bearer ${API_KEY}" -H "Content-Type: application/json" "${API_URL}/api/admin/customer/1/meerkatSettings" >> ${LOG_DIR}/meerkat_settings.json - elif [[ "$BACKEND_VERSION" =~ ^(5) ]] || [[ "$BACKEND_VERSION" =~ ^(4) ]] || [[ "$BACKEND_VERSION" =~ ^(3) ]]; then - API_URL=$(kubectl ${CONTEXT_OPTS} ${KUBE_OPTS} get cm sysdigcloud-config -o yaml | grep -i api.url: | head -1 | awk '{print $2}') + elif [[ "$BACKEND_VERSION" =~ ^(5|4|3)$ ]]; then + if [[ "$API_LOCAL" == "true" ]]; then + kubectl ${KUBE_OPTS} port-forward service/sysdigcloud-api 8080 > /dev/null 2>&1 & + + # Store the port-forward pid in order to kill the process once we finish + pid=$! + + # kill the port-forward regardless of how this script exits + trap '{ + # echo killing $pid + kill $pid + }' EXIT + + # wait for port-forward to become available + while ! curl -s localhost:8080 > /dev/null 2>&1 ; do + sleep 0.2 + done + API_URL="http://127.0.0.1:8080" + else + API_URL=$(kubectl ${CONTEXT_OPTS} ${KUBE_OPTS} get cm sysdigcloud-config -o yaml | grep -i api.url: | head -1 | awk '{print $2}') + fi # Check that the API_KEY for the Super User is valid and exit CURL_OUT=$(curl -fks -H "Authorization: Bearer ${API_KEY}" -H "Content-Type: application/json" "${API_URL}/api/license" >/dev/null 2>&1) && RETVAL=$? && error=0 || { RETVAL=$? && error=1; } if [[ ${error} -eq 1 ]]; then @@ -189,17 +233,54 @@ main() { # If Secure API key is supplied, collect settings if [[ ! -z ${SECURE_API_KEY} ]]; then - BACKEND_VERSION=$(kubectl ${CONTEXT_OPTS} ${KUBE_OPTS} get deployment sysdigcloud-api -ojsonpath='{.spec.template.spec.containers[0].image}' | awk 'match($0, /[0-9]\.[0-9]\.[0-9](\.[0-9]+)?/) {print substr($0, RSTART, RLENGTH)}') || true - if [[ "$BACKEND_VERSION" =~ ^(6) ]]; then - API_URL=$(kubectl ${CONTEXT_OPTS} ${KUBE_OPTS} get cm sysdigcloud-collector-config -ojsonpath='{.data.collector-config\.conf}' | awk 'p&&$0~/"/{gsub("\"","");print} /{/{p=0} /sso/{p=1}' | grep serverName | awk '{print $3}') + if [[ "$BACKEND_VERSION" =~ ^(7|6)$ ]]; then + if [[ "$API_LOCAL" == "true" ]]; then + kubectl ${CONTEXT_OPTS} ${KUBE_OPTS} port-forward service/sysdigcloud-api 8080 > /dev/null 2>&1 & + + # Store the port-forward pid in order to kill the process once we finish + pid=$! + + # kill the port-forward regardless of how this script exits + trap '{ + # echo killing $pid + kill $pid + }' EXIT + + # wait for port-forward to become available + while ! curl -s localhost:8080 > /dev/null 2>&1 ; do + sleep 0.2 + done + API_URL="http://127.0.0.1:8080" + else + API_URL=$(kubectl ${CONTEXT_OPTS} ${KUBE_OPTS} get cm sysdigcloud-collector-config -ojsonpath='{.data.collector-config\.conf}' | grep serverName | head -1 | awk '{print $3}' | sed 's/"//g') + fi # Check that the SECURE_API_KEY for the Super User is valid and exit CURL_OUT=$(curl -fks -H "Authorization: Bearer ${SECURE_API_KEY}" -H "Content-Type: application/json" "${API_URL}/api/license" >/dev/null 2>&1) && RETVAL=$? && error=0 || { RETVAL=$? && error=1; } if [[ ${error} -eq 1 ]]; then echo "The SECURE_API_KEY supplied is Unauthorized. Please check and try again. Return Code: ${RETVAL}" exit 1 fi - elif [[ "$BACKEND_VERSION" =~ ^(5) ]] || [[ "$BACKEND_VERSION" =~ ^(4) ]] || [[ "$BACKEND_VERSION" =~ ^(3) ]]; then - API_URL=$(kubectl ${CONTEXT_OPTS} ${KUBE_OPTS} get cm sysdigcloud-config -o yaml | grep -i api.url: | head -1 | awk '{print $2}') + elif [[ "$BACKEND_VERSION" =~ ^(5|4|3)$ ]]; then + if [[ "$API_LOCAL" == "true" ]]; then + kubectl ${CONTEXT_OPTS} ${KUBE_OPTS} port-forward service/sysdigcloud-api 8080 > /dev/null 2>&1 & + + # Store the port-forward pid in order to kill the process once we finish + pid=$! + + # kill the port-forward regardless of how this script exits + trap '{ + # echo killing $pid + kill $pid + }' EXIT + + # wait for port-forward to become available + while ! curl -s localhost:8080 > /dev/null 2>&1 ; do + sleep 0.2 + done + API_URL="http://127.0.0.1:8080" + else + API_URL=$(kubectl ${CONTEXT_OPTS} ${KUBE_OPTS} get cm sysdigcloud-config -o yaml | grep -i api.url: | head -1 | awk '{print $2}') + fi # Check that the API_KEY for the Super User is valid and exit CURL_OUT=$(curl -fks -H "Authorization: Bearer ${API_KEY}" -H "Content-Type: application/json" "${API_URL}/api/license" >/dev/null 2>&1) && RETVAL=$? && error=0 || { RETVAL=$? && error=1; } if [[ ${error} -eq 1 ]]; then