Skip to content

Commit

Permalink
Merge pull request #237 from draios/support-bundle-v6-apiurl-fix
Browse files Browse the repository at this point in the history 
chore(support-bundle): Added readme, fix api_url retrieval (for >= 6.9), fixed a regex for detect double digit version
  • Loading branch information
@mbreitung
mbreitung authored Jul 15, 2024
2 parents fc4d6c9 + 26abbb6 commit c6eade3
Show file tree
Hide file tree
Showing 2 changed files with 104 additions and 11 deletions.
12 changes: 12 additions & 0 deletions support_bundle/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# On-Premise Support Bundle script

## Usage example
Specify your current namespace with `-n` flag.

```
export API_TOKEN="xxxxx-xxxxx-xxxx-xxxxx"
./get_support_bundle.sh -a $API_TOKEN -n sysdigcloud
```

*NOTE:* For cases where the access to the API endpoint is limited/restricted use `-la` or `--local-api` flag.
103 changes: 92 additions & 11 deletions support_bundle/get_support_bundle.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ catch() {

#generate sysdigcloud support bundle on kubernetes

API_LOCAL=""
LABELS=""
CONTEXT=""
CONTEXT_OPTS=""
Expand All @@ -26,6 +27,7 @@ print_help() {
printf "\t%s\n" "-c,--context: Specify the kubectl context. If not set, the current context will be used."
printf "\t%s\n" "-d,--debug: Enables Debug"
printf "\t%s\n" "-l,--labels: Specify Sysdig pod role label to collect (e.g. api,collector,worker)"
printf "\t%s\n" "-la,--local-api: Uses kubectl port-forward feature for being able to access APIs for advanced data collection (for env that cannot reach APIs via domain/FQDN)"
printf "\t%s\n" "-n,--namespace: Specify the Sysdig namespace. (default: ${NAMESPACE})"
printf "\t%s\n" "-s,--since: Specify the timeframe of logs to collect (e.g. -s 1h)"
printf "\t%s\n" "-sa,--secure-api-key: Provide the Secure Superuser API key for advanced data collection"
Expand Down Expand Up @@ -59,6 +61,9 @@ parse_commandline() {
LABELS="$2"
shift
;;
-la|--local-api)
API_LOCAL="true"
;;
-n|--namespace)
test $# -lt 2 && die "Missing value for the optional argument '$_key'." 1
NAMESPACE="$2"
Expand Down Expand Up @@ -146,21 +151,60 @@ main() {
exit 1
fi

echo "$(kubectl ${CONTEXT_OPTS} ${KUBE_OPTS} get deployment sysdigcloud-api -ojsonpath='{.spec.template.spec.containers[0].image}' | awk -F: '{ print $2 }')" > ${LOG_DIR}/backend_version.txt
BACKEND_VERSION=$(kubectl ${CONTEXT_OPTS} ${KUBE_OPTS} get deployment sysdigcloud-api -ojsonpath='{.spec.template.spec.containers[0].image}' | awk -F: '{ print $2 }' | awk -F. '{ print $1 }') || true

# If API key is supplied, check the backend version, and send a GET to the relevant endpoints.
if [[ ! -z ${API_KEY} ]]; then
BACKEND_VERSION=$(kubectl ${CONTEXT_OPTS} ${KUBE_OPTS} get deployment sysdigcloud-api -ojsonpath='{.spec.template.spec.containers[0].image}' | awk 'match($0, /[0-9]\.[0-9]\.[0-9](\.[0-9]+)?/) {print substr($0, RSTART, RLENGTH)}') || true
echo ${BACKEND_VERSION} > ${LOG_DIR}/backend_version.txt
if [[ "$BACKEND_VERSION" =~ ^(6) ]]; then
API_URL=$(kubectl ${CONTEXT_OPTS} ${KUBE_OPTS} get cm sysdigcloud-collector-config -ojsonpath='{.data.collector-config\.conf}' | awk 'p&&$0~/"/{gsub("\"","");print} /{/{p=0} /sso/{p=1}' | grep serverName | awk '{print $3}')
if [[ "$BACKEND_VERSION" =~ ^(7|6)$ ]]; then
if [[ "$API_LOCAL" == "true" ]]; then
kubectl ${CONTEXT_OPTS} ${KUBE_OPTS} port-forward service/sysdigcloud-api 8080 > /dev/null 2>&1 &

# Store the port-forward pid in order to kill the process once we finish
pid=$!

# kill the port-forward regardless of how this script exits
trap '{
# echo killing $pid
kill $pid
}' EXIT

# wait for port-forward to become available
while ! curl -s localhost:8080 > /dev/null 2>&1 ; do
sleep 0.2
done
API_URL="http://127.0.0.1:8080"
else
API_URL=$(kubectl ${CONTEXT_OPTS} ${KUBE_OPTS} get cm sysdigcloud-collector-config -ojsonpath='{.data.collector-config\.conf}' | grep serverName | head -1 | awk '{print $3}' | sed 's/"//g')
fi
# Check that the API_KEY for the Super User is valid and exit
CURL_OUT=$(curl -fks -H "Authorization: Bearer ${API_KEY}" -H "Content-Type: application/json" "${API_URL}/api/license" >/dev/null 2>&1) && RETVAL=$? && error=0 || { RETVAL=$? && error=1; }
if [[ ${error} -eq 1 ]]; then
echo "The API_KEY supplied is Unauthorized. Please check and try again. Return Code: ${RETVAL}"
exit 1
fi
curl -ks -H "Authorization: Bearer ${API_KEY}" -H "Content-Type: application/json" "${API_URL}/api/admin/customer/1/meerkatSettings" >> ${LOG_DIR}/meerkat_settings.json
elif [[ "$BACKEND_VERSION" =~ ^(5) ]] || [[ "$BACKEND_VERSION" =~ ^(4) ]] || [[ "$BACKEND_VERSION" =~ ^(3) ]]; then
API_URL=$(kubectl ${CONTEXT_OPTS} ${KUBE_OPTS} get cm sysdigcloud-config -o yaml | grep -i api.url: | head -1 | awk '{print $2}')
elif [[ "$BACKEND_VERSION" =~ ^(5|4|3)$ ]]; then
if [[ "$API_LOCAL" == "true" ]]; then
kubectl ${KUBE_OPTS} port-forward service/sysdigcloud-api 8080 > /dev/null 2>&1 &

# Store the port-forward pid in order to kill the process once we finish
pid=$!

# kill the port-forward regardless of how this script exits
trap '{
# echo killing $pid
kill $pid
}' EXIT

# wait for port-forward to become available
while ! curl -s localhost:8080 > /dev/null 2>&1 ; do
sleep 0.2
done
API_URL="http://127.0.0.1:8080"
else
API_URL=$(kubectl ${CONTEXT_OPTS} ${KUBE_OPTS} get cm sysdigcloud-config -o yaml | grep -i api.url: | head -1 | awk '{print $2}')
fi
# Check that the API_KEY for the Super User is valid and exit
CURL_OUT=$(curl -fks -H "Authorization: Bearer ${API_KEY}" -H "Content-Type: application/json" "${API_URL}/api/license" >/dev/null 2>&1) && RETVAL=$? && error=0 || { RETVAL=$? && error=1; }
if [[ ${error} -eq 1 ]]; then
Expand Down Expand Up @@ -189,17 +233,54 @@ main() {

# If Secure API key is supplied, collect settings
if [[ ! -z ${SECURE_API_KEY} ]]; then
BACKEND_VERSION=$(kubectl ${CONTEXT_OPTS} ${KUBE_OPTS} get deployment sysdigcloud-api -ojsonpath='{.spec.template.spec.containers[0].image}' | awk 'match($0, /[0-9]\.[0-9]\.[0-9](\.[0-9]+)?/) {print substr($0, RSTART, RLENGTH)}') || true
if [[ "$BACKEND_VERSION" =~ ^(6) ]]; then
API_URL=$(kubectl ${CONTEXT_OPTS} ${KUBE_OPTS} get cm sysdigcloud-collector-config -ojsonpath='{.data.collector-config\.conf}' | awk 'p&&$0~/"/{gsub("\"","");print} /{/{p=0} /sso/{p=1}' | grep serverName | awk '{print $3}')
if [[ "$BACKEND_VERSION" =~ ^(7|6)$ ]]; then
if [[ "$API_LOCAL" == "true" ]]; then
kubectl ${CONTEXT_OPTS} ${KUBE_OPTS} port-forward service/sysdigcloud-api 8080 > /dev/null 2>&1 &

# Store the port-forward pid in order to kill the process once we finish
pid=$!

# kill the port-forward regardless of how this script exits
trap '{
# echo killing $pid
kill $pid
}' EXIT

# wait for port-forward to become available
while ! curl -s localhost:8080 > /dev/null 2>&1 ; do
sleep 0.2
done
API_URL="http://127.0.0.1:8080"
else
API_URL=$(kubectl ${CONTEXT_OPTS} ${KUBE_OPTS} get cm sysdigcloud-collector-config -ojsonpath='{.data.collector-config\.conf}' | grep serverName | head -1 | awk '{print $3}' | sed 's/"//g')
fi
# Check that the SECURE_API_KEY for the Super User is valid and exit
CURL_OUT=$(curl -fks -H "Authorization: Bearer ${SECURE_API_KEY}" -H "Content-Type: application/json" "${API_URL}/api/license" >/dev/null 2>&1) && RETVAL=$? && error=0 || { RETVAL=$? && error=1; }
if [[ ${error} -eq 1 ]]; then
echo "The SECURE_API_KEY supplied is Unauthorized. Please check and try again. Return Code: ${RETVAL}"
exit 1
fi
elif [[ "$BACKEND_VERSION" =~ ^(5) ]] || [[ "$BACKEND_VERSION" =~ ^(4) ]] || [[ "$BACKEND_VERSION" =~ ^(3) ]]; then
API_URL=$(kubectl ${CONTEXT_OPTS} ${KUBE_OPTS} get cm sysdigcloud-config -o yaml | grep -i api.url: | head -1 | awk '{print $2}')
elif [[ "$BACKEND_VERSION" =~ ^(5|4|3)$ ]]; then
if [[ "$API_LOCAL" == "true" ]]; then
kubectl ${CONTEXT_OPTS} ${KUBE_OPTS} port-forward service/sysdigcloud-api 8080 > /dev/null 2>&1 &

# Store the port-forward pid in order to kill the process once we finish
pid=$!

# kill the port-forward regardless of how this script exits
trap '{
# echo killing $pid
kill $pid
}' EXIT

# wait for port-forward to become available
while ! curl -s localhost:8080 > /dev/null 2>&1 ; do
sleep 0.2
done
API_URL="http://127.0.0.1:8080"
else
API_URL=$(kubectl ${CONTEXT_OPTS} ${KUBE_OPTS} get cm sysdigcloud-config -o yaml | grep -i api.url: | head -1 | awk '{print $2}')
fi
# Check that the API_KEY for the Super User is valid and exit
CURL_OUT=$(curl -fks -H "Authorization: Bearer ${API_KEY}" -H "Content-Type: application/json" "${API_URL}/api/license" >/dev/null 2>&1) && RETVAL=$? && error=0 || { RETVAL=$? && error=1; }
if [[ ${error} -eq 1 ]]; then
Expand Down

0 comments on commit c6eade3

Please sign in to comment.