added netbird-watcher script
All checks were successful
Terraform / terraform (push) Successful in 7s
All checks were successful
Terraform / terraform (push) Successful in 7s
This commit is contained in:
Prox
104
watcher/README.md
Normal file
104
watcher/README.md
Normal file
@@ -0,0 +1,104 @@
|
||||
# NetBird Peer Renamer Watcher
|
||||
|
||||
Automatically renames NetBird peers after enrollment based on setup key names.
|
||||
|
||||
## How It Works
|
||||
|
||||
1. Engineer creates setup key named after the desired peer name (e.g., `pilot-ivanov`)
|
||||
2. Operator enrolls using the setup key
|
||||
3. Peer appears with random hostname (e.g., `DESKTOP-ABC123`)
|
||||
4. **Watcher detects the consumed setup key and renames peer to `pilot-ivanov`**
|
||||
|
||||
## Logic
|
||||
|
||||
The watcher polls NetBird API every 30 seconds:
|
||||
|
||||
1. Fetches all setup keys
|
||||
2. Finds keys with `used_times > 0` that haven't been processed
|
||||
3. For each consumed key:
|
||||
- Looks up `last_used` timestamp
|
||||
- Finds peer created around that time (within 60 seconds)
|
||||
- Renames peer to match setup key name
|
||||
4. Marks key as processed to avoid re-processing
|
||||
|
||||
## Installation
|
||||
|
||||
### Via Ansible
|
||||
|
||||
```bash
|
||||
cd ansible/netbird-watcher
|
||||
ansible-playbook -i poc-inventory.yml playbook.yml -e vault_netbird_token=<TOKEN>
|
||||
```
|
||||
|
||||
### Manual
|
||||
|
||||
```bash
|
||||
# Copy script
|
||||
sudo cp netbird_watcher.py /opt/netbird-watcher/
|
||||
sudo chmod +x /opt/netbird-watcher/netbird_watcher.py
|
||||
|
||||
# Create config
|
||||
sudo mkdir -p /etc/netbird-watcher
|
||||
sudo cat > /etc/netbird-watcher/config.json << EOF
|
||||
{
|
||||
"url": "https://netbird-poc.networkmonitor.cc",
|
||||
"token": "nbp_YOUR_TOKEN"
|
||||
}
|
||||
EOF
|
||||
sudo chmod 600 /etc/netbird-watcher/config.json
|
||||
|
||||
# Create state directory
|
||||
sudo mkdir -p /var/lib/netbird-watcher
|
||||
|
||||
# Install service
|
||||
sudo cp netbird-watcher.service /etc/systemd/system/
|
||||
sudo systemctl daemon-reload
|
||||
sudo systemctl enable --now netbird-watcher
|
||||
```
|
||||
|
||||
## Usage
|
||||
|
||||
### Check status
|
||||
|
||||
```bash
|
||||
systemctl status netbird-watcher
|
||||
journalctl -u netbird-watcher -f
|
||||
```
|
||||
|
||||
### Run manually (one-shot)
|
||||
|
||||
```bash
|
||||
./netbird_watcher.py \
|
||||
--url https://netbird-poc.networkmonitor.cc \
|
||||
--token nbp_xxx \
|
||||
--once \
|
||||
--verbose
|
||||
```
|
||||
|
||||
### State file
|
||||
|
||||
Processed keys are tracked in `/var/lib/netbird-watcher/state.json`:
|
||||
|
||||
```json
|
||||
{
|
||||
"processed_keys": ["key-id-1", "key-id-2"]
|
||||
}
|
||||
```
|
||||
|
||||
To reprocess a key, remove its ID from this file.
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
### Peer not renamed
|
||||
|
||||
1. Check if setup key was consumed: `used_times > 0`
|
||||
2. Check watcher logs: `journalctl -u netbird-watcher`
|
||||
3. Ensure peer enrolled within 60 seconds of key consumption
|
||||
4. Check if key was already processed (in state.json)
|
||||
|
||||
### Reset state
|
||||
|
||||
```bash
|
||||
sudo rm /var/lib/netbird-watcher/state.json
|
||||
sudo systemctl restart netbird-watcher
|
||||
```
|
||||
Reference in New Issue
Block a user