chore: try fix crashing on recuring scrape

Author: hydazz

README.md

@@ -21,15 +21,18 @@ This exporter queries the Local API and exposes rich Prometheus metrics includin
 ### Method 1: Auto-Registration
 
 If your CrowdSec instance supports auto-registration with a token:
+**Note:** When using auto-registration with a token, the provided login/password will be used for the machine registration.
 
 ```bash
 ./crowdsec-exporter \
   --crowdsec-url http://localhost:8080 \
+  --crowdsec-login your-machine-login \ # crowdsec-exporter
+  --crowdsec-password your-machine-password \ # make 16+ characters
   --crowdsec-registration-token ${REGISTRATION_TOKEN} \
   --log-level debug
 ```
 
-### Method 2: Manual Machine Account
+### Method 2: Existing Machine Account
 
 ```bash
 ./crowdsec-exporter \
@@ -43,17 +46,18 @@ Metrics are exposed at `http://localhost:9090/metrics`.
 
 ## Configuration Options
 
-| Flag                            | Environment Variable                            | Default                 | Description                            |
-| ------------------------------- | ----------------------------------------------- | ----------------------- | -------------------------------------- |
-| `--crowdsec-url`                | `CROWDSEC_EXPORTER_CROWDSEC_URL`                | `http://localhost:8080` | CrowdSec Local API URL                 |
-| `--crowdsec-login`              | `CROWDSEC_EXPORTER_CROWDSEC_LOGIN`              | -                       | Machine login (manual auth)            |
-| `--crowdsec-password`           | `CROWDSEC_EXPORTER_CROWDSEC_PASSWORD`           | -                       | Machine password (manual auth)         |
-| `--crowdsec-registration-token` | `CROWDSEC_EXPORTER_CROWDSEC_REGISTRATION_TOKEN` | -                       | Registration token (auto-registration) |
-| `--crowdsec-machine-name`       | `CROWDSEC_EXPORTER_CROWDSEC_MACHINE_NAME`       | hostname                | Machine name used during registration  |
-| `--listen-address`              | `CROWDSEC_EXPORTER_SERVER_LISTEN_ADDRESS`       | `:9090`                 | Listen address                         |
-| `--metrics-path`                | `CROWDSEC_EXPORTER_SERVER_METRICS_PATH`         | `/metrics`              | Metrics endpoint                       |
-| `--instance-name`               | `CROWDSEC_EXPORTER_EXPORTER_INSTANCE_NAME`      | `crowdsec`              | Instance label                         |
-| `--log-level`                   | `CROWDSEC_EXPORTER_LOG_LEVEL`                   | `info`                  | Log level (debug, info, warn, error)   |
+| Flag                            | Environment Variable                            | Default                 | Description                                 |
+| ------------------------------- | ----------------------------------------------- | ----------------------- | ------------------------------------------- |
+| `--crowdsec-url`                | `CROWDSEC_EXPORTER_CROWDSEC_URL`                | `http://localhost:8080` | CrowdSec Local API URL                      |
+| `--crowdsec-login`              | `CROWDSEC_EXPORTER_CROWDSEC_LOGIN`              | -                       | Machine login (required)                    |
+| `--crowdsec-password`           | `CROWDSEC_EXPORTER_CROWDSEC_PASSWORD`           | -                       | Machine password (required)                 |
+| `--crowdsec-registration-token` | `CROWDSEC_EXPORTER_CROWDSEC_REGISTRATION_TOKEN` | -                       | Registration token (optional, for auto-reg) |
+| `--crowdsec-machine-name`       | `CROWDSEC_EXPORTER_CROWDSEC_MACHINE_NAME`       | hostname                | Machine name used during registration       |
+| `--crowdsec-deregister-on-exit` | `CROWDSEC_EXPORTER_CROWDSEC_DEREGISTER_ON_EXIT` | `false`                 | Deregister machine on exit                  |
+| `--listen-address`              | `CROWDSEC_EXPORTER_SERVER_LISTEN_ADDRESS`       | `:9090`                 | Listen address                              |
+| `--metrics-path`                | `CROWDSEC_EXPORTER_SERVER_METRICS_PATH`         | `/metrics`              | Metrics endpoint                            |
+| `--instance-name`               | `CROWDSEC_EXPORTER_EXPORTER_INSTANCE_NAME`      | `crowdsec`              | Instance label                              |
+| `--log-level`                   | `CROWDSEC_EXPORTER_LOG_LEVEL`                   | `info`                  | Log level (debug, info, warn, error)        |
 
 ## Installation
 

cmd/crowdsec-exporter/main.go

@@ -12,6 +12,7 @@ import (
 	"time"
 
 	"github.com/hydazz/crowdsec-exporter/internal/config"
+	"github.com/hydazz/crowdsec-exporter/internal/crowdsec"
 	"github.com/hydazz/crowdsec-exporter/internal/exporter"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 	"github.com/spf13/cobra"
@@ -26,80 +27,66 @@ var (
 
 func main() {
 	if err := newRootCmd().Execute(); err != nil {
-		slog.Error("Command execution failed", "error", err)
+		slog.Error("command failed", "error", err)
 		os.Exit(1)
 	}
 }
 
 func newRootCmd() *cobra.Command {
 	cmd := &cobra.Command{
-		Use:   "crowdsec-exporter",
-		Short: "Prometheus exporter for CrowdSec decisions",
-		Long: `A Prometheus exporter that exposes CrowdSec decisions with rich geographical 
-and ASN information as metrics, compatible with Grafana dashboards.`,
-
-		SilenceUsage:  true, // Don't show usage on errors
-		SilenceErrors: true, // We handle errors manually
+		Use:           "crowdsec-exporter",
+		Short:         "Prometheus exporter for CrowdSec decisions",
+		Long:          "A Prometheus exporter that exposes CrowdSec decisions with geographical and ASN info as metrics.",
+		SilenceUsage:  true,
+		SilenceErrors: true,
 		RunE: func(cmd *cobra.Command, args []string) error {
 			return runExporter()
 		},
 	}
 
-	// Setup Viper for automatic env binding
 	viper.SetEnvPrefix("CROWDSEC_EXPORTER")
 	viper.AutomaticEnv()
 	viper.SetEnvKeyReplacer(strings.NewReplacer("-", "_", ".", "_"))
 
-	flags := cmd.Flags()
-	flags.String("crowdsec-url", "http://localhost:8080", "CrowdSec Local API URL")
-	flags.String("crowdsec-login", "", "CrowdSec machine login")
-	flags.String("crowdsec-password", "", "CrowdSec machine password")
-	flags.String("crowdsec-registration-token", "", "CrowdSec auto-registration token")
-	flags.String("crowdsec-machine-name", "", "Machine name for auto-registration (defaults to hostname)")
-	flags.String("listen-address", ":9090", "Address to listen on for web interface and metrics")
-	flags.String("metrics-path", "/metrics", "Path under which to expose metrics")
-	flags.String("instance-name", "crowdsec", "Instance name to use in metrics labels")
-	flags.String("log-level", "info", "Log level (debug, info, warn, error)")
-
-	// Bind flags to viper
-	if err := viper.BindPFlag("crowdsec.url", flags.Lookup("crowdsec-url")); err != nil {
-		panic(fmt.Sprintf("failed to bind crowdsec-url flag: %v", err))
-	}
-	if err := viper.BindPFlag("crowdsec.login", flags.Lookup("crowdsec-login")); err != nil {
-		panic(fmt.Sprintf("failed to bind crowdsec-login flag: %v", err))
-	}
-	if err := viper.BindPFlag("crowdsec.password", flags.Lookup("crowdsec-password")); err != nil {
-		panic(fmt.Sprintf("failed to bind crowdsec-password flag: %v", err))
-	}
-	if err := viper.BindPFlag("crowdsec.registration_token", flags.Lookup("crowdsec-registration-token")); err != nil {
-		panic(fmt.Sprintf("failed to bind crowdsec-registration-token flag: %v", err))
-	}
-	if err := viper.BindPFlag("crowdsec.machine_name", flags.Lookup("crowdsec-machine-name")); err != nil {
-		panic(fmt.Sprintf("failed to bind crowdsec-machine-name flag: %v", err))
-	}
-	if err := viper.BindPFlag("server.listen_address", flags.Lookup("listen-address")); err != nil {
-		panic(fmt.Sprintf("failed to bind listen-address flag: %v", err))
-	}
-	if err := viper.BindPFlag("server.metrics_path", flags.Lookup("metrics-path")); err != nil {
-		panic(fmt.Sprintf("failed to bind metrics-path flag: %v", err))
-	}
-	if err := viper.BindPFlag("exporter.instance_name", flags.Lookup("instance-name")); err != nil {
-		panic(fmt.Sprintf("failed to bind instance-name flag: %v", err))
-	}
-	if err := viper.BindPFlag("log_level", flags.Lookup("log-level")); err != nil {
-		panic(fmt.Sprintf("failed to bind log-level flag: %v", err))
+	f := cmd.Flags()
+	f.String("crowdsec-url", "http://localhost:8080", "CrowdSec Local API URL")
+	f.String("crowdsec-login", "", "CrowdSec machine login")
+	f.String("crowdsec-password", "", "CrowdSec machine password")
+	f.String("crowdsec-registration-token", "", "CrowdSec auto-registration token")
+	f.String("crowdsec-machine-name", "", "Machine name for auto-registration (defaults to hostname)")
+	f.Bool("crowdsec-deregister-on-exit", false, "Deregister machine on application exit")
+	f.String("listen-address", ":9090", "Address to listen on for web interface and metrics")
+	f.String("metrics-path", "/metrics", "Path under which to expose metrics")
+	f.String("instance-name", "crowdsec", "Instance name to use in metrics labels")
+	f.String("log-level", "info", "Log level (debug, info, warn, error)")
+
+	binds := map[string]string{
+		"crowdsec.url":                "crowdsec-url",
+		"crowdsec.login":              "crowdsec-login",
+		"crowdsec.password":           "crowdsec-password",
+		"crowdsec.registration_token": "crowdsec-registration-token",
+		"crowdsec.machine_name":       "crowdsec-machine-name",
+		"crowdsec.deregister_on_exit": "crowdsec-deregister-on-exit",
+		"server.listen_address":       "listen-address",
+		"server.metrics_path":         "metrics-path",
+		"exporter.instance_name":      "instance-name",
+		"log_level":                   "log-level",
+	}
+	for key, flag := range binds {
+		if err := viper.BindPFlag(key, f.Lookup(flag)); err != nil {
+			panic(fmt.Sprintf("bind flag %q: %v", flag, err))
+		}
 	}
 
 	cmd.AddCommand(newVersionCmd())
-
 	return cmd
 }
 
 func newVersionCmd() *cobra.Command {
 	return &cobra.Command{
 		Use:   "version",
 		Short: "Show version information",
-		Run: func(cmd *cobra.Command, args []string) {
+		Run: func(*cobra.Command, []string) {
 			fmt.Printf("crowdsec-exporter %s\n", version)
 			fmt.Printf("commit: %s\n", commit)
 			fmt.Printf("built: %s\n", date)
@@ -108,72 +95,67 @@ func newVersionCmd() *cobra.Command {
 }
 
 func runExporter() error {
-	// Load config from flags and env vars
 	cfg := &config.Config{}
 	if err := viper.Unmarshal(cfg); err != nil {
-		return fmt.Errorf("unable to decode config: %w", err)
+		return fmt.Errorf("decode config: %w", err)
 	}
-
-	// Validate configuration
 	if err := cfg.Validate(); err != nil {
-		return fmt.Errorf("configuration validation failed: %w", err)
+		return fmt.Errorf("config validation: %w", err)
 	}
 
-	// Set up structured logging with slog
-	logger := slog.New(slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{
-		Level: cfg.GetLogLevel(),
-	}))
+	logger := slog.New(slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{Level: cfg.GetLogLevel()}))
 	slog.SetDefault(logger)
 
-	// Create exporter
-	_, err := exporter.New(cfg)
-	if err != nil {
-		return fmt.Errorf("failed to create exporter: %w", err)
+	if _, err := exporter.New(cfg); err != nil {
+		return fmt.Errorf("create exporter: %w", err)
 	}
 
-	// Set up HTTP server
 	mux := http.NewServeMux()
 	mux.Handle(cfg.Server.MetricsPath, promhttp.Handler())
-	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+	mux.HandleFunc("/", func(w http.ResponseWriter, _ *http.Request) {
 		w.Header().Set("Content-Type", "text/html")
-		fmt.Fprintf(w, `<html>
-<head><title>CrowdSec Exporter</title></head>
-<body>
-<h1>CrowdSec Exporter</h1>
-<p><a href="%s">Metrics</a></p>
-</body>
-</html>`, cfg.Server.MetricsPath)
+		fmt.Fprintf(w, indexHTML, cfg.Server.MetricsPath)
 	})
 
 	server := &http.Server{
 		Addr:    cfg.Server.ListenAddress,
 		Handler: mux,
 	}
 
-	// Graceful shutdown
 	stop := make(chan os.Signal, 1)
 	signal.Notify(stop, os.Interrupt, syscall.SIGTERM)
 
 	go func() {
-		slog.Info("Starting CrowdSec exporter", "address", cfg.Server.ListenAddress)
-		slog.Info("Metrics available", "path", cfg.Server.MetricsPath)
+		slog.Info("starting exporter", "address", cfg.Server.ListenAddress, "metrics_path", cfg.Server.MetricsPath)
 		if err := server.ListenAndServe(); err != nil && err != http.ErrServerClosed {
-			slog.Error("Server failed to start", "error", err)
+			slog.Error("server error", "error", err)
 			os.Exit(1)
 		}
 	}()
 
 	<-stop
-	slog.Info("Shutting down server...")
+	slog.Info("shutdown initiated")
 
-	shutdownCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
-	defer cancel()
+	if err := crowdsec.DeregisterMachine(); err != nil {
+		slog.Warn("deregister failed", "error", err)
+	}
 
-	if err := server.Shutdown(shutdownCtx); err != nil {
-		slog.Error("Server forced to shutdown", "error", err)
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+	if err := server.Shutdown(ctx); err != nil {
+		slog.Error("forced shutdown", "error", err)
 		return err
 	}
 
-	slog.Info("Server exited")
+	slog.Info("server exited")
 	return nil
 }
+
+const indexHTML = `<!doctype html>
+<html>
+<head><meta charset="utf-8"><title>CrowdSec Exporter</title></head>
+<body>
+<h1>CrowdSec Exporter</h1>
+<p><a href="%s">Metrics</a></p>
+</body>
+</html>`

internal/config/config.go

@@ -21,6 +21,7 @@ type CrowdSecConfig struct {
 	Password          string `mapstructure:"password"`
 	RegistrationToken string `mapstructure:"registration_token"`
 	MachineName       string `mapstructure:"machine_name"`
+	DeregisterOnExit  bool   `mapstructure:"deregister_on_exit"`
 }
 
 // ServerConfig contains HTTP server configuration
@@ -42,18 +43,16 @@ func (c *Config) Validate() error {
 		errors = append(errors, "crowdsec.url is required")
 	}
 
-	// Check if we have either login/password OR registration token
-	hasLoginAuth := c.CrowdSec.Login != "" && c.CrowdSec.Password != ""
-	hasTokenAuth := c.CrowdSec.RegistrationToken != ""
-
-	if !hasLoginAuth && !hasTokenAuth {
-		errors = append(errors, "either (crowdsec.login and crowdsec.password) OR crowdsec.registration_token is required")
+	// Login and Password are now required
+	if c.CrowdSec.Login == "" {
+		errors = append(errors, "crowdsec.login is required")
 	}
-
-	if hasLoginAuth && hasTokenAuth {
-		errors = append(errors, "cannot use both login/password and registration token authentication")
+	if c.CrowdSec.Password == "" {
+		errors = append(errors, "crowdsec.password is required")
 	}
 
+	// Registration token is optional for auto-registration
+
 	if c.Server.ListenAddress == "" {
 		c.Server.ListenAddress = ":9999"
 	}