auth key

logclient/config/service.env

@@ -8,21 +8,8 @@ IMAGE_TAG="7.17.23"
 LOGSERVER_HOST=
 LOGSERVER_PORT=5044
 
-# REQUIRED: Authentication method
-AUTH_MODE=mtls  # mtls, apikey, or basic
-
-# mTLS Authentication (if AUTH_MODE=mtls)
-CLIENT_CERT_PATH=/certs/client.crt
-CLIENT_KEY_PATH=/certs/client.key
-CA_CERT_PATH=/certs/ca.crt
-SSL_VERIFICATION_MODE=full
-
-# API Key Authentication (if AUTH_MODE=apikey)
-API_KEY=""  # Will be provided by logserver admin
-
-# Basic Authentication (if AUTH_MODE=basic)
-USERNAME=filebeat
-PASSWORD=changeme
+# REQUIRED: API Key Authentication
+API_KEY=""  # Get from logserver admin using generate-api-key.sh
 
 # Performance tuning
 BULK_MAX_SIZE=2048          # Maximum batch size

logclient/install.sh

@@ -3,36 +3,20 @@ source "${AGENT_PATH}/common.sh"
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 
 # Check required environment variables
-_check_required_env_vars "CONTAINER_NAME" "IMAGE_REGISTRY" "IMAGE_REPO" "IMAGE_TAG" "LOGSERVER_HOST" "LOGSERVER_PORT" "AUTH_MODE"
+_check_required_env_vars "CONTAINER_NAME" "IMAGE_REGISTRY" "IMAGE_REPO" "IMAGE_TAG" "LOGSERVER_HOST" "LOGSERVER_PORT" "API_KEY"
 
-# Validate authentication configuration
-case "$AUTH_MODE" in
-    mtls)
-        _check_required_env_vars "CLIENT_CERT_PATH" "CLIENT_KEY_PATH" "CA_CERT_PATH"
-        if [ ! -f "$CLIENT_CERT_PATH" ]; then
-            _die "Client certificate not found at $CLIENT_CERT_PATH"
-        fi
-        if [ ! -f "$CLIENT_KEY_PATH" ]; then
-            _die "Client key not found at $CLIENT_KEY_PATH"
-        fi
-        if [ ! -f "$CA_CERT_PATH" ]; then
-            _die "CA certificate not found at $CA_CERT_PATH"
-        fi
-        ;;
-    apikey)
-        _check_required_env_vars "API_KEY"
-        if [ -z "$API_KEY" ]; then
-            _die "API_KEY is empty. Please get an API key from the logserver administrator"
-        fi
-        ;;
-    basic)
-        _check_required_env_vars "USERNAME" "PASSWORD"
-        echo "WARNING: Basic authentication is not recommended for production"
-        ;;
-    *)
-        _die "Invalid AUTH_MODE: $AUTH_MODE. Must be one of: mtls, apikey, basic"
-        ;;
-esac
+# Validate API key
+if [ -z "$API_KEY" ]; then
+    echo ""
+    echo "ERROR: API_KEY is not configured"
+    echo ""
+    echo "To get an API key:"
+    echo "1. On the logserver, run: ./generate-api-key.sh"
+    echo "2. Enter this client's hostname when prompted"
+    echo "3. Copy the generated API_KEY to this client's service.env"
+    echo ""
+    _die "Missing API_KEY configuration"
+fi
 
 # Check Docker is available
 _check_docker_installed || _die "Docker test failed"
@@ -59,4 +43,4 @@ bash ./start.sh || _die "Failed to start Filebeat"
 
 echo "Installation of ${CONTAINER_NAME} complete"
 echo "Collecting logs from Docker API and shipping to ${LOGSERVER_HOST}:${LOGSERVER_PORT}"
-echo "Authentication mode: ${AUTH_MODE}"
+echo "Using API key authentication"

logclient/start.sh

@@ -14,7 +14,7 @@ cmd="docker run -d \
     -v ${CERTS_VOLUME}:/usr/share/filebeat/certs:ro \
     -e LOGSERVER_HOST=${LOGSERVER_HOST} \
     -e LOGSERVER_PORT=${LOGSERVER_PORT} \
-    -e AUTH_MODE=${AUTH_MODE} \
+    -e API_KEY=${API_KEY} \
     $IMAGE_REGISTRY/$IMAGE_REPO:$IMAGE_TAG \
     filebeat -e -strict.perms=false \
     -c /usr/share/filebeat/config/filebeat.yml"