Hello @zoomba,
Thank you for using our Plugin, i'm one of the co autors of GitHub - maxlerebourg/crowdsec-bouncer-traefik-plugin: Traefik plugin to apply crowdsec decisions from local API
I've found this thread randomly when I encountered the same error you did.
I'm writing at the moment an exemple on how to use the plugin using Traefik and crowdsec as binaries in a virtual machine.
In the log file traefik.log (or output to journalctl), you can see that Traefik cannot create the directory plugins-storage.
This is because your service file is a bit too restrictive on what the process launched can do.
Blockquote
; Make /usr, /boot, /etc and possibly some more folders read-only.
ProtectSystem=full
This will prevent Traefik to write files in etc
Blockquote
ReadWriteDirectories=/etc/traefik
This should let Traefik write in the /etc/traefik directory
But does he try to write there ?
I believe it does'nt after looking at Traefik code which loads the plugins
const outputDir = "./plugins-storage/"
Here it is using a relative path for a folder named plugins-storage
currentPath, err := os.Getwd()
if err != nil {
return err
}
if strings.HasPrefix(currentPath, dirPath) {
return fmt.Errorf("cannot be deleted: the directory path %s is the parent of the current path %s", dirPath, currentPath)
}
err = os.RemoveAll(dir)
if err != nil {
return err
}
return os.MkdirAll(dir, 0o755)
Here is it using the current directory Traefik is launched with.
After looking in the container what is the default, I found out it's /
So Traefik is trying to write /plugins-storage
To do it properly and bypass this error, I had to set this current directory in the service file:
WorkingDirectory=/etc/traefik
And I added also because i'm in the etc directory with ProtectSystem=full
ReadWriteDirectories=/etc/traefik/plugins-storage
Please feel free to open issues in our repository if you have any question about the plugin and the connection between Traefik and Crowdsec
Best
Mathieu