so these are the steps I did:
- installed the serv...
# fleets
Sebastiaan
05/24/2023, 3:15 PMso these are the steps I did:
• installed the server on k8s
• used the following the command locally to generate a package:
fleetctl package --type=pkg --fleet-url=<https://URLHERE> --enroll-secret=SECRETHERE --fleet-certificate=tls.pem --identifier="com.identifier.here"l
Lucas Rodriguez
05/24/2023, 3:15 PMPlease do take a look in
/var/log/orbit/orbit.stderr.logLucas Rodriguez
05/24/2023, 3:16 PMThat holds the orbit+osquery logs in the device.
s
Sebastiaan
05/24/2023, 3:21 PMwell now i found it
Sebastiaan
05/24/2023, 3:21 PMcertificate signed by unknown authority
l
Lucas Rodriguez
05/24/2023, 3:22 PMIf you are trying/testing Fleet (not production), try with
--insecure--fleet-certificatefleetctl packages
Sebastiaan
05/24/2023, 3:23 PMso upon reading the documentation, this is because the hostname of the server is not in the common name field of the certificate? we use a wildcard certificate for this setup
l
Lucas Rodriguez
05/24/2023, 3:25 PMTry with
curltls.pemLucas Rodriguez
05/24/2023, 3:25 PMthis is because the hostname of the server is not in the common name field of the certificate? we use a wildcard certificate for this setupSounds like it.
s
Sebastiaan
05/24/2023, 3:32 PMso @Lucas Rodriguez I rebuilt the package, with the -insecure flag
Sebastiaan
05/24/2023, 3:32 PMand without the cert
Sebastiaan
05/24/2023, 3:32 PMand I still get the exact same error
Sebastiaan
05/24/2023, 3:33 PMI see this:
l
Lucas Rodriguez
05/24/2023, 3:33 PMOK, please try uninstalling the package this way: https://github.com/fleetdm/fleet/blob/main/orbit/tools/cleanup/cleanup_macos.sh
Then installing the new package again.
s
Sebastiaan
05/24/2023, 3:34 PM Copy code
2023-05-24T17:33:15+02:00 INF Failed to connect to Fleet server. Osquery connection may fail. error="dial for validate: verify certificate: x509: certificate signed by unknown authority"
2023-05-24T17:33:15+02:00 INF token rotation is enabled
2023-05-24T17:33:16+02:00 INF using insecure TLS proxy addr=localhost:59598 target=<https://fleet.security.pleo.io>Sebastiaan
05/24/2023, 3:34 PMand then this in the logs:
Sebastiaan
05/24/2023, 3:34 PM Copy code
I0524 17:33:47.612071 1885122560 tls.cpp:263] TLS/HTTPS POST request to URI: <https://localhost:59598/api/v1/osquery/distributed/read>
I0524 17:33:47.860929 1885122560 distributed.cpp:173] Executing distributed query: fleet_distributed_query_6: SELECT * FROM osquery_info;
I0524 17:33:47.862823 1885122560 tls.cpp:263] TLS/HTTPS POST request to URI: <https://localhost:59598/api/v1/osquery/distributed/write>l
Lucas Rodriguez
05/24/2023, 3:34 PMOK, that might be expected. Can you try running a live query now?
s
Sebastiaan
05/24/2023, 3:34 PMWell, I used that exact uninstall script
Sebastiaan
05/24/2023, 3:34 PMto remove everything before reinstalling
l
Lucas Rodriguez
05/24/2023, 3:34 PM2023-05-24T173315+02:00 INF Failed to connect to Fleet server. Osquery connection may fail. error="dial for validate: verify certificate: x509: certificate signed by unknown authority"This might be an expected log, but things should work now.
s
Sebastiaan
05/24/2023, 3:35 PMnow I am back to the websocket issue on k8s it seems
3 Views