Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
g
Gregory Storme
10/25/2022, 11:58 AMhey, what could be the cause of this occurring on most hosts?
{"component":"http","err":": Authentication required","internal":"authentication error: invalid orbit node key","level":"info","path":"/api/fleet/orbit/config"r
roberto
10/25/2022, 1:38 PMhey! this might happen before the hosts enroll for the first time, are you seeing this repeatedly? could you share more details about your set-up? anything on the debugging guide might be helpful, but knowing the Fleet version you're running and the Orbit version installed on the hosts would be great.
g
Gregory Storme
10/25/2022, 1:51 PMI'm seeing this almost constantly for a lot of hosts, but I can't say since when... only noticing it now because I'm not experiencing any issues actually. The hosts that are hitting this are existing hosts which have been registered in fleet for a while, and are still online
I upgraded from 4.21 to 4.22 today, it occured on both. The orbit version we deploy is 0.0.6 or 0.0.7 and the osquery version is 5.5.1
this only occurs for requests from hosts to fleet on
POST /api/fleet/orbit/configexample from 1 host hitting haproxy that is serving in front of fleet:
f_fleet~ b_fleet/localhost 0/0/0/1/1 200 160 - - ---- 5533/5533/3/3/0 0/0 "HEAD /api/fleet/orbit/ping HTTP/1.1"
f_fleet~ b_fleet/localhost 0/0/0/0/0 401 269 - - ---- 5555/5555/0/0/0 0/0 "POST /api/fleet/orbit/config HTTP/1.1"
f_fleet~ b_fleet/localhost 0/0/0/1/1 200 574 - - ---- 5559/5559/1/1/0 0/0 "POST /api/v1/osquery/config HTTP/1.1"
f_fleet~ b_fleet/localhost 0/0/0/1/1 200 165 - - ---- 5603/5603/1/1/0 0/0 "POST /api/v1/osquery/distributed/read HTTP/1.1"
f_fleet~ b_fleet/localhost 0/0/0/1/1 200 165 - - ---- 5620/5620/1/1/0 0/0 "POST /api/v1/osquery/distributed/read HTTP/1.1"
f_fleet~ b_fleet/localhost 0/0/1/2/3 200 165 - - ---- 5722/5722/1/1/0 0/0 "POST /api/v1/osquery/distributed/read HTTP/1.1"
f_fleet~ b_fleet/localhost 0/0/1/0/1 401 269 - - ---- 5787/5787/1/1/0 0/0 "POST /api/fleet/orbit/config HTTP/1.1"
f_fleet~ b_fleet/localhost 0/0/0/1/1 200 165 - - ---- 5742/5742/0/0/0 0/0 "POST /api/v1/osquery/distributed/read HTTP/1.1"r
roberto
10/25/2022, 2:09 PMgotcha, to give you peace of mind: we designed this feature in a way that shouldn't break anything if the
orbit/config200