Title
#fleet
g

Gregory Storme

10/25/2022, 11:58 AM
hey, what could be the cause of this occurring on most hosts?
{"component":"http","err":": Authentication required","internal":"authentication error: invalid orbit node key","level":"info","path":"/api/fleet/orbit/config"
roberto

roberto

10/25/2022, 1:38 PM
hey! this might happen before the hosts enroll for the first time, are you seeing this repeatedly? could you share more details about your set-up? anything on the debugging guide might be helpful, but knowing the Fleet version you're running and the Orbit version installed on the hosts would be great.
g

Gregory Storme

10/25/2022, 1:51 PM
I'm seeing this almost constantly for a lot of hosts, but I can't say since when... only noticing it now because I'm not experiencing any issues actually. The hosts that are hitting this are existing hosts which have been registered in fleet for a while, and are still online
1:53 PM
I upgraded from 4.21 to 4.22 today, it occured on both. The orbit version we deploy is 0.0.6 or 0.0.7 and the osquery version is 5.5.1
1:56 PM
this only occurs for requests from hosts to fleet on
POST /api/fleet/orbit/config
where a 401 error is returned, all the other requests return a 200
1:58 PM
example from 1 host hitting haproxy that is serving in front of fleet:
f_fleet~ b_fleet/localhost 0/0/0/1/1 200 160 - - ---- 5533/5533/3/3/0 0/0 "HEAD /api/fleet/orbit/ping HTTP/1.1"
f_fleet~ b_fleet/localhost 0/0/0/0/0 401 269 - - ---- 5555/5555/0/0/0 0/0 "POST /api/fleet/orbit/config HTTP/1.1"
f_fleet~ b_fleet/localhost 0/0/0/1/1 200 574 - - ---- 5559/5559/1/1/0 0/0 "POST /api/v1/osquery/config HTTP/1.1"
f_fleet~ b_fleet/localhost 0/0/0/1/1 200 165 - - ---- 5603/5603/1/1/0 0/0 "POST /api/v1/osquery/distributed/read HTTP/1.1"
f_fleet~ b_fleet/localhost 0/0/0/1/1 200 165 - - ---- 5620/5620/1/1/0 0/0 "POST /api/v1/osquery/distributed/read HTTP/1.1"
f_fleet~ b_fleet/localhost 0/0/1/2/3 200 165 - - ---- 5722/5722/1/1/0 0/0 "POST /api/v1/osquery/distributed/read HTTP/1.1"
f_fleet~ b_fleet/localhost 0/0/1/0/1 401 269 - - ---- 5787/5787/1/1/0 0/0 "POST /api/fleet/orbit/config HTTP/1.1"
f_fleet~ b_fleet/localhost 0/0/0/1/1 200 165 - - ---- 5742/5742/0/0/0 0/0 "POST /api/v1/osquery/distributed/read HTTP/1.1"
roberto

roberto

10/25/2022, 2:09 PM
gotcha, to give you peace of mind: we designed this feature in a way that shouldn't break anything if the
orbit/config
endpoint doesn't return a
200
code. Let me get back to the team with this information to see if we can pinpoint the issue. I might bother you again to ask for more details.