Title
#fleet
Bacarus

Bacarus

05/19/2021, 4:13 PM
Orbit launcher: I’ve a fleet server running with custom certificate (signed by an untrusted ca). I have to concatenate the server certificate (that I can download from fleet gui) with the ca in order to connect my hosts to my fleet server instance. It works even with kolide launcher but it doesn’t with orbit (at least on windows hosts). is it a bug or am I doing something wrong? Additional info below
4:15 PM
orbit connects to fleet server (running without any certificates) on mac os hosts. Installer packages are all built on mac os
4:18 PM
command:
go run ./cmd/package --type msi --fleet-url=fleet:18080 --enroll-secret=MY_SECRET --fleet-certificate=fleet.pem -- --flagfile=flagfile.txt
4:20 PM
the certificate has fleet as CN (in fact it works on osqueryd or kolide launcher only if I use “fleet” as hostname)
zwass

zwass

05/19/2021, 5:43 PM
Can you open up the Windows
Services
program and get the arguments that Orbit is being started with? Copy that into an admin powershell and you should be able to see the log output. Hopefully there's something helpful in there. You can also add the
--debug
flag.
Bacarus

Bacarus

05/25/2021, 9:06 AM
I’ve a different issue on mac os orbit launcher: fleet: level=info ts=2021-05-25T09:03:32.742718Z component=service method=EnrollAgent ip_addr=127.0.0.1:61228 x_for_ip_addr= host_identifier=MBP16-2019-M.local err=“save enroll failed: getting the host to return: missing destination name refetch_requested in *kolide.Host” took=30.969668ms orbit logs: 2021/05/25 11:03:31 WARNING: proto: file “pb.proto” is already registered A future release will panic on registration conflicts. See:https://developers.google.com/protocol-buffers/docs/reference/go/faq#namespace-conflict 2021-05-25T11:03:31+02:00 INF run osqueryd cmd=“/var/lib/orbit/bin/osqueryd/macos/stable/osqueryd --pidfile=/var/lib/orbit/osquery.pid --database_path=/var/lib/orbit/osquery.db --extensions_socket=/var/lib/orbit/osquery.em --enroll_secret_env=ENROLL_SECRET --tls_hostname=fleet:18080 --enroll_tls_endpoint=/api/v1/osquery/enroll --config_plugin=tls --config_tls_endpoint=/api/v1/osquery/config --config_refresh=60 --disable_distributed=false --distributed_plugin=tls --distributed_tls_max_attempts=10 --distributed_tls_read_endpoint=/api/v1/osquery/distributed/read --distributed_tls_write_endpoint=/api/v1/osquery/distributed/write --logger_plugin=tls --logger_tls_endpoint=/api/v1/osquery/log --disable_carver=false --carver_start_endpoint=/api/v1/osquery/carve/begin --carver_continue_endpoint=/api/v1/osquery/carve/block --carver_block_size=2000000 --tls_server_certs=/var/lib/orbit/fleet.pem --force” W0525 11:03:32.744055 360156672 tls_enroll.cpp:77] Failed enrollment request to https://fleet:18080/api/v1/osquery/enroll (No node key returned from TLS enroll plugin) retrying... W0525 11:03:33.778246 360156672 tls_enroll.cpp:77] Failed enrollment request to https://fleet:18080/api/v1/osquery/enroll (No node key returned from TLS enroll plugin) retrying...
9:08 AM
Windows orbit cmdline: ‘“C:\Program Files\Orbit\bin\orbit\orbit.exe” --root-dir “C:\Program Files\Orbit.” --log-file “C:\Program Files\Orbit\orbit-log.txt” --fleet-url “fleet:18080" --enroll-secret-path “C:\Program Files\Orbit\secret.txt” --update-url “https://tuf.fleetctl.com”’ windows orbit logs: 2021-05-25T09:50:18+02:00 DBG found expected target locally channel=stable path=“C:\Program Files\Orbit\bin\osqueryd\windows\stable\osqueryd.exe” target=osqueryd 2021-05-25T09:50:18+02:00 INF Failed to retrieve system cert pool. Cannot validate Fleet server connection. error=“crypto/x509: system root pool is not available on Windows” 2021-05-25T09:50:18+02:00 INF run osqueryd cmd=“C:\Program Files\Orbit\bin\osqueryd\windows\stable\osqueryd.exe --pidfile=C:\Program Files\Orbit\osquery.pid --database_path=C:\Program Files\Orbit\osquery.db --extensions_socket=C:\Program Files\Orbit\osquery.em --enroll_secret_env=ENROLL_SECRET --tls_hostname=fleet:18080 --enroll_tls_endpoint=/api/v1/osquery/enroll --config_plugin=tls --config_tls_endpoint=/api/v1/osquery/config --config_refresh=60 --disable_distributed=false --distributed_plugin=tls --distributed_tls_max_attempts=10 --distributed_tls_read_endpoint=/api/v1/osquery/distributed/read --distributed_tls_write_endpoint=/api/v1/osquery/distributed/write --logger_plugin=tls --logger_tls_endpoint=/api/v1/osquery/log --disable_carver=false --carver_start_endpoint=/api/v1/osquery/carve/begin --carver_continue_endpoint=/api/v1/osquery/carve/block --carver_block_size=2000000 --force --verbose --tls_dump” I0525 09:50:18.623387 11456 init.cpp:342] osquery initialized [version=4.8.0] I0525 09:50:18.645426 11456 system.cpp:342] Found stale process for osqueryd (37572) I0525 09:50:18.645426 11456 system.cpp:374] Writing osqueryd pid (19948) to C:\Program Files\Orbit\osquery.pid I0525 09:50:18.647424 11456 extensions.cpp:453] Could not autoload extensions: Cannot open file for reading: \Program Files\osquery\extensions.load I0525 09:50:18.647424 11456 dispatcher.cpp:78] Adding new service: WatcherRunner (00000190FD707CF0) to thread: 31520 (00000190FD73DEB0) in process 19948 I0525 09:50:18.656422 31520 watcher.cpp:593] osqueryd watcher (19948) executing worker (21808) I0525 09:50:18.672039 12384 init.cpp:339] osquery worker initialized [watcher=19948] I0525 09:50:18.674044 12384 dispatcher.cpp:78] Adding new service: WatcherWatcherRunner (000001E899BEC850) to thread: 16404 (000001E899C69600) in process 21808 I0525 09:50:18.675025 12384 rocksdb.cpp:132] Opening RocksDB handle: C:\Program Files\Orbit\osquery.db E0525 09:50:18.729002 12384 init.cpp:555] An error occurred during extension manager startup: Named pipe path is invalid I0525 09:50:18.729002 12384 tls_enroll.cpp:70] TLSEnrollPlugin requesting a node enroll key from: https://fleet:18080/api/v1/osquery/enroll I0525 09:50:19.797472 12384 tls.cpp:255] TLS/HTTPS POST request to URI: https://fleet:18080/api/v1/osquery/enroll {“enroll_secret”:“MY_SECRET”,...} W0525 09:50:19.932312 12384 tls_enroll.cpp:77] Failed enrollment request to https://fleet:18080/api/v1/osquery/enroll (Request error: certificate verify failed) retrying...
zwass

zwass

05/25/2021, 4:07 PM
Your macOS issue looks like it's due to needing to run database migrations since your upgrade of Fleet.