Hello all digging into Orbit and trying to understand how do osquery #fleet

Hello all, digging into Orbit and trying to unders...

04/29/2021, 11:29 AM

Hello all, digging into Orbit and trying to understand how does orbit update Osquery, how does the

stable

and

edge

channel get triggered to update Osquery when running on-prem Fleet? And how does the update process itself work?

Noah Talerman

04/29/2021, 6:27 PM

Hi @SK. By default, Orbit checks in with the public Fleet update repository. Using this update repository, FleetDM determines the osquery version that belongs on the

stable

and

edge

channels. At check in time, if the version defined for the

stable

update channel has changed, Orbit will update osquery on its respective endpoint to the new version.

04/29/2021, 6:49 PM

Hey @Noah Talerman thanks for your response. Nice way of checking the version. How does Orbit handle situations where there is a proxy, does it grab the update from the onprem fleet server or always straight to the repo?

Noah Talerman

04/30/2021, 1:31 PM

How does Orbit handle situations where there is a proxy, does it grab the update from the onprem fleet server or always straight to the repo?

Hey @SK, I don’t immediately know the answer to this. I’m going to phone in @zwass for help on this Orbit question.

zwass

04/30/2021, 5:37 PM

Orbit uses a configurable update server. We expect that many folks will just use the update server we manage (similar to what Kolide does with Launcher's update server). We are also offering tooling for self-managing an update server as part of Fleet Basic (the subscription offering) https://github.com/fleetdm/fleet/blob/master/docs/2-Deployment/4-fleetctl-agent-updates.md.

zwass

04/30/2021, 5:39 PM

Depending on what you mean by proxy, you could potentially also just copy the metadata from our update server and serve it from anywhere you like.

04/30/2021, 5:40 PM

Hey @zwass thanks for the response. I was more wondering how does Orbit handle situations where the agent is behind a proxy to get to your update server? Can you configure the proxy in the orbit config?

zwass

04/30/2021, 5:41 PM

What kind of configuration would need to be provided for the proxy? We can look into adding support for that.

04/30/2021, 5:42 PM

So talking about a situation where the system where Osquery/orbit is installed on resides behind a corporate internet proxy, so can only get to the internet through the proxy.

04/30/2021, 5:43 PM

Probably the same way you can can configure the proxy in Osquery

--proxy_hostname

zwass

04/30/2021, 7:54 PM

You could set the

HTTP_PROXY

environment variable which the HTTP client in Orbit should respect. We can make finer grained control over that if necessary.

05/03/2021, 3:59 PM

I'll test drive Orbit for a bit and let you know.

ty 1

2 Views

Open in Slack

Previous Next