https://github.com/osquery/osquery logo
Title
a

Ayan

08/31/2020, 5:46 PM
Hello there. I am trying to combine the grpc functionality with osqueryd without using the launcher. This issue pointed me towards building the grpc.ext separately. My question is, if I load this extension into my osqueryd, where do I put the kolide fleet server details (hostname/port no.)?
z

zwass

08/31/2020, 5:47 PM
What are you hoping to achieve with that?
a

Ayan

08/31/2020, 5:48 PM
We are trying to use gRPC for comm between Kolide Fleet and osqueryd endpoints instead of TLS
z

zwass

08/31/2020, 5:50 PM
Why?
And if you want that, why not just use Launcher?
a

Ayan

08/31/2020, 5:51 PM
I spoke to you and @seph earlier about trying to connect custom tables with launcher or osqueryd
s

seph

08/31/2020, 5:52 PM
Looks like the grpc plugin exposes this as env variables. I’m not sure anyone uses that, so this is very much off the beaten ath. https://github.com/kolide/launcher/blob/master/cmd/grpc.ext/grpc.go#L58-L61
But yeah. if you want this, I’d go the launcher route.
z

zwass

08/31/2020, 5:52 PM
Why not use the regular TLS transport in osqueryd?
I'm wondering what you are hoping to gain from the gRPC transport
a

Ayan

08/31/2020, 5:55 PM
And we decided to go with osqueryd because connecting custom tables and making them respond to Kolide Fleet was easier that way
s

seph

08/31/2020, 5:56 PM
Then why keep GRPC? Of all the things in launcher, that seems like the least interesting.
1
a

Ayan

08/31/2020, 5:57 PM
s

seph

08/31/2020, 5:58 PM
But, it sounds a bit like you’re evaluating this weirdly. You can’t really easily say “I want X, and Y from launcher, but not Z”. It’s simpler to view it as a complete package. It’s all OSS, so there are options. But some of them require development or in depth work
💯 1
z

zwass

08/31/2020, 5:59 PM
There's just no need for gRPC to achieve what you're looking for. It will be simpler to configure with osquery's TLS transport and AFAICT you don't have any special need for gRPC.
a

Ayan

08/31/2020, 6:02 PM
if we use TLS, won't that open the dashboard to the entire internet? with gRPC we can limit the exposure
z

zwass

08/31/2020, 6:04 PM
You'll use a similar strategy of fronting with a proxy and separating the endpoints
gRPC or not, you have to do that if you don't want to expose the dashboard to the internet.
🙌 1
a

Ayan

08/31/2020, 6:14 PM
I have taken this forward with our security team