https://github.com/osquery/osquery logo
Powered by
#kolide
Title
# kolide
z

zwass

03/12/2019, 6:57 PM
Try turning on 
--verbose --tls_dump
so you can take a look at the enroll secret 
osqueryd
is sending.
m

Marquis Carroll

03/12/2019, 6:58 PM
it is saying unknown flag --verbose
s

seph

03/12/2019, 7:00 PM
You’re using launcher? Set 
--debug
m

Marquis Carroll

03/12/2019, 7:20 PM
so it says 
Access the debug endpoints at /debug/?token=<token>
and it keeps saying invalid enroll secret so should I specify that token in the fleet serve command?
z

zwass

03/12/2019, 8:34 PM
@seph does 
--debug
in Launcher do the equivalent of 
--tls_dump
? IIRC it doesn't and maybe that's a feature we should add.
@Marquis Carroll can you show how you are passing the enroll secret to Launcher?
s

seph

03/12/2019, 8:40 PM
@zwass I’m pretty sure launcher will spit out a bunch of the GRPC keyvals in debug mode. https://github.com/kolide/launcher/blob/master/pkg/service/request_enrollment.go#L174-L182 for example. Might not be quite the same as 
--tls_dump
z

zwass

03/12/2019, 8:44 PM
Ah yep, there it is. @Marquis Carroll do you not see some verbose logging from the Launcher after you do this?
And it looks like the log level ought to be set to debug as expected.
m

Marquis Carroll

03/12/2019, 8:54 PM
2019/03/12 205339 http: TLS handshake error from 18.144.10.15158526 remote error: tls: bad certificate ts=2019-03-12T205339.218616575Z component=service method=EnrollAgent ip_addr=50.250.240.122:54526 err="invalid enroll secret" took=474.263µs ts=2019-03-12T205339.31946333Z component=service method=EnrollAgent ip_addr=73.241.44.152:58464 err="invalid enroll secret" took=350.727µs ts=2019-03-12T205339.470571067Z component=service method=EnrollAgent ip_addr=50.250.240.122:64529 err="invalid enroll secret" took=369.348µs ts=2019-03-12T205339.490243029Z component=service method=EnrollAgent ip_addr=50.250.240.122:56752 err="invalid enroll secret" took=370.503µs ts=2019-03-12T205339.867942698Z component=service method=EnrollAgent ip_addr=50.250.240.122:62248 err="invalid enroll secret" took=469.252µs ts=2019-03-12T205339.931933402Z component=service method=EnrollAgent ip_addr=50.250.240.122:62787 err="invalid enroll secret" took=367.483µs ts=2019-03-12T205340.01105259Z component=service method=EnrollAgent ip_addr=50.250.240.122:55971 err="invalid enroll secret" took=498.988µs ts=2019-03-12T205340.114621591Z component=service method=EnrollAgent ip_addr=50.250.240.122:64528 err="invalid enroll secret" took=449.531µs ts=2019-03-12T205340.344274782Z component=service method=EnrollAgent ip_addr=73.241.44.152:58464 err="invalid enroll secret" took=506.132µs ts=2019-03-12T205340.556290574Z component=service method=EnrollAgent ip_addr=50.250.240.122:64529 err="invalid enroll secret" took=506.369µs ^Cts=2019-03-12T205340.577545964Z terminated=null
That's what I am getting on debug.
I am doing 
/usr/bin/fleet serve   --mysql_address=127.0.0.1:3306   --mysql_database=kolide   --mysql_username=user --mysql_password=password   --redis_address=127.0.0.1:6379   --server_cert=/tmp/kolide.cert   --server_key=/tmp/server.key --auth_jwt_key <key> --debug
I took the private key that was generated with the server and re-keyed the ssl cert I already have and copied that over to the server.
z

zwass

03/12/2019, 9:02 PM
You need to add --debug to the launcher
m

Marquis Carroll

03/12/2019, 9:17 PM
Marquiss-MBP:launcher marquis$ ./build/package-builder make --hostname=kolide.mangohealth.com:8080 --enroll_secret=key --extension_version nightly --targets linux-systemd-deb --package_version 1 --debug {"caller":"level.go:63","level":"debug","msg":"starting download","span_id":"215b011b3211615b","trace_id":"21e8ff2a2a4bb67a98109cf7a589e96f","trace_is_sampled":false,"ts":"2019-03-12T211613.165013Z","url":"https://dl.kolide.co/kolide/osqueryd/linux/osqueryd-stable.tar.gz"} {"caller":"level.go:63","level":"debug","msg":"starting download","span_id":"9f80287a3b86fb60","trace_id":"7b7e9603cade7eaf76aba26d42cf3998","trace_is_sampled":false,"ts":"2019-03-12T211614.353114Z","url":"https://dl.kolide.co/kolide/launcher/linux/launcher-stable.tar.gz"} {"caller":"level.go:63","level":"debug","msg":"starting download","span_id":"1da64fd944fb9566","trace_id":"9b6caa07bb49a6b3d48bb40e1da8659d","trace_is_sampled":false,"ts":"2019-03-12T211614.857145Z","url":"https://dl.kolide.co/kolide/osquery-extension/linux/osquery-extension-nightly.tar.gz"}
that's what it says
z

zwass

03/13/2019, 1:29 AM
You need to run this flag with launcher. I advise waiting to use package-builder until you have your launcher configuration working properly.
m

Marquis Carroll

03/13/2019, 3:56 PM
Marquiss-MBP:launcher marquis$ ./build/launcher --hostname=kolide.mangohealth.com:8080 --enroll_secret=secret --debug {"caller":"launcher.go:192","msg":"using default system root directory","path":"/var/folders/2v/x95_2hh924z3xr2qc7mc025w0000gn/T/launcher-root","severity":"info","ts":"2019-03-13T155536.64843Z"} {"caller":"client_grpc.go:111","cert_pinning":false,"msg":"dialing grpc server","server":"kolide.mangohealth.com:8080","severity":"info","tls_secure":true,"transport_secure":true,"ts":"2019-03-13T155536.649114Z"} {"build":"fc7ddfb27a34dd2265c2d2f6a82a2180e557444c","caller":"launcher.go:276","msg":"started kolide launcher","severity":"info","ts":"2019-03-13T155536.677103Z","version":"0.9.2-dirty"} {"caller":"query_target_updater.go:26","msg":"query target updater interrupted","severity":"info","ts":"2019-03-13T155536.677304Z"} {"caller":"query_target_updater.go:21","msg":"query target updater started","severity":"info","ts":"2019-03-13T155536.677247Z"} {"caller":"extension.go:110","err":"launching osquery instance: starting instance: could not calculate osquery file paths: extension path does not exist: /Users/marquis/go/src/github.com/kolide/launcher/build/osquery-extension.ext: stat /Users/marquis/go/src/github.com/kolide/launcher/build/osquery-extension.ext: no such file or directory","msg":"extension interrupted","severity":"info","stack":"stat /Users/marquis/go/src/github.com/kolide/launcher/build/osquery-extension.ext: no such file or directory\nextension path does not exist: /Users/marquis/go/src/github.com/kolide/launcher/build/osquery-extension.ext\ngithub.com/kolide/launcher/pkg/osquery/runtime.calculateOsqueryPaths\n\t/Users/marquis/go/src/github.com/kolide/launcher/pkg/osquery/runtime/runtime.go:97\ngithub.com/kolide/launcher/pkg/osquery/runtime.
(*Runner).launchOsqueryInstance\n\t/Users/marquis/go/src/github.com/kolide/launcher/pkg/osquery/runtime/runtime.go:435\ngithub.com/kolide/launcher/pkg/osquery/runtime.(*Runner).Start\n\t/Users/marquis/go/src/github.com/kolide/launcher/pkg/osquery/runtime/runtime.go:360\nmain.createExtensionRuntime.func1\n\t/Users/marquis/go/src/github.com/kolide/launcher/cmd/launcher/extension.go:82\ngithub.com/oklog/run.(*Group).Run.func1\n\t/Users/marquis/go/pkg/mod/github.com/oklog/run@v1.0.0/group.go:38\nruntime.goexit\n\t/usr/local/Cellar/go/1.12/libexec/src/runtime/asm_amd64.s:1337\nstarting instance\ngithub.com/kolide/launcher/pkg/osquery/runtime.(*Runner).Start\n\t/Users/marquis/go/src/github.com/kolide/launcher/pkg/osquery/runtime/runtime.go:361\nmain.createExtensionRuntime.func1\n\t/Users/marquis/go/src/github.com/kolide/launcher/cmd/launcher/extension.go:82\ngithub.com/oklog/run.(*Group).Run.func1\n\t/Users/marquis/go/pkg/mod/github.com/oklog/run@v1.0.0/group.go:38\nruntime.goexit\n\t/usr/local/Cellar/go/1.12/libexec/src/runtime/asm_amd64.s:1337\nlaunching osquery instance\nmain.createExtensionRuntime.func1\n\t/Users/marquis/go/src/github.com/kolide/launcher/cmd/launcher/extension.go:83\ngithub.com/oklog/run.
That's what I got
Got it working!
Powered by