Try turning on

--verbose --tls_dump

so you can take a look at the enroll secret

osqueryd

is sending.

it is saying unknown flag --verbose

You’re using launcher? Set

--debug

so it says

Access the debug endpoints at /debug/?token=<token>

and it keeps saying invalid enroll secret so should I specify that token in the fleet serve command?

@seph does

--debug

in Launcher do the equivalent of

--tls_dump

? IIRC it doesn't and maybe that's a feature we should add.

@zwass I’m pretty sure launcher will spit out a bunch of the GRPC keyvals in debug mode. https://github.com/kolide/launcher/blob/master/pkg/service/request_enrollment.go#L174-L182 for example. Might not be quite the same as

--tls_dump

Ah yep, there it is. @Marquis Carroll do you not see some verbose logging from the Launcher after you do this?

2019/03/12 205339 http: TLS handshake error from 18.144.10.15158526 remote error: tls: bad certificate ts=2019-03-12T205339.218616575Z component=service method=EnrollAgent ip_addr=50.250.240.122:54526 err="invalid enroll secret" took=474.263µs ts=2019-03-12T205339.31946333Z component=service method=EnrollAgent ip_addr=73.241.44.152:58464 err="invalid enroll secret" took=350.727µs ts=2019-03-12T205339.470571067Z component=service method=EnrollAgent ip_addr=50.250.240.122:64529 err="invalid enroll secret" took=369.348µs ts=2019-03-12T205339.490243029Z component=service method=EnrollAgent ip_addr=50.250.240.122:56752 err="invalid enroll secret" took=370.503µs ts=2019-03-12T205339.867942698Z component=service method=EnrollAgent ip_addr=50.250.240.122:62248 err="invalid enroll secret" took=469.252µs ts=2019-03-12T205339.931933402Z component=service method=EnrollAgent ip_addr=50.250.240.122:62787 err="invalid enroll secret" took=367.483µs ts=2019-03-12T205340.01105259Z component=service method=EnrollAgent ip_addr=50.250.240.122:55971 err="invalid enroll secret" took=498.988µs ts=2019-03-12T205340.114621591Z component=service method=EnrollAgent ip_addr=50.250.240.122:64528 err="invalid enroll secret" took=449.531µs ts=2019-03-12T205340.344274782Z component=service method=EnrollAgent ip_addr=73.241.44.152:58464 err="invalid enroll secret" took=506.132µs ts=2019-03-12T205340.556290574Z component=service method=EnrollAgent ip_addr=50.250.240.122:64529 err="invalid enroll secret" took=506.369µs ^Cts=2019-03-12T205340.577545964Z terminated=null

You need to add --debug to the launcher

Marquiss-MBP:launcher marquis$ ./build/package-builder make --hostname=kolide.mangohealth.com:8080 --enroll_secret=key --extension_version nightly --targets linux-systemd-deb --package_version 1 --debug {"caller":"level.go:63","level":"debug","msg":"starting download","span_id":"215b011b3211615b","trace_id":"21e8ff2a2a4bb67a98109cf7a589e96f","trace_is_sampled":false,"ts":"2019-03-12T211613.165013Z","url":"https://dl.kolide.co/kolide/osqueryd/linux/osqueryd-stable.tar.gz"} {"caller":"level.go:63","level":"debug","msg":"starting download","span_id":"9f80287a3b86fb60","trace_id":"7b7e9603cade7eaf76aba26d42cf3998","trace_is_sampled":false,"ts":"2019-03-12T211614.353114Z","url":"https://dl.kolide.co/kolide/launcher/linux/launcher-stable.tar.gz"} {"caller":"level.go:63","level":"debug","msg":"starting download","span_id":"1da64fd944fb9566","trace_id":"9b6caa07bb49a6b3d48bb40e1da8659d","trace_is_sampled":false,"ts":"2019-03-12T211614.857145Z","url":"https://dl.kolide.co/kolide/osquery-extension/linux/osquery-extension-nightly.tar.gz"}

You need to run this flag with launcher. I advise waiting to use package-builder until you have your launcher configuration working properly.

Marquiss-MBP:launcher marquis$ ./build/launcher --hostname=kolide.mangohealth.com:8080 --enroll_secret=secret --debug {"caller":"launcher.go:192","msg":"using default system root directory","path":"/var/folders/2v/x95_2hh924z3xr2qc7mc025w0000gn/T/launcher-root","severity":"info","ts":"2019-03-13T155536.64843Z"} {"caller":"client_grpc.go:111","cert_pinning":false,"msg":"dialing grpc server","server":"kolide.mangohealth.com:8080","severity":"info","tls_secure":true,"transport_secure":true,"ts":"2019-03-13T155536.649114Z"} {"build":"fc7ddfb27a34dd2265c2d2f6a82a2180e557444c","caller":"launcher.go:276","msg":"started kolide launcher","severity":"info","ts":"2019-03-13T155536.677103Z","version":"0.9.2-dirty"} {"caller":"query_target_updater.go:26","msg":"query target updater interrupted","severity":"info","ts":"2019-03-13T155536.677304Z"} {"caller":"query_target_updater.go:21","msg":"query target updater started","severity":"info","ts":"2019-03-13T155536.677247Z"} {"caller":"extension.go:110","err":"launching osquery instance: starting instance: could not calculate osquery file paths: extension path does not exist: /Users/marquis/go/src/github.com/kolide/launcher/build/osquery-extension.ext: stat /Users/marquis/go/src/github.com/kolide/launcher/build/osquery-extension.ext: no such file or directory","msg":"extension interrupted","severity":"info","stack":"stat /Users/marquis/go/src/github.com/kolide/launcher/build/osquery-extension.ext: no such file or directory\nextension path does not exist: /Users/marquis/go/src/github.com/kolide/launcher/build/osquery-extension.ext\ngithub.com/kolide/launcher/pkg/osquery/runtime.calculateOsqueryPaths\n\t/Users/marquis/go/src/github.com/kolide/launcher/pkg/osquery/runtime/runtime.go:97\ngithub.com/kolide/launcher/pkg/osquery/runtime.