mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 08:55:24 +00:00
Fix up test osquery tooling (#996)
- Update certificate paths. - Update documentation to point to the appropriate docs.
This commit is contained in:
parent
54fdff245d
commit
f75a2fc739
@ -3,6 +3,7 @@
|
|||||||
- [License key](#license-key)
|
- [License key](#license-key)
|
||||||
- [Test suite](#test-suite)
|
- [Test suite](#test-suite)
|
||||||
- [End-to-end tests](#end-to-end-tests)
|
- [End-to-end tests](#end-to-end-tests)
|
||||||
|
- [Test hosts](#test-hosts)
|
||||||
- [Email](#email)
|
- [Email](#email)
|
||||||
- [Database backup/restore](#database-backuprestore)
|
- [Database backup/restore](#database-backuprestore)
|
||||||
- [Teams seed data](#teams-seed-data)
|
- [Teams seed data](#teams-seed-data)
|
||||||
@ -193,6 +194,10 @@ CYPRESS_FLEET_TIER=basic yarn cypress run
|
|||||||
|
|
||||||
Tests will run automatically and results are reported to the shell.
|
Tests will run automatically and results are reported to the shell.
|
||||||
|
|
||||||
|
## Test hosts
|
||||||
|
|
||||||
|
The Fleet repo includes tools to start test osquery hosts. Please see the documentation in [/tools/osquery](../../tools/osquery) for more information.
|
||||||
|
|
||||||
## Email
|
## Email
|
||||||
|
|
||||||
#### Manually testing email with MailHog
|
#### Manually testing email with MailHog
|
||||||
@ -244,7 +249,7 @@ Next, set the `FLEET_ENV_PATH` to point to the `env` file. This will let the scr
|
|||||||
export FLEET_ENV_PATH=/Users/victor/fleet_env
|
export FLEET_ENV_PATH=/Users/victor/fleet_env
|
||||||
```
|
```
|
||||||
|
|
||||||
Finally run one of the bash scripts located in the [/tools/api](../../tools/api/README.md) directory.
|
Finally run one of the bash scripts located in the [/tools/api](../../tools/api/README.md) directory.
|
||||||
|
|
||||||
The `fleet/create_core` script will generate an environment to roughly reflect an installation of Fleet Core. The script creates 3 users with different roles.
|
The `fleet/create_core` script will generate an environment to roughly reflect an installation of Fleet Core. The script creates 3 users with different roles.
|
||||||
|
|
||||||
|
@ -2,16 +2,15 @@
|
|||||||
|
|
||||||
The files in this directory are intended to assist with Fleet development.
|
The files in this directory are intended to assist with Fleet development.
|
||||||
|
|
||||||
* `docker-compose.yml`: This docker-compose file helps with starting `osqueryd` instances for testing Fleet. More on this [below](#testing-with-containerized-osqueryd).
|
- `docker-compose.yml`: This docker-compose file helps with starting `osqueryd` instances for testing Fleet. More on this [below](#testing-with-containerized-osqueryd).
|
||||||
|
|
||||||
* `example_config.json`: An example config file with insecure default passwords. Useful for testing in a local dev environment, but should /never/ be used in production.
|
- `example_config.json`: An example config file with insecure default passwords. Useful for testing in a local dev environment, but should /never/ be used in production.
|
||||||
|
|
||||||
* `example_osquery.conf`: An example osquery config file that sets up basic configuration for distributed queries.
|
- `example_osquery.conf`: An example osquery config file that sets up basic configuration for distributed queries.
|
||||||
|
|
||||||
* `example_osquery.flags`: An example osquery flagfile setting the config options that must be loaded before the full JSON config.
|
- `example_osquery.flags`: An example osquery flagfile setting the config options that must be loaded before the full JSON config.
|
||||||
|
|
||||||
* `kolide.crt` & `kolide.key`: Self-signed SSL certificate & key useful for testing locally with `osqueryd`. Works with the domain `host.docker.internal` (exposed within docker containers as the host's IP). Should /never/ be used in production.
|
|
||||||
|
|
||||||
|
- `fleet.crt` & `fleet.key`: Self-signed SSL certificate & key useful for testing locally with `osqueryd`. Works with the domain `host.docker.internal` (exposed within docker containers as the host's IP). Should **never** be used in production.
|
||||||
|
|
||||||
## Testing with containerized osqueryd
|
## Testing with containerized osqueryd
|
||||||
|
|
||||||
@ -23,8 +22,6 @@ Docker and docker-compose are the only dependencies. The necessary container ima
|
|||||||
|
|
||||||
Set the environment variable `ENROLL_SECRET` to the value of your Fleet enroll secret (available on the manage hosts page, or via `fleetctl get enroll-secret`).
|
Set the environment variable `ENROLL_SECRET` to the value of your Fleet enroll secret (available on the manage hosts page, or via `fleetctl get enroll-secret`).
|
||||||
|
|
||||||
(Optionally) Set `KOLIDE_OSQUERY_VERSION` if you want to run an osquery container besides `latest`.
|
|
||||||
|
|
||||||
(Optionally) Set `FLEET_SERVER` if you want to connect to a fleet server
|
(Optionally) Set `FLEET_SERVER` if you want to connect to a fleet server
|
||||||
besides `host.docker.internal:8080`.
|
besides `host.docker.internal:8080`.
|
||||||
|
|
||||||
@ -57,7 +54,9 @@ If you want to only start one instance of `osqueryd`, use:
|
|||||||
```
|
```
|
||||||
docker-compose run ubuntu14-osquery
|
docker-compose run ubuntu14-osquery
|
||||||
```
|
```
|
||||||
|
|
||||||
or
|
or
|
||||||
|
|
||||||
```
|
```
|
||||||
docker-compose run centos7-osquery
|
docker-compose run centos7-osquery
|
||||||
```
|
```
|
||||||
@ -87,23 +86,29 @@ We have had no trouble running up to 100 containerized osqueryd instances on a s
|
|||||||
### Generating a osqueryd core file
|
### Generating a osqueryd core file
|
||||||
|
|
||||||
The docker containers are configured to allow core files to be generated if osqueryd
|
The docker containers are configured to allow core files to be generated if osqueryd
|
||||||
crashes for some reason. You can attach to the container hosting the errant osqueryd
|
crashes for some reason. You can attach to the container hosting the errant osqueryd
|
||||||
instance, install gdb and use it to read the core file to find out where the crash
|
instance, install gdb and use it to read the core file to find out where the crash
|
||||||
occurred. The other scenario where you might find a core dump useful is if osqueryd
|
occurred. The other scenario where you might find a core dump useful is if osqueryd
|
||||||
stops responding. In this case you can generate a core dump using the following instructions.
|
stops responding. In this case you can generate a core dump using the following instructions.
|
||||||
|
|
||||||
1. Open a shell session on a container
|
1. Open a shell session on a container
|
||||||
|
|
||||||
```
|
```
|
||||||
docker exec -t -i <container id> /bin/bash
|
docker exec -t -i <container id> /bin/bash
|
||||||
```
|
```
|
||||||
|
|
||||||
2. Find the process ID of osqueryd
|
2. Find the process ID of osqueryd
|
||||||
|
|
||||||
```
|
```
|
||||||
ps aux
|
ps aux
|
||||||
```
|
```
|
||||||
|
|
||||||
There will be two osqueryd processes, you'll probably be interested in the child process (the one with the higher pid)
|
There will be two osqueryd processes, you'll probably be interested in the child process (the one with the higher pid)
|
||||||
|
|
||||||
3. Send a signal to the process to core dump
|
3. Send a signal to the process to core dump
|
||||||
|
|
||||||
```
|
```
|
||||||
kill -3 <pid>
|
kill -3 <pid>
|
||||||
```
|
```
|
||||||
|
|
||||||
The core file should be in your current working directory on the container.
|
The core file should be in your current working directory on the container.
|
||||||
|
@ -3,7 +3,7 @@ version: '2'
|
|||||||
|
|
||||||
x-default-settings:
|
x-default-settings:
|
||||||
volumes: &default-volumes
|
volumes: &default-volumes
|
||||||
- ./kolide.crt:/etc/osquery/kolide.crt
|
- ./fleet.crt:/etc/osquery/fleet.crt
|
||||||
- ./example_osquery.flags:/etc/osquery/osquery.flags
|
- ./example_osquery.flags:/etc/osquery/osquery.flags
|
||||||
environment: &default-environment
|
environment: &default-environment
|
||||||
ENROLL_SECRET: "${ENROLL_SECRET:?ENROLL_SECRET must be set for server authentication}"
|
ENROLL_SECRET: "${ENROLL_SECRET:?ENROLL_SECRET must be set for server authentication}"
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
--debug
|
--debug
|
||||||
--tls_dump=true
|
--tls_dump=true
|
||||||
|
|
||||||
--tls_server_certs=/etc/osquery/kolide.crt
|
--tls_server_certs=/etc/osquery/fleet.crt
|
||||||
|
|
||||||
--enroll_secret_env=ENROLL_SECRET
|
--enroll_secret_env=ENROLL_SECRET
|
||||||
--enroll_tls_endpoint=/api/v1/osquery/enroll
|
--enroll_tls_endpoint=/api/v1/osquery/enroll
|
||||||
|
Loading…
Reference in New Issue
Block a user