Fix up test osquery tooling (#996)

- Update certificate paths.
- Update documentation to point to the appropriate docs.
This commit is contained in:
Zach Wasserman 2021-06-07 13:34:17 -07:00 committed by GitHub
parent 54fdff245d
commit f75a2fc739
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 23 additions and 13 deletions

View File

@ -3,6 +3,7 @@
- [License key](#license-key) - [License key](#license-key)
- [Test suite](#test-suite) - [Test suite](#test-suite)
- [End-to-end tests](#end-to-end-tests) - [End-to-end tests](#end-to-end-tests)
- [Test hosts](#test-hosts)
- [Email](#email) - [Email](#email)
- [Database backup/restore](#database-backuprestore) - [Database backup/restore](#database-backuprestore)
- [Teams seed data](#teams-seed-data) - [Teams seed data](#teams-seed-data)
@ -193,6 +194,10 @@ CYPRESS_FLEET_TIER=basic yarn cypress run
Tests will run automatically and results are reported to the shell. Tests will run automatically and results are reported to the shell.
## Test hosts
The Fleet repo includes tools to start test osquery hosts. Please see the documentation in [/tools/osquery](../../tools/osquery) for more information.
## Email ## Email
#### Manually testing email with MailHog #### Manually testing email with MailHog
@ -244,7 +249,7 @@ Next, set the `FLEET_ENV_PATH` to point to the `env` file. This will let the scr
export FLEET_ENV_PATH=/Users/victor/fleet_env export FLEET_ENV_PATH=/Users/victor/fleet_env
``` ```
Finally run one of the bash scripts located in the [/tools/api](../../tools/api/README.md) directory. Finally run one of the bash scripts located in the [/tools/api](../../tools/api/README.md) directory.
The `fleet/create_core` script will generate an environment to roughly reflect an installation of Fleet Core. The script creates 3 users with different roles. The `fleet/create_core` script will generate an environment to roughly reflect an installation of Fleet Core. The script creates 3 users with different roles.

View File

@ -2,16 +2,15 @@
The files in this directory are intended to assist with Fleet development. The files in this directory are intended to assist with Fleet development.
* `docker-compose.yml`: This docker-compose file helps with starting `osqueryd` instances for testing Fleet. More on this [below](#testing-with-containerized-osqueryd). - `docker-compose.yml`: This docker-compose file helps with starting `osqueryd` instances for testing Fleet. More on this [below](#testing-with-containerized-osqueryd).
* `example_config.json`: An example config file with insecure default passwords. Useful for testing in a local dev environment, but should /never/ be used in production. - `example_config.json`: An example config file with insecure default passwords. Useful for testing in a local dev environment, but should /never/ be used in production.
* `example_osquery.conf`: An example osquery config file that sets up basic configuration for distributed queries. - `example_osquery.conf`: An example osquery config file that sets up basic configuration for distributed queries.
* `example_osquery.flags`: An example osquery flagfile setting the config options that must be loaded before the full JSON config. - `example_osquery.flags`: An example osquery flagfile setting the config options that must be loaded before the full JSON config.
* `kolide.crt` & `kolide.key`: Self-signed SSL certificate & key useful for testing locally with `osqueryd`. Works with the domain `host.docker.internal` (exposed within docker containers as the host's IP). Should /never/ be used in production.
- `fleet.crt` & `fleet.key`: Self-signed SSL certificate & key useful for testing locally with `osqueryd`. Works with the domain `host.docker.internal` (exposed within docker containers as the host's IP). Should **never** be used in production.
## Testing with containerized osqueryd ## Testing with containerized osqueryd
@ -23,8 +22,6 @@ Docker and docker-compose are the only dependencies. The necessary container ima
Set the environment variable `ENROLL_SECRET` to the value of your Fleet enroll secret (available on the manage hosts page, or via `fleetctl get enroll-secret`). Set the environment variable `ENROLL_SECRET` to the value of your Fleet enroll secret (available on the manage hosts page, or via `fleetctl get enroll-secret`).
(Optionally) Set `KOLIDE_OSQUERY_VERSION` if you want to run an osquery container besides `latest`.
(Optionally) Set `FLEET_SERVER` if you want to connect to a fleet server (Optionally) Set `FLEET_SERVER` if you want to connect to a fleet server
besides `host.docker.internal:8080`. besides `host.docker.internal:8080`.
@ -57,7 +54,9 @@ If you want to only start one instance of `osqueryd`, use:
``` ```
docker-compose run ubuntu14-osquery docker-compose run ubuntu14-osquery
``` ```
or or
``` ```
docker-compose run centos7-osquery docker-compose run centos7-osquery
``` ```
@ -87,23 +86,29 @@ We have had no trouble running up to 100 containerized osqueryd instances on a s
### Generating a osqueryd core file ### Generating a osqueryd core file
The docker containers are configured to allow core files to be generated if osqueryd The docker containers are configured to allow core files to be generated if osqueryd
crashes for some reason. You can attach to the container hosting the errant osqueryd crashes for some reason. You can attach to the container hosting the errant osqueryd
instance, install gdb and use it to read the core file to find out where the crash instance, install gdb and use it to read the core file to find out where the crash
occurred. The other scenario where you might find a core dump useful is if osqueryd occurred. The other scenario where you might find a core dump useful is if osqueryd
stops responding. In this case you can generate a core dump using the following instructions. stops responding. In this case you can generate a core dump using the following instructions.
1. Open a shell session on a container 1. Open a shell session on a container
``` ```
docker exec -t -i <container id> /bin/bash docker exec -t -i <container id> /bin/bash
``` ```
2. Find the process ID of osqueryd 2. Find the process ID of osqueryd
``` ```
ps aux ps aux
``` ```
There will be two osqueryd processes, you'll probably be interested in the child process (the one with the higher pid) There will be two osqueryd processes, you'll probably be interested in the child process (the one with the higher pid)
3. Send a signal to the process to core dump 3. Send a signal to the process to core dump
``` ```
kill -3 <pid> kill -3 <pid>
``` ```
The core file should be in your current working directory on the container. The core file should be in your current working directory on the container.

View File

@ -3,7 +3,7 @@ version: '2'
x-default-settings: x-default-settings:
volumes: &default-volumes volumes: &default-volumes
- ./kolide.crt:/etc/osquery/kolide.crt - ./fleet.crt:/etc/osquery/fleet.crt
- ./example_osquery.flags:/etc/osquery/osquery.flags - ./example_osquery.flags:/etc/osquery/osquery.flags
environment: &default-environment environment: &default-environment
ENROLL_SECRET: "${ENROLL_SECRET:?ENROLL_SECRET must be set for server authentication}" ENROLL_SECRET: "${ENROLL_SECRET:?ENROLL_SECRET must be set for server authentication}"

View File

@ -4,7 +4,7 @@
--debug --debug
--tls_dump=true --tls_dump=true
--tls_server_certs=/etc/osquery/kolide.crt --tls_server_certs=/etc/osquery/fleet.crt
--enroll_secret_env=ENROLL_SECRET --enroll_secret_env=ENROLL_SECRET
--enroll_tls_endpoint=/api/v1/osquery/enroll --enroll_tls_endpoint=/api/v1/osquery/enroll