Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-24 09:28:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 30
fleet/tools/osquery/README.md

75 lines
3 KiB
Markdown
Raw Normal View History

Add configs + documentation for testing with dockerized osqueryd (#22)
2016-08-02 19:09:30 +00:00
# Configs and Tools for Testing Kolide
The files in this directory are intended to assist with Kolide development.
* `docker-compose.yml`: This docker-compose file helps with starting `osqueryd` instances for testing Kolide. More on this [below](#testing-with-containerized-osqueryd).
* `example_config.json`: An example config file with insecure default passwords. Useful for testing in a local dev environment, but should /never/ be used in production.
* `example_osquery.conf`: An example osquery config file that sets up basic configuration for distributed queries.
* `example_osquery.flags`: An example osquery flagfile setting the config options that must be loaded before the full JSON config.
* `kolide.crt` & `kolide.key`: Self-signed SSL certificate & key useful for testing locally with `osqueryd`. Works with domains `localhost` and `dockerhost`. Should /never/ be used in production.
## Testing with containerized osqueryd
Using Docker enables us to rapidly spin up and down pre-configured `osqueryd` instances for testing Kolide. Currently we have container images for Ubuntu14 and Centos7 osquery installations.
### Setup
Docker and docker-compose are the only dependencies. The necessary container images will be pulled from Docker Cloud on first run.
Updated so you can choose to run 1.8.2 or 2.1.2 osquery (#527)
2016-11-23 17:59:23 +00:00
Before using the following commands, set the environment variable `LOCALHOST` to the public IP (127.0.0.1 will not work) of the docker host machine. This will allow the containers to connect to the local Kolide server. You will also need to
set `KOLIDE_OSQUERY_VERSION` to either `1.8.2` or `latest` (currently 2.1.2) to indicate which version of osquery that you want to run on your
containers.
Add configs + documentation for testing with dockerized osqueryd (#22)
2016-08-02 19:09:30 +00:00
### Running osqueryd
The osqueryd instances are configured to use the TLS plugins at `$LOCALHOST:8080`. Using the `example_config.json` in this directory should configure Kolide with the appropriate settings for these `osqueryd` containers to connect.
To start one instance each of Centos and Ubuntu `osqueryd`, use:
```
docker-compose up
```
The logs will be displayed on the host shell. Note that `docker-compose up` will reuse containers (so the state of `osqueryd` will be maintained across calls). To remove the containers and start from a fresh state on the next call to `up`, use:
```
docker-compose rm
```
If you want to only start one instance of `osqueryd`, use:
```
Fixing typo in osquery tools README (#797)
2017-01-09 18:03:28 +00:00
docker-compose run ubuntu14-osquery
Add configs + documentation for testing with dockerized osqueryd (#22)
2016-08-02 19:09:30 +00:00
```
or
```
Fixing typo in osquery tools README (#797)
2017-01-09 18:03:28 +00:00
docker-compose run centos7-osquery
Add configs + documentation for testing with dockerized osqueryd (#22)
2016-08-02 19:09:30 +00:00
```
Note that `docker-compose run` does not save state between calls.
This system can also be used to start many instances of osqueryd running in containers on the same host:
```
docker-compose up -d && docker-compose scale ubuntu14-osquery=10 centos7-osquery=10
```
To stop the containers when running in detached mode like this, use:
```
docker-compose stop
```
And to delete the containers when wanting a fresh state, or when finished testing, use:
```
docker-compose rm
```
We have had no trouble running up to 100 containerized osqueryd instances on a single processor core and about 1GB of RAM.
Reference in a new issue Copy permalink