Setup issues about zentral HOT 16 CLOSED

Hi Allister,

did you edit a probe file? if so can you try lint the file, the error looks like a yml sythax error.

from zentral.

Hi Allister,

First of all, thanks for trying zentral out !

As Henry already answered, the error message you see is a YAML syntax error. But your custom config is not mounted at the right place. In the docker container, zentral expects the configuration to be in
/home/zentral/conf. If you want to use your own conf, use the following
mounting option :

-v /Users/abanks/Downloads/zentral-conf-master:/home/zentral/conf

This will override the minimalistic configuration that we ship in the
zentral container.

The only problem left is that this minimalistic configuration (that
zentral must have used because you mounted your own at the wrong place)
should not trigger a YAML error. Did you edit it in the container ?

from zentral.

Gotcha, I gave that a spin and am now seeing a different error, which is not YAML-related, but I just JSON-linted and am not seeing where my issue is:

Check Zentral configuration

Traceback (most recent call last):
  File "/home/zentral/zentral/bin/check_configuration.py", line 6, in <module>
    zentral.setup()
  File "/home/zentral/zentral/__init__.py", line 9, in setup
    from zentral.conf import settings
  File "/home/zentral/zentral/conf/__init__.py", line 65, in <module>
    settings = load_config_file(find_conf_file(conf_dir, "base"))
  File "/home/zentral/zentral/conf/__init__.py", line 60, in load_config_file
    raise ImproperlyConfigured("{} error in file {}".format(filetype, filepath)) from None
zentral.core.exceptions.ImproperlyConfigured: JSON error in file /home/zentral/conf/base.json

This is after I moved on to the 4th setup doc and don't see any logs in /tmp/supervisorlog, it seems to not be fully starting up.

from zentral.

you possibly have a formatting problem in base.json? can you double check / lint base.json

from zentral.

Can't really help you past this point without having a look at the base.json file. Is there a way you can post it here without the secrets it might contains ?

from zentral.

Sure thing, https://gist.github.com/arubdesu/5146edbfe7c910ddf8c8

from zentral.

This config file is a valid JSON file and doesn't trigger an error on my test system. Must be something else. The gist you posted has base.conf in the title. could it be that you have both base.conf (OK, but not used) and base.json (with syntax errors, but used) in the config dir that you are mounting in the docker container ?

from zentral.

Nope, there's only the base.json, I mis-titled it.

from zentral.

Have you solved your problem or do you still need help ?

from zentral.

I'll get another chance soon, is there a new build on the docker hub?

from zentral.

I've just uploaded a new build.

from zentral.

I've gotten further along, but hit a wall trying to enroll a client with the command on step 6 here, which is also out of date as of osquery 1.6. (it should be --distributed_interval=60 and --disable_distributed=false replace --distributed_poll_interval=60 and --distributed_enabled, respectively.

from zentral.

...and the error I'm getting is

I1110 10:41:56.673203 2107400192 tls.cpp:193] TLS/HTTPS POST request to URI: https://zentral/osquery/enroll
W1110 10:41:56.864115 2107400192 tls.cpp:75] Failed enrollment request to https://zentral/osquery/enroll (No enrollment key returned from TLS enroll plugin) retrying...

from zentral.

I am upgrading the container to have better django logs. In the meantime, you can try to check if the osquery secret match the osquery app conf in base.json.

from zentral.

yes the osqueryd flags have changed in osquery 1.6, will fix that for the doku. have you checked matching enroll secret secret in base.json to the one used in enroll_secret.txt ?

from zentral.

I've just uploaded a new version of the zentral/zentral docker image. With this last image, you can get much more detailed logs from gunicorn, so that we can debug what's happening with your config. In order to do so, just mount a temp dir as the container supervisor log directory when you're running the container.

-v /path/to/a/writable/empty/dir:/var/log/supervisor

in the dir, you will get a file like

server_gunicorn-stderr---supervisor-_syrgv.log

It will contain all the HTTP requests to gunicorn with the eventual python errors.

from zentral.