DetectionLab: Fleet Service not starting / not getting installed on Logger
- Operating System Version: OS Name: Microsoft Windows 10 Pro OS Version: 10.0.19043 N/A Build 19043
- Deploying via (VirtualBox/VMWare/AWS/Azure/ESXi): Both VirtualBox & VMWare
- Vagrant Version (if applicable): Vagrant 2.2.19
Please verify that you are building from an updated Master branch before filing an issue: Yes, cloned the latest Master branch via GitHub desktop
Description of the issue:
While building the logger host, I’m running into the following error message that causes the build to hang:
logger: The Splunk web interface is at https://logger:8000
logger:
logger: Init script installed at /etc/init.d/splunk.
logger: Init script is configured to run at boot.
logger: [12:51:06]: Downloading Palantir osquery configs...
logger: Cloning into 'osquery-configuration'...
logger: [12:51:07]: Installing Fleet...
logger: 127.0.2.1 logger logger
logger: mysql: [Warning] Using a password on the command line interface can be insecure.
**_logger: No URLs found in -_**.
**_logger: unzip: cannot find or open fleet.zip, fleet.zip.zip or fleet.zip.ZIP._**
logger: cp: cannot stat 'fleet/linux/fleetctl': No such file or directory
logger: cp: cannot stat 'fleet/linux/fleet': No such file or directory
logger: /tmp/vagrant-shell: line 301: fleet: command not found
logger: cp: target '/opt/fleet/' is not a directory
logger: Created symlink /etc/systemd/system/multi-user.target.wants/fleet.service → /etc/systemd/system/fleet.service.
**_logger: [12:51:08]: Waiting for fleet service to start..._**
# Always download the latest release of Fleet
curl -s https://api.github.com/repos/fleetdm/fleet/releases | grep 'https://github.com' | grep "/fleet.zip" | cut -d ':' -f 2,3 | tr -d '"' | tr -d ' ' | head -1 | wget --progress=bar:force -i -
unzip fleet.zip -d fleet
cp fleet/linux/fleetctl /usr/local/bin/fleetctl && chmod +x /usr/local/bin/fleetctl
cp fleet/linux/fleet /usr/local/bin/fleet && chmod +x /usr/local/bin/fleet
The actual file name in the URL can be seen below:
"url": "https://api.github.com/repos/fleetdm/fleet/releases/assets/58816992",
"id": 58816992,
"node_id": "RA_kwDOEnd7fs4DgXng",
"name": "**fleetctl_v4.11.0_linux.zip**",
Is because there is no actual “fleet.zip” in the URL: https://api.github.com/repos/fleetdm/fleet/releases being referred to in the “logger_bootstrap” script as seen in the code here:
Link to Gist Containing Build Logs:
NA. No local logs found in my Vagrant folder.
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Comments: 19 (8 by maintainers)
Confirmed fixed in https://github.com/clong/DetectionLab/commit/0aeb9a477635e16fe9167c60f9a92e84e3fab859
Fleet also no longer supports
fleetctl get optionsand is nowfleetctl get configlooks like
yqchanged its syntax in v4: https://mikefarah.gitbook.io/yq/v/v4.x/upgrading-from-v3#updating-writing-documentsI’m testing the fix now
Awesome stuff @mrpew Thanks for that quick fix! It worked for me!
All seems to be good as per the Post build checks script!
PS C:\Users.…\Documents\DetectionLab\Vagrant> .\post_build_checks.ps1 [*] Verifying that Splunk is reachable… [ √ ] Splunk is running and reachable!
[*] Verifying that Fleet is reachable… [ √ ] Fleet is running and reachable!
[*] Verifying that Microsoft ATA is reachable… [ √ ] Microsoft ATA is running and reachable!
[*] Verifying that Velociraptor is reachable… [ √ ] Velociraptor is running and reachable!
[*] Verifying that Guacamole is reachable… [ √ ] Guacamole is running and reachable!
Vagrant/logger_bootstrap.sh L294Quick fix:
Same here. Looks similar to #604