FleetDM automation with Ansible and Docker

FleetDM-Automation is a repo containing Ansible and Docker code to setup FleetDM. For a complete setup guide see my blog post here.

Generate OpenSSL keys

This project contains with a self-signed OpenSSL ceretificate which should ONLY BE used for testing. Below are instructions to make your own

1. openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout conf/tls/<name>.key -out conf/tls/<name>.crt

Docker v2.2

This project has a pre-defined JWT key of super_secret_key_here which should ONLY BE used for testing. Below are instructions to make your own

1. openssl rand -base64 32
2. Copy key and paste in conf/fleet/fleet.yml as the value for jwt_key
3. docker-compose build
4. docker-compose run --rm fleet fleet prepare db --config /etc/fleet/fleet.yml
   1. Initializes Kolid database
5. docker-compose up -d

Docker Swarm v3.X

1. openssl rand -base64 32 | tr -cd '[:alnum:]' | docker secret create fleetdm-jwt-key -
2. openssl rand -base64 32 | tr -cd '[:alnum:]' | docker secret create mysql-root-password -
3. openssl rand -base64 32 | tr -cd '[:alnum:]' | docker secret create mysql-fleetdm-password -
4. docker stack deploy -c docker-compose-swarm.yml fleetdm
5. docker service logs -f fleetdm_fleet

Ansible

1. vim hosts.ini and add IP address under [fleetdm]
2. vim all.yml and set:
   1. base_domain - The domain for your network and the base domain of the FQDN
   2. timezone - OPTIONAL - Change the default timezone of UTC +0
3. openssl rand -base64 32
   1. Copy the output from the command
4. vim fleetdm.yml and set:
   1. fleetdm_jwt -  Set this to the random string generated by the OpenSSL command
   2. mysql_root_password - Set the root password for MySQL
   3. mysql_fleetdm_password -  Set the password for FleetDM MySQL user
5. ansible-playbook -i hosts.ini deploy_fleetdm.yml -u <user> -K

Versions supported

• Fleet FleetDM v4.11.0+
• Ansible v2.11+
• Ubuntu server 20.04

References

• How to do a Docker healthcheck with wget instead of curl?
• NGINX - Enabling Session Persistence
• Docker - restart policy
• fleetdm/osquery-in-a-box
• docker service logs
• Use Docker Secrets With MySQL on Docker Swarm
• Configuring The Fleet Binary
• StackOverFlow - Using multiple delimiters in awk
• Disable IPv6 in nginx proxy_pass
• ansible.builtin.lineinfile – Manage lines in text files
• Redirect HTTP to HTTPS in Nginx
• Serving Requests on IPv6 with Nginx.
• Nginx 1.4.0 is not binding to IPv4 with [::]:80 on Ubuntu 13.04 when net.ipv6.bindv6only is set to false
• Using multiple delimiters in awk
• Disable ipv6 on Ubuntu 20.04
• How to Disable IPv6 on Ubuntu Linux
• Nginx configuration for FleetDM setups that want to catch 3m flatties (Willem Powerfish be proud).
• Fleet - REST-API.md
• How to Proxy WSS WebSockets with NGINX
• nginx — How to Fix Unknown "connection_upgrade" Variable
• Incompatible SockJS! Main site uses: "1.4.0", the iframe: "1.3.0". #7782
• How to install Redis-Server 6.0.1 in Ubuntu 20.04?
• An error was encountered while generating the current list of available VMware adapaters in use on this system. #11839