{"id":20722045,"url":"https://github.com/CptOfEvilMinions/FleetDM-Automation","last_synced_at":"2025-05-10T23:32:22.973Z","repository":{"id":43070480,"uuid":"321731951","full_name":"CptOfEvilMinions/FleetDM-Automation","owner":"CptOfEvilMinions","description":null,"archived":false,"fork":false,"pushed_at":"2022-03-20T17:45:16.000Z","size":137,"stargazers_count":21,"open_issues_count":3,"forks_count":4,"subscribers_count":2,"default_branch":"main","last_synced_at":"2023-03-04T04:24:08.931Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CptOfEvilMinions.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-12-15T16:55:40.000Z","updated_at":"2023-02-03T06:16:04.000Z","dependencies_parsed_at":"2022-09-10T20:51:27.823Z","dependency_job_id":null,"html_url":"https://github.com/CptOfEvilMinions/FleetDM-Automation","commit_stats":null,"previous_names":[],"tags_count":null,"template":null,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CptOfEvilMinions%2FFleetDM-Automation","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CptOfEvilMinions%2FFleetDM-Automation/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CptOfEvilMinions%2FFleetDM-Automation/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CptOfEvilMinions%2FFleetDM-Automation/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CptOfEvilMinions","download_url":"https://codeload.github.com/CptOfEvilMinions/FleetDM-Automation/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224996516,"owners_count":17404485,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-17T03:33:59.568Z","updated_at":"2024-11-17T03:34:02.458Z","avatar_url":"https://github.com/CptOfEvilMinions.png","language":"Shell","funding_links":[],"categories":["[🔓 security](https://github.com/stars/ketsapiwiq/lists/unlock-security)"],"sub_categories":[],"readme":"# FleetDM automation with Ansible and Docker\n\nFleetDM-Automation is a repo containing Ansible and Docker code to setup FleetDM. For a complete setup guide see my [blog post here](https://holdmybeersecurity.com/2021/01/07/getting-started-with-fleetdm-v3-6-0/).\n\n## Generate OpenSSL keys\nThis project contains with a self-signed OpenSSL ceretificate which should ONLY BE used for testing. Below are instructions to make your own\n1. `openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout conf/tls/\u003cname\u003e.key -out conf/tls/\u003cname\u003e.crt`\n\n## Docker v2.2\nThis project has a pre-defined JWT key of `super_secret_key_here` which should ONLY BE used for testing. Below are instructions to make your own\n1. `openssl rand -base64 32`\n1. Copy key and paste in `conf/fleet/fleet.yml` as the value for `jwt_key`\n1. `docker-compose build`\n1. `docker-compose run --rm fleet fleet prepare db --config /etc/fleet/fleet.yml`\n    1. Initializes Kolid database\n1. `docker-compose up -d`\n\n## Docker Swarm v3.X\n1. `openssl rand -base64 32 | tr -cd '[:alnum:]' | docker secret create fleetdm-jwt-key -`\n1. `openssl rand -base64 32 | tr -cd '[:alnum:]' | docker secret create mysql-root-password -`\n1. `openssl rand -base64 32 | tr -cd '[:alnum:]' | docker secret create mysql-fleetdm-password -`\n1. `docker stack deploy -c docker-compose-swarm.yml fleetdm`\n1. `docker service logs -f fleetdm_fleet`\n\n## Ansible\n1. `vim hosts.ini` and add IP address under `[fleetdm]`\n1. `vim all.yml` and set:\n    1. `base_domain` - The domain for your network and the base domain of the FQDN\n    1. `timezone` - OPTIONAL - Change the default timezone of UTC +0\n1. `openssl rand -base64 32`\n    1. Copy the output from the command\n1. `vim fleetdm.yml` and set:\n    1. `fleetdm_jwt` -  Set this to the random string generated by the OpenSSL command\n    1. `mysql_root_password` - Set the root password for MySQL\n    1. `mysql_fleetdm_password` -  Set the password for FleetDM MySQL user\n1. `ansible-playbook -i hosts.ini deploy_fleetdm.yml -u \u003cuser\u003e -K`\n\n\n## Versions supported\n* `Fleet FleetDM v4.11.0+`\n* `Ansible v2.11+`\n* `Ubuntu server 20.04`\n\n## References\n* [How to do a Docker healthcheck with wget instead of curl?](https://stackoverflow.com/questions/47722898/how-to-do-a-docker-healthcheck-with-wget-instead-of-curl)\n* [NGINX - Enabling Session Persistence](https://docs.nginx.com/nginx/admin-guide/load-balancer/http-load-balancer/#enabling-session-persistence)\n* [Docker - restart policy](https://docs.docker.com/compose/compose-file/#restart_policy)\n* [fleetdm/osquery-in-a-box](https://github.com/fleetdm/osquery-in-a-box/blob/master/docker-compose.yml)\n* [docker service logs](https://docs.docker.com/engine/reference/commandline/service_logs/)\n* [Use Docker Secrets With MySQL on Docker Swarm](https://blog.ruanbekker.com/blog/2017/11/23/use-docker-secrets-with-mysql-on-docker-swarm/)\n* [Configuring The Fleet Binary](https://github.com/fleetdm/fleet/blob/master/docs/infrastructure/configuring-the-fleet-binary.md)\n* [StackOverFlow - Using multiple delimiters in awk](https://stackoverflow.com/questions/12204192/using-multiple-delimiters-in-awk)\n* [Disable IPv6 in nginx proxy_pass](https://serverfault.com/questions/527317/disable-ipv6-in-nginx-proxy-pass)\n* [ansible.builtin.lineinfile – Manage lines in text files](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/lineinfile_module.html)\n* [Redirect HTTP to HTTPS in Nginx](https://linuxize.com/post/redirect-http-to-https-in-nginx/)\n* [Serving Requests on IPv6 with Nginx.](https://bubblin.io/blog/ipv6-nginx)\n* [Nginx 1.4.0 is not binding to IPv4 with [::]:80 on Ubuntu 13.04 when net.ipv6.bindv6only is set to false](https://trac.nginx.org/nginx/ticket/345)\n* [Using multiple delimiters in awk](https://stackoverflow.com/questions/12204192/using-multiple-delimiters-in-awk)\n* [Disable ipv6 on Ubuntu 20.04](https://www.geekpills.com/operating-system/linux/disable-ipv6-on-ubuntu-20-04)\n* [How to Disable IPv6 on Ubuntu Linux](https://itsfoss.com/disable-ipv6-ubuntu-linux/)\n* [Nginx configuration for FleetDM setups that want to catch 3m flatties (Willem Powerfish be proud).](https://mysteryincorporated.medium.com/nginx-configuration-for-fleetdm-setups-that-want-to-catch-3m-flatties-willem-powerfish-be-proud-7f99f97fdede)\n* [Fleet - REST-API.md](https://github.com/fleetdm/fleet/blob/main/docs/1-Using-Fleet/3-REST-API.md)\n* [How to Proxy WSS WebSockets with NGINX](https://www.serverlab.ca/tutorials/linux/web-servers-linux/how-to-proxy-wss-websockets-with-nginx/)\n* [nginx — How to Fix Unknown \"connection_upgrade\" Variable](https://futurestud.io/tutorials/nginx-how-to-fix-unknown-connection_upgrade-variable)\n* [Incompatible SockJS! Main site uses: \"1.4.0\", the iframe: \"1.3.0\". #7782](https://github.com/facebook/create-react-app/issues/7782)\n* [How to install Redis-Server 6.0.1 in Ubuntu 20.04?](https://askubuntu.com/questions/1244058/how-to-install-redis-server-6-0-1-in-ubuntu-20-04)\n* [An error was encountered while generating the current list of available VMware adapaters in use on this system. #11839](https://github.com/hashicorp/vagrant/issues/11839)\n* []()\n* []()\n* []()\n* []()\n* []()\n* []()\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FCptOfEvilMinions%2FFleetDM-Automation","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FCptOfEvilMinions%2FFleetDM-Automation","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FCptOfEvilMinions%2FFleetDM-Automation/lists"}