Skip to content

Latest commit

 

History

History
56 lines (41 loc) · 2.58 KB

install.md

File metadata and controls

56 lines (41 loc) · 2.58 KB

Docket Installation

Back to top

Table of Contents

Install

Development Version. We push development packages to the Fedora COPR build service. If you go to the main page, there are package repositories for both CentOS 7 and Fedora 26. (ROCK officially only supports CentOS 7, but it was easy enough to build for both platforms.

NOTE: If you are not running stenographer on this particular system, you should add the stenographer group. Docket assumes this group exists and controls access to the x509 keys used to authenticate to the Stenographer server.

Once you have the repo setup and the stenographer group, you can just do

# Install the packages
sudo yum install docket nginx

# Install a default nginx config for docket
sudo cp /usr/share/doc/docket-*/nginx-example.conf \
     /etc/nginx/conf.d/docket.conf

# Enable and start both nginx and docket
sudo systemctl enable nginx docket.socket
sudo systemctl restart nginx docket.socket

Docket does not currently have a hard dependency on nginx because you could feasibly use something like Apache or Lighttpd to serve this up too. If this is a default ROCK install, nginx nginx will already be installed.

Configuration

Docket is configured in a simple YAML file located at /etc/docket/prod.yaml. Docket knows to read this file on startup from the DOCKET_CONF variable stored in /etc/sysconfig/docket.

Now, open the prod.yaml file and make any necessary edits. Likely all you should change here is the SECRET_KEY to something random and unique per installation. See the Flask docs for more information.

Example using pwgen utility

sudo yum install -y pwgen
sudo sed -i "/^SECRET_KEY/s/: .*\$/: $(pwgen -s 64 1)/" \
 /etc/docket/prod.yaml
# Stop current services and reload the socket
sudo systemctl stop docket.service
sudo systemctl restart docket.socket

Verify it works

Now, you can verify it works. Most likely you have DNS running on UDP port 53 on your network. I'm assuming this is a live sensor. As such, you will very likely have UDP port 53 traffic within the last 3 minutes. If all these assumptions are correct, you should see familiar tcpdump output with the following commands:

curl -s -XPOST localhost:8080/api/  \
 -d 'proto-name=udp' -d 'port=53' -d 'after-ago=3m' -v \
  | tcpdump -nr -