search

CrowdStrike / ansible_collection_falcon

Comprehensive toolkit for streamlining your interactions with the CrowdStrike Falcon platform.
https://galaxy.ansible.com/ui/repo/published/crowdstrike/falcon/
GNU General Public License v3.0
93 stars 56 forks source link

Falcon sensor deployment fails on Ubuntu 22.04 #541

Closed Shorty110 closed 1 month ago

Shorty110 commented 1 month ago

Hi,

it seems currently deployment via the API method is broken, we get this error in the step TASK [crowdstrike.falcon.falcon_install : CrowdStrike Falcon | Import CrowdStrike Falcon APT GPG key from file]:

{
  "changed": false,
  "id": "5E200CE1798BC818",
  "short_id": "798BC818",
  "fp": "5E200CE1798BC818",
  "key_id": "5E200CE1798BC818",
  "before": [
    "8D81803C0EBFCD88",
    "7EA0A9C3F273FCD8",
    "2A120F6FC865E540",
    "06F6D24F7F632212",
    "7923C26F6FD50194",
    "887A41B4AF6056F5",
    "D94AA3F0EFE21092",
    "871920D1991BC93C"
  ],
  "after": [
    "8D81803C0EBFCD88",
    "7EA0A9C3F273FCD8",
    "2A120F6FC865E540",
    "06F6D24F7F632212",
    "7923C26F6FD50194",
    "887A41B4AF6056F5",
    "D94AA3F0EFE21092",
    "871920D1991BC93C"
  ],
  "msg": "apt-key did not return an error, but failed to add the key (check that the id is correct and *not* a subkey)",
  "invocation": {
    "module_args": {
      "file": "/tmp/ansible.5alhygrhfalcon/falcon-sensor.gpg",
      "state": "present",
      "validate_certs": true,
      "id": null,
      "url": null,
      "data": null,
      "keyring": null,
      "keyserver": null
    }
  },
  "_ansible_no_log": false
}

Collection version is 4.5.1, target host OS is Ubuntu 22.04. Is this maybe still related to https://github.com/CrowdStrike/ansible_collection_falcon/issues/536?

carlosmmatos commented 1 month ago

@Shorty110 we are aware of an issue concerning the new gpg keys that crowdstrike put out. For reference, is this issue only affecting sensor upgrades? Or are you experiencing this with new deployments?

basjes1977 commented 1 month ago

@carlosmmatos to answer your question: I'am running into this issue on a new deployment

carlosmmatos commented 1 month ago

Interesting.. I don't know if you have access to see the github actions: https://github.com/CrowdStrike/ansible_collection_falcon/actions/runs/9754797273

But all the APT based distros seems to be installing just fine. These are all obviously net new deployments, which is why I asked the initial question first. I will do some additional testing but if you can provide me with any other details as to the operating system/kernel this is failing on, I can keep digging.

basjes1977 commented 1 month ago

Hi Carlos,

sorry for the noise. I thought I updated crowdstrike.falcon . i t appeared I did not. after running ansible-galaxy collection install crowdstrike.falcon --upgrade it ran perfectly

carlosmmatos commented 1 month ago

@basjes1977 thanks for the update.. I'm over here pulling my hair trying to figure this out and I can't reproduce it for the life of me... I'm still testing some scenarios out just in case to be on the safe side, but thank you for the update.

carlosmmatos commented 1 month ago

since it's running, I'll go ahead and close this issue.. if you have any other issues please reach back out!

Shorty110 commented 1 month ago

Hi, sorry for the late reply. It's strange, I've tried three more systems and there it works fine. We have meanwhile installed an older version of the client on the broken systems manually, if you'd like to dig further I can uninstall it and try again the api method on them?