Problem for basic installation

[GuillaumeSCOTTO]

Hi,

We're a team of two students trying to install OpenCTI to later connect it to the DISARM platform. We followed the simple Docker installation - https://github.com/OpenCTI-Platform/docker but couldn't manage to launch the platform... When we run the docker-compose. Some containers look to work pretty well (elasticsearch, redis, rabbit) and others don't. We run it on a VM with ubuntu 22.04 ; With docker-compose version 1.29.2.

The global error looks to be : ValueError: OpenCTI API is not reachable.

Thanks a LOT for your help, we are beginners so it might be possible that we did a lot of rookie mistakes.

Here are our summary for logs, and at the end our environment fail :

openCTI platform : {"category":"APP","error":{"context":{"category":"technical","error":"connect ECONNREFUSED 172.18.0.2:9200","http_status":500,"reason":"[SEARCH] Search engine seems down"},"message":"A configuration error has occurred","name":"ConfigurationError","stack":"ConfigurationError: A configuration error has occurred\n at error (/opt/opencti/build/src/config/errors.js:8:10)\n at ConfigurationError (/opt/opencti/build/src/config/errors.js:54:53)\n at /opt/opencti/build/src/database/engine.js:171:15\n at processTicksAndRejections (node:internal/process/task_queues:95:5)\n at searchEngineInit (/opt/opencti/build/src/database/engine.js:161:3)\n at checkSystemDependencies (/opt/opencti/build/src/initialization.js:129:3)\n at boot (/opt/opencti/build/src/boot.js:10:5)"},"level":"error","message":"[OPENCTI] Platform start fail","timestamp":"2023-01-30T14:44:39.554Z","version":"5.5.2"}

Worker opencti : Traceback (most recent call last): File "/opt/opencti-worker/worker.py", line 522, in worker = Worker() File "", line 6, in init File "/opt/opencti-worker/worker.py", line 430, in __post_init self.api = OpenCTIApiClient( File "/usr/local/lib/python3.9/site-packages/pycti/api/opencti_api_client.py", line 198, in init__ raise ValueError( ValueError: OpenCTI API is not reachable. Waiting for OpenCTI API to start or check your configuration... INFO:root:Listing Threat-Actors with filters null.

Minio : ERROR Unable to validate credentials inherited from the shell environment: Invalid credentials

Please provide correct credentials HINT: Access key length should be at least 3, and secret key length at least 8 characters

docker_connector-export-file-txt_1 : INFO:root:Listing Threat-Actors with filters null. OpenCTI API is not reachable. Waiting for OpenCTI API to start or check your configuration...

docker_connector-export-file-stix_1 : INFO:root:Listing Threat-Actors with filters null. OpenCTI API is not reachable. Waiting for OpenCTI API to start or check your configuration...

docker_connector-import-file-stix_1 : Listing Threat-Actors with filters null. OpenCTI API is not reachable. Waiting for OpenCTI API to start or check your configuration...

docker_connector-import-document_1 : ValueError: OpenCTI API is not reachable. Waiting for OpenCTI API to start or check your configuration... Killed

openCTI platform : {"category":"APP","error":{"context":{"category":"technical","error":"connect ECONNREFUSED 172.18.0.2:9200","http_status":500,"reason":"[SEARCH] Search engine seems down"},"message":"A configuration error has occurred","name":"ConfigurationError","stack":"ConfigurationError: A configuration error has occurred\n at error (/opt/opencti/build/src/config/errors.js:8:10)\n at ConfigurationError (/opt/opencti/build/src/config/errors.js:54:53)\n at /opt/opencti/build/src/database/engine.js:171:15\n at processTicksAndRejections (node:internal/process/task_queues:95:5)\n at searchEngineInit (/opt/opencti/build/src/database/engine.js:161:3)\n at checkSystemDependencies (/opt/opencti/build/src/initialization.js:129:3)\n at boot (/opt/opencti/build/src/boot.js:10:5)"},"level":"error","message":"[OPENCTI] Platform start fail","timestamp":"2023-01-30T14:44:39.554Z","version":"5.5.2"}

Worker opencti : Traceback (most recent call last): File "/opt/opencti-worker/worker.py", line 522, in worker = Worker() File "", line 6, in init File "/opt/opencti-worker/worker.py", line 430, in __post_init self.api = OpenCTIApiClient( File "/usr/local/lib/python3.9/site-packages/pycti/api/opencti_api_client.py", line 198, in init__ raise ValueError( ValueError: OpenCTI API is not reachable. Waiting for OpenCTI API to start or check your configuration... INFO:root:Listing Threat-Actors with filters null.

Minio : ERROR Unable to validate credentials inherited from the shell environment: Invalid credentials

Please provide correct credentials HINT: Access key length should be at least 3, and secret key length at least 8 characters

docker_connector-export-file-txt_1 : INFO:root:Listing Threat-Actors with filters null. OpenCTI API is not reachable. Waiting for OpenCTI API to start or check your configuration...

docker_connector-export-file-stix_1 : INFO:root:Listing Threat-Actors with filters null. OpenCTI API is not reachable. Waiting for OpenCTI API to start or check your configuration...

docker_connector-import-file-stix_1 : Listing Threat-Actors with filters null. OpenCTI API is not reachable. Waiting for OpenCTI API to start or check your configuration...

docker_connector-import-document_1 : ValueError: OpenCTI API is not reachable. Waiting for OpenCTI API to start or check your configuration... Killed

Env && yml files :

OPENCTI_ADMIN_EMAIL=antoine.montagne@telecom-paris.fr OPENCTI_ADMIN_PASSWORD=tototata OPENCTI_ADMIN_TOKEN=c41ca777-667b-4421-952f-92f2f5a75485 MINIO_ROOT_USER=375a2a4b-652e-46be-9f70-4500e65bce89 MINIO_ROOT_PASSWORD=448661fa-2278-4061-b20f-3158180e1885 RABBITMQ_DEFAULT_USER=guest RABBITMQ_DEFAULT_PASS=guest CONNECTOR_HISTORY_ID=8a7c7bab-e286-4535-b84d-fabc5071029f CONNECTOR_EXPORT_FILE_STIX_ID=9a34fbf2-f689-4227-b505-41cf4752b10e CONNECTOR_EXPORT_FILE_CSV_ID=c1618ac3-97b6-44dd-979b-870f20076a8b CONNECTOR_IMPORT_FILE_STIX_ID=09e40517-fc17-4de6-ad09-104aa7dd4f90 CONNECTOR_IMPORT_REPORT_ID=9d5f694c-c295-46a0-ba4d-5142fc859bdf

version: '3' services: redis: image: redis:7.0.6 restart: always volumes:

• redisdata:/data elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch:8.5.3 volumes:
• esdata:/usr/share/elasticsearch/data environment:

  Comment out the line below for single-node

• discovery.type=single-node

  Uncomment line below below for a cluster of multiple nodes

  - cluster.name=docker-cluster

• xpack.ml.enabled=false
• xpack.security.enabled=false
• "ES_JAVA_OPTS=-Xms${ELASTIC_MEMORY_SIZE} -Xmx${ELASTIC_MEMORY_SIZE}" restart: always ulimits: memlock: soft: -1 hard: -1 nofile: soft: 65536 hard: 65536 minio: image: minio/minio:RELEASE.2022-09-25T15-44-53Z volumes:
• s3data:/data ports:
• "9000:9000" environment: MINIO_ROOT_USER: ${MINIO_ROOT_USER} MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD}
  command: server /data healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] interval: 30s timeout: 20s retries: 3 restart: always rabbitmq: image: rabbitmq:3.11-management environment:
• RABBITMQ_DEFAULT_USER=${RABBITMQ_DEFAULT_USER}
• RABBITMQ_DEFAULT_PASS=${RABBITMQ_DEFAULT_PASS} volumes:
• amqpdata:/var/lib/rabbitmq restart: always opencti: image: opencti/platform:5.5.2 environment:
• NODE_OPTIONS=--max-old-space-size=8096
• APP__PORT=8080
• APP__BASE_URL=${OPENCTI_BASE_URL}
• APPADMINEMAIL=${OPENCTI_ADMIN_EMAIL}
• APPADMINPASSWORD=${OPENCTI_ADMIN_PASSWORD}
• APPADMINTOKEN=${OPENCTI_ADMIN_TOKEN}
• APP__APP_LOGS__LOGS_LEVEL=error
• REDIS__HOSTNAME=redis
• REDIS__PORT=6379
• ELASTICSEARCH__URL=http://elasticsearch:9200
• MINIO__ENDPOINT=minio
• MINIO__PORT=9000
• MINIO__USE_SSL=false
• MINIO__ACCESS_KEY=${MINIO_ROOT_USER}
• MINIO__SECRET_KEY=${MINIO_ROOT_PASSWORD}
• RABBITMQ__HOSTNAME=rabbitmq
• RABBITMQ__PORT=5672
• RABBITMQ__PORT_MANAGEMENT=15672
• RABBITMQ__MANAGEMENT_SSL=false
• RABBITMQ__USERNAME=${RABBITMQ_DEFAULT_USER}
• RABBITMQ__PASSWORD=${RABBITMQ_DEFAULT_PASS}
• SMTP__HOSTNAME=${SMTP_HOSTNAME}
• SMTP__PORT=25
• PROVIDERSLOCALSTRATEGY=LocalStrategy ports:
• "8080:8080" depends_on:
• redis
• elasticsearch
• minio
• rabbitmq restart: always worker: image: opencti/worker:5.5.2 environment:
• OPENCTI_URL=http://opencti:8080
• OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
• WORKER_LOG_LEVEL=info depends_on:
• opencti deploy: mode: replicated replicas: 3 restart: always connector-export-file-stix: image: opencti/connector-export-file-stix:5.5.2 environment:
• OPENCTI_URL=http://opencti:8080
• OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
• CONNECTOR_ID=${CONNECTOR_EXPORT_FILE_STIX_ID} # Valid UUIDv4
• CONNECTOR_TYPE=INTERNAL_EXPORT_FILE
• CONNECTOR_NAME=ExportFileStix2
• CONNECTOR_SCOPE=application/json
• CONNECTOR_CONFIDENCE_LEVEL=15 # From 0 (Unknown) to 100 (Fully trusted)
• CONNECTOR_LOG_LEVEL=info restart: always depends_on:
• opencti connector-export-file-csv: image: opencti/connector-export-file-csv:5.5.2 environment:
• OPENCTI_URL=http://opencti:8080
• OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
• CONNECTOR_ID=${CONNECTOR_EXPORT_FILE_CSV_ID} # Valid UUIDv4
• CONNECTOR_TYPE=INTERNAL_EXPORT_FILE
• CONNECTOR_NAME=ExportFileCsv
• CONNECTOR_SCOPE=text/csv
• CONNECTOR_CONFIDENCE_LEVEL=15 # From 0 (Unknown) to 100 (Fully trusted)
• CONNECTOR_LOG_LEVEL=info restart: always depends_on:
• opencti connector-export-file-txt: image: opencti/connector-export-file-txt:5.5.2 environment:
• OPENCTI_URL=http://opencti:8080
• OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
• CONNECTOR_ID=${CONNECTOR_EXPORT_FILE_TXT_ID} # Valid UUIDv4
• CONNECTOR_TYPE=INTERNAL_EXPORT_FILE
• CONNECTOR_NAME=ExportFileTxt
• CONNECTOR_SCOPE=text/plain
• CONNECTOR_CONFIDENCE_LEVEL=15 # From 0 (Unknown) to 100 (Fully trusted)
• CONNECTOR_LOG_LEVEL=info restart: always depends_on:
• opencti connector-import-file-stix: image: opencti/connector-import-file-stix:5.5.2 environment:
• OPENCTI_URL=http://opencti:8080
• OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
• CONNECTOR_ID=${CONNECTOR_IMPORT_FILE_STIX_ID} # Valid UUIDv4
• CONNECTOR_TYPE=INTERNAL_IMPORT_FILE
• CONNECTOR_NAME=ImportFileStix
• CONNECTOR_VALIDATE_BEFORE_IMPORT=true # Validate any bundle before import
• CONNECTOR_SCOPE=application/json,text/xml
• CONNECTOR_AUTO=true # Enable/disable auto-import of file
• CONNECTOR_CONFIDENCE_LEVEL=15 # From 0 (Unknown) to 100 (Fully trusted)
• CONNECTOR_LOG_LEVEL=info restart: always depends_on:
• opencti connector-import-document: image: opencti/connector-import-document:5.5.2 environment:
• OPENCTI_URL=http://opencti:8080
• OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
• CONNECTOR_ID=${CONNECTOR_IMPORT_DOCUMENT_ID} # Valid UUIDv4
• CONNECTOR_TYPE=INTERNAL_IMPORT_FILE
• CONNECTOR_NAME=ImportDocument
• CONNECTOR_VALIDATE_BEFORE_IMPORT=true # Validate any bundle before import
• CONNECTOR_SCOPE=application/pdf,text/plain,text/html
• CONNECTOR_AUTO=true # Enable/disable auto-import of file
• CONNECTOR_ONLY_CONTEXTUAL=false # Only extract data related to an entity (a report, a threat actor, etc.)
• CONNECTOR_CONFIDENCE_LEVEL=15 # From 0 (Unknown) to 100 (Fully trusted)
• CONNECTOR_LOG_LEVEL=info
• IMPORT_DOCUMENT_CREATE_INDICATOR=true restart: always depends_on:
• opencti

volumes: esdata: s3data: redisdata: amqpdata:

[ForeGuards]

I have got the same issues as you. Did you get any fixes?

[GuillaumeSCOTTO]

Hi ForeGuards, yes I followed the same tutorial but on a VM more powerful than the previous one, and it worked properly : 8 cores 16GiB et 100GB.

[ForeGuards]

Alright. I installed it on a docker swarm with 2 nodes, with 4 cores 16GiB and 50GB... well I guess I need to increase a bit :). Thanks

[ForeGuards]

Nahh, I will get always the same error. Do you remember from where you get the installation guide?