Setup with the Dockerdeployment

[shinobu55]

Description

I tried the described deployment for opencti with the current docker build. The prerequisite services are succesfully started.

Environment

1. Ubuntu 20.04 runs the docker containers
2. OpenCTI version: 5.0.1
3. OpenCTI client: frontend

Reproducible Steps

Steps to create the smallest reproducible scenario: .env Settings:

OPENCTI_ADMIN_EMAIL=admin@opencti.io # Valid email address
OPENCTI_ADMIN_PASSWORD=opencti # String
OPENCTI_ADMIN_TOKEN=5e532426-6b1b-49e1-a2cc-bb896a54465a # Valid UUIDv4
MINIO_ROOT_USER=opencti # String
MINIO_ROOT_PASSWORD=opencti # String
RABBITMQ_DEFAULT_USER=guest # String
RABBITMQ_DEFAULT_PASS=guest # String
CONNECTOR_HISTORY_ID=a71abedd-d562-4f4f-aed6-8545e6db0f1a # Valid UUIDv4
CONNECTOR_EXPORT_FILE_STIX_ID=a65cfa75-8c3e-4d70-883a-eea4ceb8b53b # Valid UUIDv4
CONNECTOR_EXPORT_FILE_CSV_ID=b1937654-a179-43d2-b60e-35c7bf69d40a # Valid UUIDv4
CONNECTOR_IMPORT_FILE_STIX_ID=178d3dd2-92bf-475a-9e3b-7e7d0122f828 # Valid UUIDv4
CONNECTOR_IMPORT_FILE_PDF_OBSERVABLES_ID=4666e28f-c3ea-4a94-b8b5-cb660e1ff903 # Valid UUIDv4

docker-compose.yml:

version: '3'
services:
  redis:
    image: redis:6.2.5
    restart: always
    volumes:
      - redisdata:/data
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.15.0
    volumes:
      - esdata:/usr/share/elasticsearch/data
    environment:
      - discovery.type=single-node
      - xpack.ml.enabled=false
    restart: always
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
  minio:
    image: minio/minio:RELEASE.2021-09-15T04-54-25Z
    volumes:
      - s3data:/data
    ports:
      - "9000:9000"
    environment:
      MINIO_ROOT_USER: ${MINIO_ROOT_USER}
      MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD}
    command: server /data
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
      interval: 30s
      timeout: 20s
      retries: 3
    restart: always
  rabbitmq:
    image: rabbitmq:3.9-management
    environment:
      - RABBITMQ_DEFAULT_USER=${RABBITMQ_DEFAULT_USER}
      - RABBITMQ_DEFAULT_PASS=${RABBITMQ_DEFAULT_PASS}
    volumes:
      - amqpdata:/var/lib/rabbitmq
    restart: always
  opencti:
    image: opencti/platform:5.0.1
    environment:
      - NODE_OPTIONS=--max-old-space-size=8096
      - APP__PORT=8080
      - APP__ADMIN__EMAIL=${OPENCTI_ADMIN_EMAIL}
      - APP__ADMIN__PASSWORD=${OPENCTI_ADMIN_PASSWORD}
      - APP__ADMIN__TOKEN=${OPENCTI_ADMIN_TOKEN}
      - APP__APP_LOGS__LOGS_LEVEL=debug
      - REDIS__HOSTNAME=redis
      - REDIS__PORT=6379
      - ELASTICSEARCH__URL=http://elasticsearch:9200
      - MINIO__ENDPOINT=minio
      - MINIO__PORT=9000
      - MINIO__USE_SSL=false
      - MINIO__ACCESS_KEY=${MINIO_ROOT_USER}
      - MINIO__SECRET_KEY=${MINIO_ROOT_PASSWORD}
      - RABBITMQ__HOSTNAME=rabbitmq
      - RABBITMQ__PORT=5672
      - RABBITMQ__PORT_MANAGEMENT=15672
      - RABBITMQ__MANAGEMENT_SSL=false
      - RABBITMQ__USERNAME=${RABBITMQ_DEFAULT_USER}
      - RABBITMQ__PASSWORD=${RABBITMQ_DEFAULT_PASS}
      - PROVIDERS__LOCAL__STRATEGY=LocalStrategy
      - SMTP_HOSTNAME=${SMTP_HOSTNAME}
      - SMTP__PORT=25
      - SUBSCRIPTION_SCHEDULER__ENABLED=false
    ports:
      - "8080:8080"
    depends_on:
      - redis
      - elasticsearch
      - minio
      - rabbitmq
    restart: always
  worker:
    image: opencti/worker:5.0.1
    environment:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
      - WORKER_LOG_LEVEL=info
    depends_on:
      - opencti
    deploy:
      mode: replicated
      replicas: 3
    restart: always
  connector-history:
    image: opencti/connector-history:5.0.1
    environment:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
      - CONNECTOR_ID=${CONNECTOR_HISTORY_ID} # Valid UUIDv4
      - CONNECTOR_TYPE=STREAM
      - CONNECTOR_NAME=History
      - CONNECTOR_SCOPE=history
      - CONNECTOR_CONFIDENCE_LEVEL=15 # From 0 (Unknown) to 100 (Fully trusted)
      - CONNECTOR_LOG_LEVEL=info
    restart: always
    depends_on:
      - opencti
  connector-export-file-stix:
    image: opencti/connector-export-file-stix:5.0.1
    environment:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
      - CONNECTOR_ID=${CONNECTOR_EXPORT_FILE_STIX_ID} # Valid UUIDv4
      - CONNECTOR_TYPE=INTERNAL_EXPORT_FILE
      - CONNECTOR_NAME=ExportFileStix2
      - CONNECTOR_SCOPE=application/json
      - CONNECTOR_CONFIDENCE_LEVEL=15 # From 0 (Unknown) to 100 (Fully trusted)
      - CONNECTOR_LOG_LEVEL=info
    restart: always
    depends_on:
      - opencti
  connector-export-file-csv:
    image: opencti/connector-export-file-csv:5.0.1
    environment:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
      - CONNECTOR_ID=${CONNECTOR_EXPORT_FILE_CSV_ID} # Valid UUIDv4
      - CONNECTOR_TYPE=INTERNAL_EXPORT_FILE
      - CONNECTOR_NAME=ExportFileCsv
      - CONNECTOR_SCOPE=text/csv
      - CONNECTOR_CONFIDENCE_LEVEL=15 # From 0 (Unknown) to 100 (Fully trusted)
      - CONNECTOR_LOG_LEVEL=info
    restart: always
    depends_on:
      - opencti
  connector-import-file-stix:
    image: opencti/connector-import-file-stix:5.0.1
    environment:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
      - CONNECTOR_ID=${CONNECTOR_IMPORT_FILE_STIX_ID} # Valid UUIDv4
      - CONNECTOR_TYPE=INTERNAL_IMPORT_FILE
      - CONNECTOR_NAME=ImportFileStix
      - CONNECTOR_SCOPE=application/json,text/xml
      - CONNECTOR_AUTO=false # Enable/disable auto-import of file
      - CONNECTOR_CONFIDENCE_LEVEL=15 # From 0 (Unknown) to 100 (Fully trusted)
      - CONNECTOR_LOG_LEVEL=info
    restart: always
    depends_on:
      - opencti
  connector-import-report:
    image: opencti/connector-import-report:5.0.1
    environment:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
      - CONNECTOR_ID=${CONNECTOR_IMPORT_REPORT_ID} # Valid UUIDv4
      - CONNECTOR_TYPE=INTERNAL_IMPORT_FILE
      - CONNECTOR_NAME=ImportReport
      - CONNECTOR_SCOPE=application/pdf,text/plain
      - CONNECTOR_AUTO=false # Enable/disable auto-import of file
      - CONNECTOR_ONLY_CONTEXTUAL=true # Only extract data related to an entity (a report, a threat actor, etc.)
      - CONNECTOR_CONFIDENCE_LEVEL=15 # From 0 (Unknown) to 100 (Fully trusted)
      - CONNECTOR_LOG_LEVEL=info
      - IMPORT_REPORT_CREATE_INDICATOR=false
    restart: always
    depends_on:
      - opencti
volumes:
  esdata:
  s3data:
  redisdata:
  amqpdata:

Additional information

Logs from the opencti container:

{"category":"APP","version":"5.0.1","level":"info","message":"[OPENCTI] Starting platform","timestamp":"2021-10-08T13:10:17.912Z"}
{"category":"APP","version":"5.0.1","level":"info","message":"[CHECK] ElasticSearch is alive","timestamp":"2021-10-08T13:10:18.160Z"}
{"category":"APP","version":"5.0.1","level":"info","message":"[CHECK] Minio is alive","timestamp":"2021-10-08T13:10:18.253Z"}
{"category":"APP","version":"5.0.1","level":"info","message":"[CHECK] RabbitMQ is alive","timestamp":"2021-10-08T13:10:18.440Z"}
{"category":"APP","version":"5.0.1","level":"info","message":"[REDIS] Redis 'Client base' client ready","timestamp":"2021-10-08T13:10:18.523Z"}
{"category":"APP","version":"5.0.1","level":"info","message":"[CHECK] Redis is alive","timestamp":"2021-10-08T13:10:18.524Z"}
{"category":"APP","version":"5.0.1","level":"info","message":"[CHECK] Python3 is available","timestamp":"2021-10-08T13:10:22.489Z"}
{"category":"APP","version":"5.0.1","level":"info","message":"[REDIS] Redis 'Client context' client ready","timestamp":"2021-10-08T13:10:22.531Z"}
{"category":"APP","version":"5.0.1","level":"info","message":"[INIT] Starting platform initialization","timestamp":"2021-10-08T13:10:22.533Z"}
{"query":{"index":["opencti_internal_objects*","opencti_stix_meta_objects*","opencti_stix_domain_objects*","opencti_stix_cyber_observables*","opencti_inferred_entities*"],"ignore_throttled":false,"track_total_hits":true,"body":{"size":200,"sort":[{"standard_id.keyword":"asc"}],"query":{"bool":{"must":[{"bool":{"should":[{"match_phrase":{"entity_type.keyword":"MigrationStatus"}},{"match_phrase":{"parent_types.keyword":"MigrationStatus"}}],"minimum_should_match":1}}],"must_not":[]}},"runtime_mappings":{}}},"category":"APP","version":"5.0.1","level":"debug","message":"[ELASTICSEARCH] paginate","timestamp":"2021-10-08T13:10:22.540Z"}
{"category":"APP","version":"5.0.1","level":"info","message":"[INIT] Existing platform detected, initialization...","timestamp":"2021-10-08T13:10:22.702Z"}
{"query":{"index":["opencti_internal_objects*","opencti_stix_meta_objects*","opencti_stix_domain_objects*","opencti_stix_cyber_observables*","opencti_inferred_entities*"],"ignore_throttled":false,"track_total_hits":true,"body":{"size":200,"sort":[{"standard_id.keyword":"asc"}],"query":{"bool":{"must":[{"bool":{"should":[{"match_phrase":{"entity_type.keyword":"MigrationStatus"}},{"match_phrase":{"parent_types.keyword":"MigrationStatus"}}],"minimum_should_match":1}}],"must_not":[]}},"runtime_mappings":{}}},"category":"APP","version":"5.0.1","level":"debug","message":"[ELASTICSEARCH] paginate","timestamp":"2021-10-08T13:10:22.708Z"}
{"error":{"name":"ConfigurationError","_error":{},"_showLocations":false,"_showPath":false,"time_thrown":"2021-10-08T13:10:22.831Z","data":{"reason":"Email must be a valid email address","http_status":500,"category":"technical"},"internalData":{}},"category":"APP","version":"5.0.1","level":"error","message":"[OPENCTI] Platform initialization fail","timestamp":"2021-10-08T13:10:22.832Z"}
{"category":"APP","version":"5.0.1","level":"info","message":"[INIT] Platform initialization done","timestamp":"2021-10-08T13:10:22.856Z"}

/opt/opencti/build/src/config/errors.js:8
  return new Exception();
         ^
ConfigurationError: A configuration error has occurred
    at error (/opt/opencti/build/src/config/errors.js:8:10)
    at ConfigurationError (/opt/opencti/build/src/config/errors.js:53:3)
    at initializeAdminUser (/opt/opencti/build/src/config/providers.js:38:13)
    at initialization (/opt/opencti/build/src/initialization.js:387:13)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at /opt/opencti/build/src/boot.js:7:16

Based on the error message i would guess that the admin mail is incorrect, but it does have a valid mail format. Am I missing something here? I hope you can help me out.

[nor3th]

Hey @shinobu55

The validator react library is verifying the email address, but admin@opencti.io should definitely work for testing purposes. https://www.npmjs.com/package/validator If your email format is correct, but still wrongly classified, please open an issue here https://github.com/validatorjs/validator.js

Regards,

[shinobu55]

Thank you for your help. I only filled the gaps from the documentation and forgot to remove the comments, which were interpreted as part of the key in the .env file.