Hello,
I am hoping to get rapid7 to run in a debian 11 docker container in aws fargate.
When I run my docker build locally everything works.
The trouble happens when I move this workload to AWS. I use a pipeline that uses runners that exist on an ec2 server. When I try to build there I get
Get https://"us.deployment.endpoint.ingress.rapid7.com/api/v1/get_agent_files: dial tcp: lookup "us.deployment.endpoint.ingress.rapid7.com: invalid domain name
I know this sounds like a firewall problem… So I added full outbound access to all ip and ports and logging in to the runner I can wget https://us.deployment.endpoint.ingress.rapid7.com and get a 404
(Meaning the server responded so the name was resolved the tcp connection made all that)
I added 8.8.8.8 to resolve.conf, I created a hosts entry with one of the ip addresses that is resolved by the loadbalancer that domain is pointed at. None of it matters.
So I thought maybe something strange about how the build process utilizes runners and wrote a script that runs the agent_installer.sh right before the web server spins up.
It tested well locally but again in fargate I get that same error.
Does anyone have any insight on what might be going on?
Note: I took it a step further and do a curl to that domain before running the installer and I get a successful response.
[runtime 17/24] RUN curl -vv -L https://us.deployment.endpoint.ingress.rapid7.com/api/v1/get_agent_files
#25 sha256:5bd7807732f211b267bb822183f965f500e2f49d31016d57144b676fa1166737
#25 0.331 % Total % Received % Xferd Average Speed Time Time Time Current
#25 0.331 Dload Upload Total Spent Left Speed
#25 0.331
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 34.236.161.191:443...
#25 0.396 * Connected to us.deployment.endpoint.ingress.rapid7.com (34.236.161.191) port 443 (#0)
#25 0.396 * ALPN, offering h2
#25 0.396 * ALPN, offering http/1.1
#25 0.402 * successfully set certificate verify locations:
So the system is resolving that domain just fine. It’s some rapid7 agent_installer weirdness