• j

    jby

    8 months ago
    So, if I’m running fleetctl preview and the preview is updated (don’t know if it ever is), can I somehow easily update it?
  • Rachel Perkins

    Rachel Perkins

    8 months ago
    Hiya, you can check which version of fleet you're running on the bottom right of the My Account page or with
    npm view fleetctl version
    We're on 4.6.1 but feel free to update if you're not!
  • j

    jby

    8 months ago
    message has been deleted
  • So, how do I update then?
  • Feel free to point me to any documentation that I’ve neglected to read
  • Can I upgrade with the data in the system intact - including the enrollment secret?
  • Rachel Perkins

    Rachel Perkins

    8 months ago
    Ok sweet, yeah, I just smoke tested by downgrading to 4.5.0, created a query, upgraded to 4.6.1 and it was still there
  • If you just run
    fleetctl preview
    , it should automatically upgrade to 4.6.1
  • j

    jby

    8 months ago
    Great, I'll test tomorrow - it's 6pm here noe
  • Rachel Perkins

    Rachel Perkins

    8 months ago
    Enjoy your evening!
  • I'm going to go ahead and file an issue to document this
  • Sorry, run
    fleetctl --version
    instead of
    npm view fleetctl version
  • j

    jby

    8 months ago
    Do you really mean that I'm to run the preview command again in a running environment?
  • Rachel Perkins

    Rachel Perkins

    8 months ago
    You can run
    fleetctl preview stop
    first if you'd like, but it works without it
  • j

    jby

    8 months ago
    Ok, I’ll test tomorrow morning, and since I have a puppy that wants to go out early you might still be working when I start tomorrow… 😉
  • So, I ran the
    fleetctl preview
    and now I can’t login anymore… 😞
  • Ok, I got in with the
    <mailto:admin@example.com|admin@example.com>
    user, but all my data from before the
    upgrade
    seems to be gone… 😞
  • So, I ended up with an empty fleet instance with a new enroll secret and a new certificate… 😞
  • @Rachel Perkins?
  • Rachel Perkins

    Rachel Perkins

    8 months ago
    So sorry this got buried!
  • That's weird because the most recent
    fleetctl preview
    automatically logs you in
  • Let me loop in @Lucas Rodriguez a BE engineer and see if he knows what could've happened. We both smoked tested this
  • j

    jby

    8 months ago
    No users, no hosts, no data (not even any example data), new certificate and new enrollment secret was my result of running
    fleetctl preview
    “on top” of the one I already had running…
  • Lucas Rodriguez

    Lucas Rodriguez

    8 months ago
    Hi folks, will take a look at this soon and get back to you.
  • j

    jby

    8 months ago
    👍
  • Oh, it's after 5pm Friday here so don't expect me to do anything else until Monday morning
  • BTW, these are the stdout-logs from when I ran
    fleetctl preview
    to upgrade the existing, running preview that I had:
    Downloading dependencies from production into /root/.fleet/preview...
    Pulling Docker dependencies...
    Starting Docker containers...
    Waiting for server to start up...
    Initializing server...
    Configured fleetctl in the 'preview' context to avoid overwriting existing config.
    Loading standard query library...
    Applying Policies...
    Fleet will now enroll your device and log you into the UI automatically.
    You can also open the UI at this URL: <http://localhost:1337/previewlogin>.
    Email: <mailto:admin@example.com|admin@example.com>
    Password: admin123#
    Downloading Orbit and osqueryd...
    Orbit is already running.
    Waiting for current host to enroll...
    wait for current host: checking host count: no hosts yet
  • Lucas Rodriguez

    Lucas Rodriguez

    8 months ago
    @jby Can you look for the following docker volume:
    docker volume list | grep preview
  • In my case I get
    local     fleet-preview-server_data01
    after running
    preview
  • j

    jby

    8 months ago
    docker volume list
    DRIVER    VOLUME NAME
    local     34a78f9c63dc93fc533c362a5c00f04ffa2b43cfc555062ad2ca979a18fa4f4c
    local     625e94d725d58ea087bcee640687433cb40f58daed0a3ae8714afd6aed4bbfc4
    local     fleet-preview-server_data01
  • And:
    docker ps -a
    CONTAINER ID   IMAGE                              COMMAND                  CREATED       STATUS       PORTS                                                  NAMES
    88b39d78b8d7   fleetdm/fleet:latest               "sh -c '/usr/bin/fle…"   4 days ago    Up 4 days    0.0.0.0:1337->1337/tcp, :::1337->1337/tcp              fleet-preview-server_fleet02_1
    878d60386228   fleetdm/fleet:latest               "sh -c '/usr/bin/fle…"   4 days ago    Up 4 days    0.0.0.0:8412->8412/tcp, :::8412->8412/tcp              fleet-preview-server_fleet01_1
    b52496386962   mysql:5.7                          "docker-entrypoint.s…"   4 days ago    Up 4 days    33060/tcp, 0.0.0.0:3308->3306/tcp, :::3308->3306/tcp   fleet-preview-server_mysql01_1
    d42f75ce59ee   redis:6                            "docker-entrypoint.s…"   4 days ago    Up 4 days    6379/tcp                                               fleet-preview-server_redis01_1
    ac4363885609   dactiv/osquery:4.5.1-centos6       "osqueryd --flagfile…"   4 weeks ago   Up 4 weeks                                                          fleet-preview-devices_centos6-osquery_1
    393ee09aa659   dactiv/osquery:4.5.1-ubuntu18.04   "osqueryd --flagfile…"   4 weeks ago   Up 4 weeks                                                          fleet-preview-devices_ubuntu18-osquery_1
    b6e3aa740d4f   dactiv/osquery:4.5.1-centos7       "osqueryd --flagfile…"   4 weeks ago   Up 4 weeks                                                          fleet-preview-devices_centos7-osquery_1
    a2a4763bab36   dactiv/osquery:4.5.1-ubuntu16.04   "osqueryd --flagfile…"   4 weeks ago   Up 4 weeks                                                          fleet-preview-devices_ubuntu16-osquery_1
    bc112570d19b   dactiv/osquery:4.5.1-ubuntu14.04   "osqueryd --flagfile…"   4 weeks ago   Up 4 weeks                                                          fleet-preview-devices_ubuntu14-osquery_1
    9ee8c3357bb8   dactiv/osquery:4.5.1-centos8       "osqueryd --flagfile…"   4 weeks ago   Up 4 weeks                                                          fleet-preview-devices_centos8-osquery_1
    66b70a2e1d48   dactiv/osquery:4.5.1-ubuntu20.04   "osqueryd --flagfile…"   4 weeks ago   Up 4 weeks                                                          fleet-preview-devices_ubuntu20-osquery_1
  • From that output it would seem I have multiple previews running…
  • Or maybe I’m looking crooked here, sorry
  • Lucas Rodriguez

    Lucas Rodriguez

    8 months ago
    That last output looks ok,
    preview
    starts a set of simulated hosts so that people can start testing running queries etc with N > 1 hosts.
  • Regarding the volume command: It's possible
    fleet-preview-server_data01
    is the new volume that started from scratch with no data (your current run) and one of the other two is the volume with the old data?
  • j

    jby

    8 months ago
    Ok, the simulated hosts have not provided any data into my new preview either though…
  • This is my dashboard 5 days after starting the updated preview:
  • The
    fleet-preview-server_data01
    volume is since I started my first preview:
    # docker volume inspect fleet-preview-server_data01
    [
        {
            "CreatedAt": "2021-11-04T05:59:38Z",
            "Driver": "local",
            "Labels": {
                "com.docker.compose.project": "fleet-preview-server",
                "com.docker.compose.version": "1.27.4",
                "com.docker.compose.volume": "data01"
            },
            "Mountpoint": "/var/lib/docker/volumes/fleet-preview-server_data01/_data",
            "Name": "fleet-preview-server_data01",
            "Options": null,
            "Scope": "local"
        }
    ]
  • The other two seems to have been created at login(from looking at the timestamp of
    CreatedAt
    , my login after running
    fleetctl preview
    last week:
    docker volume inspect 34a78f9c63dc93fc533c362a5c00f04ffa2b43cfc555062ad2ca979a18fa4f4c
    [
        {
            "CreatedAt": "2021-12-02T06:44:22Z",
            "Driver": "local",
            "Labels": null,
            "Mountpoint": "/var/lib/docker/volumes/34a78f9c63dc93fc533c362a5c00f04ffa2b43cfc555062ad2ca979a18fa4f4c/_data",
            "Name": "34a78f9c63dc93fc533c362a5c00f04ffa2b43cfc555062ad2ca979a18fa4f4c",
            "Options": null,
            "Scope": "local"
        }
    ]
  • And my login now:
    docker volume inspect 625e94d725d58ea087bcee640687433cb40f58daed0a3ae8714afd6aed4bbfc4
    [
        {
            "CreatedAt": "2021-12-06T19:59:04Z",
            "Driver": "local",
            "Labels": null,
            "Mountpoint": "/var/lib/docker/volumes/625e94d725d58ea087bcee640687433cb40f58daed0a3ae8714afd6aed4bbfc4/_data",
            "Name": "625e94d725d58ea087bcee640687433cb40f58daed0a3ae8714afd6aed4bbfc4",
            "Options": null,
            "Scope": "local"
        }
    ]
  • Lucas Rodriguez

    Lucas Rodriguez

    8 months ago
    OK, one option is running 1.
    preview stop
    2. remove the new empty volume, 3. run
    preview
    again and see if that uses the old volume.
  • j

    jby

    8 months ago
    docker volume rm 625e94d725d58ea087bcee640687433cb40f58daed0a3ae8714afd6aed4bbfc4
    Error response from daemon: remove 625e94d725d58ea087bcee640687433cb40f58daed0a3ae8714afd6aed4bbfc4: volume is in use - [d42f75ce59ee4d887c26097a4afa2939ee82aad99bf704fb2b10dd8b5bb47e9c]
  • Lucas Rodriguez

    Lucas Rodriguez

    8 months ago
    Maybe that's not even a fleet volume.
  • j

    jby

    8 months ago
    I’m not running anything else in docker in that host
  • Lucas Rodriguez

    Lucas Rodriguez

    8 months ago
    Also, any reason you are using preview instead of deploying fleet? (Mostly asking because preview is just made for demo purposes.) See https://fleetdm.com/docs/deploying#deployment
  • j

    jby

    8 months ago
    POC and testing
  • And the simplicity of docker
  • To see if it’s something we should put into production
  • And me not being comfortable to configure the relationships between docker containers (fleet, db, redis, persistent disk storage) myself
  • And also, I’m lazy busy doing other things - this sets everything up with one command… 😁
  • Lucas Rodriguez

    Lucas Rodriguez

    8 months ago
    OK, one volume is probably one used by the fleet server. So we shouldn't delete it.
  • Can you provide fleet server logs?
  • docker logs $container_id_of_fleetdm/fleet
    (
    docker ps
    ).
  • j

    jby

    8 months ago
    Which one? The one running on port 8412 or the one running on port 1337?
  • 3dc39fc12db2   fleetdm/fleet:latest                "sh -c '/usr/bin/fle…"   About an hour ago   Up About an hour   0.0.0.0:8412->8412/tcp, :::8412->8412/tcp              fleet-preview-server_fleet01_1
    dd454af52c6c   mysql:5.7                           "docker-entrypoint.s…"   About an hour ago   Up About an hour   33060/tcp, 0.0.0.0:3308->3306/tcp, :::3308->3306/tcp   fleet-preview-server_mysql01_1
    75d2cc6a59ed   redis:6                             "docker-entrypoint.s…"   About an hour ago   Up About an hour   6379/tcp                                               fleet-preview-server_redis01_1
    88b39d78b8d7   fleetdm/fleet:latest                "sh -c '/usr/bin/fle…"   4 days ago          Up About an hour   0.0.0.0:1337->1337/tcp, :::1337->1337/tcp              fleet-preview-server_fleet02_1
  • I’m off to bed now, it’s almost 11pm here
  • So, @Lucas Rodriguez - which fleetdm/fleet container do you wants logs from (see output from docker ps above)
  • Lucas Rodriguez

    Lucas Rodriguez

    8 months ago
    Both, if possible.
  • j

    jby

    8 months ago
    Hmm, looking at multiple pages of logs I went to the dashboard and realised that the restart last night seem to have cleaned everything up and it found the persistent storage again. It’s back
  • I’m rebuilding my orbit-packages with the original enrollment secret now
  • Lucas Rodriguez

    Lucas Rodriguez

    8 months ago
    OK, glad it's working again!, if you plan to continue using fleet we suggest a proper deployment 🙂 https://fleetdm.com/docs/deploying#deployment
  • j

    jby

    8 months ago
    Yes, I wont run this preview in production - it’s still eval
  • I was wrong, it started with the new example data, not with the old data…
  • So, a recap: • I installed and ran
    fleetctl preview
    and to an instance running, created a couple of users and created pkgs and installed on a couple of Macs and a couple of Linux clients. It worked great. • I thought I’d upgrade to newer versinos - asked here and got the info that re-running
    fleetctl preview
    would upgrade what I had, and keep the data intact. • Re-ran the
    fleetctl preview
    got a totally empty instance, no example data, and none of my old data in it, and no users. • Restarted (
    fleetctl preview stop
    followed by
    fleetctl preview
    - this seems to have re-provisioned the instance with example data but still no sign of the data from my clients and my users are gone again…
  • Any further tips on this @Lucas Rodriguez or @Rachel Perkins?
  • Or am I at the end of the road with the preview and should setup a more permanent installation instead?
  • Lucas Rodriguez

    Lucas Rodriguez

    8 months ago
    Hard to know what's going on. One last try would be (if containers are running), use mysql client to connect to the mysql container:
    mysql --host=127.0.0.1 --port=3308 --user=root --password
    
    # password is toor
    And check if your data is there running:
    select * from fleet.hosts;
    Then check if the mysql container is using the one data volume in your system, if it is using it then it may have been overwritten accidentally or by
    fleetctl preview
    . (We haven't gotten any reports about this yet.) @zwass Do you happen to know if
    fleetctl preview
    could accidentally override a previous preview mysql volume? See https://osquery.slack.com/archives/C01DXJL16D8/p1638900269318900?thread_ts=1638356010.214300&amp;cid=C01DXJL16D8
  • zwass

    zwass

    8 months ago
    fleetctl preview reset
    would clear out all the data -- additionally any change to the Docker installation could do this. If you find yourself creating multiple users and attaching multiple other hosts that you want to keep in there for an extended period of time I think you probably have outgrown preview and would want to set up a "real" environment (even if it's just on something like render.com: https://blog.fleetdm.com/deploying-fleet-on-render-2d743aed213f)
  • j

    jby

    8 months ago
    Yeah, my ITSec-guy is not too hot on sending this kind of data to the cloud…
  • I had created 2 users and added 5 real hosts just to be able to look att some real data and not just the example data that’s included
  • So, are you just going to leave me hanging here? @Rachel Perkins @Lucas Rodriguez
  • zwass

    zwass

    7 months ago
    Hi Jonas, I looked back through the last few messages in this thread and it's not clear what follow up you are asking for here. We always try to help community members get the most out of Fleet, but the team is also very busy with development work. If you have additional questions, please ask in this thread or a new one and our team and the community will provide assistance on a best-effort basis.
  • j

    jby

    7 months ago
    I initially asked how to upgrade the preview and was told it would upgrade “in-place” if I just re-ran the
    fleetctl preview
    command. I specifically asked if that would affect the data in my running instance and was told it wouldn’t. I followed the given instructions and ended up without both my previous data and the example data. I found the docker container with my data and thought that I’d get help re-connecting that to the new preview instance - then just silence
  • I was just perplexed about, perhaps a misunderstanding from my side, that someone was actually looking into this and would get back to me with some help, and nothing but silence from your end. I understand that you’re busy with development, but I was led to believe that I would get more help
  • And - I’m pushing this to help you with similar situations in the future. If you now realise that a preview can’t be upgraded, then noone else would have to end up like me, especially not after asking about it explicitly…