Channels
  • a

    arod

    1 year ago
    Hey folks. I am doing the docker install using a
    docker-compose.yml
    file Here is the fleet section. I have mysql and redis as well. Could really use some help in our current setup. THREADING so I don't clog up the channel
    This is my docker-compose. mysql and redis are here as well.
    fleet:
        image: fleetdm/fleet:3.9.0
        hostname: fleet
        container_name: fleet
        restart: always
        command: sh -c "echo '\n' | /usr/bin/fleet prepare db --config=/etc/kolide.yml && /usr/bin/fleet serve --config=/etc/kolide.yml"
        depends_on:
          - mysql
          - redis
        volumes:
          - ./production_cluster/fleet-configs/kolide.yml:/etc/kolide.yml
          - ./production_cluster/fleet-configs/cert.pem:/certs/cert.pem
          - ./production_cluster/fleet-configs/key.pem:/certs/key.pem
        expose:
          - "8412"
        ports:
          - "${FLEET_PORT}:8080"
        networks:
          - fleet-net

    I am using a kolide.yml file with data already My issue is this:
    Once I run the initial:
    ./fleetctl config set --address "<https://localhost>:$FLEET_PORT" --tls-skip-verify --config "production_cluster/fleet-configs/kolide.yml"
      echo "running fleetctl setup"
    It replaces the
    kolide.yml
    completely.
    This is the template I am giving to the container:
    mysql:
      address: mysql:3306
      database: fleet
      username: fleet
      password: MYSQL_FLEET_PASSWORD
    redis:
      address: redis:6379
    server:
      address: 0.0.0.0:8080
      tls: true
      cert: /certs/cert.pem
      key: /certs/key.pem
    auth:
      jwt_key: FLEET_JWT_KEY
    filesystem:
      status_log_file: /var/log/osquery/status.log
      result_log_file: /var/log/osquery/result.log
      enable_log_rotation: true
    logging:
      json: true
    This is what my kolide.yml after the config set command
    contexts:
      default:
        address: <https://localhost:8999>
        email: sea@sea.test
        rootca: ""
        tls-skip-verify: true
        token: <TOKEN HERE>
        url-prefix: ""

    Is this expected? I don't want to blast my config away. Once it does and I restart the containers, fleet doesn't come up because of the following (output from
    docker logs fleet
    :
    Using config file:  /etc/kolide.yml
    Error creating db connection: dial tcp 127.0.0.1:3306: connect: connection refused
    Using config file:  /etc/kolide.yml
    Which makes sense because the DB config piece is gone. I'm curious on why? Is this expected?
    @User Would love some help with this so I can sleep! 😞 Thanks folks!
    I guess I need to understand these commands better? Can't find in the docs
    command: sh -c "echo '\n' | /usr/bin/fleet prepare db --config=/tmp/kolide.yml && /usr/bin/fleet serve --config=/tmp/kolide.yml"
  • zwass

    zwass

    1 year ago
    The config for
    fleetctl
    and for the Fleet server are separate. Looks like you are overriding the server config with the one from
    fleetctl
    .
  • a

    arod

    1 year ago
    :mind_blown: 🤯 @zwass Omg.
    Thanks a lot! So I basically need to use a different config file for
    fleetctl
    entirely. Doesn't even need to be on the container.
  • zwass

    zwass

    1 year ago
    Correct. Think of
    fleetctl
    as another client for the Fleet server. Like the web UI but it's a CLI.
  • a

    arod

    1 year ago
    Thanks so much! Fixed everything. @zwass