https://fleetdm.com logo
Channels
  • a

    arod

    1 year ago
    Hey folks. I am doing the docker install using a 
    docker-compose.yml
    file Here is the fleet section. I have mysql and redis as well. Could really use some help in our current setup. THREADING so I don't clog up the channel
    This is my docker-compose. mysql and redis are here as well.
    fleet:
    image: fleetdm/fleet:3.9.0
    hostname: fleet
    container_name: fleet
    restart: always
    command: sh -c "echo '\n' | /usr/bin/fleet prepare db --config=/etc/kolide.yml && /usr/bin/fleet serve --config=/etc/kolide.yml"
    depends_on:
      - mysql
      - redis
    volumes:
      - ./production_cluster/fleet-configs/kolide.yml:/etc/kolide.yml
      - ./production_cluster/fleet-configs/cert.pem:/certs/cert.pem
      - ./production_cluster/fleet-configs/key.pem:/certs/key.pem
    expose:
      - "8412"
    ports:
      - "${FLEET_PORT}:8080"
    networks:
      - fleet-net
    I am using a kolide.yml file with data already My issue is this:
    Once I run the initial: 
    ./fleetctl config set --address "<https://localhost>:$FLEET_PORT" --tls-skip-verify --config "production_cluster/fleet-configs/kolide.yml"
  echo "running fleetctl setup"
    It replaces the 
    kolide.yml
    completely.
    This is the template I am giving to the container: 
    mysql:
  address: mysql:3306
  database: fleet
  username: fleet
  password: MYSQL_FLEET_PASSWORD
redis:
  address: redis:6379
server:
  address: 0.0.0.0:8080
  tls: true
  cert: /certs/cert.pem
  key: /certs/key.pem
auth:
  jwt_key: FLEET_JWT_KEY
filesystem:
  status_log_file: /var/log/osquery/status.log
  result_log_file: /var/log/osquery/result.log
  enable_log_rotation: true
logging:
  json: true
    This is what my kolide.yml after the config set command 
    contexts:
  default:
    address: <https://localhost:8999>
    email: sea@sea.test
    rootca: ""
    tls-skip-verify: true
    token: <TOKEN HERE>
    url-prefix: ""
    Is this expected? I don't want to blast my config away. Once it does and I restart the containers, fleet doesn't come up because of the following (output from 
    docker logs fleet
    : 
    Using config file:  /etc/kolide.yml
Error creating db connection: dial tcp 127.0.0.1:3306: connect: connection refused
Using config file:  /etc/kolide.yml
    Which makes sense because the DB config piece is gone. I'm curious on why? Is this expected?
    @User Would love some help with this so I can sleep! 😞 Thanks folks!
    I guess I need to understand these commands better? Can't find in the docs 
    command: sh -c "echo '\n' | /usr/bin/fleet prepare db --config=/tmp/kolide.yml && /usr/bin/fleet serve --config=/tmp/kolide.yml"
  • zwass

    zwass

    1 year ago
    The config for 
    fleetctl
    and for the Fleet server are separate. Looks like you are overriding the server config with the one from 
    fleetctl
    .
  • a

    arod

    1 year ago
    :mind_blown: 🤯 @zwass Omg.
    Thanks a lot! So I basically need to use a different config file for 
    fleetctl
    entirely. Doesn't even need to be on the container.
  • zwass

    zwass

    1 year ago
    Correct. Think of 
    fleetctl
    as another client for the Fleet server. Like the web UI but it's a CLI.
  • a

    arod

    1 year ago
    Thanks so much! Fixed everything. @zwass
Join thread in Slack
View count: 5