https://github.com/osquery/osquery logo
Join Slack
Powered by
Hi there! I've run the deployment of a new version...
# fleet
j
Hi there! I've run the deployment of a new version of fleet, everything went smoothly, however the tools is not allowing the login, in the logs I see 
authentication error: find host: timestamp: 2022-03-29T17:04:30Z: missing destination name public_ip in *fleet.Host
I've remotely connected to the DB, but all the information is still there, any thoughts on this?
👀 1
k
Hi, @JojoD! Just to make sure we're on the same page, was this an upgrade to an existing Fleet instance, or a fresh install?
j
it was an existing instance
k
Gotcha. And did you run 
fleet prepare db
before serving the updated version?
j
yep, migrations were completed
I run it twice, the second time it returned the message that there was nothing to do because the migration was complete
k
Thanks for the additional context. I'll do a bit of research and get back to you shortly.
j
thank you, @Kathy Satterlee
k
Might be relevant... how are you logging in? Through the UI, or using 
fleetctl
?
j
through the UI
k
Are you seeing errors when you actually log in, or just through the logs?
j
just through logs, in the UI it shows "Authentication failed"
k
Thanks again! I'm sure I'll have more questions.
j
no worries
thanks for the support 👌
z
It sounds like you might be running a different version of Fleet when running the migrations vs. when running the server.
j
oh I think I used different fleet installations for making the migration
no, actually I've used the same docker image 🤔
k
Can you double check the Fleet version with 
fleetctl --version
?
z
^ That will be the 
fleetctl
version. Maybe double check what you get from the 
/version
API endpoint on Fleet?
k
Thanks, @zwass
j
can that be checked using the cli?
k
Did you upgrade 
fleetctl
to the newest version along with Fleet?
And you can hit the 
/version
endpoint through the REST API without Auth
Copy code
<https://fleet.example.com/version>
j
• thank you, so the 
fleetctl
shows 
fleetctl - version 4.8.0
and the other shows 
version: "4.10.0",
z
4.10 is not right. It sounds like you've run migrations for 4.12 but your server is running 4.10.
j
how can I know what version the migration was run for? also, the last version I've uploaded to the server was the 4.10.0 🤔
z
What command are you using to run the migration? Can you replace the 
prepare db
part with 
version --full
?
j
this is how I run it
like running 
fleet version --full
?
k
What do you get if you run 
/usr/bin/fleet version --full
from the same location?
j
so it seems it does has the 
4.12.0
😮
k
There's the culprit!
j
gosh, so recaping, fleet and fleetctl should both be in the same version to run successfully
k
Ideally, but the real culprit here is that the version of Fleet that's served and the version that was used for database migrations don't match up.
j
is there a way to know what version will run the migration?
k
You can double check the version of Fleet installed with the 
/usr/bin/fleet version --full
command before running the migrations.
j
got it
thanks a lot for the help, @Kathy Satterlee and @zwass
k
Do you still have the terminal window where you ran 
fleet serve
after the upgrade open?
j
not really, I've used the cli of the docker image used to deploy the new version, is not exactly the same server
hello again 😅 ... I've deployed the new version, but the behavior remains, any additional ideas? 🤔
z
Can you check the 
/version
endpoint again?
It sounds like you still aren't running 4.12 on your server.
j
yup, first thing I did, the version now looks up to date
z
What do you mean at the top when you say "the tools is not allowing the login"?
j
when headed to the UI, we get this message when trying to access with email + pass
additionally we have SSO enabled, if we try this option, it returns 404
one of my team members asures that the error should be in the DB, but I see all the data there, so I doubt the DB it's the problem
z
What do you see in the Fleet server logs just after attempting this?
j
in the logs, it actually seems to be receiving data from the endpoints
gosh, the problem ended up being the IdP callback URL, I've updated this URL to update it from 
/api/v1/kolide/sso/callback
to 
/api/v1/fleet/sso/callback
, everything is working now 🙌
again thanks @zwass and @Kathy Satterlee for all the help! 🤝
❤️ 1
k
That's awesome! Way to stick with it, @JojoD 🙂
🤝 1
3 Views
Open in Slack
PreviousNext
Powered by