JojoD
04/04/2022, 4:05 PMENABLE_SOFTWARE_INVENTORY: true
FLEET_VULNERABILITIES_DATABASES_PATH: /home
Tomas Touceda
04/04/2022, 5:06 PMhi! software inventory is something you enable through fleetctl apply with a file like this:ENABLE_SOFTWARE_INVENTORY: true
---
apiVersion: v1
kind: config
spec:
host_settings:
enable_software_inventory: true
JojoD
04/04/2022, 6:08 PMFLEET_VULNERABILITIES_DATABASES_PATH=/some/path
will do the trick? I've tested also unsuccessfully, wondering if I missed something there thoughTomas Touceda
04/04/2022, 9:09 PMI use a yml file with the env variablesdo you mind rephrasing this or showing me an example? I'm not sure I understand what you mean
do you know if there is another way to enable this?we have two areas to configure. The fleet serve config can be done through env vars, CLI options, or yaml on the other hand, we have the application config that can only be applied through
fleetctl apply -f
through a yaml (or through the UI, but not all options are available in the UI).
in the case of software inventory, it's the latter. You would apply that config, then it would be stored in the database, and that'll be itJojoD
04/04/2022, 10:25 PMimage:
baseImage: fleetdm/fleet
workDir: /home
copy:
/fleet: /home/fleet
cmd: [ "/home/fleet", "serve" ]
ports:
- port: 8080
desc: "port description"
config:
default:
FLEET_LOGGING_DEBUG: false
FLEET_MYSQL_ADDRESS: "mysql:3306"
FLEET_MYSQL_DATABASE: "fleet"
FLEET_MYSQL_USERNAME: "fleet"
FLEET_MYSQL_PASSWORD: "mypass"
FLEET_REDIS_ADDRESS: "redis:6379"
FLEET_REDIS_PASSWORD: ""
FLEET_AUTH_JWT_KEY: my-secret
FLEET_LOGGING_JSON: true
FLEET_OSQUERY_STATUS_LOG_PLUGIN: stdout
FLEET_OSQUERY_RESULT_LOG_PLUGIN: stdout
FLEET_SERVER_TLS: false
FLEET_SERVER_ADDRESS: "0.0.0.0:8080"
FLEET_MYSQL_MAX_OPEN_CONNS: "500"
FLEET_MYSQL_CONN_MAX_LIFETIME: "300"
FLEET_VULNERABILITIES_DATABASES_PATH: /home # For Software vulnerabilities - THIS WORKS
preprod:
FLEET_LOGGING_DEBUG: false
FLEET_MYSQL_ADDRESS: "DBADDRESS"
LEET_MYSQL_DATABASE: "fleet"
FLEET_MYSQL_USERNAME: "fleet"
FLEET_MYSQL_PASSWORD: "mypass"
FLEET_REDIS_ADDRESS: "REDISADDRESS"
FLEET_REDIS_PASSWORD: ""
FLEET_OSQUERY_STATUS_LOG_PLUGIN: "stdout"
FLEET_OSQUERY_RESULT_LOG_PLUGIN: "stdout"
FLEET_AUTH_JWT_KEY: my-secret
FLEET_ENABLE_SOFTWARE_INVENTORY: true #enable_software_inventory: true - THIS DOESN'T WORK
FLEET_VULNERABILITIES_DATABASES_PATH: /home
prod:
#PROD VARS
domains:
default:
#CONFIGS
preprod:
#CONFIGS
prod:
#CONFIGS
FLEET_ENABLE_SOFTWARE_INVENTORY
it worksTomas Touceda
04/05/2022, 3:15 PMbut running it locally and withoutthis is likely because you are running an older version of fleet locally, because we've removed this in later versions You can configure vulnerability processing through env vars, but for software inventory, you'll have to apply a yaml like the one I mentioned earlier withit worksFLEET_ENABLE_SOFTWARE_INVENTORY
fleetctl apply -f
JojoD
04/05/2022, 5:36 PMfleetctl get config --include-server-config
the inventory software feature was still set to false... I've ended up manually enabling it with the fleetctl apply -f
command remotely... a restart was not required in the instance eitherversion 4.7.0
, I guess I won't need to manually enable it again... 🤔Tomas Touceda
04/07/2022, 2:35 PMI've ended up manually enabling it with thethis is the only way to apply this yamlcommand remotelyfleetctl apply -f
I've added the new yaml file with the configuration suggestedif by this you mean you used it when launching
fleet serve
then that would not have an effect, that's why you had to fleetctl apply
itJojoD
04/07/2022, 8:12 PMfleet serve
command