Title
#fleet
s

Shawn Maddock

09/08/2022, 2:41 PM
Having an issue configuring Fleet with a YAML file. The password is specified in the file, but when I attempt to start it up using
fleet serve --config /etc/fleet/fleet.yml
, I’m getting:
mysql="could not connect to db: Error 1045: Access denied for user 'fleet'@'localhost' (using password: NO), sleeping 0s"
If instead I specify the password with a CLI flag, it works fine. The config file is fairly simple:
apiVersion: v1
kind: config
spec:
  mysql:
    password: '<my password>'
  server:
    address: 0.0.0.0:443
    cert: '/etc/letsencrypt/live/<my domain>/fullchain.pem'
    key: '/etc/letsencrypt/live/<my domain>/privkey.pem'
Anyone know why fleet would seem to be ignoring my config file?
Lucas Rodriguez

Lucas Rodriguez

09/08/2022, 2:47 PM
Hi @Shawn Maddock! Could you try with:
mysql:
  password: '<my password>'
server:
  address: 0.0.0.0:443  
  cert: '/etc/letsencrypt/live/<my domain>/fullchain.pem'
  key: '/etc/letsencrypt/live/<my domain>/privkey.pem'
See https://fleetdm.com/docs/deploying/configuration#using-a-yaml-config-file
s

Shawn Maddock

09/08/2022, 2:51 PM
Lucas Rodriguez

Lucas Rodriguez

09/08/2022, 2:52 PM
Yes, probably outdated docs. I'll open an issue and link this thread.
s

Shawn Maddock

09/08/2022, 2:53 PM
Yikes. I mean, thanks, but yikes. I hope that top level structure is the only thing outdated.
Lucas Rodriguez

Lucas Rodriguez

09/08/2022, 2:54 PM
Oh seems we already have an issue for this: https://github.com/fleetdm/fleet/issues/7557
2:55 PM
Oh and we have a PR to fix it 🙂 https://github.com/fleetdm/fleet/pull/7449/files
s

Shawn Maddock

09/08/2022, 2:57 PM
That “two different configs” is very confusing, and needs to be called out.
Lucas Rodriguez

Lucas Rodriguez

09/08/2022, 3:03 PM
Indeed. Thanks for the feedback!
s

Shawn Maddock

09/08/2022, 3:11 PM
So since I’m still a little confused and a newb, can all
config
type settings be specified in the one passed by
fleet --config
, or are there some that can only be set via
fleetctl apply
?
Lucas Rodriguez

Lucas Rodriguez

09/08/2022, 3:30 PM
No, only some settings can be applied via
fleetctl apply
, like queries, packs, osquery agent settings. These settings are defined here: https://fleetdm.com/docs/using-fleet/configuration-files
3:31 PM
The
fleet --config
ones are more operational settings (which cannot be changed by
fleetctl apply
like MySQL connection settings, etc.)
s

Shawn Maddock

09/08/2022, 3:49 PM
I think that makes sense. I’ll keep playing around and reach back out if I run into other issues. Thanks!
7:06 PM
Is there a way to export settings set in the web UI to YAML?
8:40 PM
Also, in some docs, I’m seeing the yaml section defined as
vulnerabilities
and other places
vulnerability_settings
… same with other section names. Are these interchangeable?
10:23 PM
I found
fleet config_dump
but that only includes what I have in the
--config
file, and
fleetctl get config
which only includes what was set in the UI. It looks like
vulnerability_settings
moved from the
fleetctl
config to
vulnerabilities
in the
fleet
config, making it even more confusing.
10:33 PM
Having one, API-style doc that lists all the config settings and all the ways they can be applied would be lovely. This mix of explanatory docs, tutorials, reference docs, and help text does not a happy developer make. If there’s any way i can contribute to making that happen, let me know.
Kathy Satterlee

Kathy Satterlee

09/09/2022, 1:48 PM
Hi @Shawn Maddock! You can pull the full config with
fleetctl get config --include-server-config
. I'm sorry about the weirdness in the docs, I'll dig in to that and make sure everything is up to date.
s

Shawn Maddock

09/09/2022, 1:58 PM
That flag is not actually adding anything to the output on my instance
Kathy Satterlee

Kathy Satterlee

09/09/2022, 4:15 PM
That's really odd! Can you share that output with anything sensitive removed? I know there's been a lot of back and forth on this already, so I'd also be happy to jump on a quick Zoom call so you can do some show and tell to streamline things if you'd like.