Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
s
Shawn Maddock
09/08/2022, 2:41 PMHaving an issue configuring Fleet with a YAML file. The password is specified in the file, but when I attempt to start it up using
fleet serve --config /etc/fleet/fleet.ymlmysql="could not connect to db: Error 1045: Access denied for user 'fleet'@'localhost' (using password: NO), sleeping 0s"apiVersion: v1
kind: config
spec:
mysql:
password: '<my password>'
server:
address: 0.0.0.0:443
cert: '/etc/letsencrypt/live/<my domain>/fullchain.pem'
key: '/etc/letsencrypt/live/<my domain>/privkey.pem'l
Lucas Rodriguez
09/08/2022, 2:47 PMHi @Shawn Maddock!
Could you try with:
mysql:
password: '<my password>'
server:
address: 0.0.0.0:443
cert: '/etc/letsencrypt/live/<my domain>/fullchain.pem'
key: '/etc/letsencrypt/live/<my domain>/privkey.pem's
Shawn Maddock
09/08/2022, 2:51 PMOkay, that worked… but that means https://fleetdm.com/docs/deploying/configuration#example-yaml and https://fleetdm.com/docs/using-fleet/configuration-files are incorrect
l
Lucas Rodriguez
09/08/2022, 2:52 PMYes, probably outdated docs. I'll open an issue and link this thread.
s
Shawn Maddock
09/08/2022, 2:53 PMYikes. I mean, thanks, but yikes. I hope that top level structure is the only thing outdated.
l
Lucas Rodriguez
09/08/2022, 2:54 PMOh seems we already have an issue for this: https://github.com/fleetdm/fleet/issues/7557
Oh and we have a PR to fix it 🙂 https://github.com/fleetdm/fleet/pull/7449/files
s
Shawn Maddock
09/08/2022, 2:57 PMThat “two different configs” is very confusing, and needs to be called out.
l
Lucas Rodriguez
09/08/2022, 3:03 PMIndeed. Thanks for the feedback!
s
Shawn Maddock
09/08/2022, 3:11 PMSo since I’m still a little confused and a newb, can all
configfleet --configfleetctl applyl
Lucas Rodriguez
09/08/2022, 3:30 PMNo, only some settings can be applied via
fleetctl applyThe
fleet --configfleetctl applys
Shawn Maddock
09/08/2022, 3:49 PMI think that makes sense. I’ll keep playing around and reach back out if I run into other issues. Thanks!
Is there a way to export settings set in the web UI to YAML?
Also, in some docs, I’m seeing the yaml section defined as
vulnerabilitiesvulnerability_settingsI found
fleet config_dump--configfleetctl get configvulnerability_settingsfleetctlvulnerabilitiesfleetHaving one, API-style doc that lists all the config settings and all the ways they can be applied would be lovely. This mix of explanatory docs, tutorials, reference docs, and help text does not a happy developer make. If there’s any way i can contribute to making that happen, let me know.
k
Kathy Satterlee
09/09/2022, 1:48 PMHi @Shawn Maddock! You can pull the full config with
fleetctl get config --include-server-configs
Shawn Maddock
09/09/2022, 1:58 PMThat flag is not actually adding anything to the output on my instance
k
Kathy Satterlee
09/09/2022, 4:15 PMThat's really odd! Can you share that output with anything sensitive removed?
I know there's been a lot of back and forth on this already, so I'd also be happy to jump on a quick Zoom call so you can do some show and tell to streamline things if you'd like.