https://github.com/osquery/osquery logo
Join Slack
Powered by
Does it have hardcoded values for DB when running ...
# fleet
t
Does it have hardcoded values for DB when running in dev mode?
u
Hi @Taavi Ansper (osquery)! Can you tell me a little more about how you've set up your dev environment?
t
Copy code
---
services:
  db:
    container_name: db
    hostname: db
    image: <http://docker.io/mysql:8.0.41-debian|docker.io/mysql:8.0.41-debian>
    cap_add:
      -  SYS_NICE
    restart: unless-stopped
    volumes:
      - /opt/fleetdm/mysql/data:/var/lib/mysql
      - /opt/fleetdm/mysql/initdb:/docker-entrypoint-initdb.d
      - /opt/fleetdm/mysql/conf:/etc/mysql/conf.d
      - /opt/fleetdm/mysql/backups:/data/backups
    user: "1002:1001"
    env_file:
      - '/opt/fleetdm/mysql/env-mysql-server'
    networks:
      - fleetdm-network
  redis:
    container_name: redis
    hostname: redis
    image: <http://docker.io/redis:7.2.4-alpine|docker.io/redis:7.2.4-alpine>
    command: "redis-server /usr/local/etc/redis/redis.conf"
    restart: unless-stopped
    volumes:
        - /opt/fleetdm/redis/conf:/usr/local/etc/redis
        - /opt/fleetdm/redis/data:/data
    user: "1002:1001"
    env_file:
      - '/opt/fleetdm/redis/env-redis-config'
    networks:
      - fleetdm-network
    
  fleetdm:
    container_name: fleetdm
    hostname: fleetdm
    image: <http://docker.io/fleetdm/fleet:v4.66.0|docker.io/fleetdm/fleet:v4.66.0>
    command: sh -c "/usr/bin/fleet prepare db --no-prompt --config /fleet/config.yml && /usr/bin/fleet serve --dev --dev_license --logging_debug --config /fleet/config.yml" 
    restart: unless-stopped
    volumes:
      - /opt/fleetdm/fleetdm/data:/fleet
      - /opt/fleetdm/fleetdm/data/server.cert:/fleet/server.cert
      - /opt/fleetdm/fleetdm/data/server.key:/fleet/server.key
      - /opt/fleetdm/fleetdm/data/config.yml:/fleet/config.yml:ro
    env_file:
      - '/opt/fleetdm/fleetdm/env-fleetdm'
    networks:
      - fleetdm-network
    depends_on:
      - db
      - redis
  nginx-modsecurity-proxy:
    container_name: nginx-modsecurity-proxy
    hostname: nginx-modsecurity-proxy
    image: owasp/modsecurity-crs:3.3.5-nginx-alpine-202401080101
    restart: unless-stopped
    volumes:
      - /opt/fleetdm/nginx_modsecurity/server.crt:/etc/nginx/conf/server.crt:ro
      - /opt/fleetdm/nginx_modsecurity/server.key:/etc/nginx/conf/server.key:ro
      - /opt/fleetdm/nginx_modsecurity/log:/var/log/nginx
      - /opt/fleetdm/nginx_modsecurity/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf:/etc/modsecurity.d/owasp-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
      - /opt/fleetdm/nginx_modsecurity/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf:/etc/modsecurity.d/owasp-crs/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
      - /opt/fleetdm/nginx_modsecurity/default.conf.template:/etc/nginx/templates/conf.d/default.conf.template:rw
      - /opt/fleetdm/nginx_modsecurity/nginx.conf.template:/etc/nginx/templates/nginx.conf.template:rw
      - /opt/fleetdm/nginx_modsecurity/proxy_backend.conf.template:/etc/nginx/templates/includes/proxy_backend.conf.template:rw
      - /opt/fleetdm/nginx_modsecurity/data:/usr/share/nginx/html/custom_pages/
    ports:
      - "80:80"
      - "443:443"
    env_file:
      - '/opt/fleetdm/nginx_modsecurity/env-nginx_modsecurity'
    networks:
      - fleetdm-network
networks:
  fleetdm-network:
    driver: bridge
    name: fleetdm-network
This is my docker compose. We are trying to evaluate fleet for our use case and we saw the using the --dev and --dev_license we can test out the fleet premium offering. Which I am trying to do.
The config for fleet looks like this:
Copy code
mysql:
    address: db:3306
    database: fleetdm
    max_open_conns: 50
    password: example
    username: fleet
prometheus:
    basic_auth:
        password: example
        username: example
redis:
    address: redis:6379
s3:
    software_installers_access_key_id: example
    software_installers_bucket: fleetdm-software-installers
    software_installers_endpoint_url: <https://s3.example.com:9000>
    software_installers_force_s3_path_style: true
    software_installers_prefix: example/
    software_installers_region: eu-east-1
    software_installers_secret_access_key: example
server:
    cert: /fleet/server.cert
    key: /fleet/server.key
    private_key: example
k
Do you have that Fleet user set up in your MySQL config?
t
Yep the error feels like it is trying to connect to the mysql server in the fleet container and not to the mysql container?
u
Sorry for leaving you hanging there! I don't believe that's possible since only the Fleet service is available in that container, so it must be connecting to the MySQL container. Is the user configured there?
10 Views
Open in Slack
PreviousNext
Powered by