Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
j
Jason
01/28/2022, 1:37 PMHm, I know I've done this before -- but I'm getting a 500 when trying to
fleetctl apply -fAlso this page - https://github.com/kolide/fleet/blob/master/docs/cli/setup-guide.md needs a small fix
it lists
fleetctl get options > options.yamlwhen it should be
fleetctl get config > <filename>l
Lucas Rodriguez
01/28/2022, 2:03 PMHi! Could you share us the full output when running
fleetctl apply -fAlso this page - https://github.com/kolide/fleet/blob/master/docs/cli/setup-guide.md needs a small fixThat's the old repository: https://github.com/kolide/fleet#fleet-is-retired This is the official fleet repository: https://github.com/fleetdm/fleet
Apart from the docs in Github, we have: https://fleetdm.com/docs
j
Jason
01/28/2022, 2:10 PMoh ha - sorry about that. Google messed me up there 🙂
❯ ./fleetctl apply -f ./fleetconfig.yml
applying fleet config: apply config received status 500 forbidden: forbiddenThanks @Lucas Rodriguez!
l
Lucas Rodriguez
01/28/2022, 2:11 PMAlso, please share `fleetctl`'s version. If you get a 500 you could check
fleet servej
Jason
01/28/2022, 2:12 PM❯ ./fleetctl --version
fleetctl - version 4.9.0
branch: HEAD
revision: 3018ad0fb45f7f6422b3d12e6a9f4e17d1079420
build date: 2022-01-22
build user: runner
go version: go1.17.2l
Lucas Rodriguez
01/28/2022, 2:15 PMOK, let us know if you can get
fleet servelevel=errorj
Jason
01/28/2022, 2:37 PMOk will do
l
Lucas Rodriguez
01/28/2022, 2:39 PMforbiddenfleetctlj
Jason
01/28/2022, 2:58 PMhi @Lucas Rodriguez - I've got this
{
"component": "http",
"err": "forbidden",
"internal": "Missing authorization check",
"level": "info",
"path": "/api/v1/fleet/config",
"ts": "2022-01-28T14:10:40.330143989Z"
}my config for fleetctl is using an API token and not username/pw - if that helps
l
Lucas Rodriguez
01/28/2022, 3:02 PMOK, by grabbing the token from the UI and editing
~/.fleet/configAlso, what's the
RoleAre you able get config?
fleetctl get configj
Jason
01/28/2022, 3:08 PMcorrect on the config file
My role is "Admin"
yes, I can
get configl
Lucas Rodriguez
01/28/2022, 3:17 PMOK, could you share the config you are trying to apply? (please do redact any sensitive information)
We'll be trying to reproduce on our end.
j
Jason
01/28/2022, 3:20 PMI can tell you exactly what I am doing (it's very simply)
I just want to change the host decorator
so I am dumping the config and changing one line
- SELECT hostname AS hostname FROM system_info;- SELECT computer_name AS hostname FROM system_info;l
Lucas Rodriguez
01/28/2022, 3:22 PMOK, that makes sense. Will open a Github issue. One last thing, can you confirm the version of the fleet server is also 4.9.0?
j
Jason
01/28/2022, 3:22 PMyes it is
I will try using a username/pw in a minute to see if that fixes it
l
Lucas Rodriguez
01/28/2022, 3:24 PM{"component":"http","err":"forbidden","internal":"Missing authorization check","level":"info","path":"/api/v1/fleet/config","ts":"2022-01-28T14:10:40.330143989Z"}Any other error logs around this? (to add to the Github issue.)
Also, you mentioned you were admin, are you a global admin? as in:
j
Jason
01/28/2022, 3:27 PMchecking now
l
Lucas Rodriguez
01/28/2022, 3:27 PMj
Jason
01/28/2022, 3:27 PMit seems I also cannot create a new user (probably same root case)
oh nevermind - that one was because of a duplicate email address
l
Lucas Rodriguez
01/28/2022, 3:31 PMAlso, you mentioned you were admin, are you a global admin? as in:Under "My Account"
(My mistake, you are probably running Fleet Free, which doesn't have Teams support 🙂
Here it is: https://github.com/fleetdm/fleet/issues/3913, feel free to add any extra information there.
j
Jason
01/28/2022, 3:32 PMthx
l
Lucas Rodriguez
01/28/2022, 3:33 PMLike the error logs surrounding the "Missing authorization check" error.
j
Jason
01/28/2022, 3:33 PMok
also - I created that local user
(deleted my config file)
and i can
fleetctl loginbut when I get config - it wants me to log in again
❯ ./fleetctl get config
Invalid session. Please log in with: fleetctl loginrunning fleetctl on an m1 mac, btw
l
Lucas Rodriguez
01/28/2022, 3:34 PMOK, does
fleetctl loginj
Jason
01/28/2022, 3:36 PM[+] Fleet login successful and context configured!l
Lucas Rodriguez
01/28/2022, 3:37 PMCould this be a mixture of running a local
./fleetctlfleetctl./j
Jason
01/28/2022, 3:37 PMoh, I'm running it with ./
./fleetctl xyz
l
Lucas Rodriguez
01/28/2022, 3:38 PMAck
j
Jason
01/28/2022, 3:38 PMI should try it with linux maybe
m1 strangeness maybe ? haven't run into it yet, but thats not to say it couldn't happen
l
Lucas Rodriguez
01/28/2022, 3:38 PMCould be, added that to the issue.
You could inspect the
~/.fleet/config(that's what
fleetctlE.g. in my test case:
contexts:
default:
address: <https://localhost:8080>
email: <mailto:lucas@fleetdm.com|lucas@fleetdm.com>
token: [...]j
Jason
01/28/2022, 3:51 PMyeah, I checked that too - seems fine
rootca is blank, but it's a publicly trusted cert
l
Lucas Rodriguez
01/28/2022, 5:21 PMOK, feel free to post any updates on the linked issue.
n
Noah Talerman
02/02/2022, 2:36 PMHey @Jason, were you able to resolve this issue?
j
Jason
02/02/2022, 10:07 PMhi @Noah Talerman - I have not.... I've been stuck on another "on fire" thing and have not had a chance.
👍 1
l
Lucas Rodriguez
02/04/2022, 6:05 PM@Jason Whenever possible, please attach the
config.ymlj
Jason
02/04/2022, 6:30 PMThanks Lucas - I am going to try once more and get back to you. It's possible it was our WAF, I will investigate.