Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
j
jby
12/01/2021, 10:53 AMSo, if I’m running fleetctl preview and the preview is updated (don’t know if it ever is), can I somehow easily update it?
r
Rachel Perkins
12/01/2021, 3:40 PMHiya, you can check which version of fleet you're running on the bottom right of the My Account page or with
npm view fleetctl versionj
jby
12/01/2021, 3:53 PMSo, how do I update then?
Feel free to point me to any documentation that I’ve neglected to read
Can I upgrade with the data in the system intact - including the enrollment secret?
r
Rachel Perkins
12/01/2021, 4:58 PMOk sweet, yeah, I just smoke tested by downgrading to 4.5.0, created a query, upgraded to 4.6.1 and it was still there
If you just run
fleetctl previewj
jby
12/01/2021, 5:00 PMGreat, I'll test tomorrow - it's 6pm here noe
r
Rachel Perkins
12/01/2021, 5:00 PMEnjoy your evening!
I'm going to go ahead and file an issue to document this
Sorry, run
fleetctl --versionnpm view fleetctl versionj
jby
12/01/2021, 5:12 PMDo you really mean that I'm to run the preview command again in a running environment?
r
Rachel Perkins
12/01/2021, 5:42 PMYou can run
fleetctl preview stopj
jby
12/01/2021, 5:45 PMOk, I’ll test tomorrow morning, and since I have a puppy that wants to go out early you might still be working when I start tomorrow… 😉
😅 1
🐶 1
So, I ran the
fleetctl previewOk, I got in with the
<mailto:admin@example.com|admin@example.com>upgradeSo, I ended up with an empty fleet instance with a new enroll secret and a new certificate… 😞
@Rachel Perkins?
r
Rachel Perkins
12/03/2021, 3:41 PMSo sorry this got buried!
That's weird because the most recent
fleetctl previewLet me loop in @Lucas Rodriguez a BE engineer and see if he knows what could've happened. We both smoked tested this
j
jby
12/03/2021, 4:13 PMNo users, no hosts, no data (not even any example data), new certificate and new enrollment secret was my result of running
fleetctl previewl
Lucas Rodriguez
12/03/2021, 4:16 PMHi folks, will take a look at this soon and get back to you.
:ty: 1
j
jby
12/03/2021, 4:17 PM👍
Oh, it's after 5pm Friday here so don't expect me to do anything else until Monday morning
BTW, these are the stdout-logs from when I ran
fleetctl previewDownloading dependencies from production into /root/.fleet/preview...
Pulling Docker dependencies...
Starting Docker containers...
Waiting for server to start up...
Initializing server...
Configured fleetctl in the 'preview' context to avoid overwriting existing config.
Loading standard query library...
Applying Policies...
Fleet will now enroll your device and log you into the UI automatically.
You can also open the UI at this URL: <http://localhost:1337/previewlogin>.
Email: <mailto:admin@example.com|admin@example.com>
Password: admin123#
Downloading Orbit and osqueryd...
Orbit is already running.
Waiting for current host to enroll...
wait for current host: checking host count: no hosts yetl
Lucas Rodriguez
12/06/2021, 7:51 PM@jby Can you look for the following docker volume:
docker volume list | grep previewIn my case I get
local fleet-preview-server_data01previewj
jby
12/06/2021, 7:52 PMdocker volume list
DRIVER VOLUME NAME
local 34a78f9c63dc93fc533c362a5c00f04ffa2b43cfc555062ad2ca979a18fa4f4c
local 625e94d725d58ea087bcee640687433cb40f58daed0a3ae8714afd6aed4bbfc4
local fleet-preview-server_data01And:
docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
88b39d78b8d7 fleetdm/fleet:latest "sh -c '/usr/bin/fle…" 4 days ago Up 4 days 0.0.0.0:1337->1337/tcp, :::1337->1337/tcp fleet-preview-server_fleet02_1
878d60386228 fleetdm/fleet:latest "sh -c '/usr/bin/fle…" 4 days ago Up 4 days 0.0.0.0:8412->8412/tcp, :::8412->8412/tcp fleet-preview-server_fleet01_1
b52496386962 mysql:5.7 "docker-entrypoint.s…" 4 days ago Up 4 days 33060/tcp, 0.0.0.0:3308->3306/tcp, :::3308->3306/tcp fleet-preview-server_mysql01_1
d42f75ce59ee redis:6 "docker-entrypoint.s…" 4 days ago Up 4 days 6379/tcp fleet-preview-server_redis01_1
ac4363885609 dactiv/osquery:4.5.1-centos6 "osqueryd --flagfile…" 4 weeks ago Up 4 weeks fleet-preview-devices_centos6-osquery_1
393ee09aa659 dactiv/osquery:4.5.1-ubuntu18.04 "osqueryd --flagfile…" 4 weeks ago Up 4 weeks fleet-preview-devices_ubuntu18-osquery_1
b6e3aa740d4f dactiv/osquery:4.5.1-centos7 "osqueryd --flagfile…" 4 weeks ago Up 4 weeks fleet-preview-devices_centos7-osquery_1
a2a4763bab36 dactiv/osquery:4.5.1-ubuntu16.04 "osqueryd --flagfile…" 4 weeks ago Up 4 weeks fleet-preview-devices_ubuntu16-osquery_1
bc112570d19b dactiv/osquery:4.5.1-ubuntu14.04 "osqueryd --flagfile…" 4 weeks ago Up 4 weeks fleet-preview-devices_ubuntu14-osquery_1
9ee8c3357bb8 dactiv/osquery:4.5.1-centos8 "osqueryd --flagfile…" 4 weeks ago Up 4 weeks fleet-preview-devices_centos8-osquery_1
66b70a2e1d48 dactiv/osquery:4.5.1-ubuntu20.04 "osqueryd --flagfile…" 4 weeks ago Up 4 weeks fleet-preview-devices_ubuntu20-osquery_1From that output it would seem I have multiple previews running…
Or maybe I’m looking crooked here, sorry
l
Lucas Rodriguez
12/06/2021, 7:56 PMThat last output looks ok,
previewRegarding the volume command: It's possible
fleet-preview-server_data01j
jby
12/06/2021, 7:58 PMOk, the simulated hosts have not provided any data into my new preview either though…
This is my dashboard 5 days after starting the updated preview:
The
fleet-preview-server_data01# docker volume inspect fleet-preview-server_data01
[
{
"CreatedAt": "2021-11-04T05:59:38Z",
"Driver": "local",
"Labels": {
"com.docker.compose.project": "fleet-preview-server",
"com.docker.compose.version": "1.27.4",
"com.docker.compose.volume": "data01"
},
"Mountpoint": "/var/lib/docker/volumes/fleet-preview-server_data01/_data",
"Name": "fleet-preview-server_data01",
"Options": null,
"Scope": "local"
}
]The other two seems to have been created at login(from looking at the timestamp of
CreatedAtfleetctl previewdocker volume inspect 34a78f9c63dc93fc533c362a5c00f04ffa2b43cfc555062ad2ca979a18fa4f4c
[
{
"CreatedAt": "2021-12-02T06:44:22Z",
"Driver": "local",
"Labels": null,
"Mountpoint": "/var/lib/docker/volumes/34a78f9c63dc93fc533c362a5c00f04ffa2b43cfc555062ad2ca979a18fa4f4c/_data",
"Name": "34a78f9c63dc93fc533c362a5c00f04ffa2b43cfc555062ad2ca979a18fa4f4c",
"Options": null,
"Scope": "local"
}
]And my login now:
docker volume inspect 625e94d725d58ea087bcee640687433cb40f58daed0a3ae8714afd6aed4bbfc4
[
{
"CreatedAt": "2021-12-06T19:59:04Z",
"Driver": "local",
"Labels": null,
"Mountpoint": "/var/lib/docker/volumes/625e94d725d58ea087bcee640687433cb40f58daed0a3ae8714afd6aed4bbfc4/_data",
"Name": "625e94d725d58ea087bcee640687433cb40f58daed0a3ae8714afd6aed4bbfc4",
"Options": null,
"Scope": "local"
}
]l
Lucas Rodriguez
12/06/2021, 8:20 PMOK, one option is running 1.
preview stoppreviewj
jby
12/06/2021, 8:22 PMdocker volume rm 625e94d725d58ea087bcee640687433cb40f58daed0a3ae8714afd6aed4bbfc4
Error response from daemon: remove 625e94d725d58ea087bcee640687433cb40f58daed0a3ae8714afd6aed4bbfc4: volume is in use - [d42f75ce59ee4d887c26097a4afa2939ee82aad99bf704fb2b10dd8b5bb47e9c]l
Lucas Rodriguez
12/06/2021, 8:23 PMMaybe that's not even a fleet volume.
j
jby
12/06/2021, 8:23 PMI’m not running anything else in docker in that host
l
Lucas Rodriguez
12/06/2021, 8:23 PMAlso, any reason you are using preview instead of deploying fleet? (Mostly asking because preview is just made for demo purposes.) See https://fleetdm.com/docs/deploying#deployment
j
jby
12/06/2021, 8:24 PMPOC and testing
And the simplicity of docker
To see if it’s something we should put into production
And me not being comfortable to configure the relationships between docker containers (fleet, db, redis, persistent disk storage) myself
And also, I’m lazy busy doing other things - this sets everything up with one command… 😁
l
Lucas Rodriguez
12/06/2021, 9:05 PMOK, one volume is probably one used by the fleet server. So we shouldn't delete it.
Can you provide fleet server logs?
docker logs $container_id_of_fleetdm/fleetdocker psj
jby
12/06/2021, 9:50 PMWhich one? The one running on port 8412 or the one running on port 1337?
3dc39fc12db2 fleetdm/fleet:latest "sh -c '/usr/bin/fle…" About an hour ago Up About an hour 0.0.0.0:8412->8412/tcp, :::8412->8412/tcp fleet-preview-server_fleet01_1
dd454af52c6c mysql:5.7 "docker-entrypoint.s…" About an hour ago Up About an hour 33060/tcp, 0.0.0.0:3308->3306/tcp, :::3308->3306/tcp fleet-preview-server_mysql01_1
75d2cc6a59ed redis:6 "docker-entrypoint.s…" About an hour ago Up About an hour 6379/tcp fleet-preview-server_redis01_1
88b39d78b8d7 fleetdm/fleet:latest "sh -c '/usr/bin/fle…" 4 days ago Up About an hour 0.0.0.0:1337->1337/tcp, :::1337->1337/tcp fleet-preview-server_fleet02_1I’m off to bed now, it’s almost 11pm here
So, @Lucas Rodriguez - which fleetdm/fleet container do you wants logs from (see output from docker ps above)
l
Lucas Rodriguez
12/07/2021, 5:30 PMBoth, if possible.
j
jby
12/07/2021, 5:35 PMHmm, looking at multiple pages of logs I went to the dashboard and realised that the restart last night seem to have cleaned everything up and it found the persistent storage again.
It’s back
I’m rebuilding my orbit-packages with the original enrollment secret now
l
Lucas Rodriguez
12/07/2021, 5:41 PMOK, glad it's working again!, if you plan to continue using fleet we suggest a proper deployment 🙂 https://fleetdm.com/docs/deploying#deployment
j
jby
12/07/2021, 5:42 PMYes, I wont run this preview in production - it’s still eval
👍 1
I was wrong, it started with the new example data, not with the old data…
So, a recap:
• I installed and ran
fleetctl previewfleetctl previewfleetctl previewfleetctl preview stopfleetctl previewAny further tips on this @Lucas Rodriguez or @Rachel Perkins?
Or am I at the end of the road with the preview and should setup a more permanent installation instead?
l
Lucas Rodriguez
12/08/2021, 4:27 PMHard to know what's going on.
One last try would be (if containers are running), use mysql client to connect to the mysql container:
mysql --host=127.0.0.1 --port=3308 --user=root --password
# password is toorselect * from fleet.hosts;fleetctl previewfleetctl previewz
zwass
12/08/2021, 4:30 PMfleetctl preview resetj
jby
12/08/2021, 4:31 PMYeah, my ITSec-guy is not too hot on sending this kind of data to the cloud…
I had created 2 users and added 5 real hosts just to be able to look att some real data and not just the example data that’s included
So, are you just going to leave me hanging here? @Rachel Perkins @Lucas Rodriguez
z
zwass
12/21/2021, 5:55 AMHi Jonas, I looked back through the last few messages in this thread and it's not clear what follow up you are asking for here. We always try to help community members get the most out of Fleet, but the team is also very busy with development work. If you have additional questions, please ask in this thread or a new one and our team and the community will provide assistance on a best-effort basis.
j
jby
12/21/2021, 6:27 AMI initially asked how to upgrade the preview and was told it would upgrade “in-place” if I just re-ran the
fleetctl previewI was just perplexed about, perhaps a misunderstanding from my side, that someone was actually looking into this and would get back to me with some help, and nothing but silence from your end. I understand that you’re busy with development, but I was led to believe that I would get more help
And - I’m pushing this to help you with similar situations in the future. If you now realise that a preview can’t be upgraded, then noone else would have to end up like me, especially not after asking about it explicitly…