Title
#fleet
z

Zach Zeid

08/13/2021, 3:47 PM
I've enabled software inventory as well, but I don't see anything regarding CVE's?
Tomas Touceda

Tomas Touceda

08/13/2021, 3:50 PM
have you gone through the steps to configure vulnerability processing: https://github.com/fleetdm/fleet/blob/main/docs/1-Using-Fleet/13-Vulnerability-Processing.md ?
z

Zach Zeid

08/13/2021, 3:52 PM
Yeah this is confusing language, because I read it as "Set
FLEET_BETA_SOFTWARE_INVENTORY=1
OR using thhe app config" (which we don't use)
3:53 PM
but that explains the errors i'm seeing in the logs
Esteban

Esteban

08/13/2021, 3:56 PM
Yeah, It's confusing for me too since I'm not using config files and a Docker container to deploy the app. I don't know where the default config file is located
Tomas Touceda

Tomas Touceda

08/13/2021, 3:56 PM
makes sense, we'll be retiring the env var soon. Apologies for the confusion
Esteban

Esteban

08/13/2021, 3:58 PM
Why? For example it's easier for me to set the env vars declared directly on the docker compose.
Martin Pöhlmann

Martin Pöhlmann

08/17/2021, 9:14 AM
@Tomas Touceda I'd second that env vars are way easier to configure Fleet via Docker. Especially, is there a reason you decided to put the vulnerability databases_path in the fleetctl applied config? For the Docker setup this is really cumbersome as I have to manually interact with the container after start and then restart again. This strikes my infrastructure as code approach 😕 An option would be that fleet binary would also allow to pass fleetctl config files (or am I missing this feature?).
Tomas Touceda

Tomas Touceda

08/17/2021, 12:17 PM
the env var is there as a feature flag switch while the software inventory feature remains in beta. Most things within fleet is configured through fleetctl, we have seen a lot of success from people managing config as code alongside their packs and queries they apply
12:18 PM
all of that said, we are always working to make fleet more usable. If you have concrete ideas, please make sure to file a feature request
Martin Pöhlmann

Martin Pöhlmann

08/17/2021, 12:53 PM
I can understand that one may want to manage query packs, osquery configs, etc via fleetctl. But the database_path is a infrastructure configuration, hence in my point of view it should belong in a config to be read on startup. I do not ask for an env var in particular, but that it is configurable like mysql or redis: https://github.com/fleetdm/fleet/blob/2df7c71749690a98652eaed34a733cff2fa062cd/docs/2-Deploying/2-Configuration.md#options
Esteban

Esteban

08/17/2021, 1:00 PM
Totally agree, more usable on upgrades and rollbacks.
Tomas Touceda

Tomas Touceda

08/17/2021, 1:19 PM
fair, I'll look into supporting that