Title
#fleet
a

arod

04/07/2021, 1:55 PM
Hey folks. I am doing the docker install using a
docker-compose.yml
file Here is the fleet section. I have mysql and redis as well. Could really use some help in our current setup. THREADING so I don't clog up the channel
1:55 PM
This is my docker-compose. mysql and redis are here as well.
fleet:
    image: fleetdm/fleet:3.9.0
    hostname: fleet
    container_name: fleet
    restart: always
    command: sh -c "echo '\n' | /usr/bin/fleet prepare db --config=/etc/kolide.yml && /usr/bin/fleet serve --config=/etc/kolide.yml"
    depends_on:
      - mysql
      - redis
    volumes:
      - ./production_cluster/fleet-configs/kolide.yml:/etc/kolide.yml
      - ./production_cluster/fleet-configs/cert.pem:/certs/cert.pem
      - ./production_cluster/fleet-configs/key.pem:/certs/key.pem
    expose:
      - "8412"
    ports:
      - "${FLEET_PORT}:8080"
    networks:
      - fleet-net
1:56 PM
I am using a kolide.yml file with data already My issue is this:
1:56 PM
Once I run the initial:
./fleetctl config set --address "<https://localhost>:$FLEET_PORT" --tls-skip-verify --config "production_cluster/fleet-configs/kolide.yml"
  echo "running fleetctl setup"
It replaces the
kolide.yml
completely.
1:57 PM
This is the template I am giving to the container:
mysql:
  address: mysql:3306
  database: fleet
  username: fleet
  password: MYSQL_FLEET_PASSWORD
redis:
  address: redis:6379
server:
  address: 0.0.0.0:8080
  tls: true
  cert: /certs/cert.pem
  key: /certs/key.pem
auth:
  jwt_key: FLEET_JWT_KEY
filesystem:
  status_log_file: /var/log/osquery/status.log
  result_log_file: /var/log/osquery/result.log
  enable_log_rotation: true
logging:
  json: true
This is what my kolide.yml after the config set command
contexts:
  default:
    address: <https://localhost:8999>
    email: sea@sea.test
    rootca: ""
    tls-skip-verify: true
    token: <TOKEN HERE>
    url-prefix: ""
2:01 PM
Is this expected? I don't want to blast my config away. Once it does and I restart the containers, fleet doesn't come up because of the following (output from docker logs fleet:
Using config file:  /etc/kolide.yml
Error creating db connection: dial tcp 127.0.0.1:3306: connect: connection refused
Using config file:  /etc/kolide.yml
Which makes sense because the DB config piece is gone. I'm curious on why? Is this expected?
2:01 PM
@Noah Talerman Would love some help with this so I can sleep! 😞 Thanks folks!
2:43 PM
I guess I need to understand these commands better? Can't find in the docs
command: sh -c "echo '\n' | /usr/bin/fleet prepare db --config=/tmp/kolide.yml && /usr/bin/fleet serve --config=/tmp/kolide.yml"
zwass

zwass

04/07/2021, 3:19 PM
The config for
fleetctl
and for the Fleet server are separate. Looks like you are overriding the server config with the one from
fleetctl
.
a

arod

04/07/2021, 3:47 PM
:mind_blown: 🤯 @zwass Omg.
3:48 PM
Thanks a lot! So I basically need to use a different config file for
fleetctl
entirely. Doesn't even need to be on the container.
zwass

zwass

04/07/2021, 3:53 PM
Correct. Think of
fleetctl
as another client for the Fleet server. Like the web UI but it's a CLI.
a

arod

04/07/2021, 6:56 PM
Thanks so much! Fixed everything. @zwass
zwass

zwass

04/07/2021, 6:56 PM
Nice! Enjoy 🙂