https://github.com/osquery/osquery logo
Join Slack
Powered by
I jumped a few fleet versions in upgrading to 3.8....
# fleet
n
I jumped a few fleet versions in upgrading to 3.8.0, so I have a question that might go back a few releases. If clients attempt to enroll with the same host identifier, they'll get rate limited / enroll will fail. I don't know how long but I think that's been going for a few releases. My question is about what status (403, 4xx, 500, 5xx, etc) codes are returned when those enrolls fail, and if those status codes have changed over the last few releases.
z
The status codes have not changed, and the enrollment cooldown goes back to 3.5.0. Are you encountering some issues here?
n
What is the status code for these enrollment issues?
I wouldn't say I'm having issues around this per se. My understanding (correct me if I'm wrong) is that before 3.5.0 there was still an issue with conflicts happening if there were multiple hosts with the same identifier enrolling, but that 3.5.0+ made the issue visible. Is that correct ? ^
z
That should return a 401.
Before 3.5.0 if there were multiple hosts using the same identifier they were likely to be successfully enrolling each attempt but then overwriting each other's node keys (since they appear to be the same host to Fleet yet the node key is invalidated due to a new successful enrollment). After 3.5.0 they are rate limited in how often they can enroll which means that not every enroll request will succeed.
Are you able to see Fleet server logs that indicate multiple hosts are using the same identifier?
n
Yes - I was aware from release notes that I would see this. It's not a new problem, just one that I'm more aware of / can quantify now.
z
There was actually extensive discussion about this in osquery office hours yesterday if you're curious to dig deeper.
n
Ah interesting, I'll go find the notes / recording
2 Views
Open in Slack
PreviousNext
Powered by