Title
#fleet
a

Alessandro

11/22/2022, 5:13 PM
Hello everybody! I am just looking for a confirmation here: we have reinstalled our Fleet server on an existing infrastructure so, apart from reconfiguring admin user, email, etc., we also got a new enroll key. However we would like to migrate the hosts that were previously enrolled with the old enroll key since the number is considerable and making a new onboarding will take quite some effort. How do you recommend me to approach this? 1. Adding the old enroll secret and use that as a
multiple
enroll secret keeping the new one 2. Trying to rotate the new enroll secret for the old enroll secret (if this is even making sense https://fleetdm.com/docs/deploying/faq#how-can-enroll-secrets-be-rotated) 3. Replace the new enroll key with the old enroll key (I have tried to find an equivalent of
kubectl replace
or piping the file content to
kubectl apply -f -
, but I did not find a command to replace an
entire
config) Any other advice on how to make it happen without changing the config at host level?
Kathy Satterlee

Kathy Satterlee

11/23/2022, 6:38 PM
Hey @Alessandro! If you've got a config file with your enroll secrets, you can apply that to your new fleet server using fleetctl apply: https://fleetdm.com/docs/using-fleet/configuration-files#enroll-secrets Your still need to point your hosts to the new Fleet instance though.
a

Alessandro

11/23/2022, 7:25 PM
Hey @Kathy Satterlee. Thanks for the feedback. It looks like the issue is a bit bigger than just the enroll secret, but this is definitely what I have done! Thanks a lot again for the answer!