Title
#fleet
w

Wojtek

11/05/2020, 2:43 PM
Hey folks, is it possible to setup enroll_secret during fleet bootstrap ? I am trying to run fleet in containers and once the 'fleet serve' has been run I am not able to run any more command from within docker. I tried to run 'fleet -c secrets.yaml serve' but it didn't work.
zwass

zwass

11/05/2020, 2:44 PM
A default enroll secret is generated when you start up the server for the first time. You can retrieve that secret with
fleetctl get enroll_secret
.
w

Wojtek

11/05/2020, 2:47 PM
yes but since I am running this in containers the app can be restarted anytime. And once it's restarted it sets this secret to a random string. Is there any way to set it upfront to the same string ?
zwass

zwass

11/05/2020, 2:47 PM
The containers should all be connecting to the same MySQL database which means that they will use the same set of enroll secrets.
w

Wojtek

11/05/2020, 2:50 PM
ok so this keeps the secret in mysql. this may make things easier. I would need to set the pass only once
2:52 PM
so adding to this: would running 'fleet prepare db' against the same db make any harm ?
zwass

zwass

11/05/2020, 3:01 PM
No it's okay to run
fleet prepare db
again. It will not do anything if the migrations are already run.
w

Wojtek

11/05/2020, 4:14 PM
Thanks
z

Zach Zeid

11/05/2020, 4:28 PM
also
fleet serve
is running the fleet process, so you wouldn't be able to run any commands after that. Maybe try running
fleet serve &
or just connecting from a different docker container.
w

Wojtek

11/05/2020, 6:22 PM
yeah I can but I'd rather do it without 'hacking' 😉 I'd rather set the secret initially. I didn't know the secret is kept in mysql. now I know this and I can set persistent storage for mysql docker container to ensure the enroll secret is the same