Hello, we've been having issues on a handful of hosts where osqueryd was previously working but suddenly comes up with enrollment errors

(No node key returned from TLS enroll plugin)

. we are able to fix it by refreshing

/var/osquery/db

, but i was wondering if there is a way to just reset the node key without "factory-resetting" osqueryd on the host?

Were you ever able to resolve the root cause behind this? We are seeing it too, and even though the functionality does not seem to be impacted, I think you are right in that it's a stale node_key stored locally in RocksDB. If you weren't able to figure out the root cause, what was the fix? (I don't see /var/osquery/db on my install)

Sorry for the late reply. the path was a typo - i meant

/var/osquery.db

. in our case osquery stopped running queries entirely. on existing hosts, we just pretty much purged that dir so osquery starts fresh. we fixed it at the source by adding a step in our provisioning scripts to remove the directory (apparently generated when the OS images are being built). though i still see that error pop up occasionally but the affected hosts are otherwise fine. we just ignore it for now /shrug

Thanks for getting back to me. As it turns out we are disabling the local rocksdb (AFAICT) via

--disable_database=true

so osquery.db doesn't exist. I've also attempted

--disable_reenrollment=true

but I'm still seeing the error message, although as you see also, it seems to have no effect.