Channels
#kolide
Title
# kolide
j
Jon O'Brien
03/07/2019, 4:59 PMHey folks - I raised this issue https://github.com/kolide/fleet/issues/2008 yesterday regarding
fleetctlfleetctl--debugz
zwass
03/07/2019, 5:43 PM
Are you able to query via the Fleet UI?
j
Jon O'Brien
03/07/2019, 5:47 PMyes
z
zwass
03/07/2019, 5:51 PM
When you do that, look in the network panel in the devtools and see whether it is using a websocket or XHR requests.
Is your Fleet server behind a load balancer?
j
Jon O'Brien
03/07/2019, 5:51 PMyes - I believe it is
z
zwass
03/07/2019, 5:51 PM
Ah yes I see that it is
Does your load balancer support websockets?
j
Jon O'Brien
03/07/2019, 5:52 PM...checking
z
zwass
03/07/2019, 5:52 PM
I suspect that your load balancer doesn't support websockets... On the browser we have a good library for getting around this with XHR requests. In Go (where fleetctl is written) we don't.
r
ralph
03/07/2019, 10:32 PMZack, if we run fleetctl directly on 1 backend kolide server, would it help?
z
zwass
03/07/2019, 10:41 PM
Yeah if you connect fleetctl directly to one of the servers it ought to work fine.
r
ralph
03/07/2019, 10:41 PMone more thing, if I enable session persistence on the L7 LB , would that help too?
z
zwass
03/07/2019, 11:20 PM
What matters is whether the LB supports websockets. It doesn't matter which Fleet server the client connects to as long as (1) Redis is working and (2) websockets are supported for communication with the client.
j
Jon O'Brien
03/08/2019, 12:31 PMIt does appear that websockets is supported in the LB - is there a configuration setting which is required to ensure fleetctl can communicate through them?
Also, how might I be able to see more debug information coming back from
fleetctlz
zwass
03/08/2019, 4:48 PM
I did some testing and it does seem that fleetctl should print an error if it is unable to establish the websocket connection. It will also print any errors it encounters from the server, and errors reading from the websocket connection. Can you check a couple more things please? What version of fleetctl are you running (
fleetctl --versionj
Jon O'Brien
03/08/2019, 4:50 PM Copy code
fleetctl - version 2.0.2
branch: master
revision: 8ca0358bf28173685815b79d8683a4239d629a14
build date: 2019-01-18T00:39:59Z
build user: zwass
go version: go1.11.3z
zwass
03/08/2019, 5:19 PM
Yeah, on the Fleet server. They are printed to stderr of the Fleet process.
Can you please clarify one more thing... In the examples in https://github.com/kolide/fleet/issues/2008 are both of those commands exiting immediately (or near immediately)?
j
Jon O'Brien
03/08/2019, 7:52 PMI will try and get the stderr output - in the meantime, yes, they exit immediately.
z
zwass
03/08/2019, 7:54 PM
Can you show the output of
fleetctl get label 'All Hosts'j
Jon O'Brien
03/08/2019, 7:56 PM Copy code
$ fleetctl get label 'All Hosts'
apiVersion: v1
kind: label
spec:
ID: 0
description: All hosts which have enrolled in Kolide
label_type: 1
name: All Hosts
query: select 1;
$z
zwass
03/09/2019, 8:57 PM
I am still interested in the Fleet server logs. Also, are you able to create a label with a query like
select 1j
Jon O'Brien
03/11/2019, 11:57 AMOK - I can see that although the
fleetctl/var/log/kolide/status.logThe number of hosts online has greatly reduced now (not sure why)
...and now, queries are working as expected for 171 hosts online
6% responded (99% online) | 170/2680 targeted hosts (170/171 online)I created a label `test label`:
Copy code
$ fleetctl get label --context my_context 'test label'
apiVersion: v1
kind: label
spec:
ID: 0
description: ""
label_type: 0
name: test label
query: select 1
$@zwass - any more thoughts on this please?
Current situation is that when hosting fleet on multiple servers through a load balancer,
fleetctl Copy code
[----------]$ fleetctl query --timeout 25m --query 'select name,version from os_version' --labels 'All Hosts' --exit
⠋ [----------]$
[----------]$ fleetctl query --timeout 25m --query 'select name,version from os_version' --labels 'All Hosts'
0% responded (0% online) | 0/0 targeted hosts (0/0 online)
[----------]$/var/log/kolide/status.logfleetctlfleetctlz
zwass
03/13/2019, 6:52 PM
Are you able to query that test label?
j
Jon O'Brien
03/14/2019, 10:38 AMYes - I can query against my 'test label' and 'All Hosts'.
fleetctlz
zwass
03/15/2019, 7:04 PM
When you query the test label you get results? What about if you query individual hosts?
j
Jon O'Brien
03/18/2019, 10:19 AMI don't think the problem is to do with the label or individual host queries - it appears to be related to how load balanced fleet servers communicate back to
fleetctlfleetctlHi @zwass - I'm still having issues with this environment despite reducing the number of fleet servers to 1 through the load balancer.
I've managed to look in the fleet stderr log in docker and I get a few of the following errors occurring around the time that
fleetctl Copy code
{"log":"{\"err\":\"sending: sockjs: session not in open state\",\"msg\":\"error writing to channel\",\"ts\":\"2019-03-24T04:08:13.081053265Z\"}\n","stream":"stderr","time":"2019-03-24T04:08:13.08115086Z"}
{"log":"{\"component\":\"service\",\"err\":null,\"ip_addr\":\"192.168.20.3:60635\",\"method\":\"SubmitDistributedQueryResults\",\"took\":\"8.070283ms\",\"ts\":\"2019-03-24T04:08:13.086910133Z\"}\n","stream":"stderr","time":"2019-03-24T04:08:13.087039196Z"}
{"log":"{\"err\":\"write status\",\"msg\":\"error updating status\",\"ts\":\"2019-03-24T04:08:13.322847484Z\"}\n","stream":"stderr","time":"2019-03-24T04:08:13.32299169Z"}z
zwass
03/25/2019, 11:19 PM
Have you tried connecting directly to Fleet rather than through the LB? This seems like an LB issue.
3 Views