oh, your `enroll_secret_env` flag should not be t...
# kolideg
groob
02/06/2018, 6:24 PM
oh, your
enroll_secret_enve
Eldar
02/06/2018, 6:27 PMthan what should be?
g
groob
02/06/2018, 6:28 PM
see below
e
Eldar
02/06/2018, 6:33 PMto place the secret in file?
Eldar
02/06/2018, 6:33 PMosqueryd --enroll_secret_path=/tmp/enroll --tls_server_certs=/etc/osquery/kolide.crt --tls_hostname=127.0.0.1 --host_identifier=uuid --enroll_tls_endpoint=/api/v1/osquery/enroll --config_plugin=tls --config_tls_endpoint=/api/v1/osquery/config --config_tls_refresh=10 --disable_distributed=false --distributed_plugin=tls
g
groob
02/06/2018, 6:38 PM
your tls hostname flag is also wrong. that's just an ip address. it needs the port and it needs to match your certificate
groob
02/06/2018, 6:39 PM
can you show us the fleet startup as well?
groob
02/06/2018, 6:39 PM
and any logs osquery might be reporting. you'll ahve to add
--verbose--tls_dumpe
Eldar
02/06/2018, 6:40 PMfleet serve --config /tmp/kolide.yml --auth_jwt_key 93hxhlw4b+WFMlxGV5RKzKTmml5itxA1
g
groob
02/06/2018, 6:42 PM
ok that looks fine i'm guessing
groob
02/06/2018, 6:42 PM
add the verbose and tls_dump flags to osqueryd and try starting it again
e
Eldar
02/06/2018, 6:47 PM Copy code
W0206 18:31:39.313983 5271 tls_enroll.cpp:70] Failed enrollment request to <https://localhost:12345/api/v1/osquery/enroll> (Request error: Failed to connect to localhost:12345: Connection refused) retryingg
groob
02/06/2018, 6:48 PM
is your cert signed for localhost?
e
Eldar
02/06/2018, 6:48 PMyes
g
groob
02/06/2018, 6:48 PM
and is fleet running on port 12345?
e
Eldar
02/06/2018, 6:49 PMno. it is forwarded port to 8080
g
groob
02/06/2018, 6:50 PM
sounds like that's where the issue is
e
Eldar
02/06/2018, 7:10 PMshit added new host 😄
k
Kemal
02/07/2018, 8:26 AMcan you help me about this issue? /usr/bin/fleet prepare db \
--mysql_address=127.0.0.1:3306 \
--mysql_database=kolide \
--mysql_username=root \
--mysql_password=toor
I edited that code for my environment and when I ran I got this error
2018/02/07 080308 FAIL 20161118212641_CreateTablePasswordResetRequests.go (Error 1067: Invalid default value for ‘expires_at’), quitting migration.
Kemal
02/07/2018, 8:50 AMi set system time to UTC and Repeated the command again this time mysql output is migration completed
g
groob
02/07/2018, 9:39 AM
you must use mysql 5.7
k
Kemal
02/07/2018, 9:58 AMyes, 5.7.21 ubuntu 16.04.1
and I solved this after I set timezone to UTC and restart the system
Kemal
02/07/2018, 9:59 AMi dont know the case is related restarting or setting UTC?
g
groob
02/07/2018, 10:29 AM
probably setting UTC
4 Views