Hi! I just installed fleet server in a testing k8s cluster and on-boarded a couple of hosts using a generated .deb package for linux (orbit). The hosts report their basic details (disk, cpu, OS etc) just fine but additional info is not available and I see the following types of errors in the fleet server log:

level=error ts=2022-12-07T10:10:15.110183011Z query=fleet_detail_query_network_interface_unix message="distributed query is denylisted" hostID=1
...
level=error ts=2022-12-07T10:10:35.499363345Z component=http method=POST uri=/api/v1/osquery/distributed/write took=3.131795221s ip_addr=10.244.3.87 x_for_ip_addr=10.244.3.87 ingestion-err="ingesting query software_linux: update host software: get software: context canceled" ingestion-err="ingest detail query: selecting app config: context canceled" ingestion-err="ingest detail query: selecting app config: context canceled" ingestion-err="ingest detail query: selecting app config: context canceled" ingestion-err="ingest detail query: selecting app config: context canceled" ingestion-err="ingest detail query: selecting app config: context canceled" ingestion-err="ingest detail query: selecting app config: context canceled" ingestion-err="ingest detail query: selecting app config: context canceled" ingestion-err="ingest detail query: selecting app config: context canceled" ingestion-err="ingest detail query: selecting app config: context canceled" ingestion-err="ingest detail query: selecting app config: context canceled" ingestion-err="ingest detail query: selecting app config: context canceled" ingestion-err="ingest detail query: selecting app config: context canceled" ingestion-err="ingest detail query: selecting app config: context canceled" err="error in query ingestion || error in query ingestion || error in query ingestion || error in query ingestion || error in query ingestion || error in query ingestion || error in query ingestion || error in query ingestion || error in query ingestion || error in query ingestion || error in query ingestion || error in query ingestion || error in query ingestion || error in query ingestion || getting app config: selecting app config: context canceled"

For the first type of error, in osquery docs it states:

If the watchdog stops the daemon while a distributed query was running then such query will be denylisted from running for 24 hours.

However the host config using query shell

.show

offers the following:

Non-default flags/options:
  database_path: /opt/orbit/shell/osquery.db
  disable_events: true
  disable_logging: true
  disable_watchdog: true

So how can I prevent the NIC distributed query from being "denylisted"? For the second error, I really don't know where to start for help resolving software packages being available for the hosts in fleet server 🤷

hey @Graham Anderson, welcome! would you mind posting this in #C01DXJL16D8 channel please? someone there might be able to help better, thanks!

👍