https://github.com/osquery/osquery logo
#fleet
Title
# fleet
c

clong

01/12/2023, 7:19 PM
Why would this be happening?
Copy code
$ fleetctl get config > /tmp/config.yaml   
$ fleetctl apply -f /tmp/config.yaml                                                                      
Error: applying fleet config: PATCH /api/latest/fleet/config received status 422 Validation Failed: missing or invalid license
i didnt make any changes to the config. it looks like it's not happy about the format of the config even though im passing it right back?
k

Kathy Satterlee

01/12/2023, 7:21 PM
Would you be up for sharing your config file with me? You can DM me or post it here with any sensitive data redacted. Whichever works for you!
c

clong

01/12/2023, 7:22 PM
im ok posting here, im just going to redact domains
Copy code
---
apiVersion: v1
kind: config
spec:
  agent_options:
    config:
      decorators:
        load:
        - SELECT uuid AS host_uuid FROM system_info;
        - SELECT computer_name AS hostname FROM system_info;
      options:
        disable_distributed: false
        distributed_interval: 10
        distributed_plugin: tls
        distributed_tls_max_attempts: 3
        enable_keyboard_events: true
        enable_mouse_events: true
        logger_snapshot_event_type: true
        logger_tls_endpoint: /api/osquery/log
        logger_tls_period: 10
        pack_delimiter: /
    overrides: {}
  features:
    enable_host_users: false
    enable_software_inventory: false
  fleet_desktop:
    transparency_url: <https://fleetdm.com/transparency>
  host_expiry_settings:
    host_expiry_enabled: false
    host_expiry_window: 0
  integrations:
    jira: null
    zendesk: null
  org_info:
    org_logo_url: <https://example.com/abc>
    org_name: Material Security
  server_settings:
    deferred_save_host: false
    enable_analytics: true
    live_query_disabled: false
    server_url: <https://example.com/abc>
  smtp_settings:
    authentication_method: authmethod_plain
    authentication_type: authtype_username_password
    configured: false
    domain: ""
    enable_smtp: false
    enable_ssl_tls: true
    enable_start_tls: true
    password: ""
    port: 587
    sender_address: ""
    server: ""
    user_name: ""
    verify_ssl_certs: true
  sso_settings:
    enable_jit_provisioning: false
    enable_sso: true
    enable_sso_idp_login: true
    entity_id: <http://fleet.stellarite.io|fleet.stellarite.io>
    idp_image_url: <https://example.com/abc>
    idp_name: Okta
    issuer_uri: ""
    metadata: ""
    metadata_url: <https://example.com/abc>
  vulnerability_settings:
    databases_path: ""
  webhook_settings:
    failing_policies_webhook:
      destination_url: <https://example.com/abc>
      enable_failing_policies_webhook: true
      host_batch_size: 0
      policy_ids:
      - 4
      - 6
      - 1
      - 2
      - 5
      - 7
      - 8
      - 3
    host_status_webhook:
      days_count: 0
      destination_url: ""
      enable_host_status_webhook: false
      host_percentage: 0
    interval: 24h0m0s
    vulnerabilities_webhook:
      destination_url: ""
      enable_vulnerabilities_webhook: false
      host_batch_size: 0
k

Kathy Satterlee

01/12/2023, 7:23 PM
Try removing these lines for me:
Copy code
fleet_desktop:
    transparency_url: <https://fleetdm.com/transparency>
c

clong

01/12/2023, 7:23 PM
that worked, thanks!
k

Kathy Satterlee

01/12/2023, 7:25 PM
Great! I haven't tested out Fleet Desktop after removing that section yet, let me know if that causes any issues. I'm going to get a bug report set up for this, will follow up with a ticket shortly.
c

clong

01/12/2023, 7:25 PM
we actually don't use it, so i dont think it will cause issues 🙂
k

Kathy Satterlee

01/12/2023, 7:25 PM
Brilliant.
c

clong

01/12/2023, 7:25 PM
thank you for the quick help!
k

Kathy Satterlee

01/12/2023, 7:26 PM
It's pretty cool. though. Highly recommend checking it out.
c

clong

01/12/2023, 7:26 PM
does it work with the open source fleet or only with the paid offering? if the former, i will definitely give it a spin
k

Kathy Satterlee

01/12/2023, 7:29 PM
Both. There's a little added functionality for premium around policies, but your users will still have access to the My Device page where they can see details about their machine.