Hi team, do you know how long does fleet update the Software Inventory? Right now, it's been 7 days since last update. And it seems it will update the inventory when I update fleet server to a new version.

Hi @Jincheng YinWhat version of Fleet are you running? The default interval for vulnerability and software updates is 1 hour.

@Kathy Satterlee 4.25

Are your hosts otherwise checking in properly? Any errors in the Fleet logs?

Let me double check the logs. it seems it only updated the inventory when restarts the pods or update fleet server

Can you verify that the path set for

database_path

is present and that the fleet user has read and write privileges?

There is /tmp/ folder, but it's empty. Checking the privileges.

Is the “unable to acquire lock” error showing up consistently, or was that a one-off? How many Fleet instances do you have running?

@Kathy Satterlee We have 3 fleet instances, it's showing up consistently. When it's not showing up, we can get the new Software Inventory update, last time is 3 days ago.

Can you show me that exact error?

image.png,image.png

Got it. Fleet should continue processing even if the databases can't sync. Just to clarify:

When it's not showing up, we can get the new Software Inventory update, last time is 3 days ago.

Does that mean you last saw that error 3 days ago and software is currently updating, or that the error is still coming up and you haven't seen a software update in 3 days?

the error(unable to acquire lock) is still coming up and I haven't seen a software update in 3 days

Thanks. just wanted to make sure. Do you have access to the Fleet database? I'd like to see what shows up in the `locks`table:

select * from locks where name = 'vulnerabilities';

We did not change the current_instance_checks Only add the vul_path

This is the suggested resource allocation in Kubernetes from the documentation:

resources:
          requests:
            memory: "64Mi"
            cpu: "250m"
          limits:
            memory: "2048Mi" # vulnerability processing
            cpu: "500m"

Thanks! We will have a try.

Awesome! Let me know if that doesn't do the trick.

@Kathy Satterlee Sorry, last time check the wrong file. We have this settings in our deployment file, I think it should be OK

Vulnerabilities processing requires a minimum of 4GB of memory (it looks like the recommendation in that example I shared is even too low, sorry about the oversight!). That’s still the most likely culprit.

@Kathy Satterlee Thanks. It's working now. It's Memory issue and caused by the GKE autopilot modified resource limit to match resource request.