https://github.com/osquery/osquery logo
#fleet
Title
# fleet
b

brian

01/26/2023, 10:57 PM
hi all, I'm working on a self-hosted deployment of Fleet on AWS ECS. I've got everything up and running, but I'm having issues with running
fleetctl
from my local machine to generate an install package. any subcommand of
fleetctl
I try just seems to hang forever. I've tried both the release from the GitHub releases page and installing via
npm
. I've also tried with and without
sudo
. I'm on macOS 12.6 (Intel hardware). any idea what might be causing this?
k

Kathy Satterlee

01/26/2023, 11:06 PM
That's odd, @brian! Do you successfully get the version if you run
fleetctl -v
?
b

brian

01/26/2023, 11:07 PM
I don’t, just hangs like this
(same with
sudo
)
I realized that I’ll probably ultimately have some issues since I put Fleet behind AWS Cognito authentication (going to look into keeping that in place for the web UI but bypassing for other traffic like from
fleetctl
or from hosts), but I’m not sure if that’s what’s causing my problems with
fleetctl
right now.
k

Kathy Satterlee

01/26/2023, 11:14 PM
No,
fleetctl
has functionality that doesn't require an existing server so you should at the very least get a version output.
Is the currently installed version the npm version, or downloaded from github?
b

brian

01/26/2023, 11:16 PM
currently from npm.
npm -g list
shows
├── fleetctl@v4.26.0
.
k

Kathy Satterlee

01/26/2023, 11:21 PM
Testing installing a fresh version just in case there's something odd going on.
The first time a new version of
fleetctl
runs, the actual CLI app should be installed. It looks something like this: Do you recall that happening ever?
b

brian

01/26/2023, 11:26 PM
nope, it’s never given me any output (other than similar npm output about 24 packages being installed). let me try remove/purge and installing again.
k

Kathy Satterlee

01/26/2023, 11:27 PM
just for giggles, try running
fleetctl -v
after the ourge, but before reinstalling.
b

brian

01/26/2023, 11:27 PM
same behavior. the only other piece of the puzzle that may be relevant is that I had the Fleet agent installed and connected to a sandbox account on fleetdm.com. I’m not sure if that would affect this at all.
zsh: command not found: fleetctl
k

Kathy Satterlee

01/26/2023, 11:29 PM
Thanks! just wanted to make sure that there wasn't some weird overlap going on
the only other piece of the puzzle that may be relevant is that I had the Fleet agent installed and connected to a sandbox account on fleetdm.com. I’m not sure if that would affect this at all.
It really shouldn't, but just for safety's sake, try running the cleanup script: https://github.com/fleetdm/fleet/blob/main/orbit/tools/cleanup/cleanup_macos.sh
b

Benjamin Edwards

01/26/2023, 11:30 PM
Maybe skip npm altogether? Download the binary directly from the release page https://github.com/fleetdm/fleet/releases/tag/fleet-v4.26.0
k

Kathy Satterlee

01/26/2023, 11:31 PM
@Benjamin Edwards Had the same issue with that version
b

Benjamin Edwards

01/26/2023, 11:31 PM
Npm and sudo just never sits right.
b

brian

01/26/2023, 11:31 PM
yeah, I can try that again but saw the same behavior as with the npm package.
b

Benjamin Edwards

01/26/2023, 11:32 PM
Oh sorry I might have missed you trying that already.
b

brian

01/26/2023, 11:32 PM
no luck doing the cleanup script and then reinstalling with npm.
doesn’t seem to be doing much
Copy code
$ sudo lsof -p 12026
COMMAND   PID         USER   FD   TYPE DEVICE SIZE/OFF                NODE NAME
env     12026 briandefiant  cwd    DIR    1,9     2240              379729 /Users/briandefiant
env     12026 briandefiant  txt    REG    1,9   151360 1152921500312781607 /usr/bin/env
env     12026 briandefiant  txt    REG    1,9  2177216 1152921500312782996 /usr/lib/dyld
env     12026 briandefiant    0u   CHR   16,5    0t557                1021 /dev/ttys005
env     12026 briandefiant    1u   CHR   16,5    0t557                1021 /dev/ttys005
env     12026 briandefiant    2u   CHR   16,5    0t557                1021 /dev/ttys005
that’s the PID of the
/usr/bin/env node /usr/local/bin/fleetctl -v
process.
maybe I have a weird version of node or something…
b

Benjamin Edwards

01/26/2023, 11:34 PM
I’d download raw binary and run with ./fleetctl just to make sure it’s not trying to run the one installed on $PATH
I think this is npm foo honestly
Or uninstall via npm, then run binary with ./fleetctl just to be sure
b

brian

01/26/2023, 11:36 PM
same behavior.
./fleetctl -v
hangs and basically the same output from
lsof
.
I’ll have to call it a day now, but will hopefully have a “eureka” moment with fresh eyes tomorrow morning 🙂. thanks @Kathy Satterlee and @Benjamin Edwards for your help so far.
b

Benjamin Edwards

01/26/2023, 11:40 PM
Did you install with sudo npm install -g fleetctl
b

brian

01/27/2023, 12:47 PM
the classic solution of a reboot fixed this 🙄. first run of
./fleetctl -v
after the reboot gave me the “the developer of this app can’t be verified” popup, so I right-clicked the
fleetctl
binary and did “Open”, then ran it from the terminal again and it worked! guess I should have tried a reboot sooner! I wonder why that “can’t be verified” popup wasn’t showing up at first though (iTerm or tmux related?).
thanks again for the troubleshooting help.
b

Benjamin Edwards

01/27/2023, 1:27 PM
Lol! Glad to hear things are working ok! Thanks for following up
m

matx

01/27/2023, 4:41 PM
It could’ve been hanging on the quarantine bit
Check in terminal with
xattr -l
Sometimes when downloading binaries the quarantine bit there (the clue is the message this app couldn’t be verified neaaage which suggests it’s not signed or notarized or stapled or all of the above)
b

brian

01/27/2023, 5:15 PM
yeah, I’m assuming it was. for whatever reason I wasn’t getting the normal UI popup until after rebooting (closing and re-opening iTerm and/or tmux may have had the same effect).