Hi Everyone I recently inherited a Kolide Fleet instance and osquery #fleet

Hi Everyone, I recently inherited a Kolide Fleet i...

bdun

01/30/2023, 8:41 PM

Hi Everyone, I recently inherited a Kolide Fleet instance, and am new to the product. I've been running into an issue with starting up the Kolide web server. I believe I gotten it down to an issue with the mysql database. Currently, when i try to run the command

fleet serve

I get hit with the following error

mysql="could not connect to db: Error 1045: Access denied for user 'kolide@localhost' (using password: YES)

How could I go about trouble shooting the kolide user?

Kathy Satterlee

01/30/2023, 8:49 PM

Hi @bdun! How is your Fleet configuration set up? Environmental variables/Command-line flags/config file...

bdun

01/30/2023, 8:52 PM

@Kathy Satterlee I know that the mysql db and kolide are both installed on the same localhost. Im currently trying to figure out alot of the configuration myself, so I'm afraid im not too much help.

bdun

01/30/2023, 8:56 PM

@Kathy Satterlee I was able to successfully run the

fleet prepare db

command just now. Next I ran

fleet serve

and got hit with this

Kathy Satterlee

01/30/2023, 8:59 PM

Try running

fleet serve --auth_jwt_key=<that random value in the error>

Kathy Satterlee

01/30/2023, 9:02 PM

Since you aren't passing anything along with

fleet serve

, your configuration values would be pulled in from environmental variables.

bdun

01/30/2023, 9:03 PM

Thanks @Kathy Satterlee. Here's the output of that command. Any next steps? Maybe setting the address correctly?

Kathy Satterlee

01/30/2023, 9:05 PM

What version of Fleet are you running?

bdun

01/30/2023, 9:05 PM

Im currently running fleet version 2.3.0

bdun

01/30/2023, 9:06 PM

Also I really appreciate the help!

Kathy Satterlee

01/30/2023, 9:13 PM

Gotcha. At first blush, it sounds like your configuration might not be applying properly. I'm not entirely positive whether environmental variables are supported in that legacy version of Fleet. Try running Fleet with all of the flags:

Copy code

fleet serve \
  --mysql_address=127.0.0.1:3306 \
  --mysql_database=kolide \
  --mysql_username=root \
  --mysql_password=toor \
  --redis_address=127.0.0.1:6379 \
  --server_cert=/tmp/server.cert \
  --server_key=/tmp/server.key \
  --logging_json
  --auth_jwt_key=<that random value in the error>

That being said. this version of Fleet is no longer supported and I'd really recommend upgrading to the latest version (or at least the current major version). https://fleetdm.com/docs/deploying/upgrading-fleet

zwass

01/30/2023, 9:24 PM

@bdun is there possibly some shell history in your machine where you could see how the

fleet

command was run previously? Ideally you would figure out the configs and then update to a newer supported version of Fleet.

bdun

01/30/2023, 9:39 PM

@zwass Great idea! I found a previous entry that had the key and cert located in different directories. I ran that and made some progress. However, I had to add a forced recovery flag into the mysql config, and fleet doesnt like to be run when the innodc_forced_recovery variable is set. I'm hoping the database isnt corrupted at this point 🙃

zwass

01/30/2023, 9:43 PM

fwiw we aren't mysql experts but I'd highly recommend running a DB dump before proceeding any further

bdun

01/30/2023, 9:43 PM

yeah, I know the mysql world is way different. However, I really appreciate the support

2 Views

Open in Slack

Previous Next