https://github.com/osquery/osquery logo
Powered by
#fleet
Title
# fleet
b

bdun

01/30/2023, 8:41 PM
Hi Everyone, I recently inherited a Kolide Fleet instance, and am new to the product. I've been running into an issue with starting up the Kolide web server. I believe I gotten it down to an issue with the mysql database. Currently, when i try to run the command 
fleet serve
I get hit with the following error 
mysql="could not connect to db: Error 1045: Access denied for user 'kolide@localhost' (using password: YES)
How could I go about trouble shooting the kolide user?
k

Kathy Satterlee

01/30/2023, 8:49 PM
Hi @bdun! How is your Fleet configuration set up? Environmental variables/Command-line flags/config file...
b

bdun

01/30/2023, 8:52 PM
@Kathy Satterlee I know that the mysql db and kolide are both installed on the same localhost. Im currently trying to figure out alot of the configuration myself, so I'm afraid im not too much help.
@Kathy Satterlee I was able to successfully run the 
fleet prepare db
command just now. Next I ran 
fleet serve
and got hit with this
k

Kathy Satterlee

01/30/2023, 8:59 PM
Try running 
fleet serve --auth_jwt_key=<that random value in the error>
Since you aren't passing anything along with 
fleet serve
, your configuration values would be pulled in from environmental variables.
b

bdun

01/30/2023, 9:03 PM
Thanks @Kathy Satterlee. Here's the output of that command. Any next steps? Maybe setting the address correctly?
k

Kathy Satterlee

01/30/2023, 9:05 PM
What version of Fleet are you running?
b

bdun

01/30/2023, 9:05 PM
Im currently running fleet version 2.3.0
Also I really appreciate the help!
k

Kathy Satterlee

01/30/2023, 9:13 PM
Gotcha. At first blush, it sounds like your configuration might not be applying properly. I'm not entirely positive whether environmental variables are supported in that legacy version of Fleet. Try running Fleet with all of the flags:
Copy code
fleet serve \
  --mysql_address=127.0.0.1:3306 \
  --mysql_database=kolide \
  --mysql_username=root \
  --mysql_password=toor \
  --redis_address=127.0.0.1:6379 \
  --server_cert=/tmp/server.cert \
  --server_key=/tmp/server.key \
  --logging_json
  --auth_jwt_key=<that random value in the error>
That being said. this version of Fleet is no longer supported and I'd really recommend upgrading to the latest version (or at least the current major version). https://fleetdm.com/docs/deploying/upgrading-fleet
z

zwass

01/30/2023, 9:24 PM
@bdun is there possibly some shell history in your machine where you could see how the 
fleet
command was run previously? Ideally you would figure out the configs and then update to a newer supported version of Fleet.
b

bdun

01/30/2023, 9:39 PM
@zwass Great idea! I found a previous entry that had the key and cert located in different directories. I ran that and made some progress. However, I had to add a forced recovery flag into the mysql config, and fleet doesnt like to be run when the innodc_forced_recovery variable is set. I'm hoping the database isnt corrupted at this point 🙃
z

zwass

01/30/2023, 9:43 PM
fwiw we aren't mysql experts but I'd highly recommend running a DB dump before proceeding any further
b

bdun

01/30/2023, 9:43 PM
yeah, I know the mysql world is way different. However, I really appreciate the support
2 Views
Powered by