Fleet Fixes - mysql race condition

2025-12-06 09:12:45 +01:00 · 2020-11-30 17:28:11 -05:00
parent 5d2acf4011
commit e7a927188b
5 changed files with 26 additions and 14 deletions
--- a/salt/common/tools/sbin/so-fleet-setup
+++ b/salt/common/tools/sbin/so-fleet-setup
@@ -26,10 +26,9 @@ docker exec so-fleet /bin/sh -c 'for pack in /packs/palantir/Fleet/Endpoints/pac
 docker exec so-fleet fleetctl apply -f /packs/osquery-config.conf


-# Enable Fleet
-echo "Enabling Fleet..."
-sleep 5
-salt-call state.apply fleet.event_enable-fleet queue=True >> /root/fleet-setup.log
+# Update the Enroll Secret
+echo "Updating the Enroll Secret..."
+salt-call state.apply fleet.event_update-enroll-secret queue=True >> /root/fleet-setup.log
 salt-call state.apply nginx queue=True >> /root/fleet-setup.log

 # Generate osquery install packages
--- a/salt/fleet/event_enable-fleet.sls
+++ b/salt/fleet/event_enable-fleet.sls
@@ -1,4 +1,3 @@
-{% set ENROLLSECRET = salt['cmd.run']('docker exec so-fleet fleetctl get enroll-secret default') %}
 {% set MAININT = salt['pillar.get']('host:mainint') %}
 {% set MAINIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %}

@@ -9,4 +8,3 @@ so/fleet:
        hostname: {{ grains.host }}
        mainip: {{ MAINIP }}
        role: {{ grains.role }}
-        enroll-secret: {{ ENROLLSECRET }}
--- a/salt/fleet/event_update-enroll-secret.sls
+++ b/salt/fleet/event_update-enroll-secret.sls
@@ -0,0 +1,7 @@
+{% set ENROLLSECRET = salt['cmd.run']('docker exec so-fleet fleetctl get enroll-secret default') %}
+
+so/fleet:
+  event.send:
+    - data:
+        action: 'update-enrollsecret'
+        enroll-secret: {{ ENROLLSECRET }}
--- a/salt/reactor/fleet.sls
+++ b/salt/reactor/fleet.sls
@@ -17,7 +17,6 @@ def run():
    if ACTION == 'enablefleet':
      logging.info('so/fleet enablefleet reactor')

-      ESECRET = data['data']['enroll-secret']
      MAINIP = data['data']['mainip']
      ROLE = data['data']['role']
      HOSTNAME = data['data']['hostname']
@@ -30,12 +29,6 @@ def run():
          line = re.sub(r'fleet_manager: \S*', f"fleet_manager: True", line.rstrip())
        print(line) 

-      # Update the enroll secret in the secrets pillar
-      if ESECRET != "":
-        for line in fileinput.input(SECRETSFILE, inplace=True):
-          line = re.sub(r'fleet_enroll-secret: \S*', f"fleet_enroll-secret: {ESECRET}", line.rstrip())
-          print(line)
-
      # Update the Fleet host in the static pillar
      for line in fileinput.input(STATICFILE, inplace=True):
        line = re.sub(r'fleet_hostname: \S*', f"fleet_hostname: '{HOSTNAME}'", line.rstrip())
@@ -46,6 +39,18 @@ def run():
        line = re.sub(r'fleet_ip: \S*', f"fleet_ip: '{MAINIP}'", line.rstrip())
        print(line)   

+    if ACTION == 'update-enrollsecret':
+      logging.info('so/fleet update-enrollsecret reactor')
+
+      ESECRET = data['data']['enroll-secret']
+
+      # Update the enroll secret in the secrets pillar
+      if ESECRET != "":
+        for line in fileinput.input(SECRETSFILE, inplace=True):
+          line = re.sub(r'fleet_enroll-secret: \S*', f"fleet_enroll-secret: {ESECRET}", line.rstrip())
+          print(line)
+
+
    if ACTION == 'genpackages':
      logging.info('so/fleet genpackages reactor')

--- a/setup/so-setup
+++ b/setup/so-setup
@@ -691,6 +691,9 @@ fi
 	
 	if [[ "$OSQUERY" = 1 ]]; then

+		set_progress_str 75 "$(print_salt_state_apply 'fleet.event_enable-fleet')"
+		salt-call state.apply -l info fleet.event_enable-fleet >> $setup_log 2>&1
+
 		set_progress_str 75 "$(print_salt_state_apply 'fleet')"
 		salt-call state.apply -l info fleet >> $setup_log 2>&1