empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 17:05:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
0709d1bc5c
fleet/articles/deploying-fleet-on-render.md
Eric f10e33d387
Website: update article categories (#6679) 
* add deploy category, change product to guides

* update links to deployment guides

* Update deploy-fleet-on-hetzner-cloud.md

* Update enrolling-a-digital-ocean-droplet-on-a-fleet-instance.md

* Update how-to-install-osquery-and-enroll-linux-devices-into-fleet.md

* Update delivering-data-to-snowflake-from-fleet-and-osquery.md

* Update how-to-install-osquery-and-enroll-windows-devices-into-fleet.md

* Update how-to-install-osquery-and-enroll-macos-devices-into-fleet.md

* Update deploying-fleet-on-aws-with-terraform.md

* Update deploying-fleet-on-render.md

* Update how-to-uninstall-osquery.md

* Update osquery-a-tool-to-easily-ask-questions-about-operating-systems.md

* Update get-and-stay-compliant-across-your-devices-with-fleet.md

* Update work-may-be-watching-but-it-might-not-be-as-bad-as-you-think.md

* Update converting-unix-timestamps-with-osquery.md

* Update correlate-network-connections-with-community-id-in-osquery.md

* Update using-elasticsearch-and-kibana-to-visualize-osquery-performance.md

* Update fleet-quick-tips-querying-procdump-eula-has-been-accepted.md

* Update locate-assets-with-osquery.md

* Update osquery-consider-joining-against-the-users-table.md

* Update import-and-export-queries-and-packs-in-fleet.md

* Update ebpf-the-future-of-osquery-on-linux.md

* Update generate-process-trees-with-osquery.md

* Update get-and-stay-compliant-across-your-devices-with-fleet.md

* Update work-may-be-watching-but-it-might-not-be-as-bad-as-you-think.md

* Update ebpf-the-future-of-osquery-on-linux.md

* Change category meta value back to guides

Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com>

* change article category

* update latest article category

* add redirects for articles not handled by cloudflare rules

* Update to main nav

I did a little more housekeeping on the main nav for when we do the switch on these categories.

- Added link to /deploy under Guides on the Documentation dropdown.
- Added link to /guides under Guides on the Documentation dropdown
- Removed the now redundant "See all" from under Guides on the Documentation dropdown
- Removed the now redundant "See all" from under Articles on the Community dropdown (There's no need to point users to All categories any more, since all the category land are now linked to independently from the main nav.

* Update article category name

Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com>
Co-authored-by: Mike Thomas <mthomas@fleetdm.com>
2022-07-21 13:59:51 +09:00

151 lines
6.9 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Deploying Fleet on Render
[Render](https://render.com/) is a cloud hosting service that makes it dead simple to get things up and running fast, without the typical headache of larger enterprise hosting providers. Hosting Fleet on Render is a cost effective and scalable cloud environment with a lower barrier to entry, making it a great place to get some experience with [Fleet](https://fleetdm.com/) and [osquery](https://osquery.io/).
---
Below well look at how to deploy Fleet on Render using Render WebService & Private Service components. To complete this youll need an account on Render, and about 30 minutes.
Fleet only has 2 external dependencies:
- MySQL 5.7
- Redis 6
First lets get these dependencies up and running on Render.
---
## MySQL
Fleet uses MySQL as the datastore to organize host enrollment and other metadata around serving Fleet. Start by forking [https://github.com/edwardsb/render-mysql](https://github.com/edwardsb/render-mysql), then create a new private service within Render. When prompted for the repository — enter your forks URL here.
![Private Service component in Render](../website/assets/images/articles/deploying-fleet-on-render-2-216x163@2x.png)
*Private Service component in Render*
This private service will run MySQL, our database, so lets give it a fitting name, something like “fleet-mysql”.
Were also going to need to set up some environment variables and a disk to mount. Expand “Advanced” and enter the following:
### Environment Variables
- `MYSQL_DATABASE=fleet`
- `MYSQL_PASSWORD=supersecurepw`
- `MYSQL_ROOT_PASSWORD=supersecurerootpw`
- `MYSQL_USER=fleet`
### Disks
- Name: `mysql`
- Mount Path: `/var/lib/mysql`
- Size: `50GB`
---
## Redis
The next dependency well configure is Redis. Fleet uses Redis to ingest and queue the results of distributed queries, cache data, etc. Luckily for us the folks over at Render have a ready-to-deploy Redis template that makes deploying Redis as a private service a single mouse click. Check out [https://render.com/docs/deploy-redis](https://render.com/docs/deploy-redis).
After its deployed, you should see a unique Redis host/port combination, well need that for Fleet so make sure to copy it for later.
---
## Fleet
Now that we have the dependencies up and running, on to Fleet!
Start by forking or use [https://github.com/edwardsb/fleet-on-render](https://github.com/edwardsb/fleet-on-render) directly. This Dockerfile is based on Fleet, but overrides the default command to include the migration step, which prepares the database by running all required migrations. Normally its best to do this as a separate task, or job that runs before a new deployment, but for simplicity we can have it run every time the task starts.
Back in Render, create a new web service and give it a unique name, since this will be resolvable on the internet, it actually has to be unique on Renders platform.
![Web Service component in Render](../website/assets/images/articles/deploying-fleet-on-render-2-216x163@2x.png)
*Web Service component in Render*
Next we will supply the environment variables Fleet needs to connect to the database and redis. We are also going to disable TLS on the Fleet server, since Render is going to handle SSL termination for us.
Give it the following environment variables:
- `FLEET_MYSQL_ADDRESS=fleet-mysql:3306`(your unique service address)
- `FLEET_MYSQL_DATABASE=fleet`
- `FLEET_MYSQL_PASSWORD=supersecurepw`
- `FLEET_MYSQL_USERNAME=fleet`
- `FLEET_REDIS_ADDRESS=fleet-redis:10000` (your unique Redis host:port from earlier)
- `FLEET_SERVER_TLS=false` (Render takes care of SSL termination)
Additionally well configure the following so Render knows how to build our app and make sure its healthy:
![Additional component details](../website/assets/images/articles/deploying-fleet-on-render-3-512x213@2x.png)
- Health Check Path: `/healthz`
- Docker Build Context Directory: `.`
- Dockerfile Path: `./Dockerfile`
Click Create and watch Render deploy Fleet! You should see something like this in the event logs:
```
Migrations completed.
ts=20210915T02:09:07.06528012Z transport=http address=0.0.0.0:8080 msg=listening
```
Fleet is up and running, head to your public URL.
![Fleet deployed on Render](../website/assets/images/articles/deploying-fleet-on-render-4-216x163@2x.png)
*Fleet deployed on Render*
---
## Setup Fleet and enroll hosts
You should be prompted with a setup page, where you can enter your name, email, and password. Run through those steps and you should have an empty hosts page waiting for you.
Youll find the enroll-secret after clicking “Add New Hosts”. This is a special secret the host will need to register to your Fleet instance. Once you have the enroll-secret you can use `fleetctl` to create Orbit installers, which makes installing and updating osquery super simple. [Download fleetctl](https://github.com/fleetdm/fleet/releases/tag/fleet-v4.3.0) and try the following command (Docker require) on your terminal:
```
fleetctl package --type=msi --enroll-secret <secret> --fleet-url https://<your-unique-service-name>.onrender.com
```
This command creates an `msi` installer pointed at your Fleet instance.
Now we need some awesome queries to run against the hosts we enroll, check out the collection [here](https://github.com/fleetdm/fleet/tree/main/docs/01-Using-Fleet/standard-query-library).
To get them into Fleet we can use `fleetctl` again. Run the following on your terminal:
```
curl https://raw.githubusercontent.com/fleetdm/fleet/main/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml -o standard-query-library.yaml
```
Now that we downloaded the standard query library, well apply it using `fleetctl`. First well configure `fleetctl` to use the instance we just built.
Try running:
```
fleetctl config set --address https://<your-unique-service-name>.onrender.com
```
Next, login with your credentials from when you set up the Fleet instance by running `fleetctl login`:
```
fleetctl login
Log in using the standard Fleet credentials.
Email: <enter user you just setup>
Password:
Fleet login successful and context configured!
```
Applying the query library is simple. Just run:
```
fleetctl apply -f standard-query-library.yaml
```
`fleetctl` makes configuring Fleet really easy, directly from your terminal. You can even create API credentials so you can script `fleetctl` commands, and really unlock the power of Fleet.
Thats it! We have successfully deployed and configured a Fleet instance! Render makes this process super easy, and you can even enable auto-scaling and let the app grow with your needs.
<meta name="category" value="deploy">
<meta name="authorGitHubUsername" value="edwardsb">
<meta name="authorFullName" value="Ben Edwards">
<meta name="publishedOn" value="2021-11-21">
<meta name="articleTitle" value="Deploying Fleet on Render">
<meta name="articleImageUrl" value="../website/assets/images/articles/deploying-fleet-on-render-cover-1600x900@2x.jpg">
Reference in New Issue View Git Blame Copy Permalink