mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 17:05:18 +00:00
a4d7e81475
* Support environments with revoked enroll secrets * Add instructions on how to fix Orbit enroll * Rename to last_recorded_error * Add alternative instructions
14 lines
990 B
Plaintext
14 lines
990 B
Plaintext
* Orbit allows configuring osquery startup flags from Fleet, see [#7377](https://github.com/fleetdm/fleet/issues/7377).
|
|
|
|
Important note for existing deployments that use Orbit:
|
|
This feature requires Orbit to communicate with Fleet. Orbit uses osquery's enroll secret to authenticate and enroll to Fleet.
|
|
On environments where an enroll secret has been revoked, Orbit hosts that were deployed with such secret will fail to enroll to Fleet.
|
|
This is not a regression, all existing features should work as expected, but we recommend to fix this issue given that we will be adding
|
|
more features to Orbit that will use the new communication channel.
|
|
|
|
1. To determine which hosts need to be fixed, run the following query: `SELECT * FROM orbit_info WHERE enrolled = false`.
|
|
Hosts not running Orbit will fail to execute such query because the table doesn't exist, those can be ignored.
|
|
2. Generate Orbit packages with the new enroll secret.
|
|
3. Deploy Orbit packages to the hosts returned in (1).
|
|
|