mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 08:55:24 +00:00
1f97514200
#9857 The "Public IP address" field is sometimes set to a "Private IP" on the following types of Fleet deployments: - Local deployments. - Deployments where Fleet is on a private network. - Deployments where an agent connects to Fleet not via the public internet. This PR will prevent a private IP to be set on the `host.public_ip` field. And this PR also adds documentation on how Fleet deduces the public IPs of the devices so that a user can make the changes to fix this. - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - ~[ ] Added/updated tests~ - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
68 lines
2.0 KiB
YAML
68 lines
2.0 KiB
YAML
services:
|
|
mysql:
|
|
platform: ${FLEET_MYSQL_PLATFORM:-linux/x86_64}
|
|
image: mysql:5.7
|
|
environment:
|
|
MYSQL_ROOT_PASSWORD: toor
|
|
MYSQL_DATABASE: fleet
|
|
MYSQL_USER: fleet
|
|
MYSQL_PASSWORD: fleet
|
|
ports:
|
|
- "3306"
|
|
|
|
redis:
|
|
image: redis:6
|
|
|
|
# reverse proxy and tls termination for fleet-a and fleet-b
|
|
fleet:
|
|
image: nginx
|
|
volumes:
|
|
# don't mount the config. These will be copied manually so that
|
|
# we can reload nginx without recreating containers and getting a new public port each time.
|
|
# - ./nginx/fleet-a.conf:/etc/nginx/conf.d/default.conf
|
|
- ./fleet.crt:/etc/nginx/fleet.crt
|
|
- ./fleet.key:/etc/nginx/fleet.key
|
|
ports:
|
|
- "443"
|
|
|
|
fleet-a:
|
|
&default-fleet
|
|
image: fleetdm/fleet:${FLEET_VERSION_A:-latest}
|
|
environment:
|
|
FLEET_MYSQL_ADDRESS: mysql:3306
|
|
FLEET_MYSQL_DATABASE: fleet
|
|
FLEET_MYSQL_USERNAME: fleet
|
|
FLEET_MYSQL_PASSWORD: fleet
|
|
FLEET_REDIS_ADDRESS: redis:6379
|
|
FLEET_SERVER_ADDRESS: 0.0.0.0:8080
|
|
FLEET_SERVER_TLS: 'false'
|
|
FLEET_LOGGING_JSON: 'true'
|
|
FLEET_LICENSE_KEY: ${FLEET_LICENSE_KEY}
|
|
FLEET_OSQUERY_LABEL_UPDATE_INTERVAL: 1m
|
|
FLEET_VULNERABILITIES_CURRENT_INSTANCE_CHECKS: "yes"
|
|
FLEET_VULNERABILITIES_DATABASES_PATH: /fleet/vulndb
|
|
FLEET_VULNERABILITIES_PERIODICITY: 5m
|
|
FLEET_LOGGING_DEBUG: 'true'
|
|
# This can be configured for testing purposes but otherwise uses the
|
|
# typical default of provided.
|
|
FLEET_OSQUERY_HOST_IDENTIFIER: ${FLEET_OSQUERY_HOST_IDENTIFIER:-provided}
|
|
ports:
|
|
- "8080"
|
|
depends_on:
|
|
- mysql
|
|
- redis
|
|
|
|
# Uses a different version than fleet-a
|
|
fleet-b:
|
|
<<: *default-fleet
|
|
image: fleetdm/fleet:${FLEET_VERSION_B:-latest}
|
|
|
|
osquery:
|
|
image: "osquery/osquery:4.6.0-ubuntu20.04"
|
|
volumes:
|
|
- ./fleet.crt:/etc/osquery/fleet.crt
|
|
- ./osquery.flags:/etc/osquery/osquery.flags
|
|
environment:
|
|
ENROLL_SECRET: "${ENROLL_SECRET}"
|
|
command: osqueryd --flagfile=/etc/osquery/osquery.flags
|