Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 13:37:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 91
fleet/tools/osquery/in-a-box/docker-compose.yml
Ian Littman 7d4acdc5c4
Bump supported MySQL versions (#40892) 
Fixes #40975.

8.0.32 (was running in Aurora managed cloud at the time) -> 8.0.39 (what
we're running now) 8.0.36 -> 8.0.44 (latest 8.0.x version supported by
Aurora; holding off on 8.0.45 until Aurora supports it) 8.4.7 -> 8.4.8
9.5.0 -> 9.6.0

Also bumped the supported Aurora version from 3.07.0 to 3.08.2 to match
what we're running in managed cloud right now

Fleet might work on older patch versions but we'll no longer dev/test on
them. MySQL 9.x not testing previous minor versions matches with our
previous approach for that version.

Since these are all patch/minor bumps (and the overnight build cases are
patch bumps/are covered by AWS envs) automated testing should be
sufficient here.
2026-03-04 12:25:20 -06:00

150 lines
5.2 KiB
YAML
Raw Blame History

volumes:
data01:
driver: local
data-s3:
networks:
fleet-preview:
name: fleet-preview
services:
mysql01:
image: mysql:8.0.44
platform: linux/x86_64
volumes:
- .:/data
command: mysqld --datadir=/tmp/data --event-scheduler=ON
environment:
MYSQL_ROOT_PASSWORD: toor
MYSQL_DATABASE: fleet
MYSQL_USER: fleet
MYSQL_PASSWORD: fleet
ports:
- "3308:3306"
networks:
- fleet-preview
redis01:
image: redis:6
networks:
- fleet-preview
# Normal Fleet server running TLS with a self-signed cert to handle the
# osquery connections.
fleet01:
image: fleetdm/fleet:${FLEET_VERSION:-latest}
platform: linux/x86_64
command: sh -c "/usr/bin/fleet prepare db --no-prompt && /usr/bin/fleet serve"
environment:
FLEET_S3_SOFTWARE_INSTALLERS_BUCKET: software-installers-preview
FLEET_S3_SOFTWARE_INSTALLERS_ACCESS_KEY_ID: locals3
FLEET_S3_SOFTWARE_INSTALLERS_SECRET_ACCESS_KEY: locals3
FLEET_S3_SOFTWARE_INSTALLERS_ENDPOINT_URL: http://s3:9000
FLEET_S3_SOFTWARE_INSTALLERS_REGION: localhost
FLEET_S3_SOFTWARE_INSTALLERS_DISABLE_SSL: true
FLEET_S3_SOFTWARE_INSTALLERS_FORCE_S3_PATH_STYLE: true
FLEET_MYSQL_ADDRESS: mysql01:3306
FLEET_MYSQL_DATABASE: fleet
FLEET_MYSQL_USERNAME: fleet
FLEET_MYSQL_PASSWORD: fleet
FLEET_REDIS_ADDRESS: redis01:6379
FLEET_SERVER_ADDRESS: 0.0.0.0:8412
FLEET_SERVER_CERT: /fleet/osquery/fleet.crt
FLEET_SERVER_KEY: /fleet/osquery/fleet.key
FLEET_LOGGING_JSON: 'true'
FLEET_OSQUERY_STATUS_LOG_PLUGIN: filesystem
FLEET_FILESYSTEM_STATUS_LOG_FILE: /logs/osqueryd.status.log
FLEET_OSQUERY_RESULT_LOG_PLUGIN: filesystem
FLEET_FILESYSTEM_RESULT_LOG_FILE: /logs/osqueryd.results.log
FLEET_BETA_SOFTWARE_INVENTORY: 1
FLEET_LICENSE_KEY: ${FLEET_LICENSE_KEY}
FLEET_OSQUERY_LABEL_UPDATE_INTERVAL: 1m
FLEET_VULNERABILITIES_CURRENT_INSTANCE_CHECKS: "yes"
FLEET_VULNERABILITIES_DATABASES_PATH: /vulndb
FLEET_VULNERABILITIES_PERIODICITY: 5m
FLEET_LOGGING_DEBUG: 'true'
FLEET_SERVER_PRIVATE_KEY: ${FLEET_SERVER_PRIVATE_KEY}
# This can be configured for testing purposes but otherwise uses the
# typical default of provided.
FLEET_OSQUERY_HOST_IDENTIFIER: ${FLEET_OSQUERY_HOST_IDENTIFIER:-provided}
depends_on:
- mysql01
- redis01
- s3
volumes:
- .:/fleet/
- ./logs:/logs
- ./vulndb:/vulndb
- ./config:/config
ports:
- "8412:8412"
networks:
fleet-preview:
aliases:
# Kind of a funny hack, this allows host.docker.internal to point
# to the Fleet server on Linux hosts where host.docker.internal is not
# yet added as a host by default in Docker.
- host.docker.internal
# Another strange hack, this allows the UI Fleet server to see
# this server as though it were on localhost, thereby allowing it to
# download the TLS certificate.
- localhost
# Run another Fleet server listening over plain HTTP bound to port 1337.
# This is expected to receive UI requests only and not connections from
# agents.
fleet02:
image: fleetdm/fleet:${FLEET_VERSION:-latest}
platform: linux/x86_64
command: sh -c "/usr/bin/fleet prepare db --no-prompt && /usr/bin/fleet serve"
environment:
FLEET_S3_SOFTWARE_INSTALLERS_BUCKET: software-installers-preview
FLEET_S3_SOFTWARE_INSTALLERS_ACCESS_KEY_ID: locals3
FLEET_S3_SOFTWARE_INSTALLERS_SECRET_ACCESS_KEY: locals3
FLEET_S3_SOFTWARE_INSTALLERS_ENDPOINT_URL: http://s3:9000
FLEET_S3_SOFTWARE_INSTALLERS_REGION: localhost
FLEET_S3_SOFTWARE_INSTALLERS_DISABLE_SSL: true
FLEET_S3_SOFTWARE_INSTALLERS_FORCE_S3_PATH_STYLE: true
FLEET_MYSQL_ADDRESS: mysql01:3306
FLEET_MYSQL_DATABASE: fleet
FLEET_MYSQL_USERNAME: fleet
FLEET_MYSQL_PASSWORD: fleet
FLEET_REDIS_ADDRESS: redis01:6379
FLEET_SERVER_ADDRESS: 0.0.0.0:1337
FLEET_SERVER_TLS: "false"
FLEET_LOGGING_JSON: "true"
FLEET_SESSION_DURATION: 720h
FLEET_OSQUERY_STATUS_LOG_PLUGIN: stdout
FLEET_OSQUERY_RESULT_LOG_PLUGIN: stdout
FLEET_BETA_SOFTWARE_INVENTORY: 1
FLEET_LICENSE_KEY: ${FLEET_LICENSE_KEY}
FLEET_OSQUERY_LABEL_UPDATE_INTERVAL: 1m
FLEET_VULNERABILITIES_CURRENT_INSTANCE_CHECKS: "no"
FLEET_SERVER_PRIVATE_KEY: ${FLEET_SERVER_PRIVATE_KEY}
# This can be configured for testing purposes but otherwise uses the
# typical default of provided.
FLEET_OSQUERY_HOST_IDENTIFIER: ${FLEET_OSQUERY_HOST_IDENTIFIER:-provided}
depends_on:
- mysql01
- redis01
- s3
volumes:
- ./config:/config
ports:
- "1337:1337"
networks:
- fleet-preview
s3:
image: rustfs/rustfs:1.0.0-alpha.80
entrypoint: sh
command: -c 'mkdir -p /data/software-installers-preview && /usr/bin/rustfs /data'
environment:
- RUSTFS_ADDRESS=0.0.0.0:9000
- RUSTFS_EXTERNAL_ADDRESS=:9000
- RUSTFS_ACCESS_KEY=locals3
- RUSTFS_SECRET_KEY=locals3
volumes:
- data-s3:/data:rw
networks:
- fleet-preview
Reference in a new issue View git blame Copy permalink