Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[API design] Install software and run setup script when Macs boot #22650

Open
wants to merge 45 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 21 commits
Commits
Show all changes
45 commits
Select commit Hold shift + click to select a range
716a3da
API design: Add "Fedora Linux" label to `GET /host_summary` (#21733)
rachaelshaw Sep 4, 2024
d9e603a
Merge branch 'main' into docs-v4.58.0
rachaelshaw Sep 4, 2024
2647fbb
Merge branch 'main' into docs-v4.58.0
rachaelshaw Sep 12, 2024
51ca219
#20537 Documentation changes (#22042)
rachaelshaw Sep 12, 2024
d3c5517
Merge branch 'main' into docs-v4.58.0
rachaelshaw Sep 17, 2024
bdbb3b3
Merge branch 'main' into docs-v4.58.0
iansltx Sep 25, 2024
8fe01c8
Add API docs for script execution on policy failure (#22395)
iansltx Sep 25, 2024
1bcf73e
Update articles to indicate we support RPM packages when managing sof…
iansltx Sep 27, 2024
44b659b
Clarify how to remove software installer and script run automations f…
iansltx Sep 30, 2024
65f9b78
Merge branch 'main' into docs-v4.58.0
rachaelshaw Sep 30, 2024
8d15a6f
Add note on which command we're using for (un)installs on Linux distr…
iansltx Oct 1, 2024
494f9b6
Add run_script policy action, note that global policies can't run scr…
iansltx Oct 2, 2024
fee2697
Update rest-api.md
marko-lisica Oct 4, 2024
ddfe9fd
Update rest-api.md
marko-lisica Oct 4, 2024
701277b
Update rest-api.md
marko-lisica Oct 4, 2024
ff1d71d
Update rest-api.md
marko-lisica Oct 4, 2024
0cc2b92
Update rest-api.md
marko-lisica Oct 4, 2024
0949c75
Update rest-api.md
marko-lisica Oct 4, 2024
2835556
Update API-for-contributors.md
marko-lisica Oct 4, 2024
8e79dc2
Update docs/REST API/rest-api.md
marko-lisica Oct 4, 2024
93f227f
Update rest-api.md
marko-lisica Oct 4, 2024
52a2c51
Update rest-api.md
marko-lisica Oct 7, 2024
8c9a97d
Update docs/Contributing/API-for-contributors.md
marko-lisica Oct 8, 2024
87946b9
Update API-for-contributors.md
marko-lisica Oct 8, 2024
f3255b1
Update docs/REST API/rest-api.md
marko-lisica Oct 8, 2024
940607e
Update docs/REST API/rest-api.md
marko-lisica Oct 8, 2024
13eb685
Update docs/REST API/rest-api.md
marko-lisica Oct 8, 2024
f9f7898
Update docs/REST API/rest-api.md
marko-lisica Oct 8, 2024
384449f
Update rest-api.md
marko-lisica Oct 8, 2024
c199a89
Update docs/REST API/rest-api.md
marko-lisica Oct 8, 2024
9748d5a
Update docs/REST API/rest-api.md
marko-lisica Oct 8, 2024
0ccf32e
Update docs/REST API/rest-api.md
marko-lisica Oct 8, 2024
5a79b3a
Update docs/REST API/rest-api.md
marko-lisica Oct 8, 2024
0348bd8
Update rest-api.md
marko-lisica Oct 8, 2024
97ef9d6
Update API-for-contributors.md
marko-lisica Oct 8, 2024
8a5d90b
Update docs/Contributing/API-for-contributors.md
marko-lisica Oct 8, 2024
4e4ebc1
Add AccountConfiguration entry in response of /status endpoint
mna Oct 9, 2024
c353891
Update rest-api.md
marko-lisica Oct 22, 2024
bc16971
Update rest-api.md
marko-lisica Oct 22, 2024
69256d7
Update setup experience status point to orbit-authenticated
marko-lisica Oct 24, 2024
3d71f46
Update API-for-contributors.md
marko-lisica Oct 24, 2024
be865d8
Update docs/REST API/rest-api.md
rachaelshaw Oct 24, 2024
a1c96ee
Update API-for-contributors.md
marko-lisica Oct 25, 2024
7fd1686
Update rest-api.md
marko-lisica Oct 28, 2024
5e49522
Merge branch 'main' into 19372-api-design
rachaelshaw Oct 28, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion articles/automatic-software-install-in-fleet.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ Fleet allows its users to upload trusted software installation files to be insta
Current supported software deployment formats:
- macOS: .pkg
- Windows: .msi, .exe
- Linux: .deb
- Linux: .deb, .rpm

Coming soon:
- VPP for iOS and iPadOS
Expand Down
2 changes: 1 addition & 1 deletion articles/deploy-software-packages.md
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ To access and manage software in Fleet:

* Click the “Add Software” button in the top right corner, and a dialog will appear.

* Choose a file to upload. `.pkg`, `.msi`, `.exe`, and `.deb` files are supported.
* Choose a file to upload. `.pkg`, `.msi`, `.exe`, `.rpm`, and `.deb` files are supported.

> Software installer uploads will fail if Fleet is unable to extract information from the installer package such bundle ID and version number.

Expand Down
6 changes: 4 additions & 2 deletions docs/Configuration/yaml-files.md
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,8 @@ policies:
platform: darwin
critical: false
calendar_event_enabled: false
run_script:
path: "../lib/disable-guest-account.sh"
- name: Firefox on Linux installed and up to date
platform: linux
description: "This policy checks that Firefox is installed and up to date."
Expand All @@ -93,7 +95,7 @@ policies:
package_path: "../lib/linux-firefox.deb.package.yml"
```

`default.yml`, `teams/team-name.yml`, or `teams/no-team.yml`
`default.yml` (for policies that neither install software nor run scripts), `teams/team-name.yml`, or `teams/no-team.yml`

```yaml
policies:
Expand Down Expand Up @@ -319,7 +321,7 @@ The `software` section allows you to configure packages and Apple App Store apps
Software for hosts that belong to "No team" have to be defined in `teams/no-team.yml`.
Software can also be specified in separate files in your `lib/` folder.

- `packages` is a list of software packages (.pkg, .msi, .exe, or .deb) and software specific options.
- `packages` is a list of software packages (.pkg, .msi, .exe, .rpm, or .deb) and software specific options.
- `app_store_apps` is a list of Apple App Store apps.

#### Example
Expand Down
103 changes: 99 additions & 4 deletions docs/Contributing/API-for-contributors.md
Original file line number Diff line number Diff line change
Expand Up @@ -1507,13 +1507,23 @@ NOTE: when updating a policy, team and platform will be ignored.
"description": "Checks to make sure that the FileVault feature is enabled on macOS devices.",
"resolution": "Choose Apple menu > System Preferences, then click Security & Privacy. Click the FileVault tab. Click the Lock icon, then enter an administrator name and password. Click Turn On FileVault.",
"platform": "darwin",
"critical": true
}
"critical": true,
"script_id": 123
},
{
"name": "Is Adobe Acrobat installed and up to date?",
"query": "SELECT 1 FROM apps WHERE name = 'Adobe Acrobat Reader.app' AND version_compare(bundle_short_version, '23.001.20687') >= 0;",
"team": "Workstations",
"description": "Checks to make sure that Adobe Acrobat is installed and up to date.",
"platform": "darwin",
"critical": false,
"software_title_id": 12
},
]
}
```

The field `critical` is available in Fleet Premium.
The fields `critical`, `script_id`, and `software_title_id` are available in Fleet Premium.

##### Default response

Expand Down Expand Up @@ -2771,6 +2781,7 @@ Device-authenticated routes are routes used by the Fleet Desktop application. Un
- [Migrate device to Fleet from another MDM solution](#migrate-device-to-fleet-from-another-mdm-solution)
- [Trigger FileVault key escrow](#trigger-filevault-key-escrow)
- [Report an agent error](#report-an-agent-error)
- [Register a device with the setup experience](#register-a-device-with-the-setup-experience)
marko-lisica marked this conversation as resolved.
Show resolved Hide resolved

#### Refetch device's host

Expand Down Expand Up @@ -3174,6 +3185,73 @@ Notifies the server about an agent error, resulting in two outcomes:

`Status: 500`

### Register a device with the setup experience
marko-lisica marked this conversation as resolved.
Show resolved Hide resolved

`POST /api/v1/fleet/device/{token}/setup_experience/start`

##### Parameters

| Name | Type | In | Description |
| ----- | ------ | ---- | ---------------------------------- |
| token | string | path | The device's authentication token. |

##### Example

`POST /api/v1/fleet/device/8b49859b-1ffa-483d-ad27-85b30aa3c55f/setup_experience/start`

##### Default response

`Status: 201`

### Get the status of a device in the setup experience

`GET /api/v1/fleet/device/{token}/setup_experience/status`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Heads up @noahtalerman ; we figured out that this should be an Orbit authenticated endpoint in this slack convo. TLDR is that we found that we can launch swiftDialog directly from Orbit, without needing to use Fleet Desktop. Making this an Orbit endpoint will make it possible to do the setup experience during macOS Setup Assistant instead of afterwards.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FYI @marko-lisica (giving you a ping here just in case you missed this)

marko-lisica marked this conversation as resolved.
Show resolved Hide resolved

##### Parameters

| Name | Type | In | Description |
| ----- | ------ | ---- | ---------------------------------- |
| token | string | path | The device's authentication token. |

##### Example

`POST /api/v1/fleet/device/8b49859b-1ffa-483d-ad27-85b30aa3c55f/setup_experience/status`

##### Default response

`Status: 200`

```json
{
"bootstrap_package": {
marko-lisica marked this conversation as resolved.
Show resolved Hide resolved
"name": "botstrap_package.pkg",
"status": "completed"
},
mna marked this conversation as resolved.
Show resolved Hide resolved
"script": {
"execution_id": "02e4abba-7d96-4f5b-8c18-ffc5de71bd45",
"name": "setup-macos.sh",
"status": "pending"
},
"software": [
{
"software_title_id": 1,
"name": "Google Chrome.app",
"status": "installed"
},
{
"software_title_id": 2,
"name": "Zoom.us.app",
"status": "pending"
},
{
"software_title_id": 3,
"name": "Slack.app",
"status": "failed"
}
]
}
```

---


Expand Down Expand Up @@ -3336,7 +3414,24 @@ If both `team_id` and `team_name` parameters are included, this endpoint will re

##### Default response

`Status: 204`
`Status: 200`

```json
{
"scripts": [
{
"team_id": 3,
"id": 6690,
"name": "Ensure shields are up"
},
{
"team_id": 3,
"id": 10412,
"name": "Ensure flux capacitor is charged"
}
]
}
```

### Run live script

Expand Down
1 change: 1 addition & 0 deletions docs/Contributing/research/mdm/software-version-extract.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
| `.pkg` | Low | High | - |
| `.exe` | Low | High | - |
| `.deb` | Low | High | - |
| `.rpm` | Low | High | - |

More details:

Expand Down
6 changes: 4 additions & 2 deletions docs/Get started/FAQ.md
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ Fleet supports the following operating system versions on hosts.
| Linux | CentOS 7.1+, Ubuntu 20.04+, Fedora 38+ |
| ChromeOS | 112.0.5615.134+ |

While Fleet may still function partially or fully with OS versions older than those above, Fleet does not actively test against unsupported versions and does not pursue bugs on them.
While Fleet may still function partially or fully with OS versions older than those above, Fleet does not actively test against unsupported versions and does not pursue bugs on them.

## Some notes on compatibility

Expand All @@ -91,10 +91,12 @@ If a table is not available for your host, Fleet will generally handle things be

### Linux

Fleet Desktop is supported on Ubuntu and Fedora.
Fleet Desktop is supported on Ubuntu and Fedora.

Fedora requires a [gnome extension](https://extensions.gnome.org/extension/615/appindicator-support/) and Google Chrome for Fleet Desktop.

Fleet's default (un)install scripts use `apt-get` for Debian-based distributions, and `dnf` for Red Hat-based distributions. To install packages on CentOS versions prior to 8, either add `dnf` or edit install and uninstall scripts to use the `yum` or `rpm` command.

On Ubuntu, Fleet Desktop currently supports Xorg as X11 server, Wayland is currently not supported. Ubuntu 24.04 comes with Wayland enabled by default. To use X11 instead of Wayland you can set `WaylandEnable=false` in `/etc/gdm3/custom.conf` and reboot.

The `fleetctl package` command is not supported on DISA-STIG distribution.
Expand Down
Loading
Loading