Automatically install software - Gitops part.

[sharon-fdm]

Allow configuration of automatic install to be set with Gitops.

[sharon-fdm]

@lucasmrod when adding Gitops, are we typically also editing this document ?

[lucasmrod]

@xpkoala Added QA notes.

[sharon-fdm]

qa - @iansltx

[iansltx]

So, I've used bouncing from Firefox uninstalled to 129.0 to 129.0.1 to 129.0.2 to test this, and the .deb for FF129.0 uses the version string 129.0~build2. That string actually seems to match the software installation query listed above.

You can see this by running:

SELECT version, version_compare(version, '129.0.2') FROM deb_packages WHERE name = 'firefox'

After installing from https://ftp.mozilla.org/pub/firefox/releases/129.0/linux-x86_64/en-US/firefox-129.0.deb

But that's not actually an issue with this ticket, just with the query.

Functionality seems to work fine once I got my env set up properly:

1. Go from no Firefox installed on Debian Bookworm to FF129.0
2. Go from FF129.0 to 129.0.1 with a tweaked query asking for >= 130. This resulted in an install, and a failed -> failed so the install wasn't repeated, which is expected.
3. Go from FF129.0.1 to 129.0.2 via the normal query. Policy passed didn't install the package again, as expected.

Some potential sharp edges to clean up later:

1. Installed status on a package doesn't immediately rerun the query whose failure triggered the install, and I would expect that to happen so a successful install would immediately put the host in compliance if the install actually solved the problem.
2. The install_software: key on a policy can be blank with no feedback, which allows a silent failure when install_software and package_path are at the same level of indentation by mistake. We should fail loudly there.

But those are sharp edges that are potentially nontrivial to fix, so IMO this can go out in its current state.

[fleet-release]

Software installs flow, Guided by GitOps' hand, Ease for teams bestowed.