fleet icon indicating copy to clipboard operation
fleet copied to clipboard
verified publisher icon fleetdm

Ability to generate and download host enrollment package from UI

Open harrisonravazzolo opened this issue 1 year ago • 7 comments

  • csutomer-pingali: https://us-65885.app.gong.io/call?id=6868753973144545371&highlights=%5B%7B%22type%22%3A%22SHARE%22%2C%22from%22%3A1391%2C%22to%22%3A1680%7D%5D
  • prospect-interkosmos: Gong snippet TODO
  • prospect-ramzel: Gong snippet TODO
  • @noahtalerman: User requested this because they want a convenient way to download the agent. They're used to this experience from other MDM solutions. As a Mac Admin I'm not used to having to do all these steps for creating a Windows agent. I have to install Wine as a dependency, install fleetctl, and run fleetctl package just to get one .msi.

harrisonravazzolo avatar Oct 03 '24 20:10 harrisonravazzolo

Moved the original issue description here for safekeeping:

Problem

Gong Quote

we're using macs like i'm on a mac our whole team is on macs and mac os pkg pack package management is a thing we do all the time and it's like easy we don't build msis all the time we don't want to build msis all the time i don't want i had to install brew and install wine and i get it i appreciate that that's like well supported and it works on mac os honestly i do if you said you need to get a windows device and install vs code and then do this thing i would be like i'm not gonna do this i'm just gonna say no so

Fleet console should be able to generate a package, msi, enrollment installer for every operating system so the user does not need to install fleetctl and all the dependencies just to generate a package. In this use case, customer-pingali does not want to need to install Wine on their Mac.

What have you tried?

There is no workaround for this one.

Potential solutions

Through the Fleet console, a user should be able to select the package options, i.e. script enabled, fleet desktop included, etc. and then generate a downloadable installer.

noahtalerman avatar Oct 14 '24 19:10 noahtalerman

@phtardif1 can you please add Gong snippets for ramzel and interkosmos?

noahtalerman avatar Oct 14 '24 19:10 noahtalerman

Hey @noahtalerman,

From customer-preston:

Today, we are triggering a task in the AWS Cloud to build the .rpm, .deb, .pkg, .mobileconfig, .msi package We are also signing the .msi and .mobileconfig inside this cloud task

It’s hard to maintain and we feel like it’s not our job but more of the MDM’s job to provide the enrolment package For https://github.com/fleetdm/fleet/issues/22634 to be completly usable for us, it would require :

  • ability to pass the end user email as a parameter for the package generation
  • ability to either directly get a signed .msi or give a certificate so you can use it to sign the .msi
  • ability to either directly get a signed .mobileconfig or give a certificate so you can use it to sign the .mobileconfig

pintomi1989 avatar Oct 16 '24 13:10 pintomi1989

Thanks @pintomi1989. Is that from the shared Google doc?

Also, assuming we don't have a Gong snippet, is it intentional that we're not recording meetings w/ preston?

cc @zayhanlon

noahtalerman avatar Oct 18 '24 13:10 noahtalerman

Hey @noahtalerman,

That is from a Slack conversation around the issue. We're determining why the meeting recordings for this specific customer are not populating as of late, but it is not intentional. I've talked to @zayhanlon about it and we're working on the root cause.

pintomi1989 avatar Oct 18 '24 14:10 pintomi1989

Recording worked on the last meeting I was on @noahtalerman @pintomi1989

zayhanlon avatar Oct 18 '24 14:10 zayhanlon

@phtardif1 can you please add Gong snippets for ramzel and interkosmos?

noahtalerman avatar Oct 21 '24 13:10 noahtalerman

Hey @phtardif1 just giving you another ping! Can you please add Gong snippets for ramzel and interkosmos?

cc @dherder

noahtalerman avatar Oct 24 '24 13:10 noahtalerman

@noahtalerman DONE

dherder avatar Oct 24 '24 16:10 dherder

installers could be Fleet-maintained apps...

But they woyuld be be generic & pick up an enroll secret on install (this is the way most security agent installs from a console / web app work ...)

nonpunctual avatar Dec 05 '24 17:12 nonpunctual

On this issue, it would be awesome if we could somehow add the end_user_email system to this package generation, I don't know how yet, but just wanted to raise the idea 👍

valentinpezon-primo avatar Feb 05 '25 08:02 valentinpezon-primo

Added customer-emerson gong snippet.

@noahtalerman -

TL/DL;

  • Customer leases devices to SMB type clients.
  • Each client will be represented by a team in Fleet.
  • Clients will NOT ever login to Fleet, all management will be handled in via a customer platform leveraging API calls to Fleet.
  • As such, each client will need to be provided installers for their team across various OSes leading to a large amount of overhead for the customer.
  • Having the installer packages created within the UI and available via an API endpoint would resolve this issue for them.

kc9wwh avatar Apr 30 '25 14:04 kc9wwh

I don't think I'll finish drafting https://github.com/fleetdm/fleet/issues/29719 within the current design sprint, so adding this to Feature Fest.

rachaelshaw avatar Jul 15 '25 16:07 rachaelshaw