fleet icon indicating copy to clipboard operation
fleet copied to clipboard
verified publisher icon fleetdm

Setup experience software is reset with any gitops run

Open AndreyKizimenko opened this issue 7 months ago • 2 comments

Fleet version: 4.70 <!-- Copy this from the "My account" page in the Fleet UI, or run fleetctl --version -->

Web browser and operating system: N/A

:boom: Actual behavior

After a gitops run the software that you pre-selected in the Setup Experience UI is cleared out

https://github.com/user-attachments/assets/98808ee9-c73b-45eb-ad1b-0e22a5a2d01f

:technologist: Steps to reproduce

  1. Set up a gitops repo for your local Fleet server so you can do a fleetctl gitops run.
  2. In your fleet instance add any software in the Setup Experience
  3. Add supported macos_setup options. i.e.
macos_setup:   
    bootstrap_package: https://files.pezhub.ngrok.app/fleetdm/Bootstrap-packages/dummy-bootstrap-package.pkg
    enable_end_user_authentication: true
    macos_setup_assistant: null
  1. Run a fleetctl gitops command
  2. Refresh the Setup experience page and go to the software tab

:candle: More info (optional)

We have an open issue (#30067) to support Setup experience with GitOps but I'm not sure whether the current behavior is still expected. Anyone who's using gitops will reset their software

AndreyKizimenko avatar Jun 20 '25 21:06 AndreyKizimenko

@AndreyKizimenko Setup Experience software is usable on GitOps, as shown in our own Dogfood GitOps config for the Workstations team:

https://github.com/fleetdm/fleet/blob/2caaca59c546bcca283a5da46278213164814fb0/it-and-security/teams/workstations.yml#L75-L79

This is also documented in the YAML setup experience docs.

GitOps is intended to be declarative, so having macOS Setup Experience set without software is behaving as intended: deleting the associated software.

When you didn't provide Setup Experience config at all and applied GitOps, was software removed then, fi first added via the UI? If they weren't removed, that would be a bug, as we're not behaving sufficiently declaratively.

Adding the :reproduce tag back here to confirm if there's something wrong there, but currently your report looks like expected behavior.

iansltx avatar Jun 21 '25 01:06 iansltx

Side note: 4.70 is RC rather than released, so if this was a bug specific to 4.70 (or on main) it would be an unreleased bug and prioritized accordingly; the latest tagged release is 4.69 so in order to be classified as released a bug would need to be repro'd on 4.69 at this point.

iansltx avatar Jun 21 '25 01:06 iansltx

Ah, I see, I was probably mislead by this open issue (#30067), thanks for the clarifications. Answering your question, yes it is removing all the software that was previously available in the UI. Closing this as not planned

AndreyKizimenko avatar Jun 23 '25 15:06 AndreyKizimenko

Gitops run clears, A reset in software's dawn, Fleet finds paths untread.

fleet-release avatar Jun 23 '25 15:06 fleet-release