Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-04 13:59:01 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 70
fleet/docs/Contributing/reference/configuration-for-contributors.md

280 lines
10 KiB
Markdown
Raw Normal View History

Document all keys in `config` and `team` YAML documents (#7449) - Add a new "Configuration for contributors" doc page. Move settings that are not recommended for production use - Remove settings modified in the `config` YAML document from the deploying/configuration doc page - Document all keys in `config` and `teams` YAML documents - Add comments to several `.go` files and remove unused struct
2022-09-08 21:57:38 +00:00
# Configuration for contributors
Update VPP guide to mention custom apps (#38019) Guide for #32461. --------- Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
2026-01-13 22:46:58 +00:00
Don't use these Fleet server configuration options. For Fleet server configuration, please use the public [Fleet server configuration documentation](https://fleetdm.com/docs/configuration/fleet-server-configuration) instead. For YAML, please use the [public GitOps documentation](https://fleetdm.com/docs/configuration/yaml-files) instead.
Move packs API and YAML file to contributor docs (#7885) - Move docs for packs API routes to "API for contributors" page - Clean up "Overview" section in the "REST API" page - Organize anchor link list in the "API for contributors" page - Move docs for `pack` YAML file to the "Configuration for contributors" doc page - Add instructions for using teams to schedule queries for groups of hosts
2022-09-22 21:41:57 +00:00
Don't use contributor configuration (#33314) Same language as the contributor API docs: https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/api-for-contributors.md Context: https://github.com/fleetdm/fleet/issues/32669#issuecomment-3321434569
2025-09-22 22:48:16 +00:00
These options in this document are only used when contributing to Fleet. They frequently change to reflect current functionality.
Document all keys in `config` and `team` YAML documents (#7449) - Add a new "Configuration for contributors" doc page. Move settings that are not recommended for production use - Remove settings modified in the `config` YAML document from the deploying/configuration doc page - Document all keys in `config` and `teams` YAML documents - Add comments to several `.go` files and remove unused struct
2022-09-08 21:57:38 +00:00
Don't use contributor configuration (#33314) Same language as the contributor API docs: https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/api-for-contributors.md Context: https://github.com/fleetdm/fleet/issues/32669#issuecomment-3321434569
2025-09-22 22:48:16 +00:00
- [Fleet server configuration](#fleet-server-configuration)
- [YAML files](#yaml-files)
Document all keys in `config` and `team` YAML documents (#7449) - Add a new "Configuration for contributors" doc page. Move settings that are not recommended for production use - Remove settings modified in the `config` YAML document from the deploying/configuration doc page - Document all keys in `config` and `teams` YAML documents - Add comments to several `.go` files and remove unused struct
2022-09-08 21:57:38 +00:00
Add detail_query_overrides to contributor docs (#24589)
2024-12-10 20:46:59 +00:00
## Fleet server configuration
Server configuration docs: APNs and ABM in the UI (#19461) - Add redirect for error message on Fleet server startup if private key is missing: #19455 - Move the APNs and ABM environment variables to contributor docs. They will no longer be used
2024-06-03 19:45:41 +00:00
Add detail_query_overrides to contributor docs (#24589)
2024-12-10 20:46:59 +00:00
### s3_software_installers_disable_ssl
Server configuration docs: APNs and ABM in the UI (#19461) - Add redirect for error message on Fleet server startup if private key is missing: #19455 - Move the APNs and ABM environment variables to contributor docs. They will no longer be used
2024-06-03 19:45:41 +00:00
Server configuration docs: S3 for software and carves (#20032) Docs from changes to address following bug: - #19526
2024-06-28 14:40:02 +00:00
AWS S3 Disable SSL. Useful for local testing.
- Default value: false
- Environment variable: `FLEET_S3_SOFTWARE_INSTALLERS_DISABLE_SSL`
- Config file format:
```yaml
s3:
software_installers_disable_ssl: false
```
Add detail_query_overrides to contributor docs (#24589)
2024-12-10 20:46:59 +00:00
### s3_carves_disable_ssl
Server configuration docs: S3 for software and carves (#20032) Docs from changes to address following bug: - #19526
2024-06-28 14:40:02 +00:00
- Default value: false
- Environment variable: `FLEET_S3_CARVES_DISABLE_SSL`
- Config file format:
```yaml
s3:
carves_disable_ssl: false
```
Server configuration docs: APNs and ABM in the UI (#19461) - Add redirect for error message on Fleet server startup if private key is missing: #19455 - Move the APNs and ABM environment variables to contributor docs. They will no longer be used
2024-06-03 19:45:41 +00:00
Add detail_query_overrides to contributor docs (#24589)
2024-12-10 20:46:59 +00:00
### mdm.apple_apns_cert_bytes
Server configuration docs: APNs and ABM in the UI (#19461) - Add redirect for error message on Fleet server startup if private key is missing: #19455 - Move the APNs and ABM environment variables to contributor docs. They will no longer be used
2024-06-03 19:45:41 +00:00
The content of the Apple Push Notification service (APNs) certificate. An X.509 certificate, PEM-encoded. Typically generated via `fleetctl generate mdm-apple`.
- Default value: ""
- Environment variable: `FLEET_MDM_APPLE_APNS_CERT_BYTES`
- Config file format:
```yaml
mdm:
apple_apns_cert_bytes: |
-----BEGIN CERTIFICATE-----
... PEM-encoded content ...
-----END CERTIFICATE-----
```
Add detail_query_overrides to contributor docs (#24589)
2024-12-10 20:46:59 +00:00
### mdm.apple_apns_key_bytes
Server configuration docs: APNs and ABM in the UI (#19461) - Add redirect for error message on Fleet server startup if private key is missing: #19455 - Move the APNs and ABM environment variables to contributor docs. They will no longer be used
2024-06-03 19:45:41 +00:00
The content of the PEM-encoded private key for the Apple Push Notification service (APNs). Typically generated via `fleetctl generate mdm-apple`.
- Default value: ""
- Environment variable: `FLEET_MDM_APPLE_APNS_KEY_BYTES`
- Config file format:
```yaml
mdm:
apple_apns_key_bytes: |
-----BEGIN RSA PRIVATE KEY-----
... PEM-encoded content ...
-----END RSA PRIVATE KEY-----
```
Add detail_query_overrides to contributor docs (#24589)
2024-12-10 20:46:59 +00:00
### mdm.apple_scep_cert_bytes
Server configuration docs: APNs and ABM in the UI (#19461) - Add redirect for error message on Fleet server startup if private key is missing: #19455 - Move the APNs and ABM environment variables to contributor docs. They will no longer be used
2024-06-03 19:45:41 +00:00
The content of the Simple Certificate Enrollment Protocol (SCEP) certificate. An X.509 certificate, PEM-encoded. Typically generated via `fleetctl generate mdm-apple`.
- Default value: ""
- Environment variable: `FLEET_MDM_APPLE_SCEP_CERT_BYTES`
- Config file format:
```yaml
mdm:
apple_scep_cert_bytes: |
-----BEGIN CERTIFICATE-----
... PEM-encoded content ...
-----END CERTIFICATE-----
```
MDM setup docs: APNs and ABM in the UI (#19463)
2024-06-07 21:33:00 +00:00
The SCEP certificate/key pair generated by Fleet expires every 10 years. It's recommended to never change these unless they were compromised.
Server configuration docs: APNs and ABM in the UI (#19461) - Add redirect for error message on Fleet server startup if private key is missing: #19455 - Move the APNs and ABM environment variables to contributor docs. They will no longer be used
2024-06-03 19:45:41 +00:00
If your certificate/key pair was compromised and you change the pair, the disk encryption keys will no longer be viewable on all macOS hosts' **Host details** page until you turn disk encryption off and back on and the keys are [reset by the end user](https://fleetdm.com/docs/using-fleet/MDM-migration-guide#how-to-turn-on-disk-encryption).
Add detail_query_overrides to contributor docs (#24589)
2024-12-10 20:46:59 +00:00
### mdm.apple_scep_key_bytes
Server configuration docs: APNs and ABM in the UI (#19461) - Add redirect for error message on Fleet server startup if private key is missing: #19455 - Move the APNs and ABM environment variables to contributor docs. They will no longer be used
2024-06-03 19:45:41 +00:00
The content of the PEM-encoded private key for the Simple Certificate Enrollment Protocol (SCEP). Typically generated via `fleetctl generate mdm-apple`.
- Default value: ""
- Environment variable: `FLEET_MDM_APPLE_SCEP_KEY_BYTES`
- Config file format:
```yaml
mdm:
apple_scep_key_bytes: |
-----BEGIN RSA PRIVATE KEY-----
... PEM-encoded content ...
-----END RSA PRIVATE KEY-----
```
Add detail_query_overrides to contributor docs (#24589)
2024-12-10 20:46:59 +00:00
### mdm.apple_scep_challenge
Server configuration docs: APNs and ABM in the UI (#19461) - Add redirect for error message on Fleet server startup if private key is missing: #19455 - Move the APNs and ABM environment variables to contributor docs. They will no longer be used
2024-06-03 19:45:41 +00:00
An alphanumeric secret for the Simple Certificate Enrollment Protocol (SCEP). Define a unique, static secret 32 characters in length and only include alphanumeric characters.
> SCEP is commonly applied to a number of certificate use cases. Notably, Mobile Device Management (MDM) systems like Microsoft Intune and Apple MDM use SCEP for PKI certificate enrollment.
- Default value: ""
- Environment variable: `FLEET_MDM_APPLE_SCEP_CHALLENGE`
- Config file format:
```yaml
mdm:
apple_scep_challenge: scepchallenge
```
Add detail_query_overrides to contributor docs (#24589)
2024-12-10 20:46:59 +00:00
### mdm.apple_bm_server_token_bytes
Server configuration docs: APNs and ABM in the UI (#19461) - Add redirect for error message on Fleet server startup if private key is missing: #19455 - Move the APNs and ABM environment variables to contributor docs. They will no longer be used
2024-06-03 19:45:41 +00:00
This is the content of the Apple Business Manager encrypted server token downloaded from Apple Business Manager.
- Default value: ""
- Environment variable: `FLEET_MDM_APPLE_BM_SERVER_TOKEN_BYTES`
- Config file format:
```yaml
mdm:
apple_bm_server_token_bytes: |
Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type=enveloped-data
Content-Transfer-Encoding: base64
... rest of content ...
```
Add detail_query_overrides to contributor docs (#24589)
2024-12-10 20:46:59 +00:00
### mdm.apple_bm_cert_bytes
Server configuration docs: APNs and ABM in the UI (#19461) - Add redirect for error message on Fleet server startup if private key is missing: #19455 - Move the APNs and ABM environment variables to contributor docs. They will no longer be used
2024-06-03 19:45:41 +00:00
This is the content of the Apple Business Manager certificate. The certificate is a PEM-encoded X.509 certificate that's typically generated via `fleetctl generate mdm-apple-bm`.
- Default value: ""
- Environment variable: `FLEET_MDM_APPLE_BM_CERT_BYTES`
- Config file format:
```yaml
mdm:
apple_bm_cert_bytes: |
-----BEGIN CERTIFICATE-----
... PEM-encoded content ...
-----END CERTIFICATE-----
```
Add detail_query_overrides to contributor docs (#24589)
2024-12-10 20:46:59 +00:00
### mdm.apple_bm_key_bytes
Server configuration docs: APNs and ABM in the UI (#19461) - Add redirect for error message on Fleet server startup if private key is missing: #19455 - Move the APNs and ABM environment variables to contributor docs. They will no longer be used
2024-06-03 19:45:41 +00:00
This is the content of the PEM-encoded private key for the Apple Business Manager. It's typically generated via `fleetctl generate mdm-apple-bm`.
- Default value: ""
- Environment variable: `FLEET_MDM_APPLE_BM_KEY_BYTES`
- Config file format:
```yaml
mdm:
apple_bm_key_bytes: |
-----BEGIN RSA PRIVATE KEY-----
... PEM-encoded content ...
-----END RSA PRIVATE KEY-----
```
Add detail_query_overrides to contributor docs (#24589)
2024-12-10 20:46:59 +00:00
### license.enforce_host_limit
Update configuration docs (#22990) Move `license.enforce_host_limit` to contributor docs
2024-10-23 15:50:08 +00:00
Whether Fleet should enforce the host limit of the license, if true, attempting to enroll new hosts when the limit is reached will fail.
- Default value: `false`
- Environment variable: `FLEET_LICENSE_ENFORCE_HOST_LIMIT`
- Config file format:
```yaml
license:
enforce_host_limit: true
```
4.69.0 doc changes (#28937)
2025-06-14 19:26:45 +00:00
### license.enable_analytics
For approved Fleet Premium customers only.
Whether to send anonymous usage statistics. Overrides the value set by `enable_analytics` in the [Modify configuration](https://fleetdm.com/docs/rest-api/rest-api#modify-configuration) API endpoint.
- Default value: `true`
- Environment variable: `FLEET_LICENSE_ENABLE_ANALYTICS`
- Config file format:
```yaml
license:
enable_analytics: false
```
Contributor configuration reference: Microsoft compliance partner (#31154) Document this key so we don't forget what it looks like what it's used for. --------- Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
2025-07-24 22:36:25 +00:00
### microsoft_compliance_partner.proxy_api_key
For managed cloud customers only. The Fleet team sets this key.
Key that allows the Fleet server to communicate to the Microsoft compliance partner proxy on fleetdm.com.
- Default value: ""
- Environment variable: `FLEET_MICROSOFT_COMPLIANCE_PARTNER_PROXY_API_KEY`
- Config file format:
```yaml
microsoft_compliance_partner:
proxy_api_key: foobar
```
Preview of v4.77.0 doc changes (#35924) This PR will remain in draft as a preview of upcoming documentation changes for 4.77.0 --------- Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com> Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com> Co-authored-by: Victor Lyuboslavsky <2685025+getvictor@users.noreply.github.com> Co-authored-by: Ian Littman <iansltx@gmail.com> Co-authored-by: Noah Talerman <noahtal@umich.edu> Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com> Co-authored-by: Magnus Jensen <magnus@fleetdm.com> Co-authored-by: Jordan Montgomery <elijah.jordan.montgomery@gmail.com> Co-authored-by: Janis Watts <184028114+jmwatts@users.noreply.github.com> Co-authored-by: Allen Houchins <32207388+allenhouchins@users.noreply.github.com> Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com> Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com> Co-authored-by: Scott Gress <scottmgress@gmail.com> Co-authored-by: Carlo <1778532+cdcme@users.noreply.github.com>
2025-12-02 23:24:15 +00:00
### mdm.enable_custom_os_updates_and_filevault
> Experimental feature. This feature will be removed when Fleet adds the ability to add custom OS update and FileVault profiles via Fleet's UI, API, and YAML.
Update configuration-for-contributors.md (#39355)
2026-02-04 21:14:39 +00:00
This configuration option is not production ready. It hasn't been tested by Fleet. There will be conflicts between custom OS updates / FileVault configuration profiles and the profiles Fleet uses for these features under-the-hood.
`MDM_ENABLE_CUSTOM_OS_UPDATES_AND_FILEVAULT` is not production ready (#36674)
2025-12-04 22:37:46 +00:00
Preview of v4.77.0 doc changes (#35924) This PR will remain in draft as a preview of upcoming documentation changes for 4.77.0 --------- Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com> Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com> Co-authored-by: Victor Lyuboslavsky <2685025+getvictor@users.noreply.github.com> Co-authored-by: Ian Littman <iansltx@gmail.com> Co-authored-by: Noah Talerman <noahtal@umich.edu> Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com> Co-authored-by: Magnus Jensen <magnus@fleetdm.com> Co-authored-by: Jordan Montgomery <elijah.jordan.montgomery@gmail.com> Co-authored-by: Janis Watts <184028114+jmwatts@users.noreply.github.com> Co-authored-by: Allen Houchins <32207388+allenhouchins@users.noreply.github.com> Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com> Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com> Co-authored-by: Scott Gress <scottmgress@gmail.com> Co-authored-by: Carlo <1778532+cdcme@users.noreply.github.com>
2025-12-02 23:24:15 +00:00
If set to `true`, Fleet allows users to add the [SoftwareUpdateEnforcementSpecific declaration (DDM)](https://developer.apple.com/documentation/devicemanagement/softwareupdateenforcementspecific) profile, [FDEFileVault](https://developer.apple.com/documentation/devicemanagement/fdefilevault), [FDEFileVaultOptions](https://developer.apple.com/documentation/devicemanagement/fdefilevaultoptions), [FDERecoveryKeyEscrow](https://developer.apple.com/documentation/devicemanagement/fderecoverykeyescrow), and [/Vendor/MSFT/Policy/Config/Update/](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update) configuration profiles.
- Default value: `false`
- Environment variable: `FLEET_MDM_ENABLE_CUSTOM_OS_UPDATES_AND_FILEVAULT`
- Config file format:
```yaml
mdm:
enable_custom_os_updates_and_filevault: true
```
Added OTEL contributor docs (#39285) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves #38607
2026-02-05 13:21:27 +00:00
### logging.tracing_enabled
Enables OpenTelemetry tracing and metrics export. When enabled, traces and metrics are sent to the OTLP endpoint configured via the standard `OTEL_EXPORTER_OTLP_ENDPOINT` environment variable.
By default, OpenTelemetry is used. Set `tracing_type` to `elasticapm` only if you want to use Elastic APM instead.
- Default value: `false`
- Environment variable: `FLEET_LOGGING_TRACING_ENABLED`
- Config file format:
```yaml
logging:
tracing_enabled: true
# tracing_type: elasticapm # Only set if using Elastic APM instead of OpenTelemetry
```
### logging.otel_logs_enabled
Enables exporting logs to an OpenTelemetry collector in addition to stderr output. When enabled, logs are sent to the OTLP endpoint configured via the standard `OTEL_EXPORTER_OTLP_ENDPOINT` environment variable. Logs are automatically correlated with traces via `trace_id` and `span_id` attributes.
Added contributor docs for SigNoz. (#39402) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves #38607
2026-02-09 21:28:28 +00:00
> **Note:** All log levels, including debug, are always sent to the OpenTelemetry collector regardless of the `logging.debug` setting. The `logging.debug` flag only controls what appears in stderr output.
Added OTEL contributor docs (#39285) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves #38607
2026-02-05 13:21:27 +00:00
> **Note:** This option requires `logging.tracing_enabled` to be set to `true`. Fleet will fail to start if `otel_logs_enabled` is `true` but `tracing_enabled` is `false`.
- Default value: `false`
- Environment variable: `FLEET_LOGGING_OTEL_LOGS_ENABLED`
- Config file format:
```yaml
logging:
tracing_enabled: true
otel_logs_enabled: true
```
Add detail_query_overrides to contributor docs (#24589)
2024-12-10 20:46:59 +00:00
### FLEET_ENABLE_POST_CLIENT_DEBUG_ERRORS
Use this environment variable to allow `fleetd` to report errors to the server using the [endpoint to report an agent error](./API-for-contributors.md#report-an-agent-error). `fleetd` agents will always report vital errors to Fleet.
Update configuration docs (#22990) Move `license.enforce_host_limit` to contributor docs
2024-10-23 15:50:08 +00:00
##### Example YAML
```yaml
license:
key: foobar
enforce_host_limit: false
```
Add detail_query_overrides to contributor docs (#24589)
2024-12-10 20:46:59 +00:00
## YAML files
document flags required for fleetd error reporting (#14656) For #13189, this documents the server config flag required to report errors. ...
2023-10-20 04:49:18 +00:00
Add detail_query_overrides to contributor docs (#24589)
2024-12-10 20:46:59 +00:00
### features.detail_query_overrides
document flags required for fleetd error reporting (#14656) For #13189, this documents the server config flag required to report errors. ...
2023-10-20 04:49:18 +00:00
Add detail_query_overrides to contributor docs (#24589)
2024-12-10 20:46:59 +00:00
This feature can be used to override "detail queries" hardcoded in Fleet.
> IMPORTANT: This feature should only be used when debugging issues with Fleet's hardcoded queries.
Use with caution as this may break Fleet ingestion of hosts data.
- Optional setting (dictionary of key-value strings)
- Default value: none (empty)
- Config file format:
```yaml
features:
detail_query_overrides:
# null allows to disable the "users" query from running on hosts.
users: null
# this replaces the hardcoded "mdm" detail query.
mdm: "SELECT enrolled, server_url, installed_from_dep, payload_identifier FROM mdm;"
```
document flags required for fleetd error reporting (#14656) For #13189, this documents the server config flag required to report errors. ...
2023-10-20 04:49:18 +00:00
Document all keys in `config` and `team` YAML documents (#7449) - Add a new "Configuration for contributors" doc page. Move settings that are not recommended for production use - Remove settings modified in the `config` YAML document from the deploying/configuration doc page - Document all keys in `config` and `teams` YAML documents - Add comments to several `.go` files and remove unused struct
2022-09-08 21:57:38 +00:00
<meta name="pageOrderInSection" value="1100">
Website: Add meta descriptions to Fleet documentation. (#12586) #11986 Changes: - Added meta descriptions to Fleet documentation pages. --------- Co-authored-by: Rachael Shaw <r@rachael.wtf>
2023-07-13 16:57:17 +00:00
<meta name="description" value="Learn about the configuration files and settings that are helpful when developing or contributing to Fleet.">
Reference in a new issue Copy permalink