From 0ffa2cd918bc4dfe6d7cd9dd96ebc6e0bdd82d02 Mon Sep 17 00:00:00 2001
From: Harrison Ravazzolo <38767391+harrisonravazzolo@users.noreply.github.com>
Date: Fri, 20 Dec 2024 07:35:18 -0800
Subject: [PATCH] Create deploying-cloudflare-warp-with-fleet.md (#24945)
---
.../deploying-cloudflare-warp-with-fleet.md | 103 ++++++++++++++++++
1 file changed, 103 insertions(+)
create mode 100644 articles/deploying-cloudflare-warp-with-fleet.md
diff --git a/articles/deploying-cloudflare-warp-with-fleet.md b/articles/deploying-cloudflare-warp-with-fleet.md
new file mode 100644
index 0000000000..cae8d1c16b
--- /dev/null
+++ b/articles/deploying-cloudflare-warp-with-fleet.md
@@ -0,0 +1,103 @@
+# Deploying Cloudflare WARP with Fleet
+
+Cloudflare WARP is a secure VPN-like service that encrypts internet traffic and routes it through Cloudflare's network, improving privacy and security without compromising speed.
+
+## MacOS
+
+1. Create custom MDM Config
+ a. Download the example `.mobileconfig` file
+ b. Tailor the payload with the [desired parameters](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/parameters/) to satisfy your deployment
+
+2. Upload `.mobileconfig` to Fleet
+ a. In the Fleet admin console, navigate to **Controls**
+ b. Select the **Team** that requires Cloudflare WARP
+ c. Select **OS settings** > **Custom settings**
+ d. Select **Add profile** and upload the `.mobileconfig` from step 1
+ e. Select the hosts which require Cloudflare WARP:
+ - **All hosts:** Deploys WARP to all hosts in selected Team
+ - **Custom:** Deploys WARP to a subset of the hosts in the Team using [labels](https://fleetdm.com/guides/managing-labels-in-fleet)
+
+> Note that the payload will be installed on all targeted hosts, but the WARP agent is not yet installed. Proceed to step 3 to complete the process.
+
+3. Install WARP on hosts
+ a. In the Fleet admin console, navigate to **Software**
+ b. Select the **Team** that requires Cloudflare WARP
+ c. Select **Add software**
+ - Either add Cloudflare WARP from the **Fleet-maintained** library or
+ - Upload a custom `.pkg` obtained from [Cloudflare.](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/download-warp/#macos) If deploying with this approach, WARP will still need to be installed on select hosts via the UI, API or GitOps. Learn more about deploying software from this [article.](https://fleetdm.com/guides/deploy-software-packages)
+
+> If using Fleet-maintained app, you can choose to install on hosts automatically or manually. To allow users to install WARP from Fleet Desktop, check the box for Self-service.
+
+## Windows
+
+1. Download the WARP installer for Windows
+ a. Visit the [Download](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/download-warp/#windows) page to review system requirements and download the installer for your OS.
+
+2. Upload WARP installer to Fleet
+ a. In the Fleet admin console, navigate to **Software**
+ b. Select the **Team** that requires Cloudflare WARP
+ c. Select **Add software** > **Custom Package** and upload the `.msi` file downloaded from step 1
+ - To allow users to install WARP from Fleet Desktop, select Self-service. (Optional)
+ d. Select **Advanced options**
+ e. In **Install script**, replace the default script:
+
+ ```
+ $logFile = "${env:TEMP}/fleet-install-software.log"
+
+ try {
+
+ $installProcess = Start-Process msiexec.exe `
+ -ArgumentList "/quiet /norestart ORGANIZATION=your-team-name SUPPORT_URL=https://example.com /lv ${logFile} /i `"${env:INSTALLER_PATH}`"" `
+ -PassThru -Verb RunAs -Wait
+
+ Get-Content $logFile -Tail 500
+
+ Exit $installProcess.ExitCode
+
+ } catch {
+ Write-Host "Error: $_"
+ Exit 1
+ }
+ ```
+
+> Refer to Cloudflare's [deployment parameters](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/parameters/) for a description of each argument and adjust your script as needed.
+
+4. Install WARP on hosts
+ a. In the Fleet admin console, navigate to **Hosts**
+ b. Select the host that requires the WARP client
+ c. Go to **Software** and search for **Cloudflare WARP**
+ d. Select **Actions** > **Install**
+
+> Learn more about ways to deploy software via the UI, API or GitOps from this [article.](https://fleetdm.com/guides/deploy-software-packages)
+
+## Linux
+
+Fleet allows admins to execute custom scripts on Linux hosts. The following example script creates an [MDM file](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/#linux) and installs WARP on an Ubuntu host:
+
+```
+#!/bin/sh
+
+# Write the mdm.xml file
+touch /var/lib/cloudflare-warp/mdm.xml
+echo -e "\n organization\n your-team-name\n
+" > /var/lib/cloudflare-warp/mdm.xml
+
+# Add cloudflare gpg key
+curl -fsSL https://pkg.cloudflareclient.com/pubkey.gpg | sudo gpg --yes --dearmor --output /usr/share/keyrings/cloudflare-warp-archive-keyring.gpg
+
+# Add this repo to your apt repositories
+echo "deb [signed-by=/usr/share/keyrings/cloudflare-warp-archive-keyring.gpg] https://pkg.cloudflareclient.com/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/cloudflare-client.list
+
+# Install
+sudo apt-get -y update && sudo apt-get -y install cloudflare-warp
+```
+
+> To learn about deploying scripts across multiple hosts, check out this [article.](https://fleetdm.com/guides/policy-automation-run-script)
+
+To install WARP on other Linux distributions, refer to the [package repository](https://pkg.cloudflareclient.com/)
+
+
+
+
+
+