mirror of
https://github.com/fleetdm/fleet
synced 2026-04-21 13:37:30 +00:00
Renaming: fleetctl apply (#43581)
For the following issue: - https://github.com/fleetdm/fleet/issues/41419
This commit is contained in:
Noah Talerman
GitHub
parent
c783ac75b5
commit
5df1e0fdf5
1 changed files with 37 additions and 37 deletions
|
|
@ -15,30 +15,30 @@ The following example file includes several queries:
|
|||
```yaml
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: query
|
||||
kind: report
|
||||
spec:
|
||||
name: osquery_info
|
||||
description: A heartbeat counter that reports general performance (CPU, memory) and version.
|
||||
query: select i.*, p.resident_size, p.user_time, p.system_time, time.minutes as counter from osquery_info i, processes p, time where p.pid = i.pid;
|
||||
team: ""
|
||||
fleet: ""
|
||||
interval: 3600 # 1 hour
|
||||
observer_can_run: true
|
||||
automations_enabled: true
|
||||
discard_data: false
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: query
|
||||
kind: report
|
||||
spec:
|
||||
name: Get serial number of a laptop
|
||||
description: Returns the serial number of a laptop, which can be useful for asset tracking.
|
||||
query: SELECT hardware_serial FROM system_info;
|
||||
team: Workstations
|
||||
fleet: Workstations
|
||||
interval: 0
|
||||
observer_can_run: true
|
||||
discard_data: false
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: query
|
||||
kind: report
|
||||
spec:
|
||||
name: Get recently added or removed USB drives
|
||||
description: Report event publisher health and track event counters.
|
||||
|
|
@ -48,7 +48,7 @@ spec:
|
|||
LEFT JOIN mounts
|
||||
ON mounts.device = disk_events.device
|
||||
;
|
||||
team: Workstations (Canary)
|
||||
fleet: Workstations (Canary)
|
||||
interval: 86400 # 24 hours
|
||||
observer_can_run: false
|
||||
min_osquery_version: 5.4.0
|
||||
|
|
@ -131,7 +131,7 @@ Another reason you might want to use multiple enroll secrets is to use a certain
|
|||
|
||||
**Applies only to Fleet Premium**.
|
||||
|
||||
The `team` YAML file controls a fleet of hosts.
|
||||
The `fleet` YAML file controls a fleet of hosts.
|
||||
|
||||
You can define one or more fleet in the same file with `---`.
|
||||
|
||||
|
|
@ -139,9 +139,9 @@ The following example file includes one fleet:
|
|||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: team
|
||||
kind: fleet
|
||||
spec:
|
||||
team:
|
||||
fleet:
|
||||
name: "💻 Workstations"
|
||||
agent_options:
|
||||
config:
|
||||
|
|
@ -175,7 +175,7 @@ spec:
|
|||
mdm:
|
||||
android_settings:
|
||||
certificates: null
|
||||
custom_settings: null
|
||||
configuration_profiles: null
|
||||
enable_disk_encryption: true
|
||||
ios_updates:
|
||||
deadline: null
|
||||
|
|
@ -185,13 +185,13 @@ spec:
|
|||
deadline: null
|
||||
minimum_version: null
|
||||
update_new_hosts: null
|
||||
macos_settings:
|
||||
custom_settings: []
|
||||
macos_setup:
|
||||
bootstrap_package: ""
|
||||
apple_settings:
|
||||
configuration_profiles: []
|
||||
setup_experience:
|
||||
macos_bootstrap_package: ""
|
||||
enable_end_user_authentication: true
|
||||
enable_release_device_manually: false
|
||||
macos_setup_assistant: ""
|
||||
apple_setup_assistant: ""
|
||||
manual_agent_install: false
|
||||
require_all_software_macos: false
|
||||
script: ""
|
||||
|
|
@ -202,7 +202,7 @@ spec:
|
|||
update_new_hosts: null
|
||||
windows_require_bitlocker_pin: null
|
||||
windows_settings:
|
||||
custom_settings: null
|
||||
configuration_profiles: null
|
||||
windows_updates:
|
||||
deadline_days: null
|
||||
grace_period_days: null
|
||||
|
|
@ -214,7 +214,7 @@ spec:
|
|||
secrets:
|
||||
- created_at: "2026-02-08T05:25:21Z"
|
||||
secret: tTavYeEwmUYzdnRlPICwVcFtPszkIvkf
|
||||
team_id: 310
|
||||
fleet_id: 310
|
||||
software:
|
||||
app_store_apps: null
|
||||
fleet_maintained_apps:
|
||||
|
|
@ -296,16 +296,16 @@ spec:
|
|||
|
||||
The fleet-level agent options specify options that only apply to this fleet. When fleet-specific agent options have been specified, the agent options specified at the organization level are ignored for this fleet.
|
||||
|
||||
The documentation for this section is identical to the [Agent options](#agent-options) documentation for the organization settings, except that the YAML section where it is set must be as follows. (Note the `kind: team` key and the location of the `agent_options` key under `team` must have a `name` key to identify the team to configure.)
|
||||
The documentation for this section is identical to the [Agent options](#agent-options) documentation for the organization settings, except that the YAML section where it is set must be as follows. (Note the `kind: fleet` key and the location of the `agent_options` key under `fleet` must have a `name` key to identify the fleet to configure.)
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: team
|
||||
kind: fleet
|
||||
spec:
|
||||
team:
|
||||
fleet:
|
||||
name: Client Platform Engineering
|
||||
agent_options:
|
||||
# the team-specific options go here
|
||||
# the fleet-specific options go here
|
||||
```
|
||||
|
||||
### Fleet-level secrets
|
||||
|
|
@ -316,7 +316,7 @@ The `secrets` section provides the list of enroll secrets that will be valid for
|
|||
- Default value: none (empty)
|
||||
- Config file format:
|
||||
```yaml
|
||||
team:
|
||||
fleet:
|
||||
name: Client Platform Engineering
|
||||
secrets:
|
||||
- secret: RzTlxPvugG4o4O5IKS/HqEDJUmI1hwBoffff
|
||||
|
|
@ -330,7 +330,7 @@ You can modify an existing fleet by applying a new fleet configuration file with
|
|||
Retrieve the fleet configuration and output to a YAML file:
|
||||
|
||||
```sh
|
||||
% fleetctl get teams --name Workstations --yaml > workstation_config.yml
|
||||
% fleetctl get fleets --name Workstations --yaml > workstation_config.yml
|
||||
```
|
||||
After updating the generated YAML, apply the changes:
|
||||
|
||||
|
|
@ -357,22 +357,22 @@ webhook_settings
|
|||
|
||||
You can bypass these errors by removing the key from your YAML or adding the `--force` flag. This flag will apply the changes without validation and should be used with caution.
|
||||
|
||||
`mdm.macos_settings.custom_settings`, `mdm.windows_settings.custom_settings`, `mdm.macos_setup`, `mdm.volume_purchasing_program`, and `scripts` only include the settings applied using `fleetctl apply`. To list settings added in the UI or API, use the [List configuration profiles](https://fleetdm.com/docs/rest-api/rest-api#list-custom-os-settings-configuration-profiles), GET endpoints from [Setup experience](https://fleetdm.com/docs/rest-api/rest-api#setup-experience), [List Volume Purchasing Program (VPP) tokens](https://fleetdm.com/docs/rest-api/rest-api#list-volume-purchasing-program-vpp-tokens), or [List scripts](https://fleetdm.com/docs/rest-api/rest-api#list-scripts) instead.
|
||||
`mdm.apple_settings.configuration_profiles`, `mdm.windows_settings.configuration_profiles`, `mdm.setup_experience`, `mdm.volume_purchasing_program`, and `scripts` only include the settings applied using `fleetctl apply`. To list settings added in the UI or API, use the [List configuration profiles](https://fleetdm.com/docs/rest-api/rest-api#list-custom-os-settings-configuration-profiles), GET endpoints from [Setup experience](https://fleetdm.com/docs/rest-api/rest-api#setup-experience), [List Volume Purchasing Program (VPP) tokens](https://fleetdm.com/docs/rest-api/rest-api#list-volume-purchasing-program-vpp-tokens), or [List scripts](https://fleetdm.com/docs/rest-api/rest-api#list-scripts) instead.
|
||||
|
||||
### Mobile device management (MDM) settings for fleets
|
||||
|
||||
The `mdm` section of this configuration YAML lets you control MDM settings for each fleet.
|
||||
|
||||
To specify fleet MDM configuration, as opposed to [Organization-wide MDM configuration](#mobile-device-management-mdm-settings), follow the below YAML format. Note the `kind: team` field, as well as the `name` and `mdm` fields under `team`.
|
||||
To specify fleet MDM configuration, as opposed to [Organization-wide MDM configuration](#mobile-device-management-mdm-settings), follow the below YAML format. Note the `kind: fleet` field, as well as the `fleet` and `mdm` fields under `fleet`.
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: team
|
||||
kind: fleet
|
||||
spec:
|
||||
team:
|
||||
fleet:
|
||||
name: Client Platform Engineering
|
||||
mdm:
|
||||
# the team-specific mdm options go here
|
||||
# the fleet-specific mdm options go here
|
||||
```
|
||||
|
||||
### Fleet-level scripts
|
||||
|
|
@ -384,9 +384,9 @@ List of saved scripts that can be run on hosts that are part of the fleet.
|
|||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: team
|
||||
kind: fleet
|
||||
spec:
|
||||
team:
|
||||
fleet:
|
||||
name: Client Platform Engineering
|
||||
scripts:
|
||||
- path/to/script1.sh
|
||||
|
|
@ -438,9 +438,9 @@ spec:
|
|||
server_settings:
|
||||
deferred_save_host: false
|
||||
enable_analytics: true
|
||||
live_query_disabled: false
|
||||
query_reports_disabled: false
|
||||
scripts_disabled: false
|
||||
live_reports_disabled: false
|
||||
reports_disabled: false
|
||||
stored_results_disabled: false
|
||||
server_url: ""
|
||||
smtp_settings:
|
||||
authentication_method: authmethod_plain
|
||||
|
|
@ -492,19 +492,19 @@ spec:
|
|||
enable_vulnerabilities_webhook: false
|
||||
host_batch_size: 0
|
||||
mdm:
|
||||
apple_bm_default_team: ""
|
||||
apple_bm_default_fleet: ""
|
||||
windows_enabled_and_configured: false
|
||||
macos_updates:
|
||||
minimum_version: ""
|
||||
deadline: ""
|
||||
macos_settings:
|
||||
custom_settings:
|
||||
apple_settings:
|
||||
configuration_profiles:
|
||||
- path: '/path/to/profile1.mobileconfig'
|
||||
- path: '/path/to/profile2.mobileconfig'
|
||||
- path: '/path/to/profile3.mobileconfig'
|
||||
enable_disk_encryption: true
|
||||
windows_settings:
|
||||
custom_settings:
|
||||
configuration_profiles:
|
||||
- path: '/path/to/profile4.xml'
|
||||
- path: '/path/to/profile5.xml'
|
||||
```
|
||||
|
|
|
|||
Loading…
Reference in a new issue