mirror of
https://github.com/fleetdm/fleet
synced 2026-05-23 17:08:53 +00:00
Windows Installer changes to support MDM Azure flow (#13025)
This relates to #12600 - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. - [X] Manual QA for all new/changed functionality
This commit is contained in:
Marcos Oviedo
GitHub
parent
8234d2e0fe
commit
7cfea0787e
3 changed files with 49 additions and 8 deletions
1
changes/issue-12600-azure-install-support
Normal file
1
changes/issue-12600-azure-install-support
Normal file
|
|
@ -0,0 +1 @@
|
|||
* Adding support to install Fleetd after enrolling through Azure account
|
||||
|
|
@ -54,6 +54,9 @@ var windowsWixTemplate = template.Must(template.New("").Option("missingkey=error
|
|||
<Property Id="ARPNOREPAIR" Value="yes" Secure="yes" />
|
||||
<Property Id="ARPNOMODIFY" Value="yes" Secure="yes" />
|
||||
|
||||
<Property Id="FLEET_URL" Value="{{ if .FleetURL }}'{{ .FleetURL }}'{{ end }}"/>
|
||||
<Property Id="FLEET_SECRET" Value="dummy"/>
|
||||
|
||||
<MediaTemplate EmbedCab="yes" />
|
||||
|
||||
<Property Id="POWERSHELLEXE">
|
||||
|
|
@ -96,7 +99,7 @@ var windowsWixTemplate = template.Must(template.New("").Option("missingkey=error
|
|||
Start="auto"
|
||||
Type="ownProcess"
|
||||
Description="This service runs Fleet's osquery runtime and autoupdater (Orbit)."
|
||||
Arguments='--root-dir "[ORBITROOT]." --log-file "[System64Folder]config\systemprofile\AppData\Local\FleetDM\Orbit\Logs\orbit-osquery.log"{{ if .FleetURL }} --fleet-url "{{ .FleetURL }}"{{ end }}{{ if .FleetCertificate }} --fleet-certificate "[ORBITROOT]fleet.pem"{{ end }}{{ if .EnrollSecret }} --enroll-secret-path "[ORBITROOT]secret.txt"{{ end }}{{if .Insecure }} --insecure{{ end }}{{ if .Debug }} --debug{{ end }}{{ if .UpdateURL }} --update-url "{{ .UpdateURL }}"{{ end }}{{ if .UpdateTLSServerCertificate }} --update-tls-certificate "[ORBITROOT]update.pem"{{ end }}{{ if .DisableUpdates }} --disable-updates{{ end }}{{ if .Desktop }} --fleet-desktop --desktop-channel {{ .DesktopChannel }}{{ if .FleetDesktopAlternativeBrowserHost }} --fleet-desktop-alternative-browser-host {{ .FleetDesktopAlternativeBrowserHost }}{{ end }}{{ end }} --orbit-channel "{{ .OrbitChannel }}" --osqueryd-channel "{{ .OsquerydChannel }}"'
|
||||
Arguments='--root-dir "[ORBITROOT]." --log-file "[System64Folder]config\systemprofile\AppData\Local\FleetDM\Orbit\Logs\orbit-osquery.log" --fleet-url "[FLEET_URL]"{{ if .FleetCertificate }} --fleet-certificate "[ORBITROOT]fleet.pem"{{ end }}{{ if .EnrollSecret }} --enroll-secret-path "[ORBITROOT]secret.txt"{{ end }}{{if .Insecure }} --insecure{{ end }}{{ if .Debug }} --debug{{ end }}{{ if .UpdateURL }} --update-url "{{ .UpdateURL }}"{{ end }}{{ if .UpdateTLSServerCertificate }} --update-tls-certificate "[ORBITROOT]update.pem"{{ end }}{{ if .DisableUpdates }} --disable-updates{{ end }}{{ if .Desktop }} --fleet-desktop --desktop-channel {{ .DesktopChannel }}{{ if .FleetDesktopAlternativeBrowserHost }} --fleet-desktop-alternative-browser-host {{ .FleetDesktopAlternativeBrowserHost }}{{ end }}{{ end }} --orbit-channel "{{ .OrbitChannel }}" --osqueryd-channel "{{ .OsquerydChannel }}"'
|
||||
>
|
||||
<util:ServiceConfig
|
||||
FirstFailureActionType="restart"
|
||||
|
|
@ -142,11 +145,24 @@ var windowsWixTemplate = template.Must(template.New("").Option("missingkey=error
|
|||
DllEntry="WixQuietExec64"
|
||||
Execute="deferred"
|
||||
Return="check"
|
||||
Impersonate="no" />
|
||||
Impersonate="no" />
|
||||
|
||||
<SetProperty Id="CA_UpdateSecret"
|
||||
Before ="CA_UpdateSecret"
|
||||
Sequence="execute"
|
||||
Value='"[POWERSHELLEXE]" -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -File "[ORBITROOT]installer_utils.ps1" -updateSecret "[FLEET_SECRET]"' />
|
||||
|
||||
<CustomAction Id="CA_UpdateSecret"
|
||||
BinaryKey="WixCA"
|
||||
DllEntry="WixQuietExec64"
|
||||
Execute="deferred"
|
||||
Return="check"
|
||||
Impersonate="no" />
|
||||
|
||||
<InstallExecuteSequence>
|
||||
<Custom Action='CA_RemoveOrbit' Before='RemoveFiles'>(NOT UPGRADINGPRODUCTCODE) AND (REMOVE="ALL")</Custom> <!-- Only happens during uninstall -->
|
||||
<Custom Action='CA_UninstallOsquery' After='InstallFiles'>NOT Installed AND NOT WIX_UPGRADE_DETECTED</Custom> <!-- Only happens during first install -->
|
||||
<Custom Action='CA_UpdateSecret' Before='InstallServices'>NOT Installed</Custom> <!-- It happens just before service creation -->
|
||||
</InstallExecuteSequence>
|
||||
|
||||
<Feature Id="Orbit" Title="Fleet osquery" Level="1" Display="hidden">
|
||||
|
|
@ -223,6 +239,7 @@ var windowsPSInstallerUtils = template.Must(template.New("").Option("missingkey=
|
|||
[switch] $uninstallOsquery = $false,
|
||||
[switch] $uninstallOrbit = $false,
|
||||
[switch] $stopOrbit = $false,
|
||||
[string] $updateSecret = "",
|
||||
[switch] $help = $false
|
||||
)
|
||||
|
||||
|
|
@ -434,13 +451,14 @@ function Test-Administrator
|
|||
function Do-Help {
|
||||
$programName = (Get-Item $PSCommandPath ).Name
|
||||
|
||||
Write-Host "Usage: $programName (-uninstallOsquery|-uninstallOrbit|-stopOrbit|-help)" -foregroundcolor Yellow
|
||||
Write-Host "Usage: $programName (-uninstallOsquery|-uninstallOrbit|-stopOrbit|-updateSecret|-help)" -foregroundcolor Yellow
|
||||
Write-Host ""
|
||||
Write-Host " Only one of the following options can be used. Using multiple will result in "
|
||||
Write-Host " options being ignored."
|
||||
Write-Host " -uninstallOsquery Uninstall Osquery"
|
||||
Write-Host " -uninstallOrbit Uninstall Orbit"
|
||||
Write-Host " -stopOrbit Stop Orbit"
|
||||
Write-Host " -updateSecret <secret> Update Orbit secret"
|
||||
Write-Host " -help Shows this help screen"
|
||||
|
||||
Exit 1
|
||||
|
|
@ -489,6 +507,20 @@ function Stop-Orbit {
|
|||
Start-Sleep -Milliseconds 1000
|
||||
}
|
||||
|
||||
#Updates Orbit secret
|
||||
function Update-OrbitSecret {
|
||||
|
||||
# Ensuring secret file is not empty
|
||||
if (-not ([string]::IsNullOrEmpty($updateSecret)) -and ($updateSecret -ne "dummy"))
|
||||
{
|
||||
Write-Host "Updating secret"
|
||||
$targetSecretFile = $Env:Programfiles + "\\Orbit\\secret.txt"
|
||||
Set-Content -NoNewline -Path $targetSecretFile -Value $updateSecret
|
||||
|
||||
Start-Sleep -Milliseconds 1000
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
#Revove Orbit footprint from registry and disk
|
||||
function Force-Remove-Orbit {
|
||||
|
|
@ -717,6 +749,14 @@ function Main {
|
|||
Write-Host "Orbit was stopped." -foregroundcolor Cyan
|
||||
Exit 0
|
||||
|
||||
} elseif (-not ([string]::IsNullOrEmpty($updateSecret))) {
|
||||
Write-Host "About to update Orbit secret." -foregroundcolor Yellow
|
||||
|
||||
Update-OrbitSecret
|
||||
|
||||
Write-Host "Orbit secret update was called." -foregroundcolor Cyan
|
||||
Exit 0
|
||||
|
||||
} else {
|
||||
Write-Host "Invalid option selected: please see -help for usage details." -foregroundcolor Red
|
||||
Do-Help
|
||||
|
|
|
|||
|
|
@ -1576,7 +1576,7 @@ func (svc *Service) getConfigProfilesToEnforce(ctx context.Context, commandID *i
|
|||
// installed only the first time the message is issued.
|
||||
// FleetURL and FleetSecret properties are passed to the Fleet MSI
|
||||
// See here for more information: https://learn.microsoft.com/en-us/windows/win32/msi/command-line-options
|
||||
installCommandPayload := `<MsiInstallJob id="{f5645004-3214-46ea-92c2-48835689da06}">
|
||||
installCommandPayload := `<MsiInstallJob id="{A427C0AA-E2D5-40DF-ACE8-0D726A6BE096}">
|
||||
<Product Version="1.0.0.0">
|
||||
<Download>
|
||||
<ContentURLList>
|
||||
|
|
@ -1584,10 +1584,10 @@ func (svc *Service) getConfigProfilesToEnforce(ctx context.Context, commandID *i
|
|||
</ContentURLList>
|
||||
</Download>
|
||||
<Validation>
|
||||
<FileHash>7D127BA8F8CC5937DB3052E2632D672120217D910E271A58565BBA780ED8F05C</FileHash>
|
||||
<FileHash>9F89C57D1B34800480B38BD96186106EB6418A82B137A0D56694BF6FFA4DDF1A</FileHash>
|
||||
</Validation>
|
||||
<Enforcement>
|
||||
<CommandLine>/quiet FleetURL="` + fleetEnrollUrl + `" FleetSecret="` + globalEnrollSecret + `"</CommandLine>
|
||||
<CommandLine>/quiet FLEET_URL="` + fleetEnrollUrl + `" FLEET_SECRET="` + globalEnrollSecret + `"</CommandLine>
|
||||
<TimeOut>10</TimeOut>
|
||||
<RetryCount>1</RetryCount>
|
||||
<RetryInterval>5</RetryInterval>
|
||||
|
|
@ -1599,7 +1599,7 @@ func (svc *Service) getConfigProfilesToEnforce(ctx context.Context, commandID *i
|
|||
<CmdID>` + getNextCmdID(commandID) + `</CmdID>
|
||||
<Item>
|
||||
<Target>
|
||||
<LocURI>./Device/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/%7Bf5645004-3214-46ea-92c2-48835689da06%7D/DownloadInstall</LocURI>
|
||||
<LocURI>./Device/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/%7BA427C0AA-E2D5-40DF-ACE8-0D726A6BE096%7D/DownloadInstall</LocURI>
|
||||
</Target>
|
||||
</Item>
|
||||
</Add>
|
||||
|
|
@ -1607,7 +1607,7 @@ func (svc *Service) getConfigProfilesToEnforce(ctx context.Context, commandID *i
|
|||
<CmdID>` + getNextCmdID(commandID) + `</CmdID>
|
||||
<Item>
|
||||
<Target>
|
||||
<LocURI>./Device/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/%7Bf5645004-3214-46ea-92c2-48835689da06%7D/DownloadInstall</LocURI>
|
||||
<LocURI>./Device/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/%7BA427C0AA-E2D5-40DF-ACE8-0D726A6BE096%7D/DownloadInstall</LocURI>
|
||||
</Target>
|
||||
<Data>` + html.EscapeString(installCommandPayload) + `</Data>
|
||||
<Meta>
|
||||
|
|
|
|||
Loading…
Reference in a new issue