Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 13:37:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 91
fleet/articles/automatic-software-install-in-fleet.md
Rachael Shaw 45b162f940
Preview of v4.78.0 doc changes (#35929)
2025-12-19 17:07:58 -06:00

128 lines
8.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Automatically install software
In Fleet, you can automatically and remotely install software on hosts. This guide will walk you through the process of configuring Fleet to install software on your hosts.
## Step-by-step instructions
1. **Adding software**: Follow the [deploying software](https://fleetdm.com/guides/deploy-software-packages) guide to make a software title available for installation. Note that for Fleet maintained Apps and custom packages all installation steps (pre-install query, install script, and post-install script) will be executed as configured, regardless of the policy that triggers the installation.
Current supported software deployment formats:
- macOS: .pkg, App Store (VPP) apps, and [Fleet-maintained apps](https://fleetdm.com/guides/fleet-maintained-apps)
- Windows: .msi, .exe, .ps1, and [Fleet-maintained apps](https://fleetdm.com/guides/fleet-maintained-apps)
- Linux: .deb, .rpm, and .sh
> If you check the "Automatic install" box when adding software, you do not have to create your own policy, so you can skip the remaining steps of this process.
> Script packages (`.sh` and `.ps1` files) do not support automatic install.
2. **Add a policy**: In Fleet, add a policy that failure to pass will trigger the required installation. Go the **Policies** tab, select a team, then press the **Add policy** button. Next, click **Create your own policy**, enter your policy SQL, click **Save**, fill in remaining details in the Save modal, then and click **Save** again.
```sql
SELECT 1 FROM apps WHERE bundle_identifier = 'com.adobe.Reader' AND version_compare(bundle_short_version, '23.001.20687') >= 0;
```
> The bundle ID for a macOS installer or VPP app can be found in the `bundle_identifier` field when [viewing the associated software title via the API](https://fleetdm.com/docs/rest-api/rest-api#get-software).
3. **Open the software install automation modal**: In the **Policies** tab, click the **Manage automations** button on the top-right, then select **Install software** from the context menu that pops up.
![Manage policies](../website/assets/images/articles/automatic-software-install-policies-manage-692x199@2x.png)
4. **Select policy**: Click the checkbox next to your newly created policy's name. To the right of it select from the
drop-down list the software you would like to be installed upon failure of this policy.
![Install software modal](../website/assets/images/articles/automatic-software-install-install-software-398x259@2x.png)
When a host fails the selected policy, this will trigger the software to be installed on the host.
Once the software is installed, Fleet will automatically refetch the host's vitals and update the software inventory.
If the software install fails, you can reset a software automation and trigger the install on all targeted hosts again. To do this, deselect the policy in the **Policies > Manage automations** modal, select **Save**, and then reselect the policy. This will reset the policy's host passing and failing host counts and retrigger the software automations.
## How does it work?
* After configuring Fleet to auto-install a specific software the rest will be done automatically.
* The policy check mechanism runs on a typical one-hour cadence on all online hosts.
* Fleet will send install requests to the hosts on the first policy failure (first "No" result for the host) or if a policy goes from "Yes" to "No". Currently, Fleet will not send an install request if a policy is already failing and continues to fail ("No" -> "No"). See the following flowchart for details.
![Flowchart](../website/assets/images/articles/automatic-software-install-workflow-674x189@2x.png)
*Detailed flowchart*
App Store (VPP) apps won't be installed if a host has MDM turned off or if you run out of licenses (purchased in Apple Business Manager). Currently, these errors aren't surfaced in Fleet. After turning MDM on for a host or purchasing more licenses, you can retry [installing the app on the host's **Host details** page](https://fleetdm.com/guides/deploy-software-packages#install-the-package). To retry on multiple hosts at once, head to **Policies > Manage Automations** in Fleet and turn the app's policy automation off and back on.
Uninstalling VPP apps is [coming soon](https://github.com/fleetdm/fleet/issues/25497).
## Templates for policy queries
Use the following policy templates to see if the software is already installed at at least the desired version.
### macOS (pkg and VPP)
```sql
SELECT 1 FROM apps WHERE bundle_identifier = '<YOUR_APP_BUNDLE_ID>' AND version_compare(bundle_short_version, '<SOFTWARE_PACKAGE_VERSION>') >= 0;
```
> You can also use the `name` column for matching (e.g. "Google Chrome.app"), but using `bundle_identifier` is more reliable for macOS apps that have bundle identifiers.
### Windows (msi and exe)
```sql
SELECT 1 FROM programs WHERE name = '<SOFTWARE_TITLE_NAME>' AND version_compare(version, '<VERSION>') >= 0;
```
> Currently, automatic install policies generated by Fleet for MSIs use `identifying_number` in the `programs` table, which corresponds to an application's ProductCode. ProductCode only refers to a specific version of a specific application, so the policy will fail (triggering an install) if any other version, newer or older, of the application is installed instead. The UpgradeCode attribute ties together multiple versions of the same application, and will be used for MSI auto-install policies [in a future release of Fleet](https://github.com/fleetdm/fleet/issues/27447) [once supported in osquery](https://github.com/fleetdm/fleet/issues/27759).
### Debian-based (deb)
```sql
SELECT 1 FROM deb_packages WHERE name = '<SOFTWARE_TITLE_NAME>' AND version_compare(version, '<SOFTWARE_PACKAGE_VERSION>') >= 0;
```
If your team has both Ubuntu and RHEL-based hosts then you should use the following template for the policy queries:
```sql
SELECT 1 WHERE EXISTS (
-- This will mark the policies as successful on non-Debian-based hosts.
-- This is only required if Debian-based and RPM-based hosts share a team.
SELECT 1 WHERE (SELECT COUNT(*) FROM deb_packages) = 0
) OR EXISTS (
SELECT 1 FROM deb_packages WHERE name = '<SOFTWARE_TITLE_NAME>' AND version_compare(version, '<SOFTWARE_PACKAGE_VERSION>') >= 0
);
```
### RPM-based (rpm)
```sql
SELECT 1 FROM rpm_packages WHERE name = '<SOFTWARE_TITLE_NAME>' AND version_compare(version, '<SOFTWARE_PACKAGE_VERSION>') >= 0;
```
If your team has both Ubuntu and RHEL-based hosts then you should use the following template for the policy queries:
```sql
SELECT 1 WHERE EXISTS (
-- This will mark the policies as successful on non-RPM-based hosts.
-- This is only required if Debian-based and RPM-based hosts share a team.
SELECT 1 WHERE (SELECT COUNT(*) FROM rpm_packages) = 0
) OR EXISTS (
SELECT 1 FROM rpm_packages WHERE name = '<SOFTWARE_TITLE_NAME>' AND version_compare(version, 'SOFTWARE_PACKAGE_VERSION') >= 0
);
```
## Via the API
Fleet provides a REST API for managing policies, including software install automations. Learn more about Fleet's [REST API](https://fleetdm.com/docs/rest-api/rest-api#add-team-policy).
## Via GitOps
To manage software automations using Fleet's best practice GitOps, check out the `install_software` key in the [policies section of the GitOps reference documentation](https://fleetdm.com/docs/configuration/yaml-files#policies).
## Conclusion
Software deployment can be time-consuming and risky. This guide presents Fleet's ability to mass deploy software to your fleet in a simple and safe way. Starting with uploading a trusted installer and ending with deploying it to the proper set of machines answering the exact policy defined by you.
Leveraging Fleets ability to install and upgrade software on your hosts, you can streamline the process of controlling your hosts, replacing old versions of software and having the up-to-date info on what's installed on your fleet.
By automating software deployment, you can gain greater control over what's installed on your machines and have better oversight of version upgrades, ensuring old software with known issues is replaced.
<meta name="articleTitle" value="Automatically install software">
<meta name="authorFullName" value="Sharon Katz">
<meta name="authorGitHubUsername" value="sharon-fdm">
<meta name="category" value="guides">
<meta name="publishedOn" value="2025-02-28">
<meta name="description" value="A guide to workflows using automatic software installation in Fleet.">
Reference in a new issue View git blame Copy permalink