mirror of https://github.com/fleetdm/fleet synced 2026-04-21 21:47:20 +00:00

- Adds `FLEET_DEV_MDM_APPLE_DISABLE_PUSH = 1`
- Adds `FLEET_DEV_MDM_APPLE_DISABLE_DEVICE_INFO_CERT_VERIFY = 1`
- Updates osquery_perf/README.md, providing an example fetching and
using mdm scep challenge secret.

2025-12-17 17:55:13 -05:00

8.5 KiB

Raw Blame History

Deploy osquery perf to a Loadtest environment

Before we begin

Although deployments through the github action should be prioritized, for manual deployments you will need.

A loadtest environment
Terraform v1.10.2
Docker
Go

Deploy with Github Actions

Navigate to the github action
On the top right corner, select the Run Workflow dropdown.
Fill out the details for the deployment.
Note: For mdm testing, where a SCEP CHALLENGE secret is required, you will need to fetch the details from the database using this script and passing it in as an extra_flag when triggering an osquery_perf deployment.

Requires:
- VPN connection
- Database access
Example:
```
["--mdm_scep_challenge", "<value>"]
```
Additional parameters can be passed in (and not limited to):
```
["--logger_tls_period", "120s", "--orbit_prob", "0.0", "--http_message_signature_prob", "0.0", "--mdm_prob", "1.0", "--os_templates", "<value>", "--mdm_scep_challenge", "<value>"]
```

IMPORTANT: osquery_perf needs to be destroyed before the infrastructure

After all details have been filled out, you will hit the green Run Workflow button, directly under the inputs. For terraform_action select Plan, Apply, or Destroy.
- Plan will show you the results of a dry-run
- Apply will deploy changes to the environment
- Destroy will destroy your environment

Deploy osquery perf manually

Clone the repository
Initialize terraform
```
terraform init
```
Create a new the terraform workspace or select an existing workspace for your environment. The terraform workspace will be used in different area's of Terraform to drive uniqueness and access to the environment.

Note: The workspace from the infrastructure deployment will not be carried over to this deployment. A new or existing workspace, specifically for osquery perf must be used.

Your workspace name must match the workspace name that was used for the infrastructure deployment. Failure to use a matching workspace name can lead to deployments in another environment.
```
terraform workspace new <workspace_name>
```
or, if your workspace already exists
```
terraform workspace list
terraform workspace select <workspace_name>
```
Ensure that your new or existing workspace is in use.
```
terraform workspace show
```
Deploy the environment (will also trigger migrations automatically)

Note: Terraform will prompt you for confirmation to trigger the deployment. If everything looks ok, submitting yes will trigger the deployment.
```
terraform apply -var=git_tag_branch=fleet-v4.76.0
```
or, you can add the additional supported terraform variables, to overwrite the default values. You can choose which ones are included/overwritten. If a variable is not defined, the default value configured in ./variables.tf is used.
Note: For mdm testing, where a SCEP CHALLENGE secret is required, you will need to fetch the details from the database using this script and passing it in as an extra_flag when triggering an osquery_perf deployment.

Requires:
- VPN connection
- Database access
Example with the SCEP CHALLENGE secret as an extra_flag:
```
terraform apply -var=git_tag_branch=fleet-v4.76.0 -var=extra_flags=["--mdm_scep_challenge", "<value>"]
```
Example with all available variables.
```
terraform apply -var=git_tag_branch=fleet-v4.76.0 -var=loadtest_containers=20 -var=extra_flags=["--orbit_prob", "0.0"]
```
If you'd like to deploy osquery_perf tasks in batches, you can now run the original enroll.sh script, from the osquery_perf directory. The script will deploy in batches of 8, every 60 seconds, so it's recommended to set your starting index and max number of osquery perf containers as a multiple of 8.
```
./enroll.sh <branch_or_tag_name> <starting index> <max number of osquery_perf containers> <sleep_time>
```

Destroy osquery perf manually

IMPORTANT: osquery_perf needs to be destroyed before the infrastructure

Clone the repository (if not already cloned)
Initialize terraform
```
terraform init
```

Select your workspace

terraform workspace list
terraform workspace select <workspace_name>

Destroy the environment
```
terraform destroy
```

Delete the workspace

Once all resources have been removed from the terraform workspace, remove the terraform workspace.

terraform workspace delete <workspace_name>

Requirements

Name	Version
aws	>= 5.68.0
docker	~> 3.6.0
git	2025.10.10

Providers

Name	Version
aws	6.23.0
docker	3.6.2
git	2025.10.10
random	3.7.2
terraform	n/a

Modules

Name	Source	Version
osquery_perf	github.com/fleetdm/fleet-terraform//addons/osquery-perf	tf-mod-addon-osquery-perf-v1.2.1

Resources

Name	Type
aws_ecr_repository.loadtest	resource
aws_kms_key.main	resource
docker_image.loadtest	resource
docker_registry_image.loadtest	resource
random_pet.rand_image_key	resource
aws_caller_identity.current	data source
aws_ecr_authorization_token.token	data source
aws_ecr_repository.fleet	data source
aws_region.current	data source
git_repository.tf	data source
terraform_remote_state.infra	data source
terraform_remote_state.shared	data source

Inputs

Name	Description	Type	Default	Required
extra_flags	Comma delimited list (string) for passing extra flags to osquery-perf containers	`list(string)`	[ "--orbit_prob", "0.0" ]	no
git_tag_branch	The tag or git branch to use to build loadtest containers.	`string`	n/a	yes
loadtest_containers	Number of loadtest containers to deploy	`number`	`1`	no
task_size	n/a	object({ cpu = optional(number, 256) memory = optional(number, 1024) })	{ "cpu": 256, "memory": 1024 }	no

Outputs

Name	Description
osquery_perf	n/a

8.5 KiB Raw Blame History