Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automatically install software - BE: Policy automations #21428

Closed
11 of 13 tasks
lukeheath opened this issue Aug 20, 2024 · 3 comments
Closed
11 of 13 tasks

Automatically install software - BE: Policy automations #21428

lukeheath opened this issue Aug 20, 2024 · 3 comments
Assignees
@lucasmrod @jacobshandling
Labels
~backend Backend-related issue. P2 Prioritize as urgent :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. ~sub-task A technical sub-task that is part of a story. (Not QA'd. Not estimated.)
Milestone
4.57.0

Comments

@lukeheath
Copy link
Member

lukeheath commented Aug 20, 2024
edited by jacobshandling
Loading

Story: #19551.

QA notes

  • As usual, check the Figma linked in the Epic.
  • Test the feature by creating policies and assigning them to installers.
  • On each step, check the generated activities for the hosts look good. When Fleet triggers an automatic installation on a host, the admin that uploaded the package is shown as the author of the automatic installation.
  1. Prepare teams, hosts and installers before running this version.
  2. Run prepare db with new version (20240829170024 - PolicyAutomaticInstallSoftware).
  3. Add osquery-perf hosts too. It has support for installers, e.g.: go run ./cmd/osquery-perf -enroll_secret <...> -os_templates=windows_11.tmpl:1,macos_14.1.2.tmpl:1,ubuntu_22.04.tmpl:1 -host_count 3 -software_installer_install_fail_prob .25 -policy_pass_prob 0.5.

Other tests:

  • - Configure packages and policies, enroll a host from scratch to Fleet, check that the software is automatically installed in it.
  • - Policy with SQL with typos should not cause an automatic installation.
  • - Test unsetting an installer from a policy.
  • - Test with two different policies with two different installers on the same team, test they are installed on the correct hosts.
  • - Test associating a pkg to a linux policy, we allow associating it, but Fleet should not queue a installation because it's a pkg and the target are linux hosts.
  • - Test deleting teams with software installers and policies associated to installers. Teams deletion should just work as usual (all installers and policies should be gone too after deleting the team).
  • - Test deleting policies with associated installers.
  • - Test deleting installers with associated policies is not allowed. Also test that after deleting/unassociating the policy you can delete the installer.
  • - A package already installed on the host and a failing policy should not queue an install request. A package already installed on the host will make the policy pass and therefore an install request won’t be queued.
  • - Check automatic installation of a installer that was uploaded by a deleted user, activities should show the name of the deleted user.
  • - Test existing functionality for manual installation and Self-service installations of packages, check activities. It should all look as before this feature (IOW we didn't break existing functionality).
  • - Test policies associated to Self-service software installers, should install them just exactly like not Self-service (check activities).

Packages for testing

These are the packages + policy SQLs that I used to test the feature the way our users will use it.

macOS

Microsoft Teams

Firefox

Windows

Tailscale

$exeFilePath = "${env:INSTALLER_PATH}"
$installProcess = Start-Process $exeFilePath `
  -ArgumentList "/quiet /norestart" `
  -PassThru -Verb RunAs -Wait
  • Policy query: SELECT 1 FROM programs WHERE name = 'Tailscale' AND version_compare(version, '1.72.0') >= 0;

Firefox

Linux

1Password

Firefox
@lukeheath lukeheath added :product Product Design department (shows up on 🦢 Drafting board) :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. ~backend Backend-related issue. #g-endpoint-ops Endpoint ops product group P2 Prioritize as urgent ~sub-task A technical sub-task that is part of a story. (Not QA'd. Not estimated.) and removed :product Product Design department (shows up on 🦢 Drafting board) labels Aug 20, 2024
@lucasmrod lucasmrod self-assigned this Aug 20, 2024
@lucasmrod lucasmrod mentioned this issue Aug 20, 2024
Closed
@lucasmrod lucasmrod added this to the 4.57.0-tentative milestone Aug 20, 2024
This was referenced Aug 28, 2024
Merged
Closed
lucasmrod added a commit that referenced this issue Aug 30, 2024
@lucasmrod
Backend for policy automation to install software (#21650)
fcdda20 
#21428

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [X] Added/updated tests
- [X] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [X] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [X] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [X] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [X] Manual QA for all new/changed functionality
This was referenced Aug 30, 2024
Merged
Merged
Merged
lucasmrod added a commit that referenced this issue Aug 30, 2024
@lucasmrod
Fix upcoming activities for automatic installers (#21714)
f30017f 
Small fix for #21428.

This is to show the activity the right way (Because installations
triggered by Fleet will have `host_software_installs` with `NULL`
`user_id`.).
lucasmrod added a commit that referenced this issue Aug 30, 2024
@lucasmrod
Prevent installing on pending host+installer (#21722)
5f2eaef 
#21428

Figma:
https://www.figma.com/design/4pfUOYy7IyMIrjMH2fuCdU/%2319551-Policy-automations%3A-install-software?node-id=5871-12100&t=pKh926u8a30iYFBA-4


- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
lucasmrod added a commit that referenced this issue Aug 30, 2024
@lucasmrod
Do not queue installations on vanilla osquery devices (#21718)
c6e2045 
Another small fix for #21428.
@lucasmrod
Copy link
Member

@xpkoala Added notes for QA.

@lukeheath
Copy link
Member Author

@xpkoala Just a heads up there are QA notes here (since you may not look at the sub-task).

@lucasmrod lucasmrod mentioned this issue Sep 12, 2024
Merged
lucasmrod added a commit that referenced this issue Sep 12, 2024
@lucasmrod
Clear policy results and stats when setting or changing an installer (#…
169d9de 
…22053)

Follow up PR for #21428.

After some discussions with Noah we want to clear policy results when a
user sets for the first time or changes an installer on a policy.
@fleet-release
Copy link
Contributor

Fleet installs with grace,
Like clouds bring rain to the earth,
Teams find peace in place.

@sharon-fdm sharon-fdm removed the #g-endpoint-ops Endpoint ops product group label Jan 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lucasmrod lucasmrod

@jacobshandling jacobshandling

Labels
~backend Backend-related issue. P2 Prioritize as urgent :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. ~sub-task A technical sub-task that is part of a story. (Not QA'd. Not estimated.)
Milestone
4.57.0
Development

No branches or pull requests
5 participants
@lucasmrod @lukeheath @jacobshandling @fleet-release @sharon-fdm