Sharon Katz
Sharon Katz
Fleet v4.57.0 introduces the ability to automatically and remotely install software on hosts based on predefined policy failures. This guide will walk you through the process of configuring fleet for automatic installation of software on hosts using uploaded installation images and based on programmed policies. You'll learn how to configure and use this feature, as well as understand how the underlying mechanism works.
Fleet allows its users to upload trusted software installation files to be installed and used on hosts. This installation could be conditioned on a failure of a specific Fleet Policy.
Currently, Fleet-maintained apps can be automatically installed on macOS hosts and custom packages can be automatically installed on macOS, Windows, and Linux hosts. (macOS App Store apps coming soon)
Current supported software deployment formats:
Coming soon:
SELECT 1 FROM apps WHERE name = 'Adobe Acrobat Reader.app' AND version_compare(bundle_short_version, '23.001.20687') >= 0;
Note: In order to know the exact application name to put in the query (e.g. "Adobe Acrobat Reader.app" in the query above) you can manually install it on a canary/test host and then query SELECT * from apps;
Upon failure of the selected policy, the selected software installation will be triggered.
Adding software to a policy will reset the policy's host counts.
Detailed flowchart
Following are some templates for the policy SQL queries for each package type.
SELECT 1 FROM apps WHERE name = '<SOFTWARE_TITLE_NAME>' AND version_compare(bundle_short_version, '<SOFTWARE_PACKAGE_VERSION>') >= 0;
SELECT 1 FROM programs WHERE name = '<SOFTWARE_TITLE_NAME>' AND version_compare(version, '<VERSION>') >= 0;
SELECT 1 FROM deb_packages WHERE name = '<SOFTWARE_TITLE_NAME>' AND version_compare(version, '<SOFTWARE_PACKAGE_VERSION>') >= 0;
If your team has both Ubuntu and RHEL-based hosts then you should use the following template for the policy queries:
SELECT 1 WHERE EXISTS (
-- This will mark the policies as successful on RHEL hosts.
-- This is only required if RHEL-based and Debian based system share a team.
SELECT 1 FROM os_version WHERE platform = 'rhel'
) OR EXISTS (
SELECT 1 FROM deb_packages WHERE name = '<SOFTWARE_TITLE_NAME>' AND version_compare(version, '<SOFTWARE_PACKAGE_VERSION>') >= 0
);
SELECT 1 FROM rpm_packages WHERE name = '<SOFTWARE_TITLE_NAME>' AND version_compare(version, '<SOFTWARE_PACKAGE_VERSION>') >= 0;
If your team has both Ubuntu and RHEL-based hosts then you should use the following template for the policy queries:
SELECT 1 WHERE EXISTS (
-- This will mark the policies as successfull on non-RHEL hosts.
-- This is only required if RHEL-based and Debian based system share a team.
SELECT 1 FROM os_version WHERE platform != 'rhel'
) OR EXISTS (
SELECT 1 FROM rpm_packages WHERE name = '<SOFTWARE_TITLE_NAME>' AND version_compare(version, 'SOFTWARE_PACKAGE_VERSION') >= 0
);
Fleet provides a REST API for managing software packages, including self-service software packages. Learn more about Fleet's REST API.
To manage self-service software packages using Fleet's best practice GitOps, check out the software
key in the GitOps reference documentation.
Software deployment can be time-consuming and risky. This guide presents Fleet's ability to mass deploy software to your fleet in a simple and safe way. Starting with uploading a trusted installer and ending with deploying it to the proper set of machines answering the exact policy defined by you.
Leveraging Fleet’s ability to install and upgrade software on your hosts, you can streamline the process of controlling your hosts, replacing old versions of software and having the up-to-date info on what's installed on your fleet.
By automating software deployment, you can gain greater control over what's installed on your machines and have better oversight of version upgrades, ensuring old software with known issues is replaced.