fleetd
agent deploymentDeploying Fleet's agent across a diverse range of devices often involves the crucial step of enrolling each device. Traditionally, this involves packaging fleetd
with configuration including the enroll secret and server URL. While effective, an alternative offers more flexibility in your deployment process. This guide introduces a different approach for deploying Fleet's agent without embedding configuration settings directly into fleetd
. Ideal for IT administrators who prefer to generate a single package and maintain greater control over the distribution of enrollment secrets and server URLs, this method simplifies the enrollment process across macOS and Windows hosts.
This approach emphasizes adaptability and convenience and allows for a more efficient way to manage device enrollments. Let’s explore how to deploy Fleet's agent using this alternative method, ensuring a more open and flexible deployment process.
fleetctl package --type=pkg --use-system-configuration --fleet-desktop
YOUR_ENROLL_SECRET_HERE
and YOUR_FLEET_URL_HERE
with proper values.):<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>EnrollSecret</key>
<string>YOUR_ENROLL_SECRET_HERE</string>
<key>FleetURL</key>
<string>YOUR_FLEET_URL_HERE</string>
<key>PayloadDisplayName</key>
<string>Fleetd configuration</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.fleetd.config</string>
<key>PayloadType</key>
<string>com.fleetdm.fleetd.config</string>
<key>PayloadUUID</key>
<string>476F5334-D501-4768-9A31-1A18A4E1E807</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
<dict>
<key>EndUserEmail</key>
<string>END_USER_EMAIL_HERE</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.fleet.mdm.apple.mdm</string>
<key>PayloadType</key>
<string>com.apple.mdm</string>
<key>PayloadUUID</key>
<string>29713130-1602-4D27-90C9-B822A295E44E</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDisplayName</key>
<string>Fleetd configuration</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.fleetd.config</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>0C6AFB45-01B6-4E19-944A-123CD16381C7</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadDescription</key>
<string>Configuration for the fleetd agent.</string>
</dict>
</plist>
You can optionally specify the END_USER_EMAIL
that will be added to the host's human-device mapping:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
...
<dict>
<key>EndUserEmail</key>
<string>END_USER_EMAIL</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.fleet.mdm.apple.mdm</string>
<key>PayloadType</key>
<string>com.apple.mdm</string>
<key>PayloadUUID</key>
<string>29713130-1602-4D27-90C9-B822A295E44E</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
...
</dict>
</plist>
Download the Base MSI installer from https://download.fleetdm.com/stable/fleetd-base.msi (once installed, fleetd
and fleet-desktop
will be upgraded to the latest)
Install fleet on Windows boxes by passing the FLEET_URL
and FLEET_SECRET
properties to the MSI installer:
msiexec /i fleetd-base.msi FLEET_URL="<target_url>" FLEET_SECRET="<secret_to_use>"
Also, you can optionally pass ENABLE_SCRIPTS
, END_USER_EMAIL
, and FLEET_DESKTOP
to the installer.
For example, this command would install fleetd with script execution enabled, custom human-device mapping set, and Fleet Desktop enabled:
msiexec /i fleetd-base.msi ENABLE_SCRIPTS=true END_USER_EMAIL="[email protected]" FLEET_DESKTOP=true FLEET_URL="<target_url>" FLEET_SECRET="<secret_to_use>"
These steps are a flexible alternative to deploying Fleet's agent across macOS and Windows platforms. This method, focused on separating the configuration from the fleetd
package, empowers you with more control and simplifies the management of your device enrollments.
This approach complements the original packaging method, allowing you to choose the best fit for your organization’s needs. Whether you prioritize streamlined package generation or prefer granular control over configuration distribution, these methods foster an open, flexible environment for deploying Fleet.
We encourage you to explore this alternative method in your environment and see how it aligns with your operational workflows. If you have any questions, insights, or experiences to share, feel free to join our community Fleet Slack channels. Your feedback helps us improve and fosters a collaborative space where ideas and solutions can flourish.