empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 08:55:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Document usage of command_line_flags (#8398)

Browse Source
This commit is contained in:
Sharvil Shah 2022-12-07 13:01:03 +05:30 committed by GitHub
parent 4e7a8013ae
commit 9ee09cd133
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 45 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
docs/Using-Fleet/configuration-files/README.md
View File

@ -821,6 +821,51 @@ You can verify that your agent options are valid by using [the fleetctl apply co
Existing options will be overwritten by the application of this file.
##### `command_line_flags` option
> This feature requires [Orbit, the Fleet agent manager](https://fleetdm.com/announcements/introducing-orbit-your-fleet-agent-manager).
The `command_line_flags` key inside of `agent_options` allows you to remotely manage the osquery command line flags. These command line flags are options that typically require osquery to restart for them to take effect. But with Orbit, you can use the `command_line_flags` key to take care of that. Orbit will write these to the flagfile on the host and pass it to osquery.
To see the full list of these osquery command line flags, please run `osquery` with the `--help` switch.
Just like the other `agent_options` above, remove the dashed lines (`--`) for Fleet to successfully update them.
Here is an example of using the `command_line_flags` key:
```yaml
apiVersion: v1
kind: config
spec:
agent_options:
command_line_flags: # requires Fleet's osquery installer
verbose: true
disable_watchdog: false
logger_path: /path/to/logger
```
Note that the `command_line_flags` key does not support the `overrides` key, which is documented below.
You can verfiy that these flags have taken effect on the hosts by running a query against the `osquery_flags` table.
If you revoked an old enroll secret, this feature won't work for hosts that were added to Fleet using this old enroll secret. This is because Orbit uses the enroll secret to receive new flags from Fleet. For these hosts, all existing features will work as expected.
For further documentation on how to rotate enroll secrets, please see [this guide](https://fleetdm.com/docs/deploying/faq#how-can-enroll-secrets-be-rotated).
If you prefer to deploy a new package with the updated enroll secret:
1. Check which hosts need a new enroll secret by running the following query: `SELECT * FROM orbit_info WHERE enrolled = false`.
> The hosts that don't have Orbit installed will return an error because the `orbit_info` table doesn't exist. You can safely ignore these errors.
2. In Fleet, head to the Hosts page and select **Add hosts** to find the fleetctl package command with an active enroll secret.
3. Copy and run the fleetctl package command to create a new package. Distribute this package to the hosts that returned results in step 1.
4. Done!
> In order for these options to be applied to your hosts, the `osquery` agent must be configured to use the `tls` config plugin and pointed to the correct endpoint. If you are using Orbit to enroll your hosts, this is done automatically.
```