#13547
This is an attempt to stabilize this workflow that has been broken for
4-6 months.
# Issue and proposed solution
Github runner VMs re-use UUIDs, which is not supported by Orbit (this
causes a host to be enrolled as two hosts in Fleet), thus, until that is
fixed in https://github.com/fleetdm/fleet/issues/8021 I propose we
stabilize this workflow by testing all `stable` channels only (which is
better than having the build broken all the time IMO).
Once https://github.com/fleetdm/fleet/issues/8021 is fixed we can re-add
the edge channels.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
Migrated the "Deploy Fleet on Render" guide to the docs.
- Moved content from `/articles/deploying-fleet-on-render.md` to
`/docs/deploy-on-render.md`
- Removed `/articles/deploy-fleet-on-render.md`
- moved images from the guide to `/docs/images` and renamed
- deleted redundant article cover image
- set up redirect in `routes.js` `/deploy/deploying-fleet-on-render` =>
`/docs/deploy/deploy-on-render`
# Checklist for submitter
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Eric <eashaw@sailsjs.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
#13527
(Adding @mna to double check the changes in the async implementation of
policy result storage)
This PR also adds the osquery-perf changes needed to define the count of
macOS and Windows hosts.
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)~
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [X] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
- ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
Test with 80k hosts: 70k simulated macOS, 10k simulated Windows.
Apply Windows policies first, then apply macOS policies:
```
fleetctl apply -f ee/cis/win-10/cis-policy-queries.yml
# Leave running for some time
fleetctl apply -f ee/cis/macos-13/cis-policy-queries.yml
```
After applying CIS policies previous to these changes:
After applying these changes and applying the same policies:
This is the last of three PRs to migrate the deployment guides into the
docs.
Changes:
- Moved content from `/articles/deploying-fleet-on-hetzner-cloud.md` to
`/docs/deploy-on-hetzner-cloud.md`.
- Removed `/articles/deploy-fleet-on-hetzner-cloud.md`.
- Moved images from the guide to `/docs/images` and renamed.
- Deleted redundant images and article cover image.
- Set up a redirect `/deploy/deploying-fleet-on-hetzner-cloud` =>
`/docs/deploy/deploy-on-hetzner-cloud`.
- Set up a redirect `/deploy` => `/docs/deploy` to redirect "Deployment
guides" in the main nav to the docs.
- Updated display names (in the docs nav) for existing deployment guides
in the docs to match the naming convention (E.g., "Deploy Fleet on
CentOS" => "CentOS")
- Removed the deployment guides article category from the blog.
# Checklist for submitter
- [ ] Manual QA for all new/changed functionality
---------
Co-authored-by: Eric <eashaw@sailsjs.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Migrated the "Deploy Fleet on AWS with Terraform" guide to the docs.
- Moved content from
`/articles/deploying-fleet-on-aws-with-terraform.md` to
`/docs/deploy-on-aws.md`.
- Removed `/articles/deploy-fleet-on-aws-with-terraform.md`.
- Moved images from the guide to `/docs/images` and renamed.
- Deleted redundant image and article cover image.
- Set up a redirect in `routes.js`
`/deploy/deploying-fleet-on-aws-with-terraform` =>
`/docs/deploy/deploy-on-aws`.
# Checklist for submitter
- [ ] Manual QA for all new/changed functionality
---------
Co-authored-by: Eric <eashaw@sailsjs.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Updated the "Product groups" page to emphasize **🟢 iteration** when
considering whether to bring a user story back for expedited drafting.
---------
Co-authored-by: Sampfluger88 <108141731+Sampfluger88@users.noreply.github.com>
After @rfairburn made the DNS change the clouldflared tunnel started
working again (after months of being broken).
#13547
Run: https://github.com/fleetdm/fleet/actions/runs/6025182774
This PR adds some fixes to the two workflows that make use of
cloudflared.
There are still some issues to fix but these are some changes needed to
continue/help troubleshooting.
Still need to get the actual numbers, but in the interest of **🟢
iteration**, I figured I'd open this as-is to get the structure in place
(since we're usually OK with the occasional TODO on a handbook page).
After chatting with @zhumo about it today, it sounds like sprint points
don't necessarily correspond to an amount of time (reflect effort
instead) and should be much the same across the organization now, so I
didn't leave stubs for that information in the different product group
sections.
Happy to convert this to a draft and revisit any of this if it feels too
far off what @mikermcneil had envisioned, lmk!
---------
Co-authored-by: Sharon Katz <121527325+sharon-fdm@users.noreply.github.com>
Co-authored-by: Luke Heath <luke@fleetdm.com>
Related to #13310 and #13304 this adds two ways to enable script
execution in `fleetd` (the orbit component)
- By building a package with `--enable-scripts`
- By providing a setting via a configuration profile (macOS only)
Due to how the profile assignment works, this change automatically
updates the `com.fleetdm.fleetd.config` for hosts that already have the
profile installed.
> [!NOTE]
> Documentation is in
[#13577](https://github.com/fleetdm/fleet/pull/13577) to decouple
reviews.
- Remove "Product quality" section from the template. @sabrinabuckets
and I think this might be redundant. Separate "QA" section asks for
testing steps and has a confirmation step.
