User Story: Workflow to install software on hosts with a specific label

ddribeiro commented 2 weeks ago

Goal

User story
As an engineer at a white label MSP,
I want to install software by labels,
so I can control which hosts get certain software

Proposed Solution

Since the MSP controls the trigger for when software gets installed, they will build a workflow using the Fleet API that identifies which hosts belong to a specified label. They would then iterate through those host IDs and call the Install package API endpoint for each software title that needs to get installed per host.

The MSP would be responsible for maintaining a record of what software IDs are associated with each bundle/label in their database.

1. Identify which software for a given team is available for install

Call the List software API endpoint and use the team_id and available_for_install query parameters.
```
GET /api/v1/fleet/software/titles?team_id=:team_id&available_for_install=true
```
Use the response for this API call to identify the IDs for each software title that is available to install for a specific team. The MSP would store these software IDs in their database.

Alternatively, at software upload time, the MSP could create an internal record of the software ID in their database.

2. Identify the hosts that the install software command should be run on.

Call the List hosts in a label API endpoint using team_id as a query parameter to retrieve hosts for a label filtered to a specific team.

GET /api/v1/fleet/labels/:label_id/hosts?team_id=:team_id

3. Call the install package API endpoint

Using the label <--> software association in their database, the MSP should have a list of software IDs to install on their hosts.
For each host returned in the response in step 2, call the Install package endpoint for each software title that belongs that label.
```
POST /api/v1/fleet/hosts/:id/software/install/:software_title_id
```

noahtalerman commented 1 week ago

identify the IDs for each software title that is available to install for a specific team. The MSP would store these software IDs in their database.

@ddribeiro I think I just realized that the software title ID is the same across teams.

Meaning, customer-deebradel wouldn't have to do the above.

Instead they store one software ID for each app (ex. Chrome). They can then hit the Install package or App Store app API endpoint to install Chrome on a specific host without having to worry about the host's team.

Am I going crazy? Can you please help sanity check me here?

ddribeiro commented 1 week ago

@noahtalerman Wow, you are totally right. I just confirmed by uploading the same GoogleChrome.pkg file to Dogfood in the Servers and Servers canary team.

Both had software ID 936. The team_id query parameter changes in the URL based on the team I'm viewing, I'm guessing because different teams can have different install scripts/self-service/install conditions, etc. for the same software.

Does the software still need to be added to the team to make it installable on the hosts in that team? I can do some testing to confirm...

fleetdm / fleet