Closed xpkoala closed 1 year ago
@xpkoala maybe this is a confusion between FLEET_DEV_MDM_ENABLED
and FLEET_MDM_APPLE_ENABLE
? We're planning to remove both, but to clarify:
FLEET_DEV_MDM_ENABLED
shows/hides UI features related to MDM, I think this is the flag you're looking for (details below)FLEET_MDM_APPLE_ENABLE
enables/disables the server MDM feature, requires all the certificates and keys to be provided when you start the server.I have started the server with:
FLEET_DEV_MDM_ENABLED=1 ./build/fleet serve --dev --dev_license --logging_debug
and I'm able to see the MDM UI that allows you to get the proper certificates and keys:
https://user-images.githubusercontent.com/4419992/218451018-e01b1f83-2642-42bf-91a9-24de767c3e4c.mov
Thanks @roperzh. I was under the impression FLEET_MDM_APPLE_ENABLE was sticking around and FLEET_DEV_MDM_ENABLED was being removed. With that knowledge I wanted to make sure we were tracking that a user could not run fleet if MDM files were not properly pathed and that flag was enabled. I'll close this out.
Start Fleet with ease
No need for credentials
MDM to the rescue!
Clouds drift high above,
MDM enabled, Fleet starts soon,
Secure access blooms.
Fleet version:
main
Operating system: (e.g. macOS 11.2.3)
Web browser: (e.g. Chrome 88.0.4324)
🧑💻 Expected behavior
As a user I can start Fleet with MDM enabled and create the necessary files to setup MDM.
💥 Actual behavior
If FLEET_MDM_APPLE_ENABLE=1 is set and there are no credentials pathed for the server you are unable to start Fleet. This is an issue as we allow the user to create some of these certificates inside the Fleet web app.
More info
Failed to start: validate Apple MDM: Apple APNs and SCEP configuration must be provided to enable MDM