Unable to start Fleet server with MDM ENABLE set

[xpkoala]

Fleet version: main

Operating system: (e.g. macOS 11.2.3)

Web browser: (e.g. Chrome 88.0.4324)

---

🧑‍💻  Expected behavior

As a user I can start Fleet with MDM enabled and create the necessary files to setup MDM.

💥  Actual behavior

If FLEET_MDM_APPLE_ENABLE=1 is set and there are no credentials pathed for the server you are unable to start Fleet. This is an issue as we allow the user to create some of these certificates inside the Fleet web app.

More info

Failed to start: validate Apple MDM: Apple APNs and SCEP configuration must be provided to enable MDM

[roperzh]

@xpkoala maybe this is a confusion between FLEET_DEV_MDM_ENABLED and FLEET_MDM_APPLE_ENABLE? We're planning to remove both, but to clarify:

• FLEET_DEV_MDM_ENABLED shows/hides UI features related to MDM, I think this is the flag you're looking for (details below)
• FLEET_MDM_APPLE_ENABLE enables/disables the server MDM feature, requires all the certificates and keys to be provided when you start the server.

I have started the server with:

FLEET_DEV_MDM_ENABLED=1 ./build/fleet serve --dev --dev_license --logging_debug

and I'm able to see the MDM UI that allows you to get the proper certificates and keys:

https://user-images.githubusercontent.com/4419992/218451018-e01b1f83-2642-42bf-91a9-24de767c3e4c.mov

[xpkoala]

Thanks @roperzh. I was under the impression FLEET_MDM_APPLE_ENABLE was sticking around and FLEET_DEV_MDM_ENABLED was being removed. With that knowledge I wanted to make sure we were tracking that a user could not run fleet if MDM files were not properly pathed and that flag was enabled. I'll close this out.

[fleet-release]

---

Start Fleet with ease
No need for credentials
MDM to the rescue!

[fleet-release]

---

Clouds drift high above,
MDM enabled, Fleet starts soon,
Secure access blooms.