Howdy fleet gang, Does anyone know why packs are "commented out" when imported with

fleetctl

?

./*fleetctl* apply -f pack-file.yml

They are imported and show up on the fleet UI but they are commented out on the endpoints.

Is the file included in the screenshot the osquery configuration file provided in the osquery/osquery GitHub repo here? https://github.com/osquery/osquery/blob/master/tools/deployment/osquery.example.conf If so, these commented out packs may have existed before you ran the

fleetctl apply

command. The

fleetctl apply

won’t write to this configuration file. Instead the command will update the packs present on your Fleet server.

Correct @Noah Talerman Do you know if there is a way to add hosts to packs automatically when they are enrolled? Right now we have packs during server build but then we have to manually add hosts to the packs. I'm curious if there is a way to automatically do that when the server is enrolled.

@arod please correct me if I’m misunderstanding. You have packs that are automatically added to your Fleet instance when you first fire up the Fleet server. And, you would like hosts that enroll to this new Fleet server to automatically become targets of these packs. Your current workaround for this is to head to the Fleet UI, after your new hosts enroll, and edit the desired packs so that the new hosts are targets of the packs.

You nailed it @Noah Talerman That's exactly it lol

Sorry for the delayed response! If you use a yaml config file to manage the packs that are automatically added to your Fleet instance, you can set the

targets

field in this file. The

targets

field allows you to specify the

labels

field (All Hosts, macOS, or custom labels). With

labels

specified, the hosts that become members of these labels, upon enrolling to Fleet, will automatically become targets of the given pack. I’m currently working on a PR to the docs with this answer. Check out the query packs config for an example config with the

labels

field: https://github.com/fleetdm/fleet/blob/58445ede82550cb574775a83ae4cf5433f325a7e/docs/1-Using-Fleet/2-fleetctl-CLI.md#query-packs

So basically each pack that we import

window-pack.yml

or

linux-packs.yml

needs to have the following (All Hosts or "windows" || "darwin" || etc: So once I import them, they will know that any agents that is new and is part of "windows", they will be assigned those packs.

once I import them, they will know that any agents that is new and is part of “windows”, they will be assigned those packs

That is correct. Another solution (that doesn’t use any yaml config files) is to add the labels as targets to the packs using the Fleet UI. In the Fleet UI, adding the “Windows” label as a target of a pack will also automatically add any new host that belongs to the “Windows” label as a target.

Cool. I like the pack solution. Good to know it can be done from the Fleet UI as well. These are all the official "labels" right: 1. darwin (for macOS) 2. windows 3. ubuntu 4. centos Or are these more so for 'platform`

some labels are automatically assigned to agents

Correct. Every Fleet install comes with “built-in” labels. These “built-in” labels are: • “macOS” (darwin hosts are automatically added as members of this label) • “Windows” (windows hosts …) • “CentOS” (centos hosts …) • “Ubuntu” (ubuntu hosts …) • “Red Hat” (Red hat hosts …) Let’s say a

macOS

host enrolls to Fleet. It will first automatically be assigned the

macOS

label. Then, the host, because it’s assigned the

macOS

label, will automatically become a target of all packs that have the

macOS

label as a target.