Comments (26)
jacobshandling
commented on August 16, 2024
2
@zayhanlon got it. Sharon is out today, but we saw the P2 label and have prioritized accordingly.
from fleet.
lucasmrod
commented on August 16, 2024
1
Sorry, I incorrectly added the :product label. This is a bug. Let us know how big of a priority is fixing this (vs other bugs/features).
from fleet.
sharon-fdm
commented on August 16, 2024
1
Thanks @zayhanlon.
I bumped it the top of our bug list and will get this looked at asap.
from fleet.
lucasmrod
commented on August 16, 2024
1
Hi folks!
Do we know why the date is "Never" even tho the agent is installed ?
The bug we introduced in v4.51.0 caused MDM enrolls/re-enrolls to set the Added to Fleet field to Never. (We are fixing this in the next release.)
Looking at the bug description, my understanding is that customer-preston is doing the opposite. Their workflow:
Turn on MDM manually (installed enrollment profile)
Install fleetd
Gotcha. AFAICS the Never would happen in these scenarios:
A. fleetd installed first, manual MDM enroll after.
B. MDM re-enroll (e.g. if the user unenrolls from MDM manually by uninstalling the enrollment profile and then re-enrolling to MDM by installing the enrollment profile again)
C. During DEP migration flow (where fleetd is installed first then MDM turned on in Fleet).
I'm guessing for customer-preston these "Never" happen because of either (B) or (C)?
from fleet.
lucasmrod
commented on August 16, 2024
1
Don't we have a "created at" timestamp in the hosts table in the Fleet DB that gets created when fleetd is installed and host enrolls? Maybe this the bug?
created_at timestamp is set when the host is enrolled through DEP (so it's different than last_enrolled_at, which is set when fleetd enrolls via orbit/osquery)
from fleet.
lucasmrod
commented on August 16, 2024
1
if the host_disks.created_at fix is going to apply only for device that has "Never" date, I think it's acceptable
Yes, that would be the plan.
from fleet.
lucasmrod
commented on August 16, 2024
1
@xpkoala @PezHub I've added QA notes to the issue.
from fleet.
JoStableford
commented on August 16, 2024
Related to a Slack conversation
from fleet.
noahtalerman
commented on August 16, 2024
Hey @lucasmrod and @sharon-fdm!
I'm not sure why this ended up on the drafting board...is the expected behavior unclear? Something else?
The "Added to Fleet" timestamp is when the host enrolls to Fleet. When a host shows up in Fleet for the first time. More context here: https://fleetdm.com/handbook/company/why-this-way#why-does-fleet-use-mdm-on-off-instead-of-mdm-enrolled-unenrolled
from fleet.
sharon-fdm
commented on August 16, 2024
Thanks @lucasmrod.
As always, let's keep on our board and estimate soon.
from fleet.
sharon-fdm
commented on August 16, 2024
Hey team! Please add your planning poker estimate with Zenhub @getvictor @jacobshandling @lucasmrod @mostlikelee @RachelElysia
from fleet.
zayhanlon
commented on August 16, 2024
@sharon-fdm adding a p2 label here because the 'workaround' option of deleting the host to get this updated with the correct date does not work for customer-preston. they're unable to delete the hosts. their entire enrollment status and workflow is based on this 'enrolled date' field
from fleet.
zayhanlon
commented on August 16, 2024
Thank you all!
from fleet.
lucasmrod
commented on August 16, 2024
adding a p2 label here because the 'workaround' option of deleting the host to get this updated with the correct date does not work for customer-preston. they're unable to delete the hosts. their entire enrollment status and workflow is based on this 'enrolled date' field
@zayhanlon @noahtalerman
I have a PR in review that solves the issue moving forward (for new devices added to Fleet).
Let's discuss what we should do with hosts that already are in this state (Added to Fleet = Never). What enroll date do we set on them?
from fleet.
zayhanlon
commented on August 16, 2024
@lucasmrod guessing that there's no way for us to figure out the actual enroll date?
from fleet.
lucasmrod
commented on August 16, 2024
I'll be taking a look at where we can get the enrolled date from. AFAICS it won't be exact, most likely an approximation (deduced from other MySQL table row timestamps).
from fleet.
lucasmrod
commented on August 16, 2024
Added to Fleet is the date the osquery agent enrolled (different than the MDM enroll time or the time that the host was ingested via DEP).
I did some digging and we can use the host_disks.created_at which most of the cases is close to the hosts.last_enrolled_at. In some cases it's many days apart (e.g. if you uninstall+install fleetd again on a device, then last_enrolled_at will be updated and will be different than host_disks.created_at)
Here's a dump from dogdood (46 hosts have 0 day difference, and 14 have a non-0 difference):
select datediff(hd.created_at, h.last_enrolled_at) as days_between_last_enrolled_at_and_host_disks from host_disks hd join hosts h on hd.host_id=h.id join host_mdm hmdm on hmdm.host_id=h.id where h.platform = 'darwin' and h.last_enrolled_at !;
+----------------------------------------------+
| days_between_last_enrolled_at_and_host_disks |
+----------------------------------------------+
| -8 |
| 0 |
| 0 |
| -92 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| -2 |
| -231 |
| 0 |
| 0 |
| 0 |
| -147 |
| -130 |
| -91 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| -6 |
| 0 |
| 0 |
| -70 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| -52 |
| -96 |
| 0 |
| 0 |
| 0 |
| -12 |
| 0 |
| 0 |
| 0 |
| -9 |
| -10 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
| 0 |
+----------------------------------------------+
60 rows in set (0.20 sec)
Let me know if we are a-ok going this route. (Via a migration in 4.54.0 to fix these "Never" hosts using host_disks.created_at)
from fleet.
zayhanlon
commented on August 16, 2024
Seems like it makes sense but I'll wait for @noahtalerman
from fleet.
zayhanlon
commented on August 16, 2024
@lucasmrod @noahtalerman is there NO other way for us to capture the actual enrollment date vs this option^ ? The diff on some of these is really high
from fleet.
lucasmrod
commented on August 16, 2024
is there NO other way for us to capture the actual enrollment date vs this option^ ? The diff on some of these is really high
I ran out of ideas. Let me check with the team.
from fleet.
valentinpezon-primo
commented on August 16, 2024
@lucasmrod - thanks for looking into this !
Do we know why the date is "Never" even tho the agent is installed ? 🤔
We have some internal flow that triggers if the enrollment date change, in our minde this date should never changed, and if it is, it means the device was re-enrolled
if the host_disks.created_at fix is going to apply only for device that has "Never" date, I think it's acceptable
from fleet.
noahtalerman
commented on August 16, 2024
Hey @lucasmrod thanks for digging into this!
Installing fleetd on macOS and then enrolling to MDM manually causes the host's Added to Fleet in the host details to be Never.
Looking at the bug description, my understanding is that customer-preston is doing the opposite. Their workflow:
- Turn on MDM manually (installed enrollment profile)
- Install fleetd
@valentinpezon-primo please correct me if I'm wrong.
Do we know why the date is "Never" even tho the agent is installed ?
I had the same question...
Don't we have a "created at" timestamp in the hosts table in the Fleet DB that gets created when fleetd is installed and host enrolls? Maybe this the bug?
Meaning, assuming I'm right about customer-preston's workflow, we're not populating that "created at" timestamp for hosts that turn on MDM manually and then have fleetd installed.
I did some digging and we can use the
host_disks.created_atwhich most of the cases is close to thehosts.last_enrolled_at. In some cases it's many days apart (e.g. if you uninstall+install fleetd again on a device, then last_enrolled_at will be updated and will be different than host_disks.created_at)
@lucasmrod, are there other cases that we know of in which the dates are far apart?
If I'm understanding correctly, customer-prestons hosts that have "Never" haven't had fleetd uninstalled and then re-installed yet.
@valentinpezon-primo is that right?
If that's right, and assuming we don't have a "created at" timestamp for hosts that turn on MDM manually and then have fleetd installed, it sounds like host_disks.created_at will be accurate.
from fleet.
valentinpezon-primo
commented on August 16, 2024
Yes @noahtalerman , we do this (profile then fleetd is installed by fleet)
But this behavior is new (the "never" date), was properly populated before !
from fleet.
PezHub
commented on August 16, 2024
Thanks @lucasmrod and good timing. I literally encountered this yesterday after enrolling my device via DEP, removing the profile then manually re-enrolling. I'll be sure to test the other scenarios listed above as well.
from fleet.
PezHub
commented on August 16, 2024
I had to test scenario B for another mdm ticket today and confirm this fixes the issue (screenshot I posted above)
from fleet.
fleet-release
commented on August 16, 2024
Enrolling manually,
Fleet's date now accurate,
Calm as cloud city's view.
from fleet.
Related Issues (20)
- CI is slow and prone to failures HOT 5
- Check osquery Slack invitation HOT 1
- Add keyboard shortcut support for web UI HOT 1
- Website: UTM changing when browsing the website
- Vulnerabilities cron failing since 08/09/2024 HOT 2
- NVD import fails (panic) when description_data array is empty HOT 3
- upgrade from 4.54.1 to 4.55.0 failed - DB Migration - updating primary key in vpp_apps failed HOT 5
- Could not download software installer package HOT 2
- My device > Self-service: border around icons gets cut on top and bottom.
- Dummy bug for demo purposes HOT 2
- Fleet Desktop isn't calling `onExit` as expected
- Website request: Add new metrics to `HistoricalUsageSnapshot` model, usage analytics webhook, and datadog script.
- Naming a team "No team" or "All teams" breaks the team HOT 7
- Allow Scheduled Maintenance window to happen during "Free" calendar events HOT 1
- Add support for MySQL 8.4.2 LTS
- MABM: track "ABM Terms Expired" error per token
- Select targets page: Loading spinner in select hosts bumps buttons/table down HOT 1
- Define expected behavior when fleetd starts/restarts while device is offline HOT 1
- Software counts aren't updated on team transfer HOT 2
- Website: add a button/link to each article to share on LinkedIn HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fleet.