Changes
The primary additions in Fleet 4.0.0 are the new Role-based access control (RBAC) and Teams features.
RBAC adds the ability to define a user's access to features in Fleet. This way, more individuals in an organization can utilize Fleet with appropriate levels of access.
- Check out the permissions documentation for a breakdown of the new user roles.
Teams adds the ability to separate hosts into exclusive groups. This way, users can easily act on consistent groups of hosts.
- Read more about the Teams feature in the documentation here.
New features breakdown
-
Add ability to define a user's access to features in Fleet by introducing the Admin, Maintainer, and Observer roles. Available in Fleet Core.
-
Add ability to separate hosts into exclusive groups with the Teams feature. The Teams feature is available for Fleet Basic customers. Check out the list below for the new functionality included with Teams:
-
Teams: Add ability to enroll hosts to one team using team specific enroll secrets.
-
Teams: Add ability to manually transfer hosts to a different team in the Fleet UI.
-
Teams: Add ability to apply unique agent options to each team. Note that "osquery options" have been renamed to "agent options."
-
Teams: Add ability to grant users access to one or more teams. This allows you to define a user's access to specific groups of hosts in Fleet.
-
Add ability to create an API-only user. API-only users cannot access the Fleet UI. These users can access all Fleet API endpoints and
fleetctlfeatures. Available in Fleet Core. -
Add Redis cluster support. Available in Fleet Core.
-
Fix a bug that prevented the columns chosen for the "Hosts" table from persisting after logging out of Fleet.
Upgrade plan
Fleet 4.0.0 is a major release and introduces several breaking changes and database migrations.
-
Use strictly
fleetin Fleet's configuration, API routes, and environment variables. Users must update all usage ofkolidein these items (deprecated since Fleet 3.8.0). -
Change configuration option
server_tlsprofiletoserver_tls_compatability. This option previously had an inconsistent key name. -
Replace the use of the
api/v1/fleet/spec/osquery/optionswithapi/v1/fleet/config. In Fleet 4.0.0, "osquery options" are now called "agent options." The new agent options are moved to the Fleet application config spec file and theapi/v1/fleet/configAPI endpoint. -
Enroll secrets no longer have "names" and are now either global or for a specific team. Hosts no longer store the “name” of the enroll secret that was used. Users that want to be able to segment hosts (for configuration, queries, etc.) based on the enrollment secret should use the Teams feature in Fleet Basic.
-
auth_jwt_keyandauth_jwt_key_fileare no longer accepted as configuration. -
JWT encoding is no longer used for session keys. Sessions now default to expiring in 4 hours of inactivity.
Known issues
There are currently no known issues in this release. However, we recommend only upgrading to Fleet 4.0.0-rc2 for testing purposes. Please file a GitHub issue for any issues discovered when testing Fleet 4.0.0!
Upgrading
Please visit our update guide for upgrade instructions.
Documentation
Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/v4.0.0-rc2/docs/README.md
Binary Checksum
SHA256
33f8ae90fa0f508200f632516374226cfc6485112ca1982390b52fb9f611fbbb fleet.zip
dbacbc93048e00676ea9986ed9a1f5697f965e3bec5d988b64c3f4ae53ff54b4 fleetctl.exe.zip
9d6be11444a0e2d9170b690aba969afdfef3782fd4defaa030812c10af492e6f fleetctl-macos.tar.gz
7107330a59dd413769a4bb476495e98b55068b2f46f99813450a1ad9991a34d1 fleetctl-windows.tar.gz
7a3b9d6eebf48fd9862785dd6c42391a37bb955ca108c39dde802dce096d67e1 fleetctl-linux.tar.gz