Add ability to run ad-hoc scripts on multiple hosts in the Fleet UI

[ddribeiro]

Gong snippet: https://us-65885.app.gong.io/call?id=7102013700127118567&highlights=%5B%7B%22type%22%3A%22SHARE%22%2C%22from%22%3A224%2C%22to%22%3A948%7D%5D

• @noahtalerman: I think we still want to guide users who are trying to enforce remediation (not one off scripts) to write a policy and then attach a script to it
• @noahtalerman: User requested this because it’s too much work and takes too much time to add a policy and then add a script to it. Then I have to wait an hour for the policy to get evaluated. And after the script runs I have to deleted the policy. I just want to run a script on many hosts at once. If it doesn't work for some hosts the first time, I want to easily run it again.
  • @noahtalerman: In the interim the user can build an automation w/ Tines to hit the run script API endpoint.
  • @noahtalerman: Eventually Fleet could add the ability to multi-select hosts on Hosts page (or in live query results) and then run a script against all these hosts at once.
  • @allenhouchins: Policies are sometimes not desirable because the end user can see them in My device page. In troubleshooting use cases, I don't want to bother the end user. They can notice when I add a policy.

---

[noahtalerman]

Problem

As a Fleet admin managing Linux hosts, scripting is the primary mechanism I have to perform management actions on a host. The Fleet UI allows me to run ad-hoc scripts on a single host, but if I want to run a script on multiple hosts, I need to use policy automations. This can be a barrier to an admin who wants to run scripts on multiple hosts but is unfamiliar with osquery/SQL syntax.

What have you tried?

customer-cisneros has scripts uploaded to teams in their Fleet server. They can navigate to an individual host's details page and run a script on that host from the UI. However, there is no practical way to apply this workflow to multiple hosts in the UI.

Scripts triggered by policy automations could work in many workflows, but there are some cases where an ad-hoc script needs to be run on a batch of hosts as fast as possible. Building a query for a policy takes additional time, especially for admins who may not be familiar with osquery.

Potential solutions

In addition to the ability to run an ad-hoc script on a single host in the Fleet UI, Fleet could add the ability to target multiple hosts and run a script.

What is the expected workflow as a result of your proposal?

If a Fleet admin needs to perform a quick action on a group of Linux hosts, they would write a script that performs that task. Once they have the script, they would upload it to Fleet. They would then select the script to be run, select a group of hosts to run the script against, and Fleet would execute it on those hosts.