Live the Dream
Transcript of Live the Dream
![Page 1: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/1.jpg)
Integrating AutoPkg and the Casper Suite
with JSSImporterLive the Dream
![Page 2: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/2.jpg)
What are we Trying to Do
Keep software up-to-date on client machines.
Test software before deployment.
Minimize IT involvement, mistakes, and time.
Prioritize important software.
![Page 3: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/3.jpg)
Virtuous Behavior
Laziness as a virtue.
Trading one kind of labor for another.
The path is not easy, but it's not hard either.
Creating a safe space to iterate.
It's all in the reflexes.
![Page 4: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/4.jpg)
How does Casper install Software? 1. Package up software (Composer)
2. Package is uploaded to distribution points.
3. Policy is created. Scoped to desired machines/groups.
4. Targets check-in periodically, and run any queued policies. Once. (Even if it fails).
![Page 5: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/5.jpg)
and when software is updated?1. Download new version.
2. Test it out?
3. Package it up.
4. Upload it to distribution points.
5. Edit Policy to install new version.
6. Flush the logs!
![Page 6: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/6.jpg)
Two Points of Pain1. Almost all software must be
repackaged.
2. Clicking on a bunch of web forms to deploy.
![Page 7: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/7.jpg)
If you don't mind repetition, I have the cure...
![Page 8: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/8.jpg)
Hasselhoff Infinite Recursion
![Page 9: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/9.jpg)
Our Perception Our Sad Reality
Quality Control
*Especially in small organizations
![Page 10: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/10.jpg)
Solving Point of Pain #1
AutoPkg
It's a black box
![Page 11: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/11.jpg)
![Page 12: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/12.jpg)
![Page 13: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/13.jpg)
Solving Pain #2
Take a cue from Munki and automate.
![Page 14: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/14.jpg)
What does Munki do?"Munki is a set of tools that... can be used by OS X administrators to manage software installs (and in many cases removals) on OS X client machines."
Manages multiple versions of software in Catalogs.
Manifests gather together groupings of software to install, and Catalogs from which to pull.
Clients check for updates to their available software, and install any that are available, on a schedule.
![Page 15: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/15.jpg)
Development Testing Production
![Page 16: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/16.jpg)
AutoPkg + Munki
Already built in.
Most major software already cooked up.
![Page 17: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/17.jpg)
What exactly does a Munki recipe do?Extends a download or pkg recipe.
Specifies metadata about product.
Adds product to Catalog: (testing)
Copies files to Munki repo.
All of the deployment is handled elsewhere.
![Page 18: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/18.jpg)
So basically it just copies software to a fileshare. Is this enough for Casper admins?
i.e., what happens if you simply upload a package with Casper Admin?
![Page 19: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/19.jpg)
JSSImporter & python-jss
* Not the actual Allister Banks
![Page 20: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/20.jpg)
Making it happen on Casper
Policies should not install more than one product.
Each product deployed by two policies:
Testing (self service)
Production (automated)
![Page 21: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/21.jpg)
Deploy to ProductionProbably Automated
Can and should be bulk created (python-jss/jss_helper)
OR duplicated to remove the risk of error.
Variance as Documentation: Policies should only differ in installation-dependent ways.
(Extra scripting, reboots, etc)
Naming Convention: Install NetHack-3.4.3
![Page 22: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/22.jpg)
Deploy to Testing"Official" Workflow Overview
1. Upload package to all configured distribution points.
2. Self-service policy offers new package to testing computers.
3. Test software.
4. Promote to production.
![Page 23: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/23.jpg)
The Testing Group
![Page 24: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/24.jpg)
Details of Self-Service
Scoped to Smart Group: NetHack-update-smart Frequency: Ongoing
Installs package, then recons.
Client drops out of Smart Group.
*No true version comparisons
![Page 25: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/25.jpg)
RelaxThis is all you need to know. But.
![Page 26: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/26.jpg)
Going Further
Setting things up.
Writing Recipes.
Alternate Workflows.
Mad Skills.
![Page 27: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/27.jpg)
Installation & Configuration
https://github.com/sheagcraig/JSSImporter/releases/latest
![Page 28: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/28.jpg)
Settings
API_USERNAME & API_PASSWORD
JSS_URL
JSS_VERIFY_SSL
JSS_REPOS
![Page 29: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/29.jpg)
![Page 30: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/30.jpg)
Create an API User
System Settings
JSS User Accounts and Groups
![Page 31: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/31.jpg)
Needs Create, Read, and Update privileges for:
• Categories
• Smart Computer Groups
• Static Computer Groups
• Distribution Points
• (only needs "Read")
• Extension Attributes
• Packages
• Policies
• Scripts
*Permissions required even if not using!
![Page 32: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/32.jpg)
defaults write com.github.autopkg JSS_URL https://test.jss.private:8443 defaults write com.github.autopkg API_USERNAME <apiUser> defaults write com.github.autopkg API_PASSWORD <apiPassword> defaults write com.github.autopkg JSS_VERIFY_SSL -bool <true or false>
![Page 33: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/33.jpg)
Warning for Crazy Password People:
Bash shell escaping and XML escaping are not the same!
defaults write ./test.plist Password -string "L33tP@$$w0rd!" bash: !": event not found
Defaults will handle the XML encoding for you. Just editing the plist will not. defaults write ./test.plist Password -string '!@#$%^&*()<>?'
![Page 34: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/34.jpg)
Configuring Distribution Points (JSS_REPOS)
JSS_REPOS is an array of dicts!
Two kinds of distribution points settings:
• Automatically Configured FileShare Distribution Point
• JDS
![Page 35: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/35.jpg)
Check the documentation for in-depth instructions on how to PlistBuddy this, OR
you can edit it in your favorite text editor (which is vim)...
but you probably have to plutil -convert xml1 ~/Library/Preferences/com.github.autopkg.plist
first, and make sure to defaults read com.github.autopkg
afterwards.
![Page 36: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/36.jpg)
![Page 37: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/37.jpg)
![Page 38: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/38.jpg)
![Page 39: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/39.jpg)
Basic Usage
JSS Recipes Repo: https://github.com/autopkg/jss-recipes
autopkg repo-add jss-recipes
autopkg search <product>
![Page 40: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/40.jpg)
![Page 41: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/41.jpg)
Ensure you have recipe's parentautopkg info <Recipe>
![Page 42: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/42.jpg)
Run the recipeautopkg run <Product>.jss
![Page 43: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/43.jpg)
What HappensFirst Run 1. Create categories. 2. Copy package to
distribution points. 3. Create extension
attributes. 4. Create static and smart
groups. 5. Create scripts. 6. Create policy. 7. Attach icon to policy.
Subsequent Runs 1. Update package if new. 2. Update extension
attributes. 3. Update groups. 4. Update scripts 5. Update policy
*Update means manual UI changes are lost: "Declarative".
![Page 44: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/44.jpg)
Test Packages
![Page 45: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/45.jpg)
Promote Package to Production
Manual Edit production policy: • Name • Package • Flush logs • But no.
Automagical jss_helper promote -u
https://github.com/sheagcraig/jss_helper
![Page 46: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/46.jpg)
![Page 47: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/47.jpg)
Flush
![Page 48: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/48.jpg)
Other Cool Stuff with jss_helper
![Page 49: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/49.jpg)
computer and mobile device groups computers and mobile devices policies configuration profiles (computer & md) categories imaging configurations packages
Research Objects
![Page 50: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/50.jpg)
![Page 51: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/51.jpg)
There's also: https://yourjss.company.org:8443/api (If you're still into clicking... Remember the Hoff)
![Page 52: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/52.jpg)
jss_helper installs
![Page 53: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/53.jpg)
jss_helper scoped
![Page 54: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/54.jpg)
Writing JSS RecipesWriting JSS recipes is primarily about applying your already-designed workflow to a new product.
Workflow is described in PolicyTemplate and SmartGroupTemplate.
![Page 55: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/55.jpg)
Text Substitution
Autopkg and JSSImporter attempt to replace any string value wrapped in %'s with the value of a variable.
E.g. %version% is replaced with 18.0.0.194.
Applies to recipes as well as xml templates.
![Page 56: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/56.jpg)
PolicyTemplate.xml
Design a policy in web UI, then edit out unnecessary elements.
![Page 57: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/57.jpg)
PolicyTemplate.xml
Or start with standard and edit in changes.
![Page 58: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/58.jpg)
PolicyTemplate.xml
Or start with standard and edit in changes.
![Page 59: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/59.jpg)
SmartGroupTemplate.xml
![Page 60: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/60.jpg)
Writing the JSS Recipe
Copy an existing recipe, make edits, diff.
![Page 61: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/61.jpg)
Writing the recipeOnce Policy and SmartGroup are designed, most recipes differ only in a few ways. To reuse:• Edit the description.
• Edit the identifier
• Edit the NAME
• Edit the SELF_SERVICE_ICON
• Edit the SELF_SERVICE_DESCRIPTION
• Edit the Category
• Edit the ParentRecipe
![Page 62: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/62.jpg)
Standard jss-recipes
Filename is <Product>.jss.recipe
Identifier is com.github.jss-recipes.jss.<Product>
![Page 63: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/63.jpg)
Argument Doubling (*only edit the Input)
![Page 64: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/64.jpg)
Extra Arguments
os_requirements: 10.10.x, 10.9.5, 10.9.6
site_name / site_id
jss_inventory_name: Microsoft OneNote vs. MSOneNote
scripts
extension_attributes
![Page 65: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/65.jpg)
JSSRecipeCreatorhttps://github.com/sheagcraig/JSSRecipeCreator
Takes a parent recipe as input.
Will prompt for every important value OR -a for full-auto ease.
JSSRecipeCreator -a ~/Library/RecipeRepos/com.github.autopkg.sheagcraig-recipes/OpenEmu/OpenEmu.pkg.recipe
![Page 66: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/66.jpg)
![Page 67: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/67.jpg)
![Page 68: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/68.jpg)
![Page 69: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/69.jpg)
• Standard Mode prompts for: • Recipe Filename • Identifier • NAME • PolicyTemplate • Package Category • Policy Category • Scope • Self Service Icon • Self Service Description
![Page 70: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/70.jpg)
Overriding JSS Recipes
Copy templates, icons to: ~/Library/AutoPkg/RecipeOverrides/
...if you want different ones.
Remove things you don't need to change, edit things you do.
autopkg make-override NetHack.jss
![Page 71: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/71.jpg)
![Page 72: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/72.jpg)
AppStoreApphttps://github.com/autopkg/nmcspadden-recipes
Requires pyasn1: sudo easy_install -U pyasn1
Create a JSS Recipe for each app.
• Name: (App's name)
• ParentRecipe: com.github.nmcspadden.pkg.appstore
App must be present!
* Not the actual Nick McSpadden
![Page 73: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/73.jpg)
![Page 74: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/74.jpg)
Alternate Workflows• Automatically deploy packages to testing computers.
• Add packages to distribution points only.
• Multiple JSSImporter steps create multiple policies:
• Install policy
• Notification policy
• Bad Idea: Use JSSImporter to automatically deploy software to all computers.
![Page 75: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/75.jpg)
![Page 76: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/76.jpg)
Alternate Workflows• Automatically deploy packages to testing computers.
• Add packages to distribution points only.
• Multiple JSSImporter steps create multiple policies:
• Install policy
• Notification policy
• Bad Idea: Use JSSImporter to automatically deploy software to all computers.
![Page 77: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/77.jpg)
![Page 78: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/78.jpg)
Alternate Workflows• Automatically deploy packages to testing computers.
• Add packages to distribution points only.
• Multiple JSSImporter steps create multiple policies:
• Install policy
• Notification policy
• Bad Idea: Use JSSImporter to automatically deploy software to all computers.
![Page 79: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/79.jpg)
Add 2nd JSSImporter
![Page 80: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/80.jpg)
NotificationPolicy
![Page 81: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/81.jpg)
![Page 82: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/82.jpg)
Other Stuff
Automate your AutoPkg with AutoPkgr
http://www.lindegroup.com/autopkgr/
LaunchDaemon and autopkg -l <my_list>
![Page 83: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/83.jpg)
My JSS has 90 Google Chrome packages......and there's no room for my emergency security updates to Adobe Flash!
Spruce
https://github.com/sheagcraig/spruce
Audit unused packages, scripts.
And more coming!
![Page 84: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/84.jpg)
![Page 85: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/85.jpg)
JSSImporter as a Management ToolCan be configured to populate:
Extension attributes
Example: Computer Information Fields
XProtect State
Scripts
SavingThrow
![Page 86: Live the Dream](https://reader036.fdocuments.in/reader036/viewer/2022090906/613ca314f046235e845ce6c3/html5/thumbnails/86.jpg)