Hi-
It would be great if the suite was more aware of version numbers. If I could make a smart group that has a collection of computers that have Firefox but the version number is "less than" 3.6.6" rather than having to say "is not 3.6.6" or "is not 3.6.5" or "is not 3.6.4" etc. The second Firefox 3.6.7 comes out, my smart group is invalidated and people could get back-rev'd if I'm not on top of it.
Thanks!
j
--
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436
I concur.
It would make smart groups more efficient
Dan De Rusha
I.T. SPECIALIST
SCHAWK!
T 847.296.6000
M 847.287.1337
F 847.296.9466
1600 Sherwin Avenue
Des Plaines, IL 60018 USA
schawk.com
Schawk invites Industry Thought Leaders to participate in BRANDSQUARE, a one-of-a-kind, exclusive online marketing community. Visit http://brandsquare.com.
This sounds very similar to a request I had for OS requirements in packages so you could say:
10.5.4+ or 10.5.4< instead of then having to type out 10.5.4, 10.5.5, 10.5.6, 10.5.7, 10.5.8
I can agree with your request as well.
Craig E
This is why I make the "update" policies run once rather than recurring. When a new version comes out, after copying it into Casper Admin, I disable the policy, change the smart group version number, flush the policy history, then edit the policy to add in the new package and re-enable it...
Hello,
I'm not sure if this is currently a feature of Casper, I haven't been
able to find any information on it. But I think it would be very
convenient if Casper Admin had a command line interface. I am aware of
the command line interface available for casper clients through the jamf
binary. But I think it would be useful to be able to add files, dmgs,
scripts, etc. to Casper Admin through a command line interface. This
would allow me to automate customization of dmg files, instead of having
to do everything by hand on a computer that has Casper Admin installed.
Does anyone know if this is available now or if it is a planned feature
in the future? I have already been told by Jamf support that
adding/modifying files directly from the caspershare mount is not best
practice and could cause problems, has anyone else had any luck with
this?.
Thank you
--
David Bruno
Interesting Request. I'm trying to imagine a way I'd use this but I don't see it. Can you describe more about what types of functions you'd use this for?
You are correct in saying that it isn't best practice. You might be able to get away with it if you're the only person using Casper, but in an environment where multiple people are using it, editing the live packages is going to lead to all kinds of problems and making sure they're sync'ed across all of the package servers will be hard to do in real time before waiting for a scheduled sync.
John
I have been slapped on the wrists a few times for my bad habits, but I will edit scripts off the share and then do a sync. My sync settings are set to sync new items by modification date. So, if I mount the master share, and edit say a few lines of a script and save it back to the share, the modification date gets updated. Then when I do a sync, and it does a diff check it will notice that my script has a newer date on the master share and will sync across the distribution points. I do this mainly for efficiency of time as it is a lot quicker to do. Also, I am the only person at my work that does anything on the back end with Casper. No one else touches it, so if anything goes wrong it is always something I did. In retrospect when everything works like it is suppose to, that is also my doing.
As for this feature request, if you are looking at automating tasks, ever think of doing AppleScript or Automator? Does Casper Admin have a dictionary for AppleScript?
Thomas & John,
Yes AppleScript crossed my mind, but I wasn't sure how that would work
with Casper. Anyway, the reason this is important is that we have
config files on the clients which possibly change from day to day, so we
were going to script the creation of a dmg file with all those files
rolled in and create a policy to install it on all of the clients as
necessary. So I was interested in being able to script creating the
dmg, saving it in casper admin, then adding it to the policy for
distribution to clients. I didn't have much luck with command line
features in casper admin, but I did manually look through the casper
mysql database and view the tables. I found that if you monitor
/var/log/jamfChangeManagement.log on the Casper admin server while
working with casper admin it displays the sql command equivalent to
actions taken in the gui. We thought about manually modifying the
database, then adding the files to the share and everything would be up
to date. But we decided not to go this route since using sql commands
on the database involves a lot of hoops just to use casper. We instead
decided to only use casper to run a policy with a script which copies
and extracts a tar file to all the systems instead of using a dmg in
casper and installing it.
Dave
I am not sure if this will work for you, but if you configure a machine exactly how you want it, and then drag all the files into composer you can make a dmg snap shot of just those files. Then toss it in casper admin and do the rest yourself. You could have automator record your actions as you do it manually and maybe set up a work flow.
May I ask what it is you are actually modifying on a daily basis? You could also create one script and use the defaults command to write changes to any property list, and you can use other command line tools to write text to any configuration file.
None of the applications in the Casper Suite are AppleScript aware.
On 7/7/10 8:57 AM, "Thomas Larkin" <tlarki at kckps.org> wrote:
While I love AppleScript, I know that implementing this in the suite would
probably be a chore to do. Much more difficult than a command line
interface (I'm assuming). If I had my druthers, I'd prefer JAMF to focus
on CLI scripting support first. AppleScript is intended to run under a
user login and often with a GUI interface whereas a CLI script isn't
limited to this. And any shell script can be called from AppleScript to
make droplets.
Now, would I like to see the applications scriptable? I'm trying to think
of the possibilities:
1) Casper Remote - It already has a Save as... button to allow you to save
individual command files that can be simple or complex. All that's needed
is to select the machines and go. I'd actually prefer to see this in a
customizable menu a la Apple Remote Desktop's Send UNIX Command. I can't
think of any reason to script this.
2) Casper Admin - This has possibilities. We often update packages and
"version" them to keep them identifiable. I'd love to have some sort of
droplet where I could drop a new package, index it, have Casper Admin
identify the old package, apply the old package's settings to the new
package and update the configurations for me. I could also see this useful
for adding many new packages and applying the same settings and
configurations to all of them.
3) Recon - I don't use this enough to warrant scripting.
4) Composer - Again, I'm often creating new packages that are just newer
versions of the ones they're replacing. If I could run a script to allow
me to quickly create a new package with predefined names, files,
permissions and package format then I'd find that handy. Furthermore, I
could tie this into a workflow to take the new package and throw it into
Casper Admin for me.
5) Casper Imaging - This doesn't really need scripting since it can be
pre-configured using AutoRun and PreStage.
6) JSS Utility - I don't see this needing any scripting either. It's used
so rarely on a day-to-day basis.
--
William Smith
Technical Analyst
Merrill Communications LLC
(651) 632-1492
We have local files that can change on a daily basis specific to our
daily operations. But I'm not sure if automator would completely work,
since in order to run composer it prompts for the local admin passwd.
So we would have to store the password in the application and that is
not allowed in our security policy.
David Bruno
Are these files per user (such as preferences) or per computer?
On 7/7/10 9:43 AM, "David Bruno" <david.bruno at arl.army.mil> wrote:
Anything that's changing on a daily basis might be more easily handled
using some sort of login/launchd script that pulls them from a sever.
--
William Smith
Technical Analyst
Merrill Communications LLC
(651) 632-1492
The files will be the same across all of the computers, regardless of user.
David Bruno
Computer Scientist
ARL/CISD
410-278-8929
david.bruno at us.army.mil
I think a log in hook script would then possibly be your best bet, or a policy that is set to run at start up. Then you can just script the changes from bash and have Casper run your script.
Hi-
I'd like to see the ability to actively SSH to a machine if you have the appropriate privileges in your JSS account. Seeing how the JSS knows a machine's management account password (we spin them randomly) it would be nice if there was an SSH button in Casper Remote. You pick your one computer you'd like to SSH to, click the SSH button and it passes the credentials stored in the server's database down to a local terminal session.
This would save an awfully lot of time from running unix commands and looking at the resulting log report. I often find myself doing this to troubleshoot end-user problems.
Thanks!
--
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436
This is exactly what I use ARD Admin for. However, it would be a nice feature.
I'd use ARD, but our access account machine passwords are spun randomly and only the JSS knows it. Not only that, but it's buying two products that do a lot of feature overlap. I'd rather have the thing I use all the time (and prefer) do it (Casper) as it seems an easy add-on.
j
--
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436
Hi-
It would be great if using Composer and building a pkg installer if you could use a code signing certificate. This way, with one workflow we can create both our Casper DMG and pkg installers that for use in a standalone manner can be verified as coming from a trusted source instead of doubling efford and using Apple’s Package Builder (which supports certs). I’m not sure if Composer is using packagemaker internally, but if it is, the “--sign” flag will allow a Cert to be specified.
Thanks
j
--
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436
Hi,
On 07.07.2010, at 17:31, Nichols, Jared - 1170 - MITLL wrote:
have you considered deploying SSH keys to all hosts and using a slightly modified sudo configuration?
Regards,
Marko
--
Marko Jung
NSMS - Oxford University Computing Services
http://www.oucs.ox.ac.uk/nsms
I concur on being able to parse packages for distribution. We have a number of very large dual boot images that never need to be distributed to our elementary sites. My other request (which I've submitted in the past, so forgive the repetition) would be for some manner of notification if and when a replication fails.
Janice Hill
PC Support Manager
Sheboygan Area School District
920.459.4032
RE the replication thing… I'm not incredibly familiar with it, but I image there's some settings in rsync that could be tweaked for this.
j
--
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436
I should say, "RE the replication failure thing"…
It's early.
j
Replicas are read only, and only the Master can write down to them. I
am sure at some point it does use rsync or something similar
under-the-hood.
Hey Thomas,
You're totally right.
Just for reference, here's the manual command to replicate (from child) :
sudo jssutil replicateFromMaster -server <IP Address> -remoteUsername <username -remotePath <path> -localPath <path> -localOwner <username>
This command will replicate the child distribution point from the master. It is intended to be run from the child distribution point server.
-server The DNS or IP address of the JSS Master Distribution Point
-remoteUsername The username assigned to the read/write user for the master distribution point
-remotePath Full path to the master distribution point share
-localPath Full path to the child distribution point share
-localOwner The username assigned to the read/write user for the master distribution point
If you are unsure about any of these settings as they are currently issued, please reference one of the two following paths on your child server to determine what the JSS Setup Utility is using for the variables in the flags:
/System/Library/LaunchDaemons/com.jamfsoftware.task.replicate.plist
or
/Library/LaunchDaemons/com.jamfsoftware.task.replicate.plist
In these files, you should be able to see what values are being used.
replicateFromMaster command I use :
sudo jssutil replicateFromMaster -server chiquito -remoteUsername adminesl -remotePath /Volumes/FileHome/Casper/CasperShare/ -localPath /Volumes/Macintosh HD2/CasperShare/ -localOwner adminesl -verbose
Here's the rsync commands running in background:
ssh -l adminesl chiquito rsync --server --sender -vlogDtprz . "/Volumes/FileHome/Casper/CasperShare/"
/usr/bin/rsync -avrpogz --delete -e ssh adminesl at chiquito:"/Volumes/FileHome/Casper/CasperShare/" /Volumes/Macintosh HD2/CasperShare/
sh -c /usr/bin/rsync -avrpogz --delete -e ssh adminesl at chiquito:'"/Volumes/FileHome/Casper/CasperShare/"' '/Volumes/Macintosh HD2/CasperShare/' >& /tmp/jamf101027544.tmp
I don't think we can interfere with the rsync commands launched by jssutil.
Maybe we could disable the replication and setup a cron ?
This question was addressed earlier :
I use rsync and set it in a cronjob, mine looks like this
00 01 /usr/local/bin/rsync.sh
##51 14 rsync -rav --delete -e ssh rsyncusr at mainservername:"/share/path/CasperShare/" /distribution/share/path/
This runs every night I also scripted it so I can manually do it.
I use Share keys so no Password has to be in the script. Here is my Documentation on that.
Each on of these Distribution Points have the personal cert or Shared Key of the main distribution and have created user rsyncusr. This allows a rsync without needing password input.
This is setup from Each Distribution Point you must have a user with the name on each server rsyncusr happens to be mine
mkdir ~/.ssh
ssh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa -C "Enter an optional comment about your key?"
Enter passphrase (empty for no passphrase) no passphrase
Your identification has been saved in /Users/rsyncusr/.ssh/id_rsa <-- if Linux will be /home/rsyncusr/.ssh/id_rsa
Your public key has been saved in /Users/rsyncusr/.ssh/id_rsa.pub <-- if Linux will be /home/rsyncusr.ssh/id_rsa.pub
The key fingerprint is:
60:b5:c1:b7:ee:ab:31:d1:70:d8:03:41:df:0f:08:eb Enter an optional comment about your key?
*do this on all servers
chmod 700 ~/.ssh
chmod 600 ~/.ssh/*
*Do this just from the Distubution Points
cat ~/.ssh/id_rsa.pub | ssh mainservername 'cat - >> ~/.ssh/authorized_keys'
*after first accepting the ssh connection, should no longer need a password***
D. Trey Howell
ACMT, ACHDS, CCA
trey.howell at austinisd.org
Desktop Engineering
twitter @aisdmacgeek
We could use --exclude, but it would be much more elegant if JAMF included it in the GUI.
Francois
On 2 mai 2011, at 15:05, Thomas Larkin wrote:
Replicas are read only, and only the Master can write down to them. I am sure at some point it does use rsync or something similar under-the-hood.
>>> "Nichols, Jared - 1170 - MITLL" <jared.nichols at ll.mit.edu> 5/2/2011 7:03 AM >>>
I should say, "RE the replication failure thing"…
It's early.
j
On May 2, 2011, at 8:00 AM, Nichols, Jared - 1170 - MITLL wrote:
RE the replication thing… I'm not incredibly familiar with it, but I image there's some settings in rsync that could be tweaked for this.
j
--
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436
From: Janice Hill <jhill at sheboygan.k12.wi.us>
Date: Fri, 29 Apr 2011 15:29:25 -0400
To: "casper at list.jamfsoftware.com" <casper at list.jamfsoftware.com>
Subject: [Casper] Feature Request
I concur on being able to parse packages for distribution. We have a number of very large dual boot images that never need to be distributed to our elementary sites. My other request (which I've submitted in the past, so forgive the repetition) would be for some manner of notification if and when a replication fails.
Janice Hill
PC Support Manager
Sheboygan Area School District
920.459.4032
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper
This message has been sent from the Kansas City, Kansas Public Schools. The information contained in this email and any attachments may be privileged and confidential, and are intended only for the individual or entity identified as the addressee. If you are not the addressee, or if the message has been addressed to you in error, you are not authorized to read, retain, copy, or distribute the message or any attachments. If you have received the message in error, please delete it and any attachments and notify the sender by return e-mail or by telephone. Thank you.
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper
--
Francois Tiffreau | IT operations Manager
ESL Education
Head office – Switzerland
Grand-Rue 50, 1820 Montreux
t +41 21 962 88 80 | f +41 21 962 88 81
skype esl.francois
http://www.esl-education.org
Please consider the environment before printing this e-mail
This e-mail message may contain certain confidential and privileged material for the sole use of the intended recipient.
Any review, use or distribution by others is prohibited. If you are not the intended recipient, please contact the sender and destroy or delete all copies.
