Skip to main content
Question

Is there a way to sequence policies?

  • July 25, 2012
  • 7 replies
  • 75 views
M
Forum|alt.badge.img+6

I would like to be able to have two policies - one that depends on successful completion of the other. Is there a way to sequence two policies so that one doesn't run until the other has been completed?

We have one policy that runs all Software Updates and removes and re-installs a bunch of updated packages.

The second policy would run another pass of Software Updates and cleans up a few glitches introduced by the prior packages. We've made a pass on nearly all of our computers at a remote site for the first policy, so I've unleashed the second one.

Problem will be with the computers that didn't get hit for the first go around. Now that the second policy is active, when those few computers come online, they'll get hit by both at the same time.

    7 replies

    J
    Forum|alt.badge.img+24
    • jarednichols
    • Valued Contributor
    • July 25, 2012

    Find something unique about the first policy. Make a smart group for it. Then on your second policy, scope it to the newly created smart group.

    For example, I have a policy that caches Microsoft Office 12.4.3 update. The second policy (which actually installs it) is scoped to computers that have the update cached.

    You could also have a script or run command that does a jamf policy -trigger <custom trigger> and have your second policy set to run via custom trigger.

    talkingmoose
    Forum|alt.badge.img+36
    • talkingmoose
    • Community Manager
    • July 25, 2012

    You can call another policy by name if you set it with a custom trigger name. Under the General tab select Triggered By: other... and give the Manual Trigger a unique name.

    Set your first policy to do everything you want it to do. Under the Advanced tab add a command in the Run Command field to then call the second policy:

    jamf policy -trigger triggername

    Once the first policy is done it will call the second policy.

    Likewise, you could give all your policies Manual Trigger names and call them in your preferred order in a script:

    #!/bin/sh

jamf policy -trigger triggername1
jamf policy -trigger triggername2
jamf policy -trigger triggername3

exit 0
      M
      Forum|alt.badge.img+6
      • mgarman
      • Author
      • Contributor
      • July 25, 2012

      Since the first one is doing running software updates that require a restart, and it restart, how does the second one get triggered?

      J
      Forum|alt.badge.img+24
      • jarednichols
      • Valued Contributor
      • July 25, 2012

      You could lay a dummy package down and scope your smart group off that. (Miles Leacy must love that we're on version 8.6 and still suggesting dummy packages)

      M
      Forum|alt.badge.img+6
      • mgarman
      • Author
      • Contributor
      • July 25, 2012

      I'm using Jared's Smart group approach. That should do OK.

      I'm thinking it might be a useful feature to have a policy be able schedule a call to another policy (and that one to another still, etc...). It would be useful for these multiple-pass kind of situations.

      talkingmoose
      Forum|alt.badge.img+36
      • talkingmoose
      • Community Manager
      • July 25, 2012

      Not possible to daisy-chain policies from one to the next or via script when you're interrupting them with a reboot.

      You can, however, run inventory after installing but before reboot, set the second policy to run at Startup and scope it to a smart group of machines with that piece of software installed.

      mm2270
      Forum|alt.badge.img+24
      • mm2270
      • Legendary Contributor
      • July 25, 2012

      Yeah, set the trigger to Startup, and make sure to scope it to Macs that have run the first policy using one of the above suggestions. It should kick in the new policy after the reboot. Be sure the first policy updates inventory at the end before the reboot itself.

      Terms & ConditionsCookie settingsAccessibility statement