Help

S.U.P.E.R.M.A.N api

Go to solution
SW
New Contributor II

Posted on ‎06-11-2022 10:26 AM

Has anyone implemented the API for Superman? Specifically the api details. 

I am a little lost on the configuration of it any help would be appreciated. 

https://github.com/Macjutsu/super

Thanks!

0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
daniel_behan
Contributor III
In response to SW

Posted on ‎06-13-2022 09:29 AM

The options are limitless.  I'm still testing it myself.  You can have one policy that deploys super to all machines, then have separate polices that run /Library/Management/super/super with whichever options you want.  How and when you trigger it all depends on your environment and change control procedures. Once it runs, the deferrals are cached locally into a launchdaemon, so the frequency of the policy really depends on how you set the deferrals.  Read thoroughly the options regarding default-defer and focus-deadline.

View solution in original post

Reply
13 REPLIES 13

Go to solution
Spitzer
New Contributor II

Posted on ‎06-13-2022 09:13 AM

We are using it and are encouraged by the results. What questions do you have?

0 Kudos
Reply

Go to solution
SW
New Contributor II
In response to Spitzer

Posted on ‎06-13-2022 09:16 AM

Once install onto a Mac how is it triggered is it a manual process each time you want to update?

 

do you have any recommendations on best practices to make it as foolproof as possible? 

Thanks

0 Kudos
Reply

Go to solution
Spitzer
New Contributor II
In response to SW

Posted on ‎06-13-2022 09:49 AM

Currently, yes, we trigger it via a policy that we update monthly to meet the deadlines that we have for compliance. 
Kevin, the developer, is working on version 2.0 now and he hopes to have a daily run companion part.
As for the API part, creating a user with a very narrow permission set does the trick for us. When we don't have a mandatory update policy running we can disable that user or change the password and it is neutered. 

0 Kudos
Reply

Go to solution
SW
New Contributor II
In response to Spitzer

Posted on ‎06-13-2022 09:51 AM

Thanks this makes sense now.

0 Kudos
Reply

Go to solution
daniel_behan
Contributor III

Posted on ‎06-13-2022 09:15 AM

For Apple Silicon Macs, you need either script user credentials that have boot volume ownership, or use API commands in a script so that MDM Commands push the updates.  The API credentials in JAMF Pro need the following Permissions: "Computers Create", " Compuers Read", and "Send Computer Remote Command
to Download and Install macOS Update".

 

You can encrypt those credentials in a script.  The deferral and deadline options need to be read through a few times to suit your environment.

 

I have a policy that caches super, then runs the following script.  In this example, I left a default of 3 deferrals.

 

"#!/bin/bash

function superSilicon () {
APIUSER="JAMF_APIUSER"
pword="Encrypted_JAMF_APIPASSWORD"
/Library/Management/super/super --jamf-account $APIUSER --jamf-password $pword --count-deadline 3
}

function superIntel () {
/Library/Management/super/super --count-deadline 3
}

function superbyProcessor () {
# Check to see if Intel or Apple Silicon
processor=$(/usr/bin/arch)
if [ "$processor" = "i386" ]; then
superIntel
elif [ "$processor" = "arm64" ]; then
superSilicon
fi
}

# Run SUPER if installed
if [ -f "/Library/Management/super/super" ] ; then
superbyProcessor
else /usr/local/bin/jamf install -package super.pkg -path /Library/Application\ Support/JAMF/Waiting\ Room/ -target "/"
superbyProcessor
fi"

Reply

Go to solution
SW
New Contributor II
In response to daniel_behan

Posted on ‎06-13-2022 09:21 AM

We plan on using the API for both and seem to have to set up, how is it you are triggering it? 
and what was your way of deploying?

 

For testing I trigger it with a monthly check in using execute command /super however this will prompt the users regardless of pending updates or not.

 

Thank you 

0 Kudos
Reply

Go to solution
daniel_behan
Contributor III
In response to SW

Posted on ‎06-13-2022 09:29 AM

The options are limitless.  I'm still testing it myself.  You can have one policy that deploys super to all machines, then have separate polices that run /Library/Management/super/super with whichever options you want.  How and when you trigger it all depends on your environment and change control procedures. Once it runs, the deferrals are cached locally into a launchdaemon, so the frequency of the policy really depends on how you set the deferrals.  Read thoroughly the options regarding default-defer and focus-deadline.

Reply

Go to solution
tkimpton
Valued Contributor II
In response to daniel_behan

Posted on ‎06-29-2022 04:58 AM

getting Error: Unrecognized Options: --count-deadline 3

0 Kudos
Reply

Go to solution
Spitzer
New Contributor II
In response to tkimpton

Posted on ‎06-29-2022 09:02 AM

Join the #super slack channel in Mac Admins. Kevin is responsive and helpful.
https://macadmins.slack.com/archives/C03LKQ8EN2C

0 Kudos
Reply

Go to solution
tkimpton
Valued Contributor II

Posted on ‎06-30-2022 12:58 AM

changed-count-deadline 3 to --hard-count=3

 

currently version 2 once deferred creates a launch daemon pointing to /Library/Management/super/super-starter which doesn't exist and so it does nothing.

0 Kudos
Reply

Go to solution
duff2481-1
Contributor

Posted on ‎08-16-2022 06:55 PM

Can you also use for prompting users to upgrade 3rd party applications too? I looked at IBM Notifier some months ago but never got around to doing anything with it. 

0 Kudos
Reply

Go to solution
manjunath
New Contributor II

Posted on ‎12-27-2022 05:24 AM

Can anyone show with an example on how to deploy the SUPER policy or configuration profile? 

Reply

Go to solution
user-LYBGeLSLLt
New Contributor II

Posted on ‎01-16-2023 04:37 AM

yaaa, please?

 

0 Kudos
Reply