Posted on 10-22-2014 08:50 PM
For those of you who weren't at JNUC this year, here are the notes and slides for my presentation, Auto-Update Magic:
https://github.com/homebysix/auto-update-magic
Here's the link to the latest version of AutoPkgr, which now supports direct JSS integration:
https://github.com/lindegroup/autopkgr/releases/latest
If you find a reproducible bug with AutoPkgr, please open or update an issue on GitHub:
https://github.com/lindegroup/autopkgr/issues
If you have feedback or questions, I'd love to hear from you here!
Posted on 10-22-2014 08:53 PM
Oh golly! Cool beans.
Posted on 10-22-2014 09:21 PM
Going to test this out, will let you know how I go!
Posted on 10-22-2014 10:04 PM
Looks great going to play with it today cheers
Posted on 10-22-2014 10:05 PM
@elliotjordan Awesome work. I can't wait to watch your JNUC presentation video when it is released. In the mean time I've got some wonderful release notes to digest.
Thank You!
Posted on 10-23-2014 07:00 AM
+1 This is amazing. Thank you for posting al the information!
Posted on 10-23-2014 08:11 AM
Good presentation. Am hoping to put it to good use.
Posted on 10-23-2014 06:09 PM
First I wanted to say that I enjoyed your presentation at JNUC. I have had a chance to download and install Autopkgr and I seem to be having a bit of an issue getting connected to my lab JSS. I am seeing the following error when I try to connect to the JSS.
Error getting distribution points
The Casper server's response could not be correctly interpreted.
Looking in the system.log file I see the following:
Oct 23 19:51:41 MacbookPro1 secd[558]: securityd_xpc_dictionary_handler AutoPkgr[21620] copy_matching The operation couldn’t be completed. (OSStatus error -34018 - client has neither application-identifier nor keychain-access-groups entitlements)
Oct 23 19:51:41 MacbookPro1 AutoPkgr[21620]: SecOSStatusWith error:[-34018] The operation couldn’t be completed. (OSStatus error -34018 - Remote error : The operation couldn't be completed. (OSStatus error -34018 - client has neither application-identifier nor keychain-access-groups entitlements))
This is a lab server with no production data and I am testing with an account that has full admin perms in the JSS just to see how things work. When I first try to connect to the JSS I get a mismatched certificate pop-up, which I chose to always trust. I have a feeling the answer to my problem is right in front of my face and I am simply missing it.
Any ideas?
Posted on 10-23-2014 08:03 PM
FritzsCorner I believe you need to setup API access in your JSS.
Posted on 10-23-2014 08:35 PM
Definitely check the API access levels first. Even if you've got full admin access to the JSS, that doesn't necessarily mean you have full Create/Read/Update/Delete access to the API. You'll need access to the following objects:
• Categories (C/R/U)
• Smart Computer Groups (C/R/U)
• Static Computer Groups (C/R/U)
• Computer Extension Attributes (C/R/U)
• Packages (C/R/U)
• Policies (C/R/U)
• Scripts (C/R/U)
• File Share Distribution Points (R)
If that doesn't fix it, then the next thing to check is the certificate. Although you may have trusted it manually, that doesn't necessarily mean that jss-autopkg-addon will too. If you run this command, it will tell the jss-autopkg-addon to ignore invalid SSL certificates:
defaults write com.github.autopkg JSS_VERIFY_SSL -bool false
Good for testing environments; not recommended for production.
Posted on 10-23-2014 08:41 PM
It's like Xmas!
Posted on 10-24-2014 09:03 AM
I verified I have all the required API permissions and made sure I could run my own custom API scripts we use against the JSS. I also went ahead and set the JSS_VERIFY_SSL to false as well with no luck. I have tested this on a few clean builds so far so I am guessing my issue is with the JSS. I will try setting up another lab JSS over the weekend to see if that works.
Thanks again!
Posted on 10-28-2014 06:34 AM
I'm having a tad bit of trouble getting this running myself. After turning the JSS_VERIFY_SSL to false I get an error that I'm not sure what to do with. I feel so close to getting this up and running, and I'm super excited. Hopefully someone smarter than me will have some time to check my error and give me a hand. Here is a link to a txt file containing the error:
https://dl.dropboxusercontent.com/u/1219256/autopkgrJSSerror.txt
Thanks in advance for any help that may come!
Cole
EDIT: After some testing on my own, I found that the issue is probably in mounting the SMB share it is trying to mount. I am unable to mount it manually using the command in the logs that throws the error. But if I edit that line to remove the port number (:139) I can manually mount the share. Do I have some configuration wrong on my server maybe? I don't see where I could change anything obvious to fix it. Anyway, any suggestions appreciated!
EDIT 2: Figured it out. In the JSS you set the default port for a Dist. Point and for some reason it was set to 139. Changed to 445 and connection goes through.
Posted on 10-28-2014 12:26 PM
First, this has changed my world.
Im currently trying to create override on Numbers, Keynote, and Pages and it will not create.
What am I missing or not understanding?
Posted on 10-28-2014 12:27 PM
So either i dont have any clue what im doing or im doing something stupid lol. I cant get the Casper Suite Integration setup with the JSS on the Cloud. i keep getting an error when putting in the URL and username and password....
Thanks guys!
Posted on 10-28-2014 12:33 PM
Paging @adamcodega
Posted on 10-28-2014 12:48 PM
Hello all, I have been playing around with this today on my test JSS enviroromnt but i run into this issue, it seems that Autopkgr gets stuck at talking to my JSS distro share, This is what terminal is saying when i manually run a command to process a package.
zaen1kleug:~ administrator$ autopkg run Firefox.jss
Processing Firefox.jss...
Traceback (most recent call last): File "/usr/local/bin/autopkg", line 1334, in <module> sys.exit(main(sys.argv)) File "/usr/local/bin/autopkg", line 1328, in main exit(subcommands[verb]['function'](argv)) File "/usr/local/bin/autopkg", line 1152, in run_recipes autopackager.process(recipe) File "/Library/AutoPkg/autopkglib/init.py", line 466, in process self.env = processor.process() File "/Library/AutoPkg/autopkglib/init.py", line 295, in process self.main() File "/Library/AutoPkg/autopkglib/JSSImporter.py", line 571, in main ssl_verify=sslVerify, repo_prefs=repos) File "/Library/Python/2.7/site-packages/jss/jss.py", line 166, in init self.distribution_points = distribution_points.DistributionPoints(self) File "/Library/Python/2.7/site-packages/jss/distribution_points.py", line 58, in init self.response = j.DistributionPoint().retrieve_all() File "/Library/Python/2.7/site-packages/jss/jss.py", line 314, in DistributionPoint return self.factory.get_object(DistributionPoint, data) File "/Library/Python/2.7/site-packages/jss/jss.py", line 451, in get_object result = self.jss.get(url) File "/Library/Python/2.7/site-packages/jss/jss.py", line 193, in get response = self.session.get(url) File "/Library/Python/2.7/site-packages/jss/contrib/requests/sessions.py", line 460, in get return self.request('GET', url, *kwargs) File "/Library/Python/2.7/site-packages/jss/contrib/requests/sessions.py", line 448, in request resp = self.send(prep, *send_kwargs) File "/Library/Python/2.7/site-packages/jss/contrib/requests/sessions.py", line 554, in send r = adapter.send(request, **kwargs) File "/Library/Python/2.7/site-packages/jss/contrib/requests/adapters.py", line 417, in send raise SSLError(e, request=request)
jss.contrib.requests.exceptions.SSLError: [Errno 1] _ssl.c:504: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
Posted on 10-28-2014 02:26 PM
Hello all, I have been playing around with this today on my test JSS enviroromnt but i run into this issue, it seems that Autopkgr gets stuck at talking to my JSS distro share, This is what terminal is saying when i manually run a command to process a package.
Seeing the same here. Running JSS 9.6.1 on OS X 10.8.5 Server.
Posted on 10-28-2014 02:45 PM
I was under the impression that AutoPKGr doesn't support multi-context environments (including cloud-hosted JSS instances). I'm curious to know if it integrates with a JDS-only distribution set-up, as the JSS creates a random password for the JDS so it wouldn't be something one could enter when prompted.
Posted on 10-28-2014 05:09 PM
I'm not sure about multi-context environments, but we are testing a beta for JAMF Cloud hosted JSSes, like mine. In fact I brought it up on the issues board.
If you have a multi-instance environment, use an AWS DP (not currently supported), or have errors in your log, please post online! (Turn on verbose logs in AutoPkgr, open console.app, and filter via the search bar for "AutoPkgr") I don't want to recommend flooding their GitHub page but if you find what can be called a bug I would post to the issues board.
Posted on 10-28-2014 05:16 PM
@Shawn.Waller Can you post your AutoPkgr user permissions and are you getting at least a yellow light when you type in your JSS URL? Do they match the permissions in the guide (Covered in Step 2)?
Posted on 10-28-2014 05:32 PM
Edit, misread posting... reply deleted.
Posted on 10-29-2014 07:33 AM
Hello all, I have been playing around with this today on my test JSS enviroromnt but i run into this issue, it seems that Autopkgr gets stuck at talking to my JSS distro share, This is what terminal is saying when i manually run a command to process a package.
Could this be because SSLv3 is disabled?
Posted on 10-29-2014 07:40 AM
let me get this out of the way just incase this is a stupid mistake, the instance of Autopkgr is running on an OS X 10.9 Mac Pro server, the JSS server is running on ubuntu server, in a Vm, setup to have a actual IP address on the network *bridged*, the share I have is linked back to a shared folder on the OS X server and is mapped in the JSS to that shared folder using AFP.
So the Autopkfr instance is running on the same OS X server where the JSS distribution point is mapped to.
Not sure if this matters or not but trying to clarify myself, and yes this is a Test environment for learning Casper for me.
Posted on 10-29-2014 08:46 AM
@Gabriel.Duff What version of the JSS? I'm wondering if the 9.6.1 updates for the Poodle SSL fixes are affecting this.
Posted on 10-29-2014 08:48 AM
@lashomb yes its 9.6.1
Posted on 10-30-2014 06:43 AM
@adamcodega, Here is how i have it setup and it will not connect, Everything looks correct in the JSS according to the steps on the doc.
Posted on 10-30-2014 06:46 AM
@Shawn.Waller Whoops! I forgot us JAMF Clouders need to run the AutoPkgr beta released after discussing JAMF Cloud with Eldon. You can find the link here.
Posted on 10-30-2014 06:47 AM
Awesome thanks!
Posted on 10-30-2014 06:48 AM
As you can see in my discussion I still don't have it working 100% but I'm excited to help contribute to the project. Let us know how it works for for you too.
Posted on 10-30-2014 06:49 AM
For sure! Will do.
Posted on 11-04-2014 09:54 PM
For all with the ssl handshake issue, see this post https://github.com/sheagcraig/jss-autopkg-addon/issues/9#issuecomment-61490994
Posted on 11-05-2014 11:33 AM
@bauer.cole, glad you were able to get it to work!
@jlejeune, you'll want to learn more about @nmcspadden's AppStoreApp recipe. This isn't something I've used yet, but his readme seems like a good primer.
@Gabriel.Duff @lashomb @emilykausalik You're right, we don't yet support cloud-hosted JSS. We'd like to release an update soon that will address this. If any developers want to help, find us on GitHub.
Posted on 11-11-2014 09:00 AM
Posted on 11-11-2014 09:03 AM
@eahrold never knew that url! Thanks!! I will give it a shot.
Posted on 11-11-2014 09:24 AM
@Shawn.Waller, no problem.
Actually I just realized that may not work for everyone, that's the way we have it set up for the AutoPkgr dev team, where it redirects from
https://jss.jamfcloud.com/autopkgr --> https://autopkgr.jamfcloud.com
And the API won't work with the first.
But in some other tests I found it's not redirected, but it's worth a shot if you're still not able get it going with the build on my fork's page https://github.com/eahrold/autopkgr/releases/tag/1.1.1-bugfix
Posted on 11-12-2014 08:10 AM
Is there a version requirement on the JSS? Its working on my test machine but not on production (which is out of date).
Thanks!
Posted on 11-12-2014 08:15 AM
I've tested on 9.30 through 9.51. I understand there were some problems with 9.6 because SSLv3 had been disabled, but there's a fix circulating.
Posted on 11-13-2014 06:39 AM
Further testing is giving me two different issues:
First, regardless of the JSS version, Autopkgr is giving me url errors, even though I've saved the proxy information to the plist.
Can't open URL http://update.videolan.org/vlc/sparkle/vlc-intel64.xml Failed.
and
Couldn't download https://dl.google.com/chrome/mac/stable/GGRO/googlechrome.dmg: <urlopen error Tunnel connection failed: 407 Proxy Authentication Required> Failed.
Then second, I went to terminal to run a recipe on the 9.25 version of the JSS and get the following. (There is no such error on the 9.6 JSS)
PkgCreator: Package already exists at path /Users/username/Library/AutoPkg/Cache/local.jss.Firefox/Firefox-33.1.pkg.
PkgCreator: Existing package matches version and identifier, not building.
JSSImporter
Traceback (most recent call last):
File "/usr/local/bin/autopkg", line 1334, in <module>
sys.exit(main(sys.argv))
File "/usr/local/bin/autopkg", line 1328, in main
exit(subcommands[verb]['function'](argv))
File "/usr/local/bin/autopkg", line 1152, in run_recipes
autopackager.process(recipe)
File "/Library/AutoPkg/autopkglib/__init__.py", line 466, in process
self.env = processor.process()
File "/Library/AutoPkg/autopkglib/__init__.py", line 295, in process
self.main()
File "/Library/AutoPkg/autopkglib/JSSImporter.py", line 571, in main
ssl_verify=sslVerify, repo_prefs=repos)
File "/Library/Python/2.7/site-packages/jss/jss.py", line 166, in __init__
self.distribution_points = distribution_points.DistributionPoints(self)
File "/Library/Python/2.7/site-packages/jss/distribution_points.py", line 75, in __init__
dp = AFPDistributionPoint(URL=URL, port=port, share_name=share_name, mount_point=mount_point, username=username, password=password)
UnboundLocalError: local variable 'password' referenced before assignment
Any suggestions are appreciated.
Posted on 11-28-2014 07:08 AM
Just set up a test. Looks really good. Thanks a lot.
Being new to autopkg;
What would be the easiest way to make two polices for the same application?
Say that I'd like to have a fresh Firefox as a self-service policy for everyone (no problem with that) and an auto-update policy for Firefox (no problem with that either). What I'm looking for is the easiest way to clone the Firefox.jss recipe so I can use it for dual purposes.
Or would it be possible to have both policies done with the same recipe?