Auto-Update Magic! Keep Mac Apps Current with the Casper Suite and AutoPkgr

elliotjordan
Contributor III

For those of you who weren't at JNUC this year, here are the notes and slides for my presentation, Auto-Update Magic:
https://github.com/homebysix/auto-update-magic

Here's the link to the latest version of AutoPkgr, which now supports direct JSS integration:
https://github.com/lindegroup/autopkgr/releases/latest

If you find a reproducible bug with AutoPkgr, please open or update an issue on GitHub:
https://github.com/lindegroup/autopkgr/issues

If you have feedback or questions, I'd love to hear from you here!

96 REPLIES 96

elliotjordan
Contributor III

@monosodium, I'd like to help you, but I need more details. Also, I'm not sure this thread is the proper place to do in-depth troubleshooting.

Could you join our autopkgr-discuss Google Group and provide some more details there? (e.g. What were you doing when you saw that error? If you clicked the "Run AutoPkg Now" button, which recipes were you running? Are there any AutoPkgr-related errors shown in Console.app?)

Thanks!

monosodium
Contributor

@elliotjordan Posted a different issue I ran into here: https://groups.google.com/forum/#!topic/autopkgr-discuss/3dMmKZfzMzI

gskibum
Contributor III

I've been working on getting AutoPkgr up and running today and have run into a snag near the end.

Whenever I "Run AutoPKG Now" I get the following error, regardless of the recipe I have selected.

The following errors occurred: /Library/Python/2.7/site-packages/python_jss-1.0.2-py2.7.egg/jss/contrib/requests/packages/urllib3/connectionpool.py:769: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html InsecureRequestWarning) A Python exception occurred during the execution of autopkg, see the system log for more details. [ERROR] : [Errno 13] Permission denied: u'/Volumes/CasperShare/Packages/TextWrangler-4.5.12.pkg'

Which leads me to the mentioned documentation:

https://urllib3.readthedocs.org/en/latest/security.html#certifi-with-urllib3

And I'm now stuck because I can't get past step one of the "Using Certifi with urllib3" instructions.

Any guidance available out there in JAMF land?

Edit: I am running AutoPkgr on a Yosemite 10.10.3 Mac.

rtrouton
Release Candidate Programs Tester

I had this issue and was able to address it by adding my Casper server's root CA to the VM I use to run AutoPkgr. I have a post on what I did available from here:

https://derflounder.wordpress.com/2014/12/24/adding-a-self-signed-casper-root-ca-as-a-trusted-root/

@scraig also added some options to JSSImporter to stop these warnings from appearing. Information on the JSS_VERIFY_SSL and JSS_SUPPRESS_WARNINGS options is available via the link below:

https://github.com/sheagcraig/JSSImporter

gskibum
Contributor III

@rtrouton If I could kiss you on the mouth I would! That totally worked.

Interestingly, after doing this I decided to move AutoPkgr off of a test box and into a VM, and none of the issues I had came up at all.

Thank you.

gibbo1
New Contributor II

I've been playing with AutoPkgr over the last couple of days. Installation seems to have gone fairly smoothly. And I only intend to work on a Self Service level.

I notice that the policies are set up to install updates only. EG Firefox needs to be installed on the client computer before it sees an AutoPkgr update in Self Service. Many of these frequent updates (Firefox, Chrome, Flash Player) come as a full stand alone installer. SO... how do I enable an AutoPkgr app update to be used as a first time installer with that same autoupdating policy?

elliotjordan
Contributor III

@gibbo1 The simplest way to get what you want is probably to just maintain a separate policy manually. When AutoPkgr feeds a new package to your JSS, you would log into the JSS and add that package to your separate policy so that the people without the app already installed can see it.

The reason I recommend doing it that way is that JSSImporter's default behavior (offering the newest version only to Macs in the Testing group that have an old version) is specifically tuned to be part of an app staging process, not part of an automatic deployment process.

That being said, if you want to push the boundaries and offer the app in Self Service to a different set of Macs, the SmartGroupTemplate.xml file contains the criteria you'd need to adjust or remove.

gibbo1
New Contributor II

@elliotjordan Thanks. I will have a play. Thank you to your awesome contribution. AutoPkgr is a beautiful thing!

simonelberts
New Contributor

Did anyone successfully implemented an update all button for the autopkg packages?

bofh
New Contributor III

Read 5B - 5C
https://github.com/homebysix/auto-update-magic#exercise-5b-automatically-create-auto-update-policies

simonelberts
New Contributor

Yes i read that section, but we are a Self Service organization. So i would like to provide the updates trough the Self Service app

bofh
New Contributor III

Then add the Script to your JSS and create a Policy (ongoing/Selfservice) which executes the script? :-)

simonelberts
New Contributor

Ah yeah off course, thanks!

vdhanji
New Contributor II

Hi all, we have autopkgr setup and have several application recipes. We have them set initially to a testing group as self service which then after testing we promote to auto install policies. When the laptop is connected via a cable the startup trigger works however most MAC's dont have a cable connected and just work off wireless. We use 802.1x wireless authenticating via a radius and the wireless doesn't connect until the user logs in. So we modified the auto-update-magic.sh to include a loop which tests network connection before proceeding with the rest of the script.

However we are stuck with one aspect. Does anyone one else have issues where when the computer restarts if the reopen windows check box is ticked the apps reopen really quickly not giving enough time for the app updates to actually happen or with apps which are big in size (i.e MS office updates) not installing because as soon as a user logs in they open the app? How do others handle autoupdates in cases like this? Note if you login and do nothing for a significant period after login (ensuring all apps are closed they do update)

Many thanks

mack525
Contributor II

@vdhanji Great question. Did you ever get a resolution on this?

nikgio
New Contributor III

I so wish I came across this sooner! This is gold... I just got the Firefox auto update set up, and aspire to set up more apps. I know the JAMF has a patch management portion now, but from my understanding, you still have to manually upload the patches and assign it to deploy with any new release. Is there a way to integrate the beauty of your automation with their built in tool? Has that been done, or is it a waste to consider?

Cayde-6
Release Candidate Programs Tester

Has anyone managed to get this working with SSO?