Help

Casper Imaging "First Run" Script Bug 9. ?

loceee
Contributor

Posted on ‎09-15-2014 11:17 PM

I can't find any reports on this, but it seems there is a pretty obviously problem with run after reboot scripts in Casper Imaging. (9.xxx)

The enrolment script is called by a launchdaemon, if the jss is not reachable, it's called again on a 5 min interval. Pretty likely that the first attempt will fire before your network has started. Slow but it should get you enrolled eventually.

The postinstall.sh script calls scripts via the jamf bin, since the scripts are in the JSS they are no longer copied to the local mac PostInstall resources folder.

The postinstall.sh has no waits for enrolment. a simple
while [ -f /path/enrollment.sh ] loop would almost suffice here.

I am sure there is a defect open for this.. ? I haven't used this feature since 8... so not sure when it showed up. Currently on 9.4.

0 Kudos
4 REPLIES 4

CasperSally
Valued Contributor II

Posted on ‎09-16-2014 05:52 AM

JAMF has told me this is as designed. I run the following post image to pause everything until enrollment finishes. The echo commands were just for my troubleshooting.

If you use ethernet adapters, you may want to run a script to enable those as well. See
https://github.com/golbiga/Scripts/blob/master/enable_external_network_adapter/enable_external_network_adapter.sh

Verify Enrollment script

#!/bin/sh
#Script to run before scripts that call policies
echo "running 2014aVerifyenroll932v3 script" >> /var/log/jamf.log
echo "Checking enrollment..." >> /var/log/jamf.log
until [ ! -f "/Library/Application Support/JAMF/FirstRun/Enroll/enroll.sh" ]
    do
        /bin/echo "Machine is not enrolled. Waiting 30 seconds" >> /var/log/jamf.log
        if [ ! -f "/Library/Application Support/JAMF/FirstRun/Enroll/enroll.sh" ]
            then
                break
            else 
                sleep 30
        fi
    done
echo "Enrollment complete" >> /var/log/jamf.log
0 Kudos

loceee
Contributor

Posted on ‎09-16-2014 06:00 PM

Yeah I've just rolled a quick script to speedup enrolment... but it doesn't solve the issue with the first boot / postinstall.sh script.

I've just looked at the enrol.sh from Casper Imaging from 9.4, and it's got more retries flagged, but it won't address the postinstall.sh problem.

The problem is that whilst enrolment will be retried, the postinstall.sh won't, nor will it wait for enrolment before attempting to do things that require enrolment.

Without the Mac being enrolled, the scripts being called from the JSS via the jamf binary can't be run. The postinstall.sh will finish and destroy itself, without running any of your "at reboot" scripts being called.

postinstall launchdaemon

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>com.jamfsoftware.firstrun.postinstall</string>
    <key>LaunchOnlyOnce</key>
    <true/>
    <key>RunAtLoad</key>
    <true/>
    <key>UserName</key>
    <string>root</string>
    <key>ProgramArguments</key>
    <array>
        <string>/Library/Application Support/JAMF/FirstRun/PostInstall/postinstall.sh</string>
    </array>
</dict>
</plist>

postinstall.sh

#!/bin/sh

######################################################
## This script is created by Casper Imaging to perform post-imaging
## tasks that cannot be performed on a non-booted volume. 
## Created Wednesday, 17 September 2014 at 10:21:59 AM
######################################################

## Fix ByHost files
/usr/sbin/jamf fixByHostFiles -target /


## Run any scripts that were specified to be run after reboot here


## Run script zzz-patchooBootstrapSetup.sh
/usr/sbin/jamf runScript -script 'zzz-patchooBootstrapSetup.sh' -target / -path  '/Library/Application Support/JAMF/FirstRun/PostInstall/Resources/' -computerName  'SYDIPG-VMXTEST06' -username "" -p1 '' -p2 '' -p3 '' -p4 '' -p5 '' -p6 '' -p7 '' -p8 ''


## Delete this script and the corresponding launchd item
/bin/rm -rf '/Library/Application Support/JAMF/FirstRun/PostInstall/'
/bin/rm /Library/LaunchDaemons/com.jamfsoftware.firstrun.postinstall.plist


## Remove the corresponding launchd item
/bin/launchctl remove com.jamfsoftware.firstrun.postinstall


exit 0

You can see there are no waits for enrolment in the firstboot script. If the Mac isn't enrolled, (which it wouldn't be as soon as launchd fires firstboot... this script will run, and then delete itself, without being able to run your "at reboot" scripts you've put in Casper Imaging.

This exists in 9.4.

The old method that 8.x used, copying the scripts into the local resources folder and running them didn't require the enrolment to complete beforehand - assuming your scripts didn't require JSS interaction.

This is a bug.

0 Kudos

jhbush
Valued Contributor II

Posted on ‎09-16-2014 10:54 PM

@locee I may be seeing this as well. It's not consistent in my environment. Some scripts seem to work and others just never seem to run. I'm wondering if you are also seeing Connection failure: "The host jss.yourdomain.com is not accessible." during the reboot to Casper Imaging in the logs.

0 Kudos

loceee
Contributor

Posted on ‎09-16-2014 11:38 PM

It's not something I've used much / at all in a while. I am now testing a top secret (not really) new feature of patchoo.

My work around is firing this on it's own launchd. Good to know this is an issue before you tear your hair out.

#!/bin/bash

echo "waiting for enrolment..."
while [ -f "/Library/Application Support/JAMF/FirstRun/Enroll/enroll.sh" ]
do
    sleep 3
done

echo "waiting for jss.."
until jamf checkJSSConnection
do
    sleep 3
done

echo "firing deploysetup trigger.."
jamf policy -trigger deploysetup

rm /Library/LaunchDaemons/com.github.patchoo-deploysetup.plist
rm /Library/LaunchAgents/com.github.patchoo-deploysetuploginlock.plist
rm "$0"

jamf reboot -immediately

exit 0
0 Kudos