Check OS download status and issue pkill commands before reboot

tegus232
Contributor

Hi,

 

Does anyone know how to check the download status of an OS on machine and then push a pkill command for all apps open before it attempts a fill restart.

 

I am trying to incorporate it within the jamf api calls

 

Thank you,

Tegpreet

5 REPLIES 5

sdagley
Esteemed Contributor II

@tegus232 Are you trying to script a macOS upgrade (e.g. from Big Sur to Monterey)? If so you really should consider using @grahamrpugh 's erase-install script (despite the name it's also good for upgrades) which is widely used and well tested instead of re-inventing the wheel. There is a detailed Wiki for it that explains how to use it with Jamf Pro: https://github.com/grahampugh/erase-install/wiki

 

This for inline and 11 to 12 for m1s. This for autopushes where I don't want users to be able interact with it. I just want the autopush to initiate update. Issue is with apps like and Terminal, it crashes the MDM and to degree causes issues eith API call pushes. What I want to is to basically when download is at 100 percent and before machine tries to reboot for update, a pkill command is sent to quit out of these update.

 

To a degree as a community we do need to get creative to ensure we can push auto updates when needed without user interaction.  It is kind of sad that MDM solutions that say that they are best in business short fall of that.

 

I have tried grahm Pugh scripts and they are great but it doesn't help achieve what I am trying to get at. I have a script with jamf managed api calls  that's close to where I want to be but just need pkill commands embeded as I describe

sdagley
Esteemed Contributor II

@tegus232 The only way to force an update from 11 to 12 without requiring user interaction on an M1 Mac is to use the Send Remote Command feature of Jamf Pro (either via GUI or API) to trigger the update via the MDM update command , and if you're using the API the update process is going to run asynchronously from your API call so there's no way to monitor the download. You also have the problem that macOS 11 does not reliably handle the MDM Update command (in theory that's finally fixed in macOS 12.4 but that remains to be verified). When I was testing the 11 to 12 update via the MDM forced update command, and it did work, it did not matter what applications were running and they'd all be terminated even with unsaved files.

It's easy to fault Jamf, or other MDM vendors, for the issues with forcing macOS upgrades without user intervention, but the reality is that's squarely on Apple for eliminating the ability to trigger updates via the CLI and making MDM commands the only option without making the latter a reliable option. Supposedly the reliability issue has bee addressed, but as I mentioned above it remains to be verified.

tegus232
Contributor

@sdagley Thank you for the feedback and info. My response more oriented from my peer who just moved from Desktop Central with Windows to over to Mac enviornment. I do dislike how Apple is setting up and making it hard for enterprise enviornment. Great for personal use but harder to manage

 

The issue i have ran into with auto pushing is with the MDM command, when someone is in zoom meeting, it causes a popup error with either cancel or try again. With the API it looks like its in reboot process with waiting user to exit out of meeting. Or is this not possible due to limitation on Apple's end? @grahamrpugh your thoughts?

 

Is it possible to through scriipting and policy -> get readout over progress -> gets to 100 percent and then pkill right before reboot for os reinstall process?

 

Trying to look into make it as smooth as well.

sdagley
Esteemed Contributor II

@tegus232 If you look at Section 7 of the erase-install Wiki you'll see the "--preinstall-command" which allows you to run a shell command right before startosinstall is called. That _should_ be when you could kill the Zoom process(es) if they're interfering with the upgrade, but since erase-install isn't initiating install via MDM command you'll get the user auth prompt on M-series Macs