Create Smart Group of Macs that have run a script?

Phil
New Contributor

OK, I've probably missed this somewhere, but I need to create a smart group based on the Macs that have run a script.

There are 3 parts to this, 1 and 2 are complete.

1st policy deploy a folder and its contents to the Documents folder of an Admin account at start up. The folder and its contents cannot be altered in any way. -Created a Smart group of Macs with the folder and contents in place

2nd policy run a shell script against all devices that have the target folder in the correct location. The results from the script are save to the ~/Documents/Target/Output.

3rd policy should copy the contents of 'Output' from the local to a server location.

I want to create a smart group based on whether the 2nd policy the shell script has run. So my 3rd policy is kicked off by membership of 'The Script has run'

I think I'm missing something obvious any help appreciated.

Cheers
Phil

1 ACCEPTED SOLUTION

emily
Valued Contributor III
Valued Contributor III

Or, plant a dummy receipt when step 2 runs (another script set to After I'm guessing), and scope the EA to the dummy receipt.

View solution in original post

12 REPLIES 12

mm2270
Legendary Contributor III

Sounds a little complicated, and perhaps unnecessarily so? I can't say I completely understand the workflow as outlined, but, would it be possible to create an Extension Attribute that looks for the Output file you created from the script having run in Step 2? Is that actually being saved to the logged in user's Documents folder, or was that just an example? If its saved to a consistent location, you can have your EA script check to see if its there and has the necessary content and report back a simple "Yes" or "No" and use that as criteria for the Smart Group to run Step 3.

stevewood
Honored Contributor II
Honored Contributor II

I agree with @mm2270 it seems a bit complicated. Why not run the script as part of step 1? Then scope your SG based on successful completion of the policy.

Or, as Mike suggested, use an EA to check for the existence of said file.

Or, scope your SG based on successful completion of the policy that runs the script in step 2.

emily
Valued Contributor III
Valued Contributor III

Or, plant a dummy receipt when step 2 runs (another script set to After I'm guessing), and scope the EA to the dummy receipt.

frozenarse
Contributor II

@stevewood We are currently running JSS 9.32. In newer versions is there a smart group criteria for "successful completion of a policy"?

stevewood
Honored Contributor II
Honored Contributor II

@frozenarse no, sorry, there isn't a criteria for that. However if you are installing a package you can scope to "Packages Installed By Casper". That won't necessarily provide exact info if a policy is successful, but it would be close. Same is true of the EA method.

frozenarse
Contributor II

Bummer... I was excited for a minute. Typically I would just create a dummy receipt as Emily suggested.

dfarnworth
New Contributor III

Yeah, that's a real shame. It would be great to have a built in dependency engine for policies rather than having to hack up criteria with dummy receipts, extension attributes etc.

Chris_Hafner
Valued Contributor II

@danf_burberry On the surface I agree though I'm not too sure how that would be laid out. I find receipts rather easy to deal with as I wouldn't want a source external form the local machine maintaining that log. My current thinking is that in the end, we might end up with a single master receipt or other local JAMF log on the client instead of a directory with a bunch of receipts. I'd love to know if I'm dead wrong here and that there would be another really simple way of handling the dependencies (Broad description I know).

dfarnworth
New Contributor III

It would definitely take a bit of thinking @Chris_Hafner but my feeling is that it is overdue that there was some form of dependency model built in to the system.

I'm currently working on scripts to run at the end of a policy which add a machine to a static group so the next policy can be scoped against this group. This is far from perfect though, I would really prefer something that would enable us to have a nice clean view of which machines are due to run what.

Chris_Hafner
Valued Contributor II

You know, I kind of wonder what may end up getting built into JAMF version of version control. I mean, it may not end up having anything to do with the multitude of dependencies we all either deal with or have created but it was at least a part of the discussion in the feature request.

wlcasey
New Contributor III

Hi - Your initial workflow description is a little vague so you will have to forgive me for posting a response that is a little vague. ;-)

I've spent years messing around with this sort of thing because I want my Macs to do everything for me because they know they should... I carry the title "Lazy SysAdmin" with pride!

The easiest, as mentioned is to create a receipt file that you stash somewhere then have Casper look for the file. Another way is to interrogate the installer (or other more appropriate log) to see if the action is present in the logs. A third way is to use the "Version Number" capabilities of Casper for Smart Group creation. That's a fun one if you think about it. You can even use the JAMF binary to trigger a status change that is your policy trigger.

And in a less fancy but sometimes effective move, I would force the first task to run on command then let Casper run the follow up workflow on its own pace. The wisdom of this depends on a bunch of factors including how much latitude you have over the Macs in question, how sensitive the users are, whether the users will notice, and so on... Are you a Ninja? Is it super urgent? If not, sometimes its easier to just run the jobs one at a time and let them all get re-baselined. And Self Service can be your friend too. ;-)

Wayne

wlcasey
New Contributor III

Oh one last thought. If you don't have a /Library/<Organization Name> (or similar directory someplace else) on your Macs already, you are making things hard on yourself needlessly. Its old school but there are countless uses.... ;-)