Deploy Rosetta on M1 machines before everything else

mwu1876
Contributor

We have several M1 chip MacBooks that we want to deploy. How can we push and ensure the Rosetta policy to install (softwareupdate --install-rosetta) gets installed before all the other policies (i.e. Office, TeamViewer, etc.) ? If not, the other installs will fail. I can create a separate policy for each application that has a different scope but that becomes a pain.

1 ACCEPTED SOLUTION

mwu1876
Contributor

So, I got this working. What I did was create a Smart Group for M1 machines. Then, then only policy that I had that kicked off as Enrollment complete is one that installs Rosetta. If it's not an M1 then it kicks off the rest of the policies. Once Rosetta is install I have an event trigger that fires off the rest of the policies. So far it's worked. This allows me more flexibility to quickly change around policies.

View solution in original post

135 REPLIES 135

jcarr
Contributor III

Could you just add the 'Files and Processes' payload to those policies and run the following command?

/usr/sbin/softwareupdate --install-rosetta --agree-to-license

Or just add a new policy to run this command on all M1 devices. I don't have an M1 device to test, but if it has already been installed, it should just error out and move on.

mwu1876
Contributor

We'll, I did that but the issue is priority. I have several policies that install other apps. I need this one to kick off first before anything else.

cbrewer
Valued Contributor II

It's not elegant but name your policy starting with an asterisk (*). It should run before policies that are named starting with A-Z or 0-9.

johntgeck
New Contributor III

Have you tested this and does it actually work? I would *love* to not have to reconfigure all of our myriad policies to accommodate for this issue.

mitof
New Contributor II

It should do. Check out the 'Execution Order of Policies' section here:
https://docs.jamf.com/10.29.0/jamf-pro/administrator-guide/About_Policies.html

Tribruin
Valued Contributor
Valued Contributor

Do you do automated enrollment? Create a payload free package with a post install script that installs Rosetta2 and have it installed during enrollment. (I haven't actually tried this as I don't have a AS machine, but it was an idea I had.)

mwu1876
Contributor

@cbrewer Thanks. yeah, that's sort of what I started doing but it was a real pain. @RBlount All the M1 versions are automated. I'll try out what you suggested. Thanks!

Tribruin
Valued Contributor
Valued Contributor

@mwu1876 Let me know if my idea worked or not. Like I said, I don't think I will be getting an M1 units for testing anytime soon.

rdodd
New Contributor

We created a post enrollment script that uses triggers to run various policies. This allows us to determine the order of install.

cwaldrip
Valued Contributor

So, Rosetta 2 isn't already included with Big Sur on M1 at installation?!? That seems like a big oversight by Apple. Does it install automatically at first launch of a non-M1 native app? What good is that if the computer isn't on-line (that happens a lot outside of Cupertino, btw)? I don't have an M1 yet to test with... :(

j_allenbrand
Contributor

Subscribing it see how people have done this with M1,

mwu1876
Contributor

I have several M1 Airs and Pros I will test with next week. I plan on making a post-install script. That way when it starts up it's ready to receive policies that require Rosetta. Let's hope it works.

ThijsX
Valued Contributor
Valued Contributor

For prestage enrollments you can create a prestage package which runs a simple script with something like below for instance

#!/bin/bash
arch=$(/usr/bin/arch)
if [ "$arch" == "arm64" ]; then
    echo "Apple Silicon - Installing Rosetta"
    /usr/sbin/softwareupdate --install-rosetta --agree-to-license
elif [ "$arch" == "i386" ]; then
    echo "Intel - Skipping Rosetta"
else
    echo "Unknown Architecture"
fi

matt_wiese
New Contributor III

this approach appears to make the most sense imho. Can you please elaborate for me how you would go about creating a preStage pkg? Are you referring to creating a package that is just a script and running it during enrollment?

MacGeek
New Contributor III
I'm using a Policy to apply the following in Files and Process: sudo
/usr/sbin/softwareupdate --install-rosetta --agree-to-license

I get the policy to run before all others naming it like this: 00 Install
Rosetta

Jeff Madson
IT Engineer 3
jeffrey.madson@lsccom.com
😧 920.915.8619
[image: lsccom.com]
LSC Communications
655 Brighton Beach Rd.
Menasha, WI 54952
United States
lsccom.com

JM
New Contributor II

Hi Jeff,

After our devices are enrolled, I manually, (meaning its not part of the enrollment)  run a policy called  "Admin Base Apps Installs" that includes Adobe, Office, Zoom, Teams etc. and finally configures the firmware settings

In that same policy, I want to install Rosetta first, and put it at the top of the list, as install applications fail without Rosetta.

Question. In that same "Base Apps install" policy, will the Files and Process run first?  

Or do I create a separate policiy and some how link the two?

fyi I haven't removed the Run script yet shown in the pic so you can disregard it as it fails to run first. 

 

I'm 3 months into the apple world and running into some roadblocks.

 

Appreciate the help

 

IMG_0578.jpg

 

JM
New Contributor II

IMG_0578.jpg

sdagley
Honored Contributor III

@JM Put the commands to install Rosetta if needed into a script, and then have that script as a payload in your policy set to Run Before

pbowden
Contributor III

While I haven’t confirmed this directly with Apple I did notice that I needed to install Rosetta again after performing an OS update. In my example, my M1 came pre-installer with Big Sur 11.0 (20A2411) and I went ahead and installed Rosetta when I launched a PKG installer.

However, I then went through software update to bring it up to 11.0.1 (20B39) and when I next ran a PKG installer. I was again asked to install Rosetta.

This somewhat makes sense as the Rosetta install is just a 452KB package that installs the oahd helpers, so it’s logical that those would get updated with a new release of the OS. And because it’s not a core part of the OS, you have to perform the update separately.

mwu1876
Contributor

@pbowden Thanks, I'll be on the lookout for that when I start testing again Monday.

Wakko
Contributor

I can confirm that Rosetta is not installed. Additionally when I tried to update and apply the 2.* GiG update it failed. Had to nuke and pave with a fresh install. @txhaflaire I'm about to test out your script on my PreStage and report back. Smoke 'em if you got 'em Mi Gente.

@txhaflaire Chefkiss it worked. People just create the script and make sure you set it up as before. So it pulls the update/installer from Apple before it start to install anything.

j_allenbrand
Contributor

@Echevarria do you mind sharing your script/screen, I just tried to install and it didnt work

fernando_gonzal
Contributor

If rosetta is already installed but you run the "softwareupdate --install-rosetta --agree-to-license" command again will it try to download again and reinstall or will it gracefully exit with an "already installed" message?

Trying to see how to script the logic for this if I want to run it as a pre-script in my policies.

avail
New Contributor III

yungstump
New Contributor II

Deploying Rosetta with Rich Trouton's script and got a successfully installed message. Packages installed after it still thinks Rosetta is not installed. Anyone running into this?

Had same experience... any ideas?

mwu1876
Contributor

So, I got this working. What I did was create a Smart Group for M1 machines. Then, then only policy that I had that kicked off as Enrollment complete is one that installs Rosetta. If it's not an M1 then it kicks off the rest of the policies. Once Rosetta is install I have an event trigger that fires off the rest of the policies. So far it's worked. This allows me more flexibility to quickly change around policies.

kirbybj
New Contributor III

I have a Rosetta policy kicking off the install once Jamf Enrollment is complete. But it seems other polices try to kick off before Rosetta has downloaded and installed. Then they fail because Rosetta isn't completed yet. Is there a way to not let the next policy start until Rosetta is completely installed?

I saw you have an event trigger. Can you share what that may look like?

Name the policy so that it's alphabetically first. Generally you can add "001" or something similar to the beginning of the policy name. This will have it run before other policies. 

Thank you that worked.

What settings did you use on your smart group to determine if a system is a M1? 

For my Smart Group I used this criteria:

Processor Type like Apple

Architecture Type is arm64

Nice. Similiar workflow. So, you used the Install command as the first policy, then set triggers on the remaining policies? How specifically did you fire off the event trigger for the remaining policies outside of changing the naming conventions to 00, 01, etc....?

MacGeek
New Contributor III

rcole,

I only have a few policies with 00 at the beginning of the name and a few with Z. As long as Rosetta 2 is installed before any of your applications you should be good to go and so far it has been working good for me.

@rcole I'm using a custom trigger to call policies in a certain order regardless of the names of those policies. No need to name them 00, 01, etc. I'm using this script for my prestage enrollment process. At line 150 of the script that is where you will see the array where you can call out certain policies using a custom trigger. 

Basically, I have a policy setup to run at enrollment complete. It installs Rosetta first (you can do that with a script set to run "before"). Then, it installs DEP Notify. After that I have the DEPNotify script that is set to run "after". That kicks off and installs all my core apps in the order I want.

Thanks for this info. Works like a charm!

johntgeck
New Contributor III

Love this idea. Commenting so I can find it again later when I have time to test and implement. Thanks!

pbowden
Contributor III

@yungstump did you update the version of macOS after using Rich’s script? In my experience, Rosetta needs to be re-installed (I.e. updated) after an OS update.

jnm1
New Contributor II

I got the script to work with a policy scoped to a new smart group of the macs that have been prestaged with my new silicon prestage. I named the policy A01 in hopes that it installs first. According to the history on the one computer I tested it on it seems to have installed first successfully. The intel apps open on the computer fine.