- Jamf Nation Community
- Products
- Jamf Pro
- [Help] Script to clear logs in JSS and start imagi...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-13-2018 12:06 PM
With 10.14 coming out and all devices getting support for APFS, I've started looking into ways to adjust our imaging setup. Right now, we're using Install macOS High Sierra drives to wipe and put in a base OS on a machine. This works, but now that 10.14 brings APFS to everything I think we can do better. I'm trying to find a way to basically put stuff into Self Service to make a one or two click process for wiping a machine. My idea so far is:
- VPP purchase & deploy the Install macOS Mojave app to the machine
- Once deployed, make a policy available in Self Service
- Self Service policy runs a script to flush the JSS logs for that machine
- Run the following command (adjusted for eventual macOS Mojave installer name) to wipe and image the machine
"/Applications/Install macOS High Sierra.app/Contents/Resources/startosinstall" --eraseinstall --newvolumename "Macintosh HD" --agreetolicense &This would get us to a state where the machine is waiting at the Setup Wizard, has no logs left in the JSS, and can be set up for a new person. I have steps 1, 2, and 4 figured out, but not 3. I just can't find a good way to clear the various JSS logs out for the current machine.
Anyone have any suggestions?
Solved! Go to Solution.
Labels:
- Labels:
-
Imaging
-
Self Service (macOS)
Reply
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-13-2018 12:12 PM
I assume since you said this would run from Self Service that these are enrolled machines, with still valid records in your Jamf console.
If so, in your script, just before you kick off the wipe and reinstall, run this
/usr/local/bin/jamf flushPolicyHistoryThat should tell the computer to send a command to the Jamf console to clear out all it's existing policy logs, just for that machine. You'll want to make sure you don't run that too early in your process, since you don't want any policies kicking in again.
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-13-2018 12:12 PM
I assume since you said this would run from Self Service that these are enrolled machines, with still valid records in your Jamf console.
If so, in your script, just before you kick off the wipe and reinstall, run this
/usr/local/bin/jamf flushPolicyHistoryThat should tell the computer to send a command to the Jamf console to clear out all it's existing policy logs, just for that machine. You'll want to make sure you don't run that too early in your process, since you don't want any policies kicking in again.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-13-2018 03:54 PM
If your intending to wipe and re-enroll you can set JSS wide wiping of policies on enrollment in the Re-Enrollment settings.
This of course has some implications for machines re-enrolled for other reasons.
I also found with machines that have been there a long time you may need to just pause for a few minutes with a script before checking for new policies as it can take a little while for things to flush.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-14-2018 04:24 AM
So correct me if I'm wrong, but doesn't DEP not re-run on wiped machines once it has an executed history? Because of that, I have an API call to delete the workstation before my Nuke & Pave script runs.
#!/bin/sh
#
# Script.sh
#
# Created by Ed Corfman on 7/17/18.
#
# Get serial to delete workstation from JAMF
#
serial=$( /usr/sbin/system_profiler SPHardwareDataType | /usr/bin/awk '/Serial Number (system)/ {print $NF}' )
#
# Pass the Serial to the API URL to delete the existing entry from JAMF
#
curl -kvX DELETE -u jamfserviceaccount:supersecretpassword https://jamf.myorg.com:8443/JSSResource/computers/serialnumber/$serial
#
# Kick off the erase and install
#
"/Library/Application Support/MyOrg/macOS Installer for nuke and pave/Install macOS High Sierra.app/Contents/Resources/startosinstall" --eraseinstall --newvolumename "Macintosh HD" --agreetolicense &Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-14-2018 09:01 AM
DEP re-enrolls just fine if it's still in the JSS. My main concern is that I have some On Enroll policies set to one time per machine that would need to run a second time. I'm not the top admin on my JSS install, so I can't change the On Enroll settings to clear all policy logs. The FlushPolicyLogs command seems perfect for my needs.
