Install JSS at startup in a specified network

FastGM3
Contributor

My district has made a deal with the devil, oops I mean Apple to have a bulk purchase of computers imaged offsite. I need to get them into the JSS but finding all of them in our large network using Recon at a later time is time consuming.

They will be using an image that I create, I'd like to do something like a one time launch daemon to run the JSS installer package at startup. I'd place it in a temp directory on my image, then have the plist file in the launch daemon call it up at startup to install and then delete the package.

Unfortunately the offsite imaging place is likely to start these computers up offsite which would make my one time script delete itself and be useless. The jss won't install offsite and we won't put it in a DMZ.

Any good script writers or ideas as to how I can limit the install to run only when started up in our network?

READY SET GO, flood me with your brilliance! ;-)

TIA

7 REPLIES 7

chris_kemp
Contributor III

If you're sure that a QuickAdd pkg won't install offsite (I haven't checked this myself, but it seems that it would just fail to connect?) then why not skip the deletion part until the machine checks in? Hide the installer somewhere in the /private directory, and have it attempt installation at startup every time. Then, set a one-time policy in the JSS to remove this installer if it's found.

jarednichols
Honored Contributor

This is just cobbled together to give you an idea of the logic route, but give this a try (it assumes your JSS is not internet-facing):

#!/bin/sh
result=`ping -c 1 *your.jss.server.com*`

case $result in
    *1 packets received*)
           installer -pkg /path/to/QuickAdd.pkg -target /
           rm /path/to/this/script.sh
           exit 0
           ;;
     *)
           echo "JSS not available. Quitting"
           exit 1
           ;;
esac

rockpapergoat
Contributor III

i use a snippet like this in ruby:

def check_jss
  %x(/usr/sbin/jamf startSSH)
    if %x(/usr/sbin/jamf checkJSSConnection).split("
").include?("The JSS is available.")
        system "jamf recon -username 'jssadmin' -passhash '<passhash here>' -sshUsername 'managementadmin' -sshPasshash '<passhash here>"
        system "/usr/sbin/jamf flushPolicyHistory -verbose"
        system "/usr/sbin/jamf policy -trigger standardize -verbose"
        @done = true
    else
        puts "Can't contact the JSS."
    end
end

when the script actually runs, if the value of @done is true, it does some more stuff. if not, it just quits and will run again later.

i've also done some stuff triggered by a launch daemon that checks for a valid ip, taking action if the host has one. you could also check for a specific subnet.

https://gist.github.com/3512916

jarednichols
Honored Contributor

@nate
Separate topic, but related, did we figure out how to do those passhases? Or, do you generate the quickadd and just yank it from the generated script?

rockpapergoat
Contributor III

@jared i just pulled them from the quickadd. past requests for details on what jamf uses to generate them were met with little help. they look like URL encoded hex, but i don't know if they're salted or anything else. it would be nice to programmatically generate what the jss expects, but outside of the jamf tools.

FastGM3
Contributor

Thanks guys for the scripts! I went with Jared's only because I'm a little better understanding shell than I am with ruby. Not much better but I don't know ruby at all.

So with that said,

@jared I put my jss address in place of your.jss.server.com but I'm getting a syntax error at line 5.

it reads, syntax error near unexpected token 'packets'
' *1 packets received*)

should I have changed or specified something else?

Thanks so much for your time!

jarednichols
Honored Contributor

As I said, I didn't test it. It may need those spaces escaped out or something. debug away :)