Is it possible to use a variable in a custom configuration profile plist?

Asnyder
Contributor III

I'm curious as to if there is a way to use the api inside of a plist to make an api call to get a users room number. I'm trying to automate our lanschool deployment a little more which uses a plist to configure the settings. We use the room number for each teacher's channel and instead of having to manually install it, it would be nice to have this automated in a config profile. If it isn't possible I can try doing it in a script with

defaults write
1 ACCEPTED SOLUTION

mm2270
Legendary Contributor III

It sounds like you're trying to create a Config Profile that uses a custom variable as part of the settings in the payload. Is that the case?
If so, then yes, it's possible to do this.

I would suggest using a full script to create the .mobileconfig file on the fly in the script that also obtains the room number using an API call.

Basically, first create the Config Profile in your JSS or some other way that has the basic settings you want in it, including a static or placeholder value for the room number. Don't deploy that to anything. Just get a local copy of the .mobileconfig file and open it up in a good plain text editor or script writing tool to copy the xml contents into your full script.
Set up lines in the script to get the Room Number using the API or some other means. Populate that into a variable.
In the xml code for the Config Profile, replace that static/placeholder text with the name of the variable.
Now, make sure that xml is within a call, maybe a function that pipes the data into a local .mobileconfig file. Something like this

cat << EOF > /private/tmp/NameOfProfile.mobileconfig
[ XML CODE GOES HERE ]
EOF

When that part of the script gets called, it will send the data into a file in /tmp that has your custom room number setting in it. Make sure you also change whatever else needs to be changed in the xml lines, like possibly the Unique Identifier string, which the JSS usually creates with a long UID. You can replace that with something readable so you can identify the profile later by that string.

Lastly in your script, make sure you're installing the newly created profile

profiles -I -F /private/tmp/NameOfProfile.mobileconfig

If the profile needs to be installed at the user level and not computer level, you will need to do some other workarounds to make sure the profiles command is being run as the logged in user.

I should just mention, in case it's not already obvious, this method involves installing a profile manually, not via APNs. Which means you can't use the normal mechanisms to remove/push the profile. Once it's installed this way, the only way to remove it is again by using the profiles command. APNs push won't work for this. That might or might not be a showstopper for you. Only you would know that though.

View solution in original post

3 REPLIES 3

mm2270
Legendary Contributor III

It sounds like you're trying to create a Config Profile that uses a custom variable as part of the settings in the payload. Is that the case?
If so, then yes, it's possible to do this.

I would suggest using a full script to create the .mobileconfig file on the fly in the script that also obtains the room number using an API call.

Basically, first create the Config Profile in your JSS or some other way that has the basic settings you want in it, including a static or placeholder value for the room number. Don't deploy that to anything. Just get a local copy of the .mobileconfig file and open it up in a good plain text editor or script writing tool to copy the xml contents into your full script.
Set up lines in the script to get the Room Number using the API or some other means. Populate that into a variable.
In the xml code for the Config Profile, replace that static/placeholder text with the name of the variable.
Now, make sure that xml is within a call, maybe a function that pipes the data into a local .mobileconfig file. Something like this

cat << EOF > /private/tmp/NameOfProfile.mobileconfig
[ XML CODE GOES HERE ]
EOF

When that part of the script gets called, it will send the data into a file in /tmp that has your custom room number setting in it. Make sure you also change whatever else needs to be changed in the xml lines, like possibly the Unique Identifier string, which the JSS usually creates with a long UID. You can replace that with something readable so you can identify the profile later by that string.

Lastly in your script, make sure you're installing the newly created profile

profiles -I -F /private/tmp/NameOfProfile.mobileconfig

If the profile needs to be installed at the user level and not computer level, you will need to do some other workarounds to make sure the profiles command is being run as the logged in user.

I should just mention, in case it's not already obvious, this method involves installing a profile manually, not via APNs. Which means you can't use the normal mechanisms to remove/push the profile. Once it's installed this way, the only way to remove it is again by using the profiles command. APNs push won't work for this. That might or might not be a showstopper for you. Only you would know that though.

Asnyder
Contributor III

I might try it this way, It's one of the options I was thinking of. The Lanschool install places it's own plist and I might just write a script to run in my teacher firstrun that does an api call to get the room number and then use defaults write to place the value into the plist.

Thanks for the info!

bartlomiejsojka
Contributor
Contributor

I would add to the answer that if you'll decide to use JAMF for an initial CP creation you may want to use

security cms -D -i input.mobileconfig | xmllint --format - > output.mobileconfig

before editing, to decrypt and format it properly.
And also use uuidgen to generate a new random UUID — this is actually very important, because if you'll leave it unchanged, JAMF will recognise the CP and will keep attempting to remove it (but failing every time due to manual, non–APNS deployment of the CP), ruining the logs.

BTW, if you have an AD with Room Numbers associated with users' objects you can actually create an AD–based Extension Attribute to be used as a variable $EXTENSIONATTRIBUTE_<#>within your CPs.
No scripting needed that way — just a properly mapped EA.