Posted on 03-24-2015 07:22 AM
I few weeks ago I started looking into the ideal platform to support a number of distributed JSS servers. We are Mac guys so the mini is obviously in the list. I looked at the NUCs, I looked at Linux boxes. And then I got to thinking that maybe the new Pi 2 could do the job. Low cost, low power, small footprint. And when you consider that the load on a JSS (in a mature environment) is really, really, low, this seemed like a good idea.
Why you may ask?
I am seeking a low cost head node for distributed JSS deployment. Sure a Mac mini is affordable. But the basic mini is still 14x the cost of the Pi and what does it get you? Plus, the practice of replicating all requirements for each JSS is just wasteful. Having all those MySQL DB out there that all need backup and individual management. (And raise your hand if you have had Apple break your MySQL) It makes much more sense to have a centralized MySQL server that is beefy and well protected. Then, point your myriad JSS's to that DB server. Couple this with cloud distro points or piggybacking on existing customer file servers and this means that the JSS head nodes are completely disposable, isolated, and unobtrusive in customer environments. All the logic is in the DB. Config a new front end and point it at the DB. If the Pi goes does, prep a new SD card and point it back at the DB.
As I started, I figured I would run into all sorts of headaches and roadblocks. Turns out it took longer to clone the Pi image than to deploy the JSS.
How to:
Step 1: Prepare your Pi mini SD card. Easily done with dd from the Mac. Lots of good documentation available. I've used the Debian Wheezy standard distribution.
Step 2: Boot the Pi and set some basic settings. I leave the unit booting to command line as there is no need for a UI (save some resources I figured). Obviously enable SSH so you can remotely admin the system. Set a fixed IP address (/etc/network/interfaces). Give the unit a proper DNS name. Change the password. Once you complete the initial setup, you really don't need a display or keyboard anymore.
Step 3: Add required software by using the following three commands:
sudo apt-get install mysql-server
sudo apt-get install openjdk-7-jdk
sudo apt-get install tomcat7
Accept all dependencies.
NOTE: If you want to make this a bit more lightweight, skip installing MySQL and simply point to an existing MySQL server. This turns the Pi into a Tomcat head node with no data stored on the device. What a great way to rapidly replace head nodes should they fail.
Step 4: Configure up your installs.
For the JDK there is really nothing to do. For MySQL (if you choose to install it on the Pi), you do the same as any other platform. Set the root password and create the jamfsoftware database and grant access to it. If you need to point to another DB server, edit /var/lib/tomcat7/webapps/ROOT/WEB-INF/xml/DataBase.xml once you install the JSS servlet.
Tomcat installs listening on port 80 only. You will need to edit /var/lib/tomcat7/conf/server.xml to uncomment the 8443 listener. You can also configure the redirection from port 80 to 8443.
Step 5: Install the JSS
Aha. Here is the one part that is not straight forward. If you try to run the Linux installer on the Pi, it will fail because it does a check for an x86 processor (Pi uses an ARM chip). I will admit that I did not try to alter the installer. I already had an Ubuntu system running a JSS. I copied ROOT and ROOT.war over to the Pi and placed it in /var/lib/tomcat7/webapps/ Tomcats servlet should be portable (write once, run anywhere!) so I just grabbed it from Ubuntu and moved it to the Pi. I would imagine that grabbing it from a Mac would work as well but I have not tried yet.
Step 6: Reboot
Or stop and start Tomcat.
Step 7: Hit the JSS via a Browser
You should be up and running. Complete the initial setup and have at it.
Step 8: Create a Cloud Distribution point or point to another server running AFP or SMB. You probably don't want to store data on the Pi as you will be limited in storage space. I did not attempt to use the Pi as a distro point as I have better alternatives available.
What Have I Tested?
So far, just about everything. I have a code signing cert installed and my quick add is signed. I've enrolled through web enrollment. All policy triggers are working including custom. Software delivery is working. Configuration profiles work. Restricted software works. Policies work. I've installed a 3rd party SSL certificate. I have a Push cert installed. Everything that I do in most normal JSS installs is working without a hitch.
What Doesn't Work?
VPP - So far, the only thing that I can not get to work is VPP. When in the Global Management, the icon for VPP is not visible. If you enter the direct URL for the page (vppAdminAccounts.html), it will load. However, trying to configure it will fail with a "request could not be processed."
Master Cloud Distribution - I've seen this on other platforms so I am not sure this is really an issue with the Pi. If you have no other distro points and you define a cloud distro point as your first, it seems to fail if Master Distro is checked. I get around this by defining a cloud distro first and committing the initial save. Once the distro is present, I then enable it as a Master distro and it works fine.
Thoughts on the future and upgrading... I did this with 9.6.5 so there has been no new updates. However, I would imagine that I can simply upgrade the Ubuntu, move the servlet, and then any DB changes will happen on first run. For those of us considering data center costs, the Pi really makes a compelling argument.
I am thrilled that this works on the Pi. Clearly, having VPP working would be an added bonus as trying to use Sites to support multiple customers who want to use VPP just doesn't work.
In any case, finally had a moment to share with the community. Not sure how many other crazy dreamers there are out there but figured this may spark the imagination of a few.
For those not familiar with the Raspberry Pi, check out the [http://www.raspberrypi.org/help/what-is-a-raspberry-pi/](What Is) page. A few months ago, the organization released the Pi 2. This is a quad-core system with 1 GB of RAM packed into a low power, small footprint, and low cost solution. Close enough to give it a try. And it is generally working.
Reid
Posted on 03-24-2015 08:07 AM
Nice! Thanks for sharing! While it would take an act of god to get something like this approved in my environment, I could see setting something like this up in our test lab.
Posted on 03-24-2015 08:57 AM
Totally sweet! Fun project for kicks. I;d bet that it will be a lot more relevant in a few more years of R-Pi growth!
Posted on 03-24-2015 10:14 AM
Really nice. Even had it working on the B+ with JSS 9.4, but starting time was about 6 minutes!
Maybe I should mention that I installed it manually with the .war file.
BR,
Max
Posted on 03-24-2015 10:26 AM
Oh yes. I don't think anyone it going to reasonably expect a R-Pi JSS to be useable... although it's when I type things like this in public that I get happily proven wrong.
Posted on 03-26-2015 02:37 PM
Thanks for sharing! Setting it up went very smooth and it runs ok on my Pi 2. Now i have a running lab environment on a device that is even smaller than my JAMF notebook!
Posted on 03-27-2015 03:55 AM
Let me know if you are successful with VPP. As mentioned, that was the only sticking point I've run into. Been thinking about deconstructing a database from a working unit or even doing and dump and import.
Love the case! I run them in the raw.
Posted on 03-31-2015 12:12 PM
VPP is working!
I joined the JSS to an Open Directory running on a virtual OSX 10.9 server, configured a test VPP account and was able to assign an app to a test user. In my Global Management the VPP icon was visible and i did not have to use the direct URL.
I reinstalled the PI because of a typo in my hostname and I had some trouble installing the new certificate. First i installed JSS in a virtual OSX 10.9 server and transfered the ROOT and ROOT.war over to the PI.
After a few days working with this little setup i'm very pleased! It is not rocket fast but a very nice test server for my 6 connected computers and 4 connected mobile devices.