Posted on 08-22-2018 02:29 PM
Hi guys, I have been troubleshooting an issue for some time now. I have been trying to find ways to upload high sierra into jamf and push it out. Dragging the install file into jamf admin doesnt work. The file ends up getting converted to a tar. Half way through upload it just gets stuck uploading. I found a guide that mentioned using composer. Drag the high sierra.app file into applications and take a snapshot of it. Afterward, create a pkg/dmg and upload to jamf. I did this and it worked so far. The next step was to use a script that is supposed to upgrade the machines to high sierra. Here is the link to the script that i've found. https://github.com/kc9wwh/macOSUpgrade/blob/master/macOSUpgrade.sh. Does anyone have an easier way to do this?. Im unable to figure this out so far.
Posted on 08-22-2018 02:37 PM
That is the process I use. I packed up the High Sierra installer and deploy it to the user's Application folder using a Policy. I then have that script you linked to set up as a Self Service policy that the user can run.
Posted on 08-22-2018 02:44 PM
@john.sherrod what could i be doing wrong?. My first policy puts the install high sierra.app in applications just fine. Am I supposed to change something in the policy that contains the script?
Posted on 08-22-2018 02:50 PM
I've set up a High Sierra Upgrade Self Service policy using the steps you outlined here with uploading a package with the installer and setting up policies to run the macOSUpgrade.sh script. It does work for the most part but I find it fails on older OS's.
As far as nuke and pave deployments go, I have just given up entirely on imaging and decided to go on a DEP enrollment workflow using the startosinstall tool built into the High Sierra installer, the "--eraseinstall" flag to wipe the drive and the "--packages" flag to install a first boot script to call on policies to install apps and configurations once the device is enrolled into our JSS.
The two main vehicles we use is Imagr (https://github.com/grahamgilbert/imagr) which we use through netboot as we have many MacBook Airs. The other is Installr (https://github.com/munki/installr) which basically an OS install through the recovery partition which is helpful for the newer Macs with the T2 chips that prohibit netboot. I have both of these set up on a web server so deployment is not too difficult.
Posted on 08-22-2018 03:02 PM
If I recall correctly, the macOSUpgrade script contains parameter variables which includes a trigger value to install the installer from the policy that installs the High Sierra installer.
Did you set a custom event/trigger for the first policy and added that value to the script?
Posted on 08-22-2018 05:02 PM
Our process is similar to @john.sherrod workflow. Using composer we drag the the Installer in and make sure the permissions are correct so that the PKG installs it into the /Applications Folder.
Another option could be VPP? The installer is free and you could have it install automatically? Just a thought....
Posted on 08-23-2018 04:22 AM
@connor Morning, but to install VPP is just for Apple DEP devices if I'm not mistaken. Or, did Apple change something and allow that on all systems now including NON-DEP devices? Would make my life easier if it were as I only have about 160 systems DEP enrolled in a fleet of older hardware that's four times that number. Thank you for the great idea for my other hardware, I will try that out.
Posted on 08-23-2018 04:26 AM
@skinford I’m fairly certain that it’s for Non-DEP computers too. It can scopes similar as a policy would be. I like to have them auto install and then run a policy scoped to those with the app installed.
I found setting up VPP wasn’t too hard either which was nice, just make sure to assign the content in Jamf!
Posted on 08-23-2018 05:52 AM
@connor Thanks, I appreciate that. I already have DEP and VPP setup. I'm actually waiting for Casper 10.7 to be released as that version is supposed to allow VPP installs without an admin user logged in to push VPP installs.
Thank you again, Connor, I'm going to check one other thing as well on my side. Have a very great day!
Posted on 08-23-2018 07:00 AM
@zink
Posted on 08-23-2018 07:30 AM
I checked the log and it looks like its looping. It finds my high sierra package, calls it old, then deletes it.
Posted on 08-23-2018 08:11 AM
Ok guys I've figured it out. I put the wrong os version for the parameter. Also, I was using the high sierra deployment package on my own. I didn't know that the script reaches for it and uses it.
Posted on 08-23-2018 09:12 AM
Nicely done on figuring it out!
Posted on 08-23-2018 01:05 PM
No worries @skinford. Glad to be able to help! Good luck and keep us posted if you wish.
Connor
Posted on 08-23-2018 01:36 PM
So just out of curiosity, though I see you've gotten things working, but I did wonder 2 things that would maybe make this easier? A) I do get the .tar extension on my installer when I drag it into JAMF Admin, but it still works just fine (there was a thing in 10.12 that the JSS started recognizing the installer and auto-making a .tar, wasn't there?). B) Can't you just make this simpler and do a 2-step policy to cache the installer to the waiting room and then make a self service policy to install the cached installer package? That's what I've done for a few years now as OS's release. We have a pretty good handle on our hardware, and there's not anything that would fail a) the storage availability requirements or b) the obsolete hardware. Super simple process to updated. And since most of the work of the installer is done on while the machine is rebooted/progress bar, We don't need to put a JAMF Helper window up.