Jamf Nation Community

talkingmoose · ‎09-18-2014

I'm working with a customer who is deploying a large number of JDS systems—each in a different building—and would like to automate deployment as much as possible.

Two questions:

Is it possible to deploy a JDS system via script or some other mechanism? The installer requires entering information to define the local JDS as well as point it to the JSS. Certificates are also created during setup too.
Now that Casper 9.5 is shipping as well as JDS 9.5, what options do I have to update these JDS systems? Can I deploy the JDS Installer package via Casper and will it update the existing JDS version? Or will I still need to manually double-click the JDS Installer on each system and go through the process of entering information again just to update?

jason_prairie · ‎09-22-2014

Hey William,

One of our awesome Professional Services guys put together a script and a workflow to automate JDS deployment. Check it out to see if it will work for you:

Step 1 - Enroll the OS X server(s) in the JSS
This should be pretty self explanatory.

Step 2 - Create a JSS user account for the JDS
This should be a unique user account for the JDS servers. Make sure to give it privileges for JDS.

Step 3 - Upload the JDS Installer.pkg to your JSS
If you don't already have at least one distribution point, you'll want to configure the first JDS manually in order to deploy the pkg to the rest of your JDS servers.

Step 4 - Upload the jdsConf.sh script to your JSS
Label the parameters in the script:
Parameter 4: JSS URL
Parameter 5: JDS User
Parameter 6: JDS Password
Parameter 7: Allow Invalid Cert
Set the script priority to after.

Step 5 - Create a policy to configure the JDS servers
The policy should install the JDS Insaller.pkg, then run the script. Fill in the appropriate information in parameters 4-7, or write the values for the variables in the script.
The script is expecting the following parameters:
Parameter 4: The complete URL of the JSS
Parameter 5: The JSS user who has JDS privileges
Parameter 6: The password of the JSS user who has JDS privileges
Parameter 7: Whether or not to allow an invalid certificate (the script is expecting either "yes" or "no")
Scope the policy to your JDS servers and watch the magic happen.

#!/bin/bash 
#
####################################################################################################
#
# Copyright (c) 2013, JAMF Software, LLC.  All rights reserved.
#
#       This script was written by John Kitzmiller, Professional Services Engineer, JAMF Software
#
#       THIS SOFTWARE IS PROVIDED BY JAMF SOFTWARE, LLC "AS IS" AND ANY
#       EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
#       WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
#       DISCLAIMED. IN NO EVENT SHALL JAMF SOFTWARE, LLC BE LIABLE FOR ANY
#       DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
#       (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
#       LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
#       ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
#       (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
#       SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#####################################################################################################
#
# SUPPORT FOR THIS PROGRAM
#
#       This program is distributed "as is" by JAMF Software.  For information, please contact your JAMF Software Account Manager.
#
#####################################################################################################
#
# ABOUT THIS PROGRAM
#
# NAME
#   jdsConf.sh
#
# SYNOPSIS - How to use
#   
#       Run this script after running the JDS Installer.pkg on an OS X Server.
#       This script can be run locally, hardcoding the jssURL, jdsUser, jdsPass, and
#       allowInvalidCert variables, or it can be run from the JSS using Parameters 4-7.
#       
# 
# DESCRIPTION
#   
#       This script uses the jamfds binary to configure and enroll a JDS on OS X server
#       into a JSS.
# 
####################################################################################################
#
# HISTORY
#
#   Version: 1.0
#
#   - Created by John Kitzmiller, Professional Services Engineer, JAMF Software on July 13 2013
#
####################################################################################################

############ VARIABLES ############

jssURL=$4

jdsUser=$5

jdsPass=$6

allowInvalidCert=$7

dnsName=`hostname`

########## END VARIABLES ##########

# Do not modify below this line.

if [[ $allowInvalidCert != "yes" ]] && [[ $allowInvalidCert != "no" ]];
    then
        echo 'ERROR: Parameter 7 must be either "yes" or "no".'
        exit 1
fi

if [ ! -f /usr/sbin/jamfds ];
    then
        echo "ERROR: jamfds binary not found. Please run the JDS installer before using this script."
        exit 2
fi

echo "The JSS URL is $jssURL.”
echo "The JSS Username is $jdsUser”
echo "The JDS Hostname is $dnsName”

if [[ $allowInvalidCert == "yes" ]];
    then
        echo "The JDS will trust an invalid certificate."
        jamfds createConf -url $jssURL -k

elif [[ $allowInvalidCert == "no" ]];
    then
        echo "The JDS will not trust an invalid certificate."
        jamfds createConf -url $jssURL
fi

echo "Enrolling JDS..."

jamfds enroll -url $dnsName -u $jdsUser -p $jdsPass

jamfds policy

if [ -f usr/sbin/jamf ];
    then
        echo "Rebooting and submitting logs to the JSS..."
        jamf reboot -background -immediately
    else
        echo "Rebooting..."
        reboot
fi

exit 0

Notes on the script:
The script uses the hostname command to pass the server's hostname to the JSS. It is critical that proper DNS is in place.
The script runs error checking to make sure the jamfds binary is installed. If not, it will echo an error back to the policy log.
The script will reboot the server at the end. In testing, the reboot seemed necessary for the JDS to start working properly.

View solution in original post

jason_prairie · ‎09-22-2014

Hey William,

One of our awesome Professional Services guys put together a script and a workflow to automate JDS deployment. Check it out to see if it will work for you:

Step 1 - Enroll the OS X server(s) in the JSS
This should be pretty self explanatory.

Step 2 - Create a JSS user account for the JDS
This should be a unique user account for the JDS servers. Make sure to give it privileges for JDS.

Step 3 - Upload the JDS Installer.pkg to your JSS
If you don't already have at least one distribution point, you'll want to configure the first JDS manually in order to deploy the pkg to the rest of your JDS servers.

Step 4 - Upload the jdsConf.sh script to your JSS
Label the parameters in the script:
Parameter 4: JSS URL
Parameter 5: JDS User
Parameter 6: JDS Password
Parameter 7: Allow Invalid Cert
Set the script priority to after.

Step 5 - Create a policy to configure the JDS servers
The policy should install the JDS Insaller.pkg, then run the script. Fill in the appropriate information in parameters 4-7, or write the values for the variables in the script.
The script is expecting the following parameters:
Parameter 4: The complete URL of the JSS
Parameter 5: The JSS user who has JDS privileges
Parameter 6: The password of the JSS user who has JDS privileges
Parameter 7: Whether or not to allow an invalid certificate (the script is expecting either "yes" or "no")
Scope the policy to your JDS servers and watch the magic happen.

#!/bin/bash 
#
####################################################################################################
#
# Copyright (c) 2013, JAMF Software, LLC.  All rights reserved.
#
#       This script was written by John Kitzmiller, Professional Services Engineer, JAMF Software
#
#       THIS SOFTWARE IS PROVIDED BY JAMF SOFTWARE, LLC "AS IS" AND ANY
#       EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
#       WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
#       DISCLAIMED. IN NO EVENT SHALL JAMF SOFTWARE, LLC BE LIABLE FOR ANY
#       DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
#       (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
#       LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
#       ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
#       (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
#       SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#####################################################################################################
#
# SUPPORT FOR THIS PROGRAM
#
#       This program is distributed "as is" by JAMF Software.  For information, please contact your JAMF Software Account Manager.
#
#####################################################################################################
#
# ABOUT THIS PROGRAM
#
# NAME
#   jdsConf.sh
#
# SYNOPSIS - How to use
#   
#       Run this script after running the JDS Installer.pkg on an OS X Server.
#       This script can be run locally, hardcoding the jssURL, jdsUser, jdsPass, and
#       allowInvalidCert variables, or it can be run from the JSS using Parameters 4-7.
#       
# 
# DESCRIPTION
#   
#       This script uses the jamfds binary to configure and enroll a JDS on OS X server
#       into a JSS.
# 
####################################################################################################
#
# HISTORY
#
#   Version: 1.0
#
#   - Created by John Kitzmiller, Professional Services Engineer, JAMF Software on July 13 2013
#
####################################################################################################

############ VARIABLES ############

jssURL=$4

jdsUser=$5

jdsPass=$6

allowInvalidCert=$7

dnsName=`hostname`

########## END VARIABLES ##########

# Do not modify below this line.

if [[ $allowInvalidCert != "yes" ]] && [[ $allowInvalidCert != "no" ]];
    then
        echo 'ERROR: Parameter 7 must be either "yes" or "no".'
        exit 1
fi

if [ ! -f /usr/sbin/jamfds ];
    then
        echo "ERROR: jamfds binary not found. Please run the JDS installer before using this script."
        exit 2
fi

echo "The JSS URL is $jssURL.”
echo "The JSS Username is $jdsUser”
echo "The JDS Hostname is $dnsName”

if [[ $allowInvalidCert == "yes" ]];
    then
        echo "The JDS will trust an invalid certificate."
        jamfds createConf -url $jssURL -k

elif [[ $allowInvalidCert == "no" ]];
    then
        echo "The JDS will not trust an invalid certificate."
        jamfds createConf -url $jssURL
fi

echo "Enrolling JDS..."

jamfds enroll -url $dnsName -u $jdsUser -p $jdsPass

jamfds policy

if [ -f usr/sbin/jamf ];
    then
        echo "Rebooting and submitting logs to the JSS..."
        jamf reboot -background -immediately
    else
        echo "Rebooting..."
        reboot
fi

exit 0

Notes on the script:
The script uses the hostname command to pass the server's hostname to the JSS. It is critical that proper DNS is in place.
The script runs error checking to make sure the jamfds binary is installed. If not, it will echo an error back to the policy log.
The script will reboot the server at the end. In testing, the reboot seemed necessary for the JDS to start working properly.

talkingmoose · ‎09-22-2014

Thanks @jason.prairie!

To further comment about @jkitzmiller's awesomeness, he actually sent me a link to his blog post about his script last week just a couple of hours after I posted my question here.

I'm setting up an environment for testing but hoping to get another piece working first, which is automated setup and configuration of OS X Server (needed for JDS). Easy to configure via command line but not so easy to configure if you haven't already launched the application, accepted the EULA and let it go through it's initial setup. Still researching this.

Can't wait to try Kitzy's script!

jason_prairie · ‎09-22-2014

Kitzy. Is. The. Man!

Jamf Nation Community

Mass deployment/upgrade of JDS