Jamf Nation Community

crs_cody · ‎04-25-2022

Hello all!

We are testing a new software that is installed through a script. However, this software requires the end user input for activation keys. I'm looking to apply this through Jamf but in a way that does not require the end user to do anything at all.

#!/bin/bash

declare account_key
declare organization_key
declare tags
declare api_url
declare eetee_url
declare allow_http=false
declare verbose=0
declare interactive=1
declare -a ARGS
declare portal_url="https://huntress.io"
declare package_file=
ARGS=()

usage() {
    cat <<EOF
Usage: $0 [options...] --account_key <account_key> --organization_key <organization_key>

-a, --account_key      <account_key>      The account key to use for this agent install
-o, --organization_key <organization_key> The org key to use for this agent install
-t, --tags             <tags>             A comma-separated list of agent tags
-v, --verbose                             Print info during install
    --batch_only                          Do not prompt the user for missing info
-h, --help                                Print this message

EOF
}

while [[ $# -gt 0 ]]; do
    key="$1"

    case $key in
        -a|--account_key)
            account_key="$2"
            shift
            shift
            ;;
        --batch_only)
            interactive=0
            shift
            ;;
        -o|--organization_key)
            organization_key="$2"
            shift
            shift
            ;;
        -t|--tags)
            tags="$2"
            shift
            shift
            ;;
        -v|--verbose)
            verbose=1
            shift
            ;;
        -h|--help)
            usage
            exit
            ;;
        # these are more or less hidden options. Only used for debugging
        -f|--package-file)
            package_file="$2"
            shift
            shift
            ;;
        -p|--portal_url|--portal-url)
            portal_url="$2"
            shift
            shift
            ;;
        -u|--api_url|--api-url)
            api_url="$2"
            allow_http=true
            shift
            shift
            ;;
        --eetee_url|--eetee-url)
            eetee_url="$2"
            allow_http=true
            shift
            shift
            ;;
        *)
            ARGS+=($1)
            shift
            ;;
    esac
done

set -- "${ARGS[@]}"

# ask the user for the account key if not passed in and we are
# "interactive" (see --batch_only)
if [[ -z $account_key && $interactive -eq 1 ]]
then
    echo -n "Account Key: "
    read account_key
fi

# ask the user for the organization key if not passed in and we are
# "interactive" (see --batch_only)
if [[ -z $organization_key && $interactive -eq 1 ]]
then
    echo -n "Organization Key: "
    read organization_key
fi

# account key and organization key are required
if [[ -z $account_key || -z $organization_key ]]
then
    echo Error: --account_key and --organization_key are both required
    echo
    usage
    exit 1
fi

declare installer_config="/tmp/hagent.yaml"

[[ $verbose -eq 1 ]] && echo creating "$installer_config"...

# create the hagent.yaml file used by the postinstall script to build
# the AgentConfig.plist file
cat >"$installer_config" <<EOF
account_key: $account_key
organization_key: $organization_key
api_url: $api_url
allow_http: $allow_http
tags: $tags
EOF

if [ -n "$eetee_url" ]; then
    echo "eetee_url: $eetee_url" >>"$installer_config"
fi

huntress_pkg=/tmp/HuntressAgent.pkg

if [ -n "$package_file" ]; then
  if [ -f "$package_file" ]; then
    cp -f "$package_file" "$huntress_pkg"
  else
    echo "$package_file" was not found
    exit 1
  fi
else
  # download the HuntressAgent.pkg file from S3
  status_code=$(curl -f -L -o "$huntress_pkg" -w %{http_code} "$portal_url/download/darwin/$account_key")

  if [ $? != 0 ]; then
    if [ "$status_code" = "400" ]; then
      echo "Account Key not valid."
    elif [ "$status_code" = "404" ]; then
      echo "File not found on S3."
    elif [ "$status_code" = "409" ]; then
      echo "The macOS Beta has not been enabled for this account."
    fi
    exit 1
  elif ! [ -f "$huntress_pkg" ]; then
    echo "File download failed."
    exit 1
  fi
fi

[[ $verbose -eq 1 ]] && echo running the installer...

# run the install
installer -pkg "$huntress_pkg" -target / || echo "Installation failed."

[[ $verbose -eq 1 ]] && echo cleaning up...

rm "$installer_config"
rm "$huntress_pkg"

Let me know if you can point me in the right direction. I'm new to scripting and definitely need assistance on this one.

Thanks

andrew_nicholas · ‎04-25-2022

You might think about using GitHub or some other repository system to host that script snippet, or even just in line using the formatting. A link to a personal file in your companies Sharepoint is not really a good idea on a public forum.

crs_cody · ‎04-25-2022

Thanks for your input. I'm well aware of this. The link is set to expire. Do you have any other input regarding my actual question/request?

andrew_nicholas · ‎04-25-2022

Nope, didn't open the link.

crs_cody · ‎04-25-2022

I updated the post and added the script. Thanks @andrew_nicholas

andrew_nicholas · ‎04-25-2022

You might want to scrap the current logged in user and then leverage the osascript to get a prompt the user can enter. Something like this should do it

currentUser=$(/bin/ls -l /dev/console | /usr/bin/awk '{print $3}')
getInput() {
    /usr/bin/osascript <<END
        set nameentry to text returned of (display dialog "[Your text goes here]" default answer "" with hidden answer buttons {"Enter", "Cancel"} default button 1 with icon 2)
END
}
input=$(getInput)

andrew_nicholas · ‎04-25-2022

I completely missed your thing about not getting any user interaction. Judging by the flags they listed, you should be able to just use scriptname -a [key] -o organization. The vendor might have something they'd suggest but Im guessing that is all that's needed.

crs_cody · ‎04-25-2022

I'm gonna kick myself. I must have skimmed right over that. So really the process in a Jamf script would download this script and then execute the downloaded script with the flags -a and -o. Am I in the right ball park here?

andrew_nicholas · ‎04-25-2022

Yea I think so. Happy Hunting?

Tribruin · ‎04-25-2022

Looking at the code, the script is actually cycling through the command line arguments. You could try using the script parameter values in jamf. You would need to use both the argument name and the value. For example

Parameter 4 = -a <<account key>>

Parameter 5 = -o <<organization name>>

etc.

I would also include the "--batch_only" parameter as well.

crs_cody · ‎05-20-2022

@Tribruin Thank you for this. From what you looked at would I need to adjust anything in the script itself? Or would I simply fill in the parameters 4 and 5 as you recommended above?

Tribruin · ‎05-20-2022

From what I am seeing, no you should not need to change the script. It already cycles through all arguments, so it will find the arguments. But, test heavily.

You might also check with the vendor that supplied the script and see if they know of any customers that have implemented it in Jamf.

Jamf Nation Community

Need Help Converting a Script for Jamf