Nexthink Install via script

SMR1
Contributor III

I'm trying to install Nexthink by using the script that was provided that has all the information in it. I'm issues getting it to run.  In the path BASE_PATH="/Library/NexthinkInstall" should this be where I'm mounting the .dmg file? For instance, I created a composer pkg to add the Nexthink.dmg file to /private/tmp/Nexthink and then tried adding the completed postinstall script.

 

#!/bin/bash
# v5i - nxt_collector_installer.sh
#
# Nexthink Collector Installation script for macOS
#
# This script makes the following assumptions:
# 1) The 'csi.app' folder from the Collector DMG is deployed to the endpoint. The installation
# only needs that folder and not the full DMG.
# 2) The deployment directory is configured below as 'BASE_PATH'
# 3) This script is located in the same directory as the csi.app folder from assumption 1.
#
# Instructions:
# 1) Modify the Nexthink Instance Settings in the section below
# COLLECTOR_ADDRESS - The data collection address from the welcome email
# CUSTOMER_KEY - The full contents of the customer_key.txt file
# 2) Adjust the listed Installer Arguments to your organizations default
# for details see https://docs.nexthink.com/platform/latest/installing-collector-on-macos
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

# location of files deployed by Jamf
BASE_PATH="/Library/NexthinkInstall"

1 ACCEPTED SOLUTION

pete_c
Contributor III

I'm packaging the csi.app and a .txt file containing my org's current client key, installing to /private/var/tmp/Nexthink. Works great in my org.

#!/bin/bash

# Script to install the Nexthink Collector agent using the csi.app's command-line 
# 1.5 - changed to bash, added sanity check

ERROR=0

# file paths
csiAppPath="/private/var/tmp/Nexthink/csi.app/Contents/MacOS"
hostname="your-hostname-goes-here.nexthink.cloud"
key="/private/var/tmp/Nexthink/your-client-key.txt"

# check for download, retry 3 times, bail out if not present
if [ ! -f "$csiAppPath"/csi ]; then
        counter=0
	while [ $counter -lt 3 ]; do
		/usr/local/bin/jamf policy -event install-nexthink
		sleep 300
        ((counter++))
	done
fi

if [ ! -f "$csiAppPath"/csi ]; then
	echo "Nexthink installer failed to download, exiting.."
    exit 1
fi

# clear the quarantine flag, just in case
/usr/bin/xattr -dr com.apple.quarantine "/private/var/tmp/Nexthink/csi.app"

# install the Nextthink Collector software
$csiAppPath/csi -address "$hostname" -tcp_port 443 -key "$key" -engage enable -tag 0 -ra_execution_policy signed_trusted_or_nexthink -use_assignment enable -data_over_tcp enable --clean_install

# remove installer folder
rm -rf /private/var/tmp/Nexthink

# disable/Enable Coordinator Service
launchctl bootout system /Library/LaunchDaemons/com.nexthink.collector.nxtcoordinator.plist
launchctl bootstrap system /Library/LaunchDaemons/com.nexthink.collector.nxtcoordinator.plist

exit $ERROR

 

View solution in original post

7 REPLIES 7

mm2270
Legendary Contributor III

So, it says right in the comments of the script that "The 'csi.app' folder from the Collector DMG is deployed to the endpoint. The installation only needs that folder and not the full DMG." IOW, you don't need to deploy the full .dmg. Just extract out the csi.app from the DMG and package that up in Composer.

I think for our Nexthink deployment we pushed that csi.app to /private/tmp/ and then had the script run against that path to do the actual installation. Essentially, wherever you decide to push it to is what you would put for the BASE_PATH location.

SMR1
Contributor III

Thanks for the reply. I don't know what I'm doing wrong on this. I created a composer pkg /private/tmp/Nexthink/csi.app and then created a policy. I'm using the script that was provided with our current settings and it has the key as a post install. For the base path in the script, I'm pointing it to this location /private/tmp/Nexthink. Am I on the right path here?

pete_c
Contributor III

I'm packaging the csi.app and a .txt file containing my org's current client key, installing to /private/var/tmp/Nexthink. Works great in my org.

#!/bin/bash

# Script to install the Nexthink Collector agent using the csi.app's command-line 
# 1.5 - changed to bash, added sanity check

ERROR=0

# file paths
csiAppPath="/private/var/tmp/Nexthink/csi.app/Contents/MacOS"
hostname="your-hostname-goes-here.nexthink.cloud"
key="/private/var/tmp/Nexthink/your-client-key.txt"

# check for download, retry 3 times, bail out if not present
if [ ! -f "$csiAppPath"/csi ]; then
        counter=0
	while [ $counter -lt 3 ]; do
		/usr/local/bin/jamf policy -event install-nexthink
		sleep 300
        ((counter++))
	done
fi

if [ ! -f "$csiAppPath"/csi ]; then
	echo "Nexthink installer failed to download, exiting.."
    exit 1
fi

# clear the quarantine flag, just in case
/usr/bin/xattr -dr com.apple.quarantine "/private/var/tmp/Nexthink/csi.app"

# install the Nextthink Collector software
$csiAppPath/csi -address "$hostname" -tcp_port 443 -key "$key" -engage enable -tag 0 -ra_execution_policy signed_trusted_or_nexthink -use_assignment enable -data_over_tcp enable --clean_install

# remove installer folder
rm -rf /private/var/tmp/Nexthink

# disable/Enable Coordinator Service
launchctl bootout system /Library/LaunchDaemons/com.nexthink.collector.nxtcoordinator.plist
launchctl bootstrap system /Library/LaunchDaemons/com.nexthink.collector.nxtcoordinator.plist

exit $ERROR

 

Thanks, you saved me hours of troubleshooting. 
This method works flawlessly, I don't know why they don't have this a part of their Jamf Deployment documentation. I mean they have one for intune. 

I did the similar steps. But iam getting following error while installing. Could you please advise where it went wrong. 

Campaign feature = enable
Data over TCP = enable
Enable CSSU = enable
Use Collector Assignment = enable
Collector Tag = 0
Collector String Tag =
Proxy Address =
Proxy Port =
Proxy Pac Address =
Script Execution Policy = signed_trusted_or_nexthink
Log Mode = warning
Anonymize username = cleartext
User interaction time monitoring = enable
Windows focus time monitoring = disable
Anonymize Wifi network =
UPN Privacy = no_import
Reconnect Delay =
Connections Monitoring = true
Domain Name Monitoring = false
Data Privacy Filter =
* Preparing Collector Configuration
* Installing Collector Package
installer: Package name is Nexthink Collector 24.9.2.3
installer: Installing at base path /
installer: The install failed. (The Installer encountered an error that caused the installation to fail. Contact the software manufacturer for assistance. An error occurred while running scripts from the package “Nexthink_Collector.pkg”.)
Installation error: 256
The installer could not verify that the Collector services have access to the Endpoint Security Framework.
Please ensure the Nexthink Collector has Full Disk Access to be able to access the Endpoint Security Framework for gathering data.
Boot-out failed: 5: Input/output error
Bootstrap failed: 5: Input/output error

@vjayadas please confirm you have the configuration profile that allows for full disk access.

Yes