Policy remains as pending

dondo521
New Contributor III

I am having an issue with a policy that launches the script below. I grabbed bits and pieces from some other great script ideas out here! The issue is that when enacted and the computer restarts the policy is still shows as enabled and not completed. I have moved around the shutdown -r +5 command but still no love. Any thoughts? Thanks.

!/bin/bash

delayWhileScreensaver (){
pidSaver=0
while [[ $pidSaver != "" ]]; do sleep 5 echo "Looping, pidSaver=" "$pidSaver" pidSaver=$(ps -ef | "grep [S]creenSaverEngine" | awk '{print $2}')
done
}

delayWhileScreensaver

shutdown -r +5

level=$(/Library/"Application Support"/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType hud -timeout 300 -title "XXXX MAC" -heading "Critical Alert!" -lockHUD -countdown -button1 "OK" -button2 "Restart now" -description "blah blah blah." -icon /Library/"Application Support"/JAMF/bin/icon.png &)

if [ "$level" == "2" ]; then
killall jamfHelper
shutdown -r now
fi

shutdown -r +5

if [ "$level" == "1" ]; then
killall jamfHelper
fi

exit 0

1 ACCEPTED SOLUTION

dondo521
New Contributor III

Ok everyone,
First of all thanks to all for your help and ideas! This is what I love about this forum. This script originally started from bit and pieces of other's scripts so it is greatly appreciated. What you see below seems to work, thanks to help from a really great scriptor and good guy Joseph Chilcote.

!/bin/bash

delayWhileScreensaver (){ until ! ps -ef |grep [S]creenSaverEngine > /dev/null 2>&1; do echo 'Looping' sleep 5 done
}

delayWhileScreensaver

level=$("/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper" -windowType hud -timeout 300 -title "XXXX MAC" -heading "Critical Alert!" -lockHUD -countdown -button1 "OK" -button2 "Restart now" -description "Blah, Blah, Blah." -icon "/Library/Application Support/JAMF/bin/icon_w.png" &)

echo "LEVEL (BUTTON):" "$level"

if [ "$level" == "0" ]; then echo "Selected OK, or user did not make button selection, computer will reboot in 5 minutes." sleep 300 jamf reboot -background -immediately
elif [ "$level" == "2" ]; then echo "Selected Restart Now, computer will reboot immediately." sleep 5 jamf reboot -background -immediately
fi

View solution in original post

13 REPLIES 13

dwandro92
Contributor III

I have a script that I use which initiates a shutdown before it exits, and still reports completion in the policy logs.

This is how I do it:

# Open subshell
( 
    # Output information
    writeLog "Rebooting the system..."

    # Wait 8 seconds
    sleep 8

    # Reboot normally
    shutdown -r now
# Continue script execution
) &

# Output information
writeLog "Closing script..."

# Exit script
exit 0

dondo521
New Contributor III

Hey Dakota,

Still don't quite get where I should place your subshell in relation to my script? Basically I want the computer to restart in 5 minutes whether the user selects "OK" or not. If they choose "Restart now" it will just simply restart- no waiting 5 minutes. The script does what I want it to, except it still comes up as policy pending

kitzy
Contributor III

Hey @dondo521,

You can actually do this easily using the JAMF binary, like so:

jamf reboot -background -immediately

This will reboot immediately without an extra prompt to the user, and will log policy completion in the JSS.

Hope that helps!
-Kitzy

dondo521
New Contributor III

Thanks Kitzy!
ok I am going to try this:

!/bin/bash

delayWhileScreensaver (){
pidSaver=0
while [[ $pidSaver != "" ]]; do sleep 5 echo "Looping, pidSaver=" "$pidSaver" pidSaver=$(ps -ef | "grep [S]creenSaverEngine" | awk '{print $2}')
done
}

delayWhileScreensaver

level=$(/Library/"Application Support"/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType hud -timeout 300 -title "XXX MAC" -heading "Critical Alert!" -lockHUD -countdown -button1 "OK" -button2 "Restart now" -description "Blah Blah Blah." -icon /Library/"Application Support"/JAMF/bin/icon_w.png &)

if [ "$level" == "2" ]; then
killall jamfHelper
jamf reboot -background -immediately
fi

shutdown -r +5

if [ "$level" == "1" ]; then
killall jamfHelper
sleep 300
jamf reboot -background -immediately
fi

exit 0

dwandro92
Contributor III

The solution @kitzy proposed is probably a better method, but to answer your question, it could look a little something like this:

# Pause script for 5 minutes if user clicked OK
[ "$level" == "1" ] && sleep 300

# Close JAMF helper
killall jamfHelper

# Open subshell
( 
    # Output information
    echo "Rebooting the system..."

    # Wait 8 seconds
    sleep 8

    # Reboot normally
    shutdown -r now
# Continue script execution
) &

# Output information
echo "Closing script..."

# Exit script
exit 0

dondo521
New Contributor III

Hi guys,

I followed Dakotas script above and instead of waiting 5 minutes when clicking "OK" the computer restarts.
I also tried what I posted to Kitzy above and still got policy pending.

Would the fact that I am still on 9.6.3 be an issue?

bpavlov
Honored Contributor

I could be mistaken, and haven't read the thread fully but is it possible the computer is restarting before the jamf binary is able to upload the policy logs from the computer up to the JSS? If the policy is never reported back to the JSS as having been completed on the computer, it will continue to be pending....

mm2270
Legendary Contributor III

To back up a second, what package(s) are you installing on the Mac that are requiring the reboot afterwards? Would it happen to be either 10.10.3 or 10.10.4, upgrading from 10.10.2?

dwandro92
Contributor III

try removing the "&" from the end of your jamfHelper command. The ampersand basically tells the interpreter (bash), "don't wait for my last command to finish executing. I don't care what the return code is."

dondo521
New Contributor III

Hey everyone,
Thanks for your help. Got pulled away from other things. Let me give this another whirl and I will let you know what I come up with. To answer mm270 what the policy is doing is re-encryting Macs that users chose to decrypt.

dondo521
New Contributor III

Ok guys this is what I have so far. It kind of works. That is to say for some reason when clicking "OK' it returns an echo of "No selection, computer will reboot in 5 minutes" which tells me that the "if" statement for selecting "OK" does not work. Fortunately I want the "OK" selection to be the same as no selection, but it would be great if it worked correctly across the board.

!/bin/bash

delayWhileScreensaver (){
pidSaver=0
while [[ $pidSaver != "" ]]; do sleep 5 echo "Looping, pidSaver=" "$pidSaver" pidSaver=$(ps -ef | "grep [S]creenSaverEngine" | awk '{print $2}')
done
}

delayWhileScreensaver

level=$(/Library/"Application Support"/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType hud -timeout 300 -title "XXXX MAC" -heading "Critical Alert!" -lockHUD -countdown -button1 "OK" -button2 "Restart now" -description "Blah Blah Blah." -icon /Library/"Application Support"/JAMF/bin/icon_w.png &)

echo "LEVEL (BUTTON):" "$level"

if [ "$level" == "1" ]; then
killall jamfHelper
echo "Selected OK, computer will reboot in 5 minutes"
sleep 300
jamf reboot -background -immediately ; else

if [ "$level" == "2" ]; then
killall jamfHelper
echo "Selected Restart Now, computer will reboot immediately"
sleep 5
jamf reboot -background -immediately; else

sleep 295
killall jamfHelper
echo "No selection, computer will reboot in 5 minutes"

shutdown -r now

jamf reboot -background -immediately

fi
fi
exit 0

dondo521
New Contributor III

Ok everyone,
First of all thanks to all for your help and ideas! This is what I love about this forum. This script originally started from bit and pieces of other's scripts so it is greatly appreciated. What you see below seems to work, thanks to help from a really great scriptor and good guy Joseph Chilcote.

!/bin/bash

delayWhileScreensaver (){ until ! ps -ef |grep [S]creenSaverEngine > /dev/null 2>&1; do echo 'Looping' sleep 5 done
}

delayWhileScreensaver

level=$("/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper" -windowType hud -timeout 300 -title "XXXX MAC" -heading "Critical Alert!" -lockHUD -countdown -button1 "OK" -button2 "Restart now" -description "Blah, Blah, Blah." -icon "/Library/Application Support/JAMF/bin/icon_w.png" &)

echo "LEVEL (BUTTON):" "$level"

if [ "$level" == "0" ]; then echo "Selected OK, or user did not make button selection, computer will reboot in 5 minutes." sleep 300 jamf reboot -background -immediately
elif [ "$level" == "2" ]; then echo "Selected Restart Now, computer will reboot immediately." sleep 5 jamf reboot -background -immediately
fi

stutz
Contributor

I had the same issue with my script policy not showing as completed but used @dwandro92 suggestion about the "&" worked.

 shutdown -r +1 &