Posted on 07-19-2017 10:18 AM
Hey there Jamf Nation Peeps,
I'm wondering if anybody has in their environment a script (or something) that changes from a Production type environment to a Dev type environment?
This is what I envision...
In Self Service, a policy that only a very select few people can see. They run this policy that takes them from a Prod environment to a Dev or testing environment. And then in that dev environment, there be a policy to switch to the main or Prod JSS?
Or is this a completely horrible idea and I'm totally off my rocker?
Posted on 07-19-2017 10:44 AM
If you're talking about switching which JSS they are pointed to for policies, that's possible, but I think you'd need to deploy a QuickAdd.pkg for your Dev environment to get them switched to that (and vice versa to go back to Prod) In other words, the Mac will need to be enrolled into the other JSS each time you flip them.
Make sense?
Posted on 07-19-2017 11:36 AM
What @mm2270 said. Put a QuickAdd package to enroll into the Dev server on your production server, and a QuickAdd to enroll into Prod. in your development server. Scope those policies to the tech IDs so only select people have access.
Posted on 07-24-2017 02:40 PM
So, I've added those quick add packages and when I tested them out, Self Service encountered an error while trying to run those policies... Any other ideas?
Posted on 07-24-2017 03:29 PM
Hmm. Yeah, that almost makes sense, since the QuickAdd.pkg is flipping the device over to be managed by a different JSS instance than the one it's being run from in Self Service. So in a way, though I didn't think of it, it makes sense it would encounter an error. It's sort of pulling the rug out from under Self Service as it's trying to run something.
Let me ask - have you then quit and relaunched Self Service after the error to see if it actually then works, meaning did it make the Mac managed by the other JSS? It could just be that SS is losing the connection back to the JSS the policy ran from so it doesn't know how to handle that other than to throw up an error like that.
If it's still not working after quitting and relaunching, then you may have to get crafty with this and do something like make the SS policy deploy the QuickAdd.pkg to a temp location, like /private/tmp/ and also deploy a LaunchDaemon that would install that package, but add a time delay on it, like a 30 second sleep before it starts installing the pkg. That way it gives Self Service a chance to claim it completed it's task and then the actual installation happens shortly afterwards. You may also want to have the script display some kind of message on screen to indicate it finished, to let the user know they have been moved over to the other server.
Posted on 07-25-2017 06:27 AM
I wrote a little GUI tool once to do that. So I could swap my test machine between Test and Prod.
https://github.com/tmhoule/SwapMyJSSXC4
It's been a long time since I've looked at it, but should still work... If I remember right, you setup Enrollment Invitations that don't expire on both servers. Then put those enrollment codes in the GUI tool and then you can switch which server you're enrolled with.
Posted on 07-25-2017 06:44 AM
Thanks for that Thoule..
I've downloaded it and I've set the prefs and when I attempt to enroll in my dev environment (setup invitation and enrollment key) it errors out...
Posted on 07-25-2017 06:54 AM
Sorry :( I see it still points to /usr/sbin/jamf... I'll look at rewriting it, but I'm not sure if there's enough demand to warrant it. You could do it manually.
Create an applescript or something on the desktop to run this...
/usr/local/jamf/bin/jamf createConf -k -url NEWJSSURL
/usr/local/jamf/bin/jamf enroll -invitation ENROLLMENTKEY -endUserName USER