Posted on 05-31-2016 12:53 PM
I haven't heard anyone talk about using the Configurator 2 command line tools with the JSS API, so I wanted to share this proof-of-concept/demo for a tool I made for my environment.
Video: Casfigurator - Combining the JSS API with Configurator 2
Demo starts around the 2 minute mark.
The backstory is that after moving our 4000 iPads over from another MDM last summer, it became apparent that setting up non-user-based iPads needs to borrow a bit (or a lot) more from the Mac-"imaging" side of the house. In theory, it seemed pretty simple: make a mobile device extension attribute populated with keywords that tied back to smart groups, which had groups of like-apps scoped to them (i.e. - make the munki client identifier for iPads). This way, a technician could be tasked with setting up a cart of iPads with known groups of apps (GoogleDriveApps, iLifeApps, FirstGrade, etc.) without having to set scopes in the JSS by device name or whatever criteria we could shoehorn in to working.
The problem was getting that information onto the device record by a setup-tech/non-tech-acting-as-such, at the time of setup, usable for devices that have never been in the JSS and all without requiring much extra effort from the tech.
Luckily, some new things this past year made that possible:
Device Based VPP Assignment
Sharing the Supervision Identity between Configurator 2 and the JSS
Configurator 2 command line tools
That last one has a lot of great potential. If you're not aware of the new command line tools that are available with Configurator 2, you really should be. The biggest problem in trying to come up with a "traditional" script to accomplish my goals was making sure the setup person was only affecting the intended devices—not really possible given our quantities without the use of serial numbers in a CSV. And creating a CSV would just lead to more iPad related frustration and fatigue... Now, they can just plug devices into a Mac running Configurator, Configurator will supply the input to the script, and the script will put the data on the JSS.
We can go the other way too!
I'll leave a few resources on Configurator Automation here:
https://developer.apple.com/videos/play/wwdc2015/306/?time=2019
"Supporting the Enterprise with OS X Automation" (cut to configurator 2 part in link)
Sal Soghoian's session at WWDC 2015 which demonstrates Configurator 2 Automation
https://configautomation.com
A website "not hosted by Apple Inc," (pretty sure it's done independently by Soghoian's team) but is the defacto guide for Configurator 2 Automation.
https://github.com/bumbletech/casfigurator
My github, which has some of my demo "Casfigurator" scripts. Due to the use of extension attributes, some will be easier to work into new environments than others. (Documentation under improvement...)
Posted on 06-06-2016 12:32 PM
Standing ovation!
This is excellent work. I look forward to playing around with what you've built to see if it can serve me in my work this summer (transitioning all of our iPads off of Configurator 1+Codes to DEP+Licenses). I was planning to make it as close to zero-touch as possible using Pre-Stage Enrollments, but this might work even better...
Posted on 06-06-2016 01:14 PM
Thanks!
Having to move a few thousand devices when we switched over to Casper last year with just pre-stages was a nightmare. Wish we had Configurator 2 at the time to help with setup—your experience should be a lot better.
Give me a shout if you get it up and running or need a bit of help. I'd be interested to see what other people come up with.
Posted on 06-07-2016 12:09 AM
That is absolutely brilliant. Amazing work!
Posted on 06-08-2016 11:36 AM
Well after some customizations, I have this working for what we'll be doing in our district.
I already have dozens of Smart Groups configured to organize the devices by their name. They all look for DisplayName is like "-teachername-", so I am only concerned with making sure any person can sit down with Configurator 2 and a pile of iPads and get them correctly and accurately named.
Our naming convention is [BUILDING]-iPad-[TEACHER]-##.
Modifications I made to your script include:
- Changed all your "district" information into BUILDING info
- Changed all your "building" information into TEACHER info and then listed teachers for each building
- Configured the basename settings accordingly
- Removed your extension attribute/unix section, as it is not necessary for our environment with existing DisplayName based Smart Groups.
Almost everything works as advertised.
- iPads are prepared and enrolled into the JSS
- iPads are correctly named and display correctly in Configurator 2
Unfortunately, for some reason the updateDevices line doesn't actually seem to tell the JSS to send an Update Inventory command. It's not a huge deal because I can just do a generic search for "iPad" and then force an update to the search results, but it would be nice if I could skip that step.
So anyway, thanks for this! You did all the heavy lifting with coding that I'm just not familiar with and then I just made it fit into my environment.
Posted on 06-08-2016 12:54 PM
Glad to hear it!
So you're not sending any data to the JSS as far as device names? It's only getting written to the device from Configurator 2? That's one of the ways that I'm writing the name—forcing it onto the JSS so it the device is searchable by name while we wait for the device to update things properly. Not entirely necessary, obviously.
As for updating, it might be because I never specified that the JSS API should accept XML in the request. Depending on the version of Java your server is running it might be defaulting to JSON instead. Do a search and replace in your script searching for
"curl -s -k -u "
and replace all with:
"curl -s -k -u "Accept: application/xml" "
You can take out the surrounding quotes, but they're there to show that you'll need the trailing single space.
Posted on 06-08-2016 01:30 PM
I think my problem lies somewhere in this section:
--smart groups wont get recaluclated by the new data we've added until the devices do an Inventory update. Sets up commands... set getJSSdeviceIDs to do shell script "curl -s -k -u " " & apiUser & " " & yourJSSurl & "/JSSResource/mobiledevices/match/" & baseName & "* | xpath '//mobile_devices/mobile_device/id' 2>&1 | awk -F'<id>|</id>' '{print $2}' | tail -n +3"
Because I removed this whole section from the script:
--get the device serials and names from configurator to later use that to send data to the JSS tell script "Configuration Utility" [...]
Heading home for the day. I'll tackle that in the morning.
Thanks again!