Testing if Jamf is running via a script

jelockwood
Contributor

I am in the process of writing a script to automate renewing the SSL cert used by my Jamf-Pro servers. This will involve backing up the existing cert, copying the new cert in to place and then restarting the jamf.tomcat8 service to cause it to load the new cert.

My question is about how best to include steps in my script to test if the Jamf server successfully restarts and therefore has loaded the new cert.

Obvious things like systemctl status jamf.tomcat8 or systemctl is-active jamf.tomcat8 or systemctl show -p SubState --value jamf.tomcat8 are not suitable as they all show it is either active or running even if it is 'stuck' due to a problem loading the new cert.

It should also be noted that even in normal use the Jamf service does take a fair amount of time to become accessible to users whilst Tomcat is starting up. Therefore the following might be the basis for a solution but some means of waiting for Jamf or knowing its progress is still needed.

Therefore accessing https://jamfpro.url:8443/JSSCheckConnection perhaps using curl might need additional checks to cope with this delay.

Does anyone have anything better? As I am doing this on the Jamf server itself if there was an option using the jamf-pro command line tools that would be possible.

The idea is that if I can implement a reliable check for whether Jamf has started and loaded the new cert if it hasn't I can restore the previous cert backup and load that to give time for someone to investigate the problem.

0 REPLIES 0