Jamf Nation Community

robby_barnes · ‎01-19-2015

Anyone have any good suggestions for updating apps only when they are not open? I basically would love to have either closing the app be a trigger to install an update, or just have some sort of script or something that just checks if it is open and if it is, it waits until that app is closed before installing the software.

owen_hael · ‎01-19-2015

I would make two policies to accomplish that.

One policy that has the packages you want to deploy, with ongoing execution frequency, scope it to the computers you want to deploy the software to (or may want to), and then make the policy trigger custom. Give the custom trigger a name like installFirefox or whatever you like.

Write a small script that checks to see if the app is open, then triggers the install policy if the app is not open.

Something like...

#!/bin/bash
if [ ! -z "$(pgrep 'Google Chrome')" ]; then
    echo 'Error: Google Chrome is currently running!'
    exit 1
else
    jamf policy -event installFirefox
fi

Then in the second policy, include the above script. Scope it to the computers that you want to deploy to, and set trigger to recurring check-in (or your preference).

I'm sure there are other ways to do it that might be cleaner. I wrote a quick and dirty script for deploying Chrome where I check to make sure it is closed, then remove, and copy the new one in. It has been running successfully for a few months now.

#!/bin/bash

if [ ! -z "$(pgrep 'Google Chrome')" ]; then
    echo 'Error: Google Chrome is currently running!'
    exit 1
fi

curl -Lo /tmp/Google Chrome.dmg https://dl.google.com/chrome/mac/stable/GGRO/googlechrome.dmg

if [ $? != 0 ]; then
        echo "Error: Chrome failed to download!"
        exit 2
fi

hdiutil attach -nobrowse -quiet /tmp/Google Chrome.dmg
errorCode="$?"
if [ $errorCode != 0 ]; then
        echo "Error: Chrome DMG failed to mount!"
        exit 3
fi

version=$(defaults read "/Volumes/Google Chrome/Google Chrome.app/Contents/Info.plist" CFBundleShortVersionString)
echo "Installing Google Chrome version $version"
rm -rf /Applications/Google Chrome.app
ditto -rsrc /Volumes/Google Chrome/Google Chrome.app /Applications/Google Chrome.app
hdiutil detach -quiet /Volumes/Google Chrome
rm /tmp/Google Chrome.dmg

robby_barnes · ‎01-19-2015

Nice. I will give this a try in my test environment tomorrow and let you know how it goes. Much appreciated.

davidacland · ‎01-20-2015

Not sure if it will help but for any app updates that need to run when the app is not open, I normally set the policy to run either at startup or logout (I avoid login as it usually annoys people). I guess it will depend if your users ever restart or logout (I know some don't).

dpertschi · ‎01-20-2015

https://jamfnation.jamfsoftware.com/discussion.html?id=10930
https://jamfnation.jamfsoftware.com/discussion.html?id=9488

Here's a version that I'm using with decent results. It's written generically so I can use script parameters in the policy to define the process to look for and the custom trigger.

#!/bin/bash

process="$4"

processrunning=$( ps axc | grep "${process}$" )
if [ "$processrunning" != "" ]; then
    echo "$process IS running, try again tomorrow."
else
    /bin/echo "$process IS NOT running, will try to update it now."
    /usr/sbin/jamf policy -trigger "$5"
fi

loceee · ‎01-21-2015

I have some plans to make Patchoo's installation methods much more friendly in this respect.

However, it does require much more metadata per pkg than the JSS currently allows. I think i've cracked a good way to make it happen for Patchoo2 and alleviate my last few gripes with my current workflow and limitations of the JSS, but I am very busy with a new job for a bit.

In the meantime current Patchoo will give you a GUI for logout and installation that improves the OOTB Casper experience.

elliotjordan · ‎01-21-2015

My "Auto Update Magic" framework can be used to automatically update apps while they aren't running. It's meant to work with AutoPkgr, but you could certainly take the auto_update_magic.sh script and use it on its own if you prefer.

https://github.com/homebysix/auto-update-magic

owen_hael · ‎01-27-2015

Great material, really helps me learn a lot quickly seeing a script on that level.

Saw your JNUC 2014 talk on AutoPkgr, really awesome, think it was the talk I was looking forward to the most. We don't have any on-premise servers and rely on cloud resources - multiple JSS instances on AWS, each relying on S3 for storage. From what I last remember the process weren't entirely meant for that kind of situation. Not sure what your recommendation would be for that situation.

bentoms · ‎01-27-2015

@owen, I think AutoPKGr & cloud JSS works now.

But just to make sure, paging @adamcodega

sprattp · ‎01-27-2015

While i accept updating apps while user is logged out is good practise, we have an ever increase laptop usage so these usually are not around for updates. The good thing is the Mac OS lends itself to run updates even when the application you want to update is still running, i can happily update MS Office to the latest version via a snapshot with all the suite still running. Once the application is restarted it will then show as the latest version when you click on About. We do this for browser updates, flash and Office.

adamcodega · ‎01-27-2015

@owen where are your DPs hosted?

dpertschi · ‎01-27-2015

@sprattp I've always been deathly afraid of updating Office while any of it is running.

I can't be the guy that made the decision to update Outlook which in turn corrupted a mailbox database. Has doing this been 100% for you? Has anyone reading seen Outlook go south from updating while running?

sprattp · ‎01-27-2015

Outlook was a big concerned, but tested on a number of Macs and no problems, along with open word files as well, etc. The last two Office updates have been pretty much been rolled out this way.

Our experiences with Outlook is that it much less likely to need a database rebuild unlike Entourage.

bpavlov · ‎01-27-2015

I had the opposite experience when I had to support Office 2011 at my last job. I constantly had Outlook database issues to the tune of 2-3 per week from a user base of 1000+ users. It got to the point that I stopped doing the database rebuilds and just wiped the database and created a new Outlook profile/database whenever a relevant issue came up. I found that once a database became corrupt, a rebuild would fix it in the short term but the user would come back complaining soon after (maybe a few weeks later) as opposed to creating a new database where the user would complain maybe months later. Obviously creating a new database only works if you are in an environment where you are using Exchange whether on-premises or in the cloud. Just be careful that you don't have everyone in the company creating a new database at once as it can really eat up your office's connection when everyone is downloading their email at the same time.

Also of note is that you should follow Microsoft's guidelines on folder item size: http://support.microsoft.com/kb/905803 because there is most room for corruption and slowness the more items you have in a folder particularly the main ones that sync up INBOX, SENT, DELETED ITEMS.

Jamf Nation Community

Update apps when they aren't open