Jamf Nation Community

Report Inappropriate Content · ‎10-09-2009

I have been having a dickens of a time getting my computer lab to image every night. I've been at it for a few weeks, and every time I think I have it solved, I don't.

My current setup is this:

- 26 machines, with a Restore partition, and packages cached.
- 2 "scheduled tasks" that I use as policy triggers - one goes off at 10pm and one at 3am. Both triggers are scoped to the whole lab.
- One policy, scoped to 13 of the machines triggered by the 10pm scheduled task, ongoing - it reboots the machine to the Restore partition
- One policy, scoped to the other 13 machines triggered by the 3am scheduled task, ongoing - reboots the machine to the Restore partition.

But every morning I wake up and the policy logs for those policies show that it hasn't run.

Previously, of course, I just had one policy set to reboot the machines between 10pm and 4am, but I was getting inconsistent results and inconsistent imaging - packages not being installed, etc - probably due to bandwidth issues? Anyway, that's why I tried the alternate route of scheduled tasks.

Anyway, if anyone has experience with policies not firing when they should, I'd like to hear about your experience(s).

I'm very close to just adding a script to /etc/periodic/daily but I'd prefer to do the Casper solution.

Thanks,

-Baker

--------------------------------------------------------------
Baker Franke
Computer Science Dept.
The University of Chicago Laboratory Schools
773.702.5419

ernstcs · ‎10-09-2009

I would say check your scope (computers and network segments) and trigger in your policy

Download Lingon on one of the systems and make sure scheduled policies are in launchd. Name com.jamfsoftware....

Check your logs for those times to see of there are errors.

Try kicking the reboot task off manually on the system and watching what happens. On the terminal of the system type

sudo /usr/sbin/jamf policy -trigger <name>

Where name is name your scheduled task in the JSS that triggers those policies. I would have console open to jamf.log too.

Amd lastly, nightly reimages get REALLY hard on the drives. Might want to consider DeepFreeze if you MUSTbe back to square one each day. We just reboot and delete user homes each night now.

Craig Ernst
UW-Eau Claire
(715) 836-3639

Sent from my iPhone

tlarkin · ‎10-12-2009

FYI to everyone

Lingon is retired, Peter Borg is no longer supporting it. It is up on sourceforge.net and so is the source code, so hopefully someone will pick it up and continue to publish it. Not sure if Lingon works with Snow Leopard. This is just a FYI as I just recently found this out myself. If you are a developer or know one, urge them to keep the project alive!

As for this, here is what I can say about troubleshooting the issue you have. I would ensure that the machine is managed with the proper ssh account and password. I would ensure that all shares it is pulling from have proper permissions and that the user accounts that casper uses for read and write have proper POSIX or ACLs enabled.

I like what Craig mentioned, try it manually make sure it works manually. Also check the JSS logs to see if it is even running.

Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
blackberry: 913-449-7589
office: 913-627-0351

Report Inappropriate Content · ‎10-12-2009

Yes, I tried it manually and discovered the problem was with one of my policies, in which a script snuck in that was rebooting the machine before the rest of the policy could execute...d'oh!

So, that was the issue.

Of course, since then, Craig has convinced me that imaging the machines nightly is probably not a good thing for the hard drives. So now I'm reinventing the wheel, and just doing a "little" nightly cleanup to see if I can avoid re-imaging all the time.

Thanks,

-Baker

tlarkin · ‎10-12-2009

I sent out an email to the list but it never got posted....

What exactly are you trying to clean out every night?

Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
blackberry: 913-449-7589
office: 913-627-0351

ernstcs · ‎10-12-2009

We got your message earlier.

Craig Ernst
UW-Eau Claire
(715) 836-3639

Sent from my iPhone

On Oct 12, 2009, at 7:02 AM, "Thomas Larkin" <tlarki at kckps.org<mailto:tlarki at kckps.org>> wrote:

I sent out an email to the list but it never got posted....

What exactly are you trying to clean out every night?

Thomas Larkin
TIS Department
KCKPS USD500
<mailto:tlarki at kckps.org>tlarki at kckps.org<mailto:tlarki at kckps.org>
blackberry: 913-449-7589
office: 913-627-0351

tlarkin · ‎10-12-2009

Hmm, I did not get a copy of that email in my Casper folder in my email client like I always do. Must have been a glitch in the system or something. That or the email gnomes took it.

Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
blackberry: 913-449-7589
office: 913-627-0351

Report Inappropriate Content · ‎10-12-2009

Yeah, I want it looking fresh. This is in a computer lab so I was re- imaging mostly as a vandalism deterrent.

I wrote my own script that scrubs the Users folder, etc. Thanks for the offer, though.

But my question is what else do I need to worry about, in terms of making the computers "fresh" each day. I used to use Radmind (kind of like deepfreeze, sort of), and I don't want to pay for DeepFreeze. Willing to do stuff by hand, but I need to know what to look out for.

Thanks,

-Baker

Baker Franke
Computer Science Dept.
University of Chicago Laboratory Schools
773.702.5419

Report Inappropriate Content · ‎10-12-2009

I don't know if they have a Mac Client but we use a product called Deep
Freeze to "reset" out training machines after each training session.
Jon
Sr. Systems Engineer
Genentech.

tlarkin · ‎10-12-2009

They do have a mac client but I don't like deep freeze that much, but trust me I am very biased so don't take my opinion for it. Take what I say about deep freeze with a grain of salt.

This is what I do, and I must warn you there are several things I do to prevent the local admin accounts from being deleted.

1) local admin account home folders live in /private/var

2) all non admin accounts home folders live in /Users

This is why I can get away with this. I don't have the script handy but I will wing it, so pleas test this out before you even try to implement it, and it will delete EVERYTHING from /users.

#!/bin/bash

for a in /bin/ls /Users | grep -v "^Shared" ; do

#remove from directory services if applicable

/usr/bin/dscl . -delete /Groups/admin GroupMembership $a

/usr/bin/dscl . -delete /Users/$a

#now get rid of the local data

/bin/rm -rf /Users/$a

/bin/echo "all done"

exit 0

This deletes it from directory services and kills all user data. You could go on to have the script also purge log files and such to really "clean it out," if you so wished. I also just winged this from memory so it is not tested. I would test it out but it is very simple and you should get the idea from looking at it. This way you clean your machine off with out having to reimage it.

Tom

Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
blackberry: 913-449-7589
office: 913-627-0351

Jamf Nation Community

nightly imaging NOT happening...why God, why?