-
-
Save arubdesu/ec661743b27a2e5734da to your computer and use it in GitHub Desktop.
Would love if this could be fully investigated to ensure most recommended/friendliest defaults for the common case I'm targeting. I understand many subsets may be unnecessary(especially the things I'm not doing find/replace on inside of %'s) but I don't see PUT's for subsets, nor do I know if it will generate its own default values for me, anyway.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <policy> | |
| <general> | |
| <id>%PCY_ID%</id> | |
| <name>SelfServeLatest_%PROD_NAME%</name> | |
| <enabled>true</enabled> | |
| <trigger>USER_INITIATED</trigger> | |
| <trigger_checkin>false</trigger_checkin> | |
| <trigger_enrollment_complete>false</trigger_enrollment_complete> | |
| <trigger_login>false</trigger_login> | |
| <trigger_logout>false</trigger_logout> | |
| <trigger_network_state_changed>false</trigger_network_state_changed> | |
| <trigger_startup>false</trigger_startup> | |
| <trigger_other/> | |
| <frequency>Once per computer</frequency> | |
| <target_drive>default</target_drive> | |
| <offline>false</offline> | |
| <category> | |
| <id>-1</id> | |
| <name>Unknown</name> | |
| </category> | |
| <date_time_limitations> | |
| <activation_date/> | |
| <activation_date_epoch>0</activation_date_epoch> | |
| <activation_date_utc/> | |
| <expiration_date/> | |
| <expiration_date_epoch>0</expiration_date_epoch> | |
| <expiration_date_utc/> | |
| <no_execute_on/> | |
| <no_execute_start/> | |
| <no_execute_end/> | |
| </date_time_limitations> | |
| <network_limitations> | |
| <minimum_network_connection>No Minimum</minimum_network_connection> | |
| <any_ip_address>true</any_ip_address> | |
| <network_segments/> | |
| </network_limitations> | |
| <override_default_settings> | |
| <target_drive>default</target_drive> | |
| <distribution_point/> | |
| <force_afp_smb>false</force_afp_smb> | |
| <sus>default</sus> | |
| <netboot_server>current</netboot_server> | |
| </override_default_settings> | |
| <network_requirements>Any</network_requirements> | |
| <site> | |
| <id>-1</id> | |
| <name>None</name> | |
| </site> | |
| </general> | |
| <scope> | |
| <all_computers>false</all_computers> | |
| <computers/> | |
| <computer_groups> | |
| <computer_group> | |
| <id>%grp_id%</id> | |
| <name>lessThanMostRecent_%PROD_NAME%</name> | |
| </computer_group> | |
| </computer_groups> | |
| <buildings/> | |
| <departments/> | |
| <limit_to_users> | |
| <user_groups/> | |
| </limit_to_users> | |
| <limitations> | |
| <users/> | |
| <user_groups/> | |
| <network_segments/> | |
| </limitations> | |
| <exclusions> | |
| <computers/> | |
| <computer_groups/> | |
| <buildings/> | |
| <departments/> | |
| <users/> | |
| <user_groups/> | |
| <network_segments/> | |
| </exclusions> | |
| </scope> | |
| <self_service> | |
| <use_for_self_service>true</use_for_self_service> | |
| <install_button_text>Install</install_button_text> | |
| <self_service_description/> | |
| <force_users_to_view_description>false</force_users_to_view_description> | |
| <self_service_icon/> | |
| </self_service> | |
| <package_configuration> | |
| <packages> | |
| <size>1</size> | |
| <package> | |
| <id>1</id> | |
| <name>%PKG_NAME%</name> | |
| <action>Install</action> | |
| <fut>false</fut> | |
| <feu>false</feu> | |
| <update_autorun>false</update_autorun> | |
| </package> | |
| </packages> | |
| </package_configuration> | |
| <scripts> | |
| <size>0</size> | |
| </scripts> | |
| <printers> | |
| <size>0</size> | |
| <leave_existing_default/> | |
| </printers> | |
| <dock_items> | |
| <size>0</size> | |
| </dock_items> | |
| <account_maintenance> | |
| <accounts> | |
| <size>0</size> | |
| </accounts> | |
| <directory_bindings> | |
| <size>0</size> | |
| </directory_bindings> | |
| <management_account> | |
| <action>doNotChange</action> | |
| </management_account> | |
| <open_firmware_efi_password> | |
| <of_mode>none</of_mode> | |
| <of_password/> | |
| </open_firmware_efi_password> | |
| </account_maintenance> | |
| <reboot> | |
| <message>This computer will restart in 5 minutes. Please save anything you are working on and log out by choosing Log Out from the bottom of the Apple menu.</message> | |
| <startup_disk>Current Startup Disk</startup_disk> | |
| <specify_startup/> | |
| <no_user_logged_in>Restart if a package or update requires it</no_user_logged_in> | |
| <user_logged_in>Restart if a package or update requires it</user_logged_in> | |
| <minutes_until_reboot>5</minutes_until_reboot> | |
| </reboot> | |
| <maintenance> | |
| <recon>true</recon> | |
| <reset_name>false</reset_name> | |
| <install_all_cached_packages>false</install_all_cached_packages> | |
| <heal>false</heal> | |
| <prebindings>false</prebindings> | |
| <permissions>false</permissions> | |
| <byhost>false</byhost> | |
| <system_cache>false</system_cache> | |
| <user_cache>false</user_cache> | |
| <verify>false</verify> | |
| </maintenance> | |
| <files_processes> | |
| <search_by_path/> | |
| <delete_file>false</delete_file> | |
| <locate_file/> | |
| <update_locate_database>false</update_locate_database> | |
| <spotlight_search/> | |
| <search_for_process/> | |
| <kill_process>false</kill_process> | |
| <run_command/> | |
| </files_processes> | |
| <user_interaction> | |
| <message_start/> | |
| <allow_users_to_defer>false</allow_users_to_defer> | |
| <allow_deferral_until_utc/> | |
| <message_finish/> | |
| </user_interaction> | |
| </policy> |
Works! Unfortunately web GUI doesn't reflect that a package has been configured/can be modified in policy...
I am assuming that is something to do with the package tag inside the policy submission xml. It works when they are hard-coded, so maybe we are just not getting the ID of our package over correctly.
<package_configuration>
<packages>
<size>1</size>
<package>
<id>%pkg_id%</id>
<action>Install</action>
</package>
</packages>
</package_configuration>
checked my replace_dict, it's outputting the values being set correctly:
JSSImporter: {'%pkg_id%': '13', '%PROD_NAME%': u'VLC', '%grp_id%': '6'}
Manually hard-coding the values produces the same lack-of-pkg-in-sidebar result, so I'm not sure whats up with the urllib2's was of POSTing the values... wish there was some logging server-side to tell what it's coughing on?
Confirmed that autopkg can create a package and policy, and that the package is displayed in the GUI using a local JSS running OS X 10.9 and Casper Suite 9.21.
JSSImporter.py is sending the correct XML. Here is my output of autopkg with some additional logging...
/Applications/autopkg/Code/autopkg run VLC.pkg
Processing VLC.pkg...
Trying to reach JSS and fetch all packages at URL https://nick.local:8443
packages:<?xml version="1.0" encoding="UTF-8"?><packages><size>1</size><package><id>2</id><name>Install Firefox.dmg</name></package></packages>
Attempting to POST to packages section of JSS via API...
URL: https://nick.local:8443/JSSResource/packages/id/3
XML: <?xml version="1.0" encoding="UTF-8"?><package><id>3</id><name>VLC-2.1.1.pkg</name><category>VLC</category><filename>VLC-2.1.1.pkg</filename><info/><notes/><priority>10</priority><reboot_required>false</reboot_required><fill_user_template>false</fill_user_template><fill_existing_users>false</fill_existing_users><boot_volume_required>false</boot_volume_required><allow_uninstalled>false</allow_uninstalled><os_requirements/><required_processor>None</required_processor><switch_with_package>Do Not Install</switch_with_package><install_if_reported_available>false</install_if_reported_available><reinstall_option>Do Not Reinstall</reinstall_option><triggering_files/><send_notification>false</send_notification></package>
Trying to reach JSS and fetch all computergroups at URL https://nick.local:8443
computergroups:<?xml version="1.0" encoding="UTF-8"?><computer_groups><size>3</size><computer_group><id>3</id><name>10.9</name><is_smart>true</is_smart></computer_group><computer_group><id>1</id><name>All Managed Clients</name><is_smart>true</is_smart></computer_group><computer_group><id>2</id><name>All Managed Servers</name><is_smart>true</is_smart></computer_group></computer_groups>
Trying to reach JSS and fetch all policies at URL https://nick.local:8443
policies:<?xml version="1.0" encoding="UTF-8"?><policies><size>3</size><policy><id>2</id><name>test</name></policy><policy><id>3</id><name>Test</name></policy><policy><id>1</id><name>Update Inventory</name></policy></policies>
URL: https://nick.local:8443/JSSResource/policies/id/0
XML: <?xml version="1.0" encoding="UTF-8"?><policy><general><name>SelfServeLatest_VLC</name><enabled>true</enabled><trigger>USER_INITIATED</trigger><frequency>Once per computer</frequency><override_default_settings><target_drive>default</target_drive><distribution_point/><force_afp_smb>false</force_afp_smb><sus>default</sus><netboot_server>current</netboot_server></override_default_settings></general><scope><computer_groups><computer_group><id>3</id></computer_group></computer_groups></scope><self_service><use_for_self_service>true</use_for_self_service><install_button_text>Install</install_button_text><self_service_description/><force_users_to_view_description>false</force_users_to_view_description><self_service_icon/></self_service><package_configuration><packages><size>1</size><package><id>3</id><name>VLC-2.1.1.pkg</name><action>Install</action><fut>false</fut><feu>false</feu><update_autorun>false</update_autorun></package></packages></package_configuration><maintenance><recon>true</recon></maintenance></policy>
The following packages were built:
Identifier Version Pkg path
---------- ------- --------
org.videolan.vlc.pkg 2.1.1 /Users/nick/Library/AutoPkg/Cache/com.github.autopkg.pkg.VLC/VLC-2.1.1.pkg
When performing a GET on /JSSResource/policies/id/{id}, does it show a package is associated in the XML?
A couple of additional items I found in my testing...
- Can't handle an ending "/" on a JSS URL
- When no category argument is specified, the package attempts to upload with an invalid category
- No need to specify a package ID when creating package, and when you do, the JSS might actually assign a different ID since it's an auto-incrementing table
As probability goes, we have only one, unlikely-to-be-the-cause discrepancy, which is the API between our JSS's - I eliminated the version of python(and bundled urllib2 module) between 10.8 and 10.9 being the issue(I had been testing just autopkg on 10.8, but that wouldn't explain while curl'ing from my 10.9 box was failing.)
I still have stuff to accomplish that I'm working on outside of this, which is to additionally parse and hold onto the server's response for updating version numbers or smartgroup ids(which I'm already reading into a var I hadn't been doing anything with.)
This is the result of GETing the policy created on my 10.8.5 machine, JSS is 9.12 and inside an Ubuntu VM, package conspicuously missing:
<?xml version="1.0" encoding="UTF-8"?>
<policy>
<general>
<id>8</id>
<name>SelfServeLatest_VLC</name>
<enabled>true</enabled>
<trigger>USER_INITIATED</trigger>
<trigger_checkin>false</trigger_checkin>
<trigger_enrollment_complete>false</trigger_enrollment_complete>
<trigger_login>false</trigger_login>
<trigger_logout>false</trigger_logout>
<trigger_network_state_changed>false</trigger_network_state_changed>
<trigger_startup>false</trigger_startup>
<trigger_other/>
<frequency>once per computer</frequency>
<target_drive>default</target_drive>
<offline>false</offline>
<category>
<id>-1</id>
<name>Unknown</name>
</category>
<date_time_limitations>
<activation_date/>
<activation_date_epoch>0</activation_date_epoch>
<activation_date_utc/>
<expiration_date/>
<expiration_date_epoch>0</expiration_date_epoch>
<expiration_date_utc/>
<no_execute_on/>
<no_execute_start/>
<no_execute_end/>
</date_time_limitations>
<network_limitations>
<minimum_network_connection>No Minimum</minimum_network_connection>
<any_ip_address>true</any_ip_address>
<network_segments/>
</network_limitations>
<override_default_settings>
<target_drive>default</target_drive>
<distribution_point/>
<force_afp_smb>false</force_afp_smb>
<sus>default</sus>
<netboot_server>current</netboot_server>
</override_default_settings>
<network_requirements>Any</network_requirements>
<site>
<id>-1</id>
<name>None</name>
</site>
</general>
<scope>
<all_computers>false</all_computers>
<computers/>
<computer_groups>
<computer_group>
<id>6</id>
<name>LessThanMostRecent_VLC</name>
</computer_group>
</computer_groups>
<buildings/>
<departments/>
<limit_to_users>
<user_groups/>
</limit_to_users>
<limitations>
<users/>
<user_groups/>
<network_segments/>
</limitations>
<exclusions>
<computers/>
<computer_groups/>
<buildings/>
<departments/>
<users/>
<user_groups/>
<network_segments/>
</exclusions>
</scope>
<self_service>
<use_for_self_service>true</use_for_self_service>
<install_button_text>Install</install_button_text>
<self_service_description/>
<force_users_to_view_description>false</force_users_to_view_description>
<self_service_icon/>
</self_service>
<package_configuration>
<packages>
<size>0</size>
</packages>
</package_configuration>
<scripts>
<size>0</size>
</scripts>
<printers>
<size>0</size>
<leave_existing_default/>
</printers>
<dock_items>
<size>0</size>
</dock_items>
<account_maintenance>
<accounts>
<size>0</size>
</accounts>
<directory_bindings>
<size>0</size>
</directory_bindings>
<management_account>
<action>doNotChange</action>
</management_account>
<open_firmware_efi_password>
<of_mode>none</of_mode>
<of_password/>
</open_firmware_efi_password>
</account_maintenance>
<reboot>
<message>This computer will restart in 5 minutes. Please save anything you are working on and log out by choosing Log Out from the bottom of the Apple menu.</message>
<startup_disk>Current Startup Disk</startup_disk>
<specify_startup/>
<no_user_logged_in>Restart if a package or update requires it</no_user_logged_in>
<user_logged_in>Restart if a package or update requires it</user_logged_in>
<minutes_until_reboot>5</minutes_until_reboot>
</reboot>
<maintenance>
<recon>true</recon>
<reset_name>false</reset_name>
<install_all_cached_packages>false</install_all_cached_packages>
<heal>false</heal>
<prebindings>false</prebindings>
<permissions>false</permissions>
<byhost>false</byhost>
<system_cache>false</system_cache>
<user_cache>false</user_cache>
<verify>false</verify>
</maintenance>
<files_processes>
<search_by_path/>
<delete_file>false</delete_file>
<locate_file/>
<update_locate_database>false</update_locate_database>
<spotlight_search/>
<search_for_process/>
<kill_process>false</kill_process>
<run_command/>
</files_processes>
<user_interaction>
<message_start/>
<allow_users_to_defer>false</allow_users_to_defer>
<allow_deferral_until_utc/>
<message_finish/>
</user_interaction>
</policy>
According to the policy XML above, it looks like it's more than a GUI issue - the package isn't being associated at all.
If the package is still not getting associated with the policy after the upgrade to 9.21, I think we should dig into specifying only the package name in the policy XML rather than the name and ID.
In my case, the VLC package is getting created as package ID 8 since I have deleted a few packages that I previously created, but JSSImporter.py is assuming that it's ID is 3 and is writing that to the policy XML.
So close...
I was just able to add a category to 9.12 using the following XML and CURL command, FWIW:
curl -k -v -u admin:jamf1234 https://10.1.22.141:8443/JSSResource/categories/id/0 -X POST -T ~/Desktop/category.xml
<?xml version="1.0" encoding="utf-8"?>
<category>
<name>VLC</name>
</category>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A few notes:
There is no need for IDs or values that you are not setting in the XML while posting (You mentioned this above)
POST to URI /JSSResource/policies/id/0
PUT to URI /JSSResource/policies/id/{ID}
You can test with curl if needed:
Here is an XML example that worked: