-
-
Save arubdesu/ec661743b27a2e5734da to your computer and use it in GitHub Desktop.
Would love if this could be fully investigated to ensure most recommended/friendliest defaults for the common case I'm targeting. I understand many subsets may be unnecessary(especially the things I'm not doing find/replace on inside of %'s) but I don't see PUT's for subsets, nor do I know if it will generate its own default values for me, anyway.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <policy> | |
| <general> | |
| <id>%PCY_ID%</id> | |
| <name>SelfServeLatest_%PROD_NAME%</name> | |
| <enabled>true</enabled> | |
| <trigger>USER_INITIATED</trigger> | |
| <trigger_checkin>false</trigger_checkin> | |
| <trigger_enrollment_complete>false</trigger_enrollment_complete> | |
| <trigger_login>false</trigger_login> | |
| <trigger_logout>false</trigger_logout> | |
| <trigger_network_state_changed>false</trigger_network_state_changed> | |
| <trigger_startup>false</trigger_startup> | |
| <trigger_other/> | |
| <frequency>Once per computer</frequency> | |
| <target_drive>default</target_drive> | |
| <offline>false</offline> | |
| <category> | |
| <id>-1</id> | |
| <name>Unknown</name> | |
| </category> | |
| <date_time_limitations> | |
| <activation_date/> | |
| <activation_date_epoch>0</activation_date_epoch> | |
| <activation_date_utc/> | |
| <expiration_date/> | |
| <expiration_date_epoch>0</expiration_date_epoch> | |
| <expiration_date_utc/> | |
| <no_execute_on/> | |
| <no_execute_start/> | |
| <no_execute_end/> | |
| </date_time_limitations> | |
| <network_limitations> | |
| <minimum_network_connection>No Minimum</minimum_network_connection> | |
| <any_ip_address>true</any_ip_address> | |
| <network_segments/> | |
| </network_limitations> | |
| <override_default_settings> | |
| <target_drive>default</target_drive> | |
| <distribution_point/> | |
| <force_afp_smb>false</force_afp_smb> | |
| <sus>default</sus> | |
| <netboot_server>current</netboot_server> | |
| </override_default_settings> | |
| <network_requirements>Any</network_requirements> | |
| <site> | |
| <id>-1</id> | |
| <name>None</name> | |
| </site> | |
| </general> | |
| <scope> | |
| <all_computers>false</all_computers> | |
| <computers/> | |
| <computer_groups> | |
| <computer_group> | |
| <id>%grp_id%</id> | |
| <name>lessThanMostRecent_%PROD_NAME%</name> | |
| </computer_group> | |
| </computer_groups> | |
| <buildings/> | |
| <departments/> | |
| <limit_to_users> | |
| <user_groups/> | |
| </limit_to_users> | |
| <limitations> | |
| <users/> | |
| <user_groups/> | |
| <network_segments/> | |
| </limitations> | |
| <exclusions> | |
| <computers/> | |
| <computer_groups/> | |
| <buildings/> | |
| <departments/> | |
| <users/> | |
| <user_groups/> | |
| <network_segments/> | |
| </exclusions> | |
| </scope> | |
| <self_service> | |
| <use_for_self_service>true</use_for_self_service> | |
| <install_button_text>Install</install_button_text> | |
| <self_service_description/> | |
| <force_users_to_view_description>false</force_users_to_view_description> | |
| <self_service_icon/> | |
| </self_service> | |
| <package_configuration> | |
| <packages> | |
| <size>1</size> | |
| <package> | |
| <id>1</id> | |
| <name>%PKG_NAME%</name> | |
| <action>Install</action> | |
| <fut>false</fut> | |
| <feu>false</feu> | |
| <update_autorun>false</update_autorun> | |
| </package> | |
| </packages> | |
| </package_configuration> | |
| <scripts> | |
| <size>0</size> | |
| </scripts> | |
| <printers> | |
| <size>0</size> | |
| <leave_existing_default/> | |
| </printers> | |
| <dock_items> | |
| <size>0</size> | |
| </dock_items> | |
| <account_maintenance> | |
| <accounts> | |
| <size>0</size> | |
| </accounts> | |
| <directory_bindings> | |
| <size>0</size> | |
| </directory_bindings> | |
| <management_account> | |
| <action>doNotChange</action> | |
| </management_account> | |
| <open_firmware_efi_password> | |
| <of_mode>none</of_mode> | |
| <of_password/> | |
| </open_firmware_efi_password> | |
| </account_maintenance> | |
| <reboot> | |
| <message>This computer will restart in 5 minutes. Please save anything you are working on and log out by choosing Log Out from the bottom of the Apple menu.</message> | |
| <startup_disk>Current Startup Disk</startup_disk> | |
| <specify_startup/> | |
| <no_user_logged_in>Restart if a package or update requires it</no_user_logged_in> | |
| <user_logged_in>Restart if a package or update requires it</user_logged_in> | |
| <minutes_until_reboot>5</minutes_until_reboot> | |
| </reboot> | |
| <maintenance> | |
| <recon>true</recon> | |
| <reset_name>false</reset_name> | |
| <install_all_cached_packages>false</install_all_cached_packages> | |
| <heal>false</heal> | |
| <prebindings>false</prebindings> | |
| <permissions>false</permissions> | |
| <byhost>false</byhost> | |
| <system_cache>false</system_cache> | |
| <user_cache>false</user_cache> | |
| <verify>false</verify> | |
| </maintenance> | |
| <files_processes> | |
| <search_by_path/> | |
| <delete_file>false</delete_file> | |
| <locate_file/> | |
| <update_locate_database>false</update_locate_database> | |
| <spotlight_search/> | |
| <search_for_process/> | |
| <kill_process>false</kill_process> | |
| <run_command/> | |
| </files_processes> | |
| <user_interaction> | |
| <message_start/> | |
| <allow_users_to_defer>false</allow_users_to_defer> | |
| <allow_deferral_until_utc/> | |
| <message_finish/> | |
| </user_interaction> | |
| </policy> |
A couple of additional items I found in my testing...
- Can't handle an ending "/" on a JSS URL
- When no category argument is specified, the package attempts to upload with an invalid category
- No need to specify a package ID when creating package, and when you do, the JSS might actually assign a different ID since it's an auto-incrementing table
As probability goes, we have only one, unlikely-to-be-the-cause discrepancy, which is the API between our JSS's - I eliminated the version of python(and bundled urllib2 module) between 10.8 and 10.9 being the issue(I had been testing just autopkg on 10.8, but that wouldn't explain while curl'ing from my 10.9 box was failing.)
I still have stuff to accomplish that I'm working on outside of this, which is to additionally parse and hold onto the server's response for updating version numbers or smartgroup ids(which I'm already reading into a var I hadn't been doing anything with.)
This is the result of GETing the policy created on my 10.8.5 machine, JSS is 9.12 and inside an Ubuntu VM, package conspicuously missing:
<?xml version="1.0" encoding="UTF-8"?>
<policy>
<general>
<id>8</id>
<name>SelfServeLatest_VLC</name>
<enabled>true</enabled>
<trigger>USER_INITIATED</trigger>
<trigger_checkin>false</trigger_checkin>
<trigger_enrollment_complete>false</trigger_enrollment_complete>
<trigger_login>false</trigger_login>
<trigger_logout>false</trigger_logout>
<trigger_network_state_changed>false</trigger_network_state_changed>
<trigger_startup>false</trigger_startup>
<trigger_other/>
<frequency>once per computer</frequency>
<target_drive>default</target_drive>
<offline>false</offline>
<category>
<id>-1</id>
<name>Unknown</name>
</category>
<date_time_limitations>
<activation_date/>
<activation_date_epoch>0</activation_date_epoch>
<activation_date_utc/>
<expiration_date/>
<expiration_date_epoch>0</expiration_date_epoch>
<expiration_date_utc/>
<no_execute_on/>
<no_execute_start/>
<no_execute_end/>
</date_time_limitations>
<network_limitations>
<minimum_network_connection>No Minimum</minimum_network_connection>
<any_ip_address>true</any_ip_address>
<network_segments/>
</network_limitations>
<override_default_settings>
<target_drive>default</target_drive>
<distribution_point/>
<force_afp_smb>false</force_afp_smb>
<sus>default</sus>
<netboot_server>current</netboot_server>
</override_default_settings>
<network_requirements>Any</network_requirements>
<site>
<id>-1</id>
<name>None</name>
</site>
</general>
<scope>
<all_computers>false</all_computers>
<computers/>
<computer_groups>
<computer_group>
<id>6</id>
<name>LessThanMostRecent_VLC</name>
</computer_group>
</computer_groups>
<buildings/>
<departments/>
<limit_to_users>
<user_groups/>
</limit_to_users>
<limitations>
<users/>
<user_groups/>
<network_segments/>
</limitations>
<exclusions>
<computers/>
<computer_groups/>
<buildings/>
<departments/>
<users/>
<user_groups/>
<network_segments/>
</exclusions>
</scope>
<self_service>
<use_for_self_service>true</use_for_self_service>
<install_button_text>Install</install_button_text>
<self_service_description/>
<force_users_to_view_description>false</force_users_to_view_description>
<self_service_icon/>
</self_service>
<package_configuration>
<packages>
<size>0</size>
</packages>
</package_configuration>
<scripts>
<size>0</size>
</scripts>
<printers>
<size>0</size>
<leave_existing_default/>
</printers>
<dock_items>
<size>0</size>
</dock_items>
<account_maintenance>
<accounts>
<size>0</size>
</accounts>
<directory_bindings>
<size>0</size>
</directory_bindings>
<management_account>
<action>doNotChange</action>
</management_account>
<open_firmware_efi_password>
<of_mode>none</of_mode>
<of_password/>
</open_firmware_efi_password>
</account_maintenance>
<reboot>
<message>This computer will restart in 5 minutes. Please save anything you are working on and log out by choosing Log Out from the bottom of the Apple menu.</message>
<startup_disk>Current Startup Disk</startup_disk>
<specify_startup/>
<no_user_logged_in>Restart if a package or update requires it</no_user_logged_in>
<user_logged_in>Restart if a package or update requires it</user_logged_in>
<minutes_until_reboot>5</minutes_until_reboot>
</reboot>
<maintenance>
<recon>true</recon>
<reset_name>false</reset_name>
<install_all_cached_packages>false</install_all_cached_packages>
<heal>false</heal>
<prebindings>false</prebindings>
<permissions>false</permissions>
<byhost>false</byhost>
<system_cache>false</system_cache>
<user_cache>false</user_cache>
<verify>false</verify>
</maintenance>
<files_processes>
<search_by_path/>
<delete_file>false</delete_file>
<locate_file/>
<update_locate_database>false</update_locate_database>
<spotlight_search/>
<search_for_process/>
<kill_process>false</kill_process>
<run_command/>
</files_processes>
<user_interaction>
<message_start/>
<allow_users_to_defer>false</allow_users_to_defer>
<allow_deferral_until_utc/>
<message_finish/>
</user_interaction>
</policy>
According to the policy XML above, it looks like it's more than a GUI issue - the package isn't being associated at all.
If the package is still not getting associated with the policy after the upgrade to 9.21, I think we should dig into specifying only the package name in the policy XML rather than the name and ID.
In my case, the VLC package is getting created as package ID 8 since I have deleted a few packages that I previously created, but JSSImporter.py is assuming that it's ID is 3 and is writing that to the policy XML.
So close...
I was just able to add a category to 9.12 using the following XML and CURL command, FWIW:
curl -k -v -u admin:jamf1234 https://10.1.22.141:8443/JSSResource/categories/id/0 -X POST -T ~/Desktop/category.xml
<?xml version="1.0" encoding="utf-8"?>
<category>
<name>VLC</name>
</category>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Confirmed that autopkg can create a package and policy, and that the package is displayed in the GUI using a local JSS running OS X 10.9 and Casper Suite 9.21.
JSSImporter.py is sending the correct XML. Here is my output of autopkg with some additional logging...
When performing a GET on /JSSResource/policies/id/{id}, does it show a package is associated in the XML?