Support for BigFix recipe type

[homebysix]

@jgstew, can you point us to an example of a working BigFix recipe? I found this but it seems old.

Which arguments are required for BESUploader (e.g. app name, description), and which should be stored in the com.github.autopkg prefs file (e.g. hostname, username, and password)?

In the TODO, you pointed to Windows recipes, but are those the same thing as BigFix recipes?

(Also see #73.)

[jgstew]

Oddly enough, the one you referenced might be the only one currently public. I've asked @hansen-m to provide more of them.

The AutoPkgBESEngine processor for AutoPkg can make both Windows and Mac items. The resulting recipes will not be exactly the same however.

I also just realized that the Windows download recipes aren't quite as generic as the others due to having extra processing in them to pull out versions in some cases. It might be that some of this could be shifted over to the BigFix recipe rather than the download recipe, or it may be that it will need to be a different kind of Download recipe.

Right now I'm just working to make BigFix Mac recipes work with recipe-robot as I think that will be the easier one to tackle at first.

BigFix recipes require AppName, Version, Description, and possibly some more values. The BigFix server URL, UserName, and Password could be configured in the prefs file, but there is also a besapi.conf file option.

[jgstew]

Now that I'm thinking about this more, I'm remembering things.

The BESUploader is usually not needed. It is to manually upload the dmg/pkg/etc... to the BigFix root server. This isn't needed when a URL can be referenced instead. This is required if the thing being installed needs repackaged or modified in any way from it's raw directly downloaded form. ( Though those modifications could be done on the endpoints themselves during installation instead )

The BESImporter is responsible for importing the final task that AutoPkg generates into the BigFix root server so that it can be deployed. Even if this were to fail or not function, you'd still have a generated task from AutoPkg that is useful that you could import manually. While not ideal, this isn't as essential as the actual task generation itself. In some cases the manual import option instead of using BESImporter may be the only option some people have due to politics and other reasons.

The AutoPkgBESEngine is mandatory. It is what does the magic of turning the plist recipe into an actual task that can be deployed with BigFix. It does not require knowledge of the BigFix server, BigFix user, or password to function. It just knows how to transform the data in the plist into the XML format BigFix requires.

References:

• https://github.com/homebysix/recipe-robot/pull/73/files
• https://github.com/CLCMacTeam/AutoPkgBESEngine/blob/e6d4720ea1f6be7c5cf8b28f6fb23d6485356edf/README.md
• https://github.com/autopkg/hansen-m-recipes/tree/master/BESEngine
• https://github.com/autopkg/hansen-m-recipes/tree/master/SharedProcessors
• https://github.com/autopkg/hansen-m-recipes/tree/master/IBM
• https://github.com/CLCMacTeam/AutoPkgBESEngine/blob/dd1603c3fc39c1b9530b49e2a08d3eb0bbeb19a1/Examples/TextWrangler.bigfix.recipe
  • http://www.barebones.com/products/textwrangler/download.html

[jgstew]

AutoPkgBESEngine Processor Arguments

• bes_overrideurl - optional, only needed if BESUploader is used
• bes_filename - this is the name the downloaded item will have on endpoints when deployed
  • Example: TextWrangler.dmg - Should not include version info.
• bes_version - the version of the thing being installed that will be used in the BigFix relevance
  • Example: 5.0.2 - Should be set to %version% in most cases.
• bes_title - the title the generated task will have in the BigFix console
  • Example: Install/Upgrade: Bare Bones TextWrangler 5.0.2 - Mac OS X
  • Example: Install/Upgrade: Bare Bones %NAME% %version% - Mac OS X
  • Example: Install/Upgrade: %publisher% %NAME% %version% - Mac OS X
• bes_description - the HTML description that will be visible in the BigFix console when the install task is selected.
• bes_category - the category the task will have in the BigFix console
  • Examples: Software Sharing, Custom Content, Software Installers
• bes_relevance - an array of relevance items that will be in the generated BigFix task. The order of elements in the array matters.
  • Example: (mac of operating system) AND (system version >= "10.6.8") AND ...
• bes_actions - a dictionary of the action options for in the BigFix installation task. Only 1 is required. This is the actual "script" that will be run on the endpoint that will actually do the installation of the software.
  • For the functionality of recipe-robot, the action script that actually installs the item will probably need to be made to be generic and handle most cases dynamically depending on the file type provided.
  • dynamically handle cases like: if(dmg) ?? endif, if(zip) ?? endif, if(pkg) ?? endif, if(app) ?? endif

Pull requests

• https://github.com/homebysix/recipe-robot/pull/75/files
  • Has a fix for an error, plus some of the implementation of the above.

[jgstew]

For all software installed or patched by BigFix, there are basically 2 different types of tasks used to do this.

• Install/Upgrade - This will install it if it is not installed, or upgrade it if an older version is installed.
  • This is the option used for any software that you wish to be installed on all systems, or all systems that meet certain criteria. This is also the option most frequently used in BigFix baselines.
• Upgrade/Patch - This will only upgrade/patch existing software of an older version. It will not install it to a system that doesn't already have an older version already installed.
  • This is the option used for updates/patching. This can be used in BigFix baselines that are specific to patching.

Eventually I hope to have some combination of AutoPkg and/or recipe-robot able to automatically generate both of these.

[jgstew]

I'm about 80% complete with this, with another 80% to go :)

I need to generalize the actionscript (this is a bigfix thing, not so much a recipe-robot or AutoPkg thing), then test the recipes created by recipe-robot with AutoPkg and the BES Engine, then import them into BigFix by hand and make sure the generated installation tasks actually work. Once this has been done with many different installer types, then I'll work on adding in the BESImporter process to automate that part. The BESUploader will come last.

[jgstew]

This is what happens during an autopkg run with a BigFix recipe when the AutoPkgBESEngine processor is not present.

autopkg run TextWrangler.bigfix.recipe 
Processing TextWrangler.bigfix.recipe...
Failed.

The following recipes failed:
    TextWrangler.bigfix.recipe
        Unknown processor 'AutoPkgBESEngine'.

Nothing downloaded, packaged or imported.

The following commands will address this:

autopkg repo-add https://github.com/autopkg/hansen-m-recipes.git
autopkg install BESEngine
autopkg install QnA

• https://github.com/CLCMacTeam/AutoPkgBESEngine

[homebysix]

@jgstew Does that mean that we need to add the two autopkg install commands above to the [REMINDER] text?

[jgstew]

@homebysix Yes, it does mean that. I was documenting the issue before making those changes.

[jgstew]

This is a resulting BigFix task that works that was generated by an AutoPkg recipe that was generated with recipe-robot: https://bigfix.me/fixlet/details/6285

I did need to change the parent download recipe, but otherwise it was unchanged. There is definitely some more refinement, improvements, and handling of other cases to be done, but at least one case is working. I was a little worried about potentially needing to deal with escaping characters in a different way that is done automatically, but that seems to be working just fine.

[jgstew]

Examples of new cases to handle:

• https://bigfix.me/fixlet/details/3944
• https://bigfix.me/fixlet/details/2519
• https://bigfix.me/fixlet/details/2529
• https://bigfix.me/fixlet/details/2527
• https://bigfix.me/fixlet/details/3796 (this is more of a AutoPkg case rather than recipe-robot)

[jgstew]

I want to get back to this. I can't believe it is coming up on a year.

[homebysix]

The skeleton of a function that creates BigFix recipes is still in place, if there's any interest in continuing this work: https://github.com/homebysix/recipe-robot/blob/main/scripts/recipe_robot_lib/recipe_generator.py#L1647