Automatically update apps with jamf policy driven workflows
Documentation will be in this repo's Wiki page, please click on the wiki link above
Thanks
Helper Policies excecute the policies automatically created by JSSI in a elegant manner.
-
JSSI Creates A Policy on your JSS with a pkg which is the lastest version of APP, which it uploads too.
-
JSSI Creates a Smart Groups
- If app exists and is not current version
Let's Pretend Our JSSI Is All Setup, how do we upload new packages and make SmartGroups and resulting Policies?
autopkg run -vv --post 'io.github.hjuutilainen.VirusTotalAnalyzer/VirusTotalAnalyzer' AU-Zoom.jss --prefs ~/Desktop/myawesomecompany.plist
autopkg run -vv --post 'io.github.hjuutilainen.VirusTotalAnalyzer/VirusTotalAnalyzer' ~/Desktop/Autopkgr-Overrides/AU-Zoom.jss.recipe --prefs ~/Desktop/myawesomecompany.plist
--post
because virus checklocal.jss.AU-Zoom
is the package, you can string multiples of these together to call a bunch at a time--prefs
point this at your .plist containing your whitelisted recipies and your credentials
- Q: What problem do recipie overrides solve A: In a production environment you will have custom requirements for where your forthcoming packages and policies are named, and put. Plus you will have XML Files as heavy lifters for the forthcoming SmartGroups and Policies that contain parameters.
- How do I do that?
autopkg list-recipies
to make sure the recipie is on your system, eg Word365.jssautopkg make-override Word365.jss
- This puts it in your custom recipies folder, but to that avail you will have to edit the recipie using the text editor of your choice to hard code the Category, and XML File Values for Production ready values
- Notice the XML Identifier string of your Override recipie, it will give you the value you need to call it using the command line eg
local.jss.MicrosoftWord36
Working further backwards, set the parameters in the XML files for the heavy lifting creation of policies and SmartGroups
- Make XML File 1 Which customises forthcoming Policy . Make XML File 2 Which customises forthcoming SmartGroup
- It's because your using a Recipie Override, editing the Recipie Override's following directives
- Specificly the
GROUP_NAME
directive - The
GROUP_TEMPLATE
andPOLICY_TEMPLATE
directive in the recipie Override itself. Note path scoping likes the same directory. Pictured below is the start of a Recipie Override featuring the above directives in view
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Identifier</key>
<string>local.jss.AU-DriveFS</string>
<key>Input</key>
<dict>
<key>CATEGORY</key>
<string>Patches</string>
<key>DOWNLOAD_URL</key>
<string>https://dl.google.com/drive-file-stream/googledrivefilestream.dmg</string>
<key>GROUP_NAME</key>
<string>%NAME%-update-smart</string>
<key>GROUP_TEMPLATE</key>
<string>SmartGroupTemplateAutopatch.xml</string>
<key>NAME</key>
<string>Google Drive File Stream</string>
<key>POLICY_CATEGORY</key>
<string>Patches</string>
<key>POLICY_TEMPLATE</key>
<string>PolicyTemplateAutopatch.xml</string>
<key>SELF_SERVICE_DESCRIPTION</key>
<string></string>
<key>SELF_SERVICE_ICON</key>
<string>%NAME%.png</string>
<key>STOPPROCESSINGIF_PREDICATE</key>
<string>download_changed == False</string>
<key>pkg_path</key>
<string></string>
</dict>
Edit PolicyTemplateAutopatch.xml
<policy>
<general>
<name>Install Latest %PROD_NAME%</name>
<enabled>True</enabled>
<frequency>Ongoing</frequency>
<category>
<name>%POLICY_CATEGORY%</name>
</category>
<trigger_other>autoupdate-%PROD_NAME%</trigger_other>
</general>
<scope>
<all_computers>true</all_computers>
</scope>
<package_configuration>
<!--Package added by JSSImporter-->
</package_configuration>
<scripts>
<!--Scripts added by JSSImporter-->
</scripts>
<maintenance>
<recon>true</recon>
</maintenance>
</policy>
Edit SmartGroupTemplateAutopatch.xml
<name>%group_name%</name>
<is_smart>true</is_smart>
<criteria>
<criterion>
<name>Application Title</name>
<priority>0</priority>
<and_or>and</and_or>
<search_type>is</search_type>
<value>%JSS_INVENTORY_NAME%</value>
</criterion>
<criterion>
<name>Application Version</name>
<priority>1</priority>
<and_or>and</and_or>
<search_type>is not</search_type>
<value>%VERSION%</value>
</criterion>
</criteria>
</computer_group>
- You made a smart group with a scope which checks app version
- You made a policy which runs the freshly upload pkg version based on a trigger
-
autopkg list-recipes
-
autopkg info AU-Zoom.jss
-
autopkg run --post novirus path_to_recipie_override --prefs login_creds_yoursite.plist --key STOP_IF_NO_JSS_UPLOAD=False
-
Q: how do we make the .plist?
A: I would just use the AutoPkgr gui, save your connection settings and
cp ~/Library/Preferences/com.github.autopkg.plist ~/Desktop/myawesomecompany.plist
-
Q: how can I read the PLIST (app preferences file) as a sanity check?
A:
defaults read com.github.autopkg.plist
orplutil -convert xml1 ~/Desktop/myawesomecompany.plist