Using “Reverse Extension Attributes” to Improve macOS Patching

Transcript

1. None

2. © JAMF Software, LLC Dan Hoffman Sr. Systems Engineer Pixar

   Animation Studios

3. © JAMF Software, LLC Flipping the Script Presentation agenda: •

   Using "reverse extension attributes" to cache data on Macs • "Host Info File" • Benefits • Patch management

4. © JAMF Software, LLC Some notes about the API •

   Jamf Pro API vs. Classic API • JSON vs. XML • ruby-jss
 https://github.com/PixarAnimationStudios/ruby-jss

5. © JAMF Software, LLC Jamf Pro Extension Attributes • Custom

   fields to collect almost any piece of attribute data from a computer • Data is gathered from computer
 and saved to Jamf Pro during recon

6. © JAMF Software, LLC Reverse Extension Attributes • Custom fields

   to collect almost any piece of attribute data from a computer • Data is gathered from Jamf Pro and saved
 to the computer during execution

7. © JAMF Software, LLC But wait, there's more! • Data

   does not necessarily have to come from Jamf • Any attribute can be gathered and
 stored locally

8. © JAMF Software, LLC Data types • Jamf Pro extension

   attributes:
 string, integer and date • Reverse extension attributes:
 string, integer, floating point,
 date, and boolean

9. © JAMF Software, LLC Host Info File • A simple

   plist with XML key/value pairs that can be saved anywhere on the filesystem • Readable and writable by defaults,
 PlistBuddy, etc.

10. © JAMF Software, LLC Host Info File - limitations •

    Purposefully simple • No dictionaries or array data types • Counter example: computer groups

11. © JAMF Software, LLC Max image dimensions LDAP LDAP Jamf

    Pro Jamf Pro Jamf Pro Jamf Pro Local Local Local

12. © JAMF Software, LLC Benefits Helpdesk can quickly see relevant

    data from the command line while troubleshooting

13. © JAMF Software, LLC Benefits • Reduce server and network

    load • Offline availability • Non-Jamf tasks can read and write
 data without Jamf • Simpler scripts

14. © JAMF Software, LLC Getting the Jamf Computer ID -

    API serialNumber=$(system_profiler SPHardwareDataType | \
 awk '/Serial Number/{print$4}') jamfID=$(curl -su username:password -H 'Content-type: application/xml' \
 https://pixar-jamf-pro-server:8443/JSSResource/computers/\
 serialnumber/$serialNumber | xmllint --xpath \
 '/computer/general/id/text()' -) curl -su username:password -H 'Content-type: application/xml' \
 https://pixar-jamf-pro-server:8443/JSSResource/computers/\
 id/$jamfID -d '<computers><general><site><name>Monstropolis\
 </name></general></computer>' -X PUT

15. © JAMF Software, LLC Reading from a Host Info File

    pathToHostInfoFile='/etc/com.pixar.hostinfo.plist'
 jamfID=$(defaults read $pathToHostInfoFile jamf_computer_id) curl -su username:password -H 'Content-type: application/xml' \
 https://pixar-jamf-pro-server:8443/JSSResource/computers/\
 id/$jamfID -d '<computers><general><site><name>Monstropolis\
 </name></general></computer>' -X PUT

16. © JAMF Software, LLC Writing to a Host Info File

    Example 1 - Jamf Pro user • Ongoing Jamf Pro policy • Once per day, recurring checkin • Payload is a script • Uses the api to query the server for the
 assigned Jamf username and writes it to the file

17. © JAMF Software, LLC Writing to a Host Info File

    Example 1 - Jamf Pro user pathToHostInfoFile='/etc/com.pixar.hostinfo.plist' serialNumber=$(system_profiler SPHardwareDataType | \
 awk '/Serial Number/{print$4}') jamfUser=$(curl -su username:password -H 'Content-type: \
 application/xml' https://pixar-jamf-pro-server:8443/\
 JSSResource/computers/serialnumber/$serialNumber | \
 xmllint --xpath '/computer/location/username/text()' -) defaults write $pathToHostInfoFile jamf_username \
 -string $jamfUser

18. © JAMF Software, LLC Writing to a Host Info File

    Example 2 - Pixarification timestamp pathToHostInfoFile='/etc/com.pixar.hostinfo.plist' defaults write $pathToHostInfoFile pixarified -date "$(date)"

19. © JAMF Software, LLC macOS Patch at Pixar Puppytime

20. © JAMF Software, LLC macOS Patch at Pixar - Nagging

    • First nag: Yo, once daily, for seven days • Followup nags: jamfHelper

21. © JAMF Software, LLC macOS Patch at Pixar - Postflight

    Luxify • Firstboot-lite • Jamf Pro policy • Runs at *every* startup • Executes based on
 reverse extension attribute

22. © JAMF Software, LLC One More Thing https://github.com/PixarAnimationStudios/depot3 PHI •

    Plist Host Info • Simple wrapper for PlistBuddy • Optionally part
 of D3

23. © JAMF Software, LLC Questions?

24. © JAMF Software, LL THANK YOU!