Were you at Brainstorm? Here’s the resources information for Casfigurator and JSS Automation:
Casfigurator – github.com/bumbletech
configautomation.com – (Readme and Demo Videos)
developer.apple.com/videos — “Supporting the Enterprise with OS X Automation” (last third)
WWDC 2015 – What’s New in Managing Apple Devices (Jumps to Configurator 2 walkthrough)
After Apple released their ProApps education bundle, I had a lab of iMacs that needed to be upgraded to (at least) El Capitan so we could distribute those apps from the Mac App Store without an AppleID.
(Oh hey, sidenote: You can migrate that app bundle to your VPP account for managed distribution – http://www.apple.com/us-hed/shop/product/BMGE2Z/A/pro-apps-bundle-for-education)
“No problem,” I said. “We already have a self service policy for this upgrade. I’ll just make it a check-in policy and have it run after school.”
But then I got ahead of myself.
“Hmm… The DMG I’m using is for 10.11.2. I should really update that.”
At this point I added insult to eventual injury by overachieving.
“I mean, I could use the Sierra installer that I have already tested and know works… but are we really ready to use Sierra for student machines?”
Sometimes being cautious has its downsides…
I’m not 100% sure that the problem was caused by trying to update the El Capitan DMG I was using. But, When I added the 10.11.6 El Capitan Installer.app to Casper admin, I was prompted if I wanted to replace the older installer. I opted not to, and perhaps that’s where things got messy.
This is roughly how it went:
“Huh. Looks like my policies aren’t working…”
Caching El Capitan Installer... Can’t verify package
“Okay… maybe it was a bad package. I’ll grab it from the store again.”
Blessing in-place OS upgrade directory... /OS X Install Data is not a directory
“…”
“Okay… Let’s try the old installer out again?”
Blessing in-place OS upgrade directory... /OS X Install Data is not a directory
“How about using createOSXinstallPkg https://github.com/munki/createOSXinstallPkg? Oh, hey! It actually rebooted I guess we’re home fr—”
“Balls. Okay. Okay… Ah! I have a version of the createOSXinstalPkg that I used for 10.6 machines in DeployStudio. I know that one works! Take that weird issue controlling my life today!”
“Listen here you little punk. Here’s what we’re gonna do. We’re just going to skip this whole ‘El Capitan’ thing. I get it: I should have just gone to Sierra. It’s new. It’s here, and it works fine. So, we’re just going to turn my self service upgrade into a checkin policy, and I don’t want any weird stuff. I don’t want any zombie Installer Media problems, I don’t want to turn into Installer Media myself. Got it?”
So, obviously at this point, there’s some bad Installer media that’s not getting cleared out. Maybe a restart is supposed to clear it out, but boy would it be helpful if Apple would give you a bit more of a clue as to what and where this Installation Media business is—or, I don’t know… delete the bad media?
“Well damn. I can’t really wipe these computers at this point in the year—likely too many local video projects stored… Maybe a JAMF user’s got this covered on JamfNation.”
“Huh… Nothing. Maybe I’ll check the post-install script from the createOSXinstalPkg…”
“Hmm… If only there was a way to see what’s being written when the system gets the in-place upgrade installer setup…”
“I love you.”
Sometimes it amazes me how long it takes me to run around like a chicken with my head cut off before I just run a Composer snapshot to figure out what’s actually happening. With the snapshot in hand, this is what my—now defunct—El Capitan Installer was installing:
Well, that explains “/OS X Install Data is not a directory”.
And this is what the working Sierra Installer installed:
All I needed to do was delete those files:
#!/bin/bash rm /AppleDiagnostics* rm /BaseSystem* rm -R /Packages
And now, finally, with the bad “macOS or OS X Installation Media” removed, I was able to install from a known-working installer.
Back in March of 2016 Apple announced their new education tool, Classroom.
*CUE thunderous applause*
(Back in March of 2016 I also started this blog, so I suppose I should finally do something with it.)
Along with the new Apple School Manager (ASM), education IT professionals would be able to take their school’s users, classes and rosters from their Student Information System and have a no muss, no fuss way to dump the needed classroom information into their MDMs. Once there, Teachers would finally have what they’ve been asking for: a way to monitor and guide their student’s iPad use—reliably. (No hard feelings, Casper Focus)
It’s almost a year later. We’re still waiting for more SIS support—currently Apple only has support for Infinite Campus and Sun Guard (eSchoolPlus). And that’s just for those of us who would actually be able to use ASM’s automated data sync…
Here’s where things get more complicated if you (hypothetically) manage 6 (hypothetical) districts in a (hypothetical) technology consortium using one MDM (again, speaking hypothetically): Most MDMs only have support for one instance of Apple School Manager from which to synchronize classroom data. “Okay,” you say with a sad sigh that, at this point, sounds a bit rehearsed. “I’ll just create my classes manually.” However, if you do that, JamfPRO (née Casper) defaults to using a student’s username on a Teacher’s classroom app. (You tell a kid they’re more than just a number when that’s all the roster shows…)
Luckily, the JSS API is here to help. (It’s pretty much always here to help.)
There’s a container within the “user” portion of the JSS API for ASM/Classroom data: roster_name, roster_managed_apple_id, roster_passcode_type. It took a bit of trial and error—oddly enough you can just add the student’s name as “roster_name” without the other ASM related containers—but I finally managed to get a script together that would let me add the necessary information without the use of Apple School manager.
The script anticipates a CSV with UNIX line breaks and three columns: username, fullname, email. With unix line breaks I find that I need a dummy line at the end, otherwise your last item wont run.
#!/bin/bash
#Edit this line for your JSS
apiPath="https://YOURJSSURLHERE:8443/JSSResource" #MODIFY THIS LINE
#Created by Josh Bourdon
#bumbletech.wordpress.com
#github.com/bumbletech
###############################
# DO NOT EDIT BELOW THIS LINE #
###############################
echo "Please enter your JSS username:"
read jssUser
echo "Please enter your JSS password:"
read -s apiPassword
#Create counter index
index="1"
#Pull filename for CSV of names and attributes
echo "Please drag and drop your CSV into this window and press enter."
read file
#Loop to add attributes to names
INPUT="$file"
OLDIFS=$IFS
IFS=","
[ ! -f $INPUT ] && { echo "$INPUT file not found"; exit 99; }
while read username fullname email
do
echo "<user>
<roster_managed_apple_id/>
<roster_name>$fullname</roster_name>
<roster_source>MDM</roster_source>
<roster_source_system_identifier/>
<roster_unique_identifier/>
<roster_passcode_type/>
</user>" > "/tmp/blank_location.xml"
curl -X PUT -H "Accept: application/xml" -H "Content-type: application/xml" -k -u ${jssUser}:${apiPassword} -T /tmp/blank_location.xml ${apiPath}/users/name/$username
index=$[$index+1]
done < $file
#Clean up temp XML
#rm /tmp/blank_location.xml
echo ""
echo "All lines complete!"
exit 0
Greetings!
This blog is a work in progress at the moment. Hopefully I’ll get it updated some day.
#!/bin/bash echo "This is where I'll try to write some things about being a Apple Admin, and maybe some other musings." #I'm just testing out how posting basic code looks with these tags.
So... I guess that's it for the moment.
bumbletech 