automated re-enrollment support with --installpackage #119

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed

cubandave wants to merge 8 commits into kc9wwh:master from cubandave:pr/2

README.md

-Original file line number
+Diff line change
@@ Expand Up / @@ -12,6 +12,7 @@ Requirements: @@
     * macOS Installer 10.12.4 or later
     * `eraseInstall` option is ONLY supported with macOS Installer 10.13.4+ and client-side macOS 10.13+
     * Look over the USER VARIABLES and configure as needed.
+    * To make use of the re-enroll work-flow check out, [re-enroll-mac-into-jamf-after-wipe](https://github.com/cubandave/re-enroll-mac-into-jamf-after-wipe).
     *This workflow will **not** work if a user is not logged in since the `startosinstall` binary requires a user to be logged in. Tested with macOS 10.13.4 and you will get errors in that the process couldn't establish a connection to the WindowServer.*
@@ Expand Down Expand Up @@
     *Added in v2.6.0 - You can now specify to use the `--eraseInstall` parameter when using macOS Installer 10.13.4 or later and the client is running macOS 10.13 or later. Essentially this will wipe and reload the system to factory defaults. Yay \o/*
+    *Added in v2.7.0 - You can now automatically re-enroll a mac after the `--eraseInstall`. This will create a PKG and use `--installpackage` to `curl` the jamf binary and enroll the computer by `jamf enroll -invitation`. This also supports various methods of setting/preserving the computer name. To make use of this feature pair the macOSUpgrade work-flow script with the re-enroll scripts from, [re-enroll-mac-into-jamf-after-wipe](https://github.com/cubandave/re-enroll-mac-into-jamf-after-wipe). \(ﾉ◕ヮ◕\)ﾉ\*:･ﾟ✧*
     **Staging the macOS Installer**
@@ Expand Down Expand Up @@
     ![alt text](/imgs/fullScreen.png)
+    **Example of Utility Dialog**
+    ![alt text](/imgs/utility.png)
     **Example of Utility Dialog**
     ![alt text](/imgs/utility.png)

macOSUpgrade.sh

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -31,7 +31,7 @@
  
    # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

    #

    # This script was designed to be used in a Self Service policy to ensure specific

    # requirements have been met before proceeding with an inplace upgrade of the macOS,

    # requirements have been met before proceeding with an in-place upgrade of the macOS,

    # as well as to address changes Apple has made to the ability to complete macOS upgrades

    # silently.

    #

    @@ -41,7 +41,7 @@
  
    #           - macOS Installer 10.12.4 or later

    #           - eraseInstall option is ONLY supported with macOS Installer 10.13.4+ and client-side macOS 10.13+

    #           - Look over the USER VARIABLES and configure as needed.

    #

    #           - To use the re-enroll functions look at https://github.com/cubandave/re-enroll-mac-into-jamf-after-wipe

    #

    # For more information, visit https://github.com/kc9wwh/macOSUpgrade

    #

    @@ -53,6 +53,28 @@
  
    # USER VARIABLES

    # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

    ##This is the custom event name used to create the install package for automatically enrolling 

    ##You can statically set this a policy by setting it here

    ##You can also make this dynamic to enroll the computer into different Jamf Pro environments

    ##For more information please see the project

    ##https://github.com/cubandave/re-enroll-mac-into-jamf-after-wipe

    autoPKGEnrollmentEventName="${11}"

    if [[ -z "$autoPKGEnrollmentEventName" ]] ;then

        ##add your own event name here if you want this to be static

        autoPKGEnrollmentEventName=""

    fi

    # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

    # STATIC VARIABLES

    # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

    jamfBinary="/usr/local/jamf/bin/jamf"

    jHelper="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"

    # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

    # POLICY VARIABLES

    # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

    ##Specify path to OS installer. Use Parameter 4 in the JSS, or specify here

    ##Example: /Applications/Install macOS High Sierra.app

    OSInstaller="$4"

    @@ -92,7 +114,7 @@ unsuccessfulDownload=0
  
    ##Use Parameter 8 in the JSS.

    eraseInstall="$8"

    if [ "$eraseInstall" != "1" ]; then eraseInstall=0 ; fi

    #macOS Installer 10.13.3 or ealier set 0 to it.

    #macOS Installer 10.13.3 or earlier set 0 to it.

    if [ "$versionMajor${versionMinor:=0}" -lt 134 ]; then

        eraseInstall=0

    fi

    @@ -103,6 +125,19 @@ fi
  
    userDialog="$9"

    if [ "$userDialog" != "1" ]; then userDialog=0 ; fi

    ##Options for computer name handling for re-enroll workflows

    ##Use this to control the way that re-enrollment to your jamf Pro server is done

    ##Requires macOS Installer 10.13.4 or later

    ##NOTE: To Default to assigning no computer after the wipe put nothing in here

    ##(ask) - Use jamfHelper to ask the user what to do with the computer name 

    ##(keepname) - Default to automatically preserve computer name 

    ##(prename) - Default to automatically asking for a new computer name 

    ##(splashbuddy) - Add this to the parameter setting to automatically create a ComputerName.txt and .SplashBuddyFormDone 

    ##For more information please see the project

    ##https://github.com/cubandave/re-enroll-mac-into-jamf-after-wipe

    ##make variable lower case

    reEnrollmentMethodChecks=$(echo "${10}" | tr '[:upper:]' '[:lower:]')

    # Control for auth reboot execution.

    if [ "$versionMajor" -ge 14 ]; then

        # Installer of macOS 10.14 or later set cancel to auth reboot.

    @@ -193,13 +228,13 @@ wait_for_ac_power() {
  
    downloadInstaller() {

        /bin/echo "Downloading macOS Installer..."

        /Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper \

        "$jHelper" \

            -windowType hud -windowPosition $dlPosition -title "$title" -alignHeading center -alignDescription left -description "$dldescription" \

            -lockHUD -icon "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/SidebarDownloadsFolder.icns" -iconSize 100 &

        ##Capture PID for Jamf Helper HUD

        jamfHUDPID=$!

        ##Run policy to cache installer

        /usr/local/jamf/bin/jamf policy -event "$download_trigger"

        "$jamfBinary" policy -event "$download_trigger"

        ##Kill Jamf Helper HUD post download

        kill_process "$jamfHUDPID"

    }

    @@ -261,14 +296,73 @@ verifyChecksum() {
  
    }

    cleanExit() {

        kill_process "$caffeinatePID"

        ##if exiting on an error killall jamfHelper Windows too

        if [[ "$1" != 0 ]] ; then /usr/bin/killall jamfHelper ; fi

        ## Remove Script

        /bin/rm -f "$finishOSInstallScriptFilePath" 2>/dev/null

        /bin/rm -f "$osinstallersetupdDaemonSettingsFilePath" 2>/dev/null

        /bin/rm -f "$osinstallersetupdAgentSettingsFilePath" 2>/dev/null

        /bin/kill "${caffeinatePID}"

        exit "$1"

    }

    fn_askWhatToDoForComputerName () {

        keepMessage="Do you want to KEEP the computer name after erasing? 

    Current Computer Name: $currentComputerName

    To rename click 'Other'.

    "

        renameMessage="Do you want to RENAME the computer name after erasing? 

    Current Computer Name: $currentComputerName

    To not assign any name click 'No Name'.

    "

        toKeepOrNotToKeep=$( "$jHelper" -windowType hud -icon "$icon" -heading "Computer Name Setting" -description "$keepMessage" -button1 "Keep" -button2 "Other" -defaultButton 1 -timeout 300 )

        if [[ "$toKeepOrNotToKeep" = 0 ]]; then

            keep=true

        elif [[ "$toKeepOrNotToKeep" = 2 ]] || [[ "$toKeepOrNotToKeep" = 239 ]] ; then

            toRenameOrNotToRename=$( "$jHelper" -windowType hud -icon "$icon" -heading "Computer Name Setting" -description "$renameMessage" -button2 "Rename" -button1 "No Name" -timeout 300 )

            if [[ "$toRenameOrNotToRename" = 2 ]]; then

                prename=true

            fi

        fi

    }

    fn_askforNewComputerName () {

        newComputerName=$( sudo -u "$currentUser" /usr/bin/osascript -e 'display dialog "Please enter the new computer name" default answer "" with title "Set New Computer Name" with text buttons {"Cancel","OK"} default button 2' -e 'text returned of result' )

    }

    fn_Process_reEnrollmentMethodChecks () {

        ##check for and set the parameters for re enrollment 

        if [[ "$reEnrollmentMethodChecks" ]] ; then

            ##clear any previous checks

            /bin/rm /private/tmp/reEnrollmentMethod*

            if [[ "$reEnrollmentMethodChecks" == *"ask"* ]]; then ask=true ; fi

            if [[ "$reEnrollmentMethodChecks" == *"keep"* ]]; then keep=true ; fi

            if [[ "$reEnrollmentMethodChecks" == *"prename"* ]]; then prename=true ; fi

            ##write a placeholder so the re-enroll package create knows to create the ComputerName.txt file

            if [[ "$reEnrollmentMethodChecks" == *"splashbuddy"* ]]; then

                /usr/bin/touch /private/tmp/reEnrollmentMethod.splashbuddy

            fi ##re-enroll has splashbuddy

        fi

    }

    # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

    # SYSTEM CHECKS

    # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

    @@ -299,6 +393,42 @@ If you continue to experience this issue, please contact the IT Support Center."
  
        cleanExit 1

    fi

    ##This is the beginning of the re-enroll work-flow to handle the computer name

    if [[ "$reEnrollmentMethodChecks" ]] && [[ $eraseInstall == 1 ]] && [[ "$autoPKGEnrollmentEventName" ]] ; then

        fn_Process_reEnrollmentMethodChecks

        /bin/echo "Script is configured for re-enrollment."

        ## if re-enrollment is enabled to ask what to do about the name

        currentComputerName=$( /usr/sbin/scutil --get ComputerName )

        if [[ $ask = true ]] && [[ ${currentUser} != "root" ]] ; then

            /bin/echo "Asking what to do about the computer name."

            fn_askWhatToDoForComputerName

        elif [[ $ask = true ]] && [[ ${currentUser} = "root" ]]; then

            #statements

            keep=true

            /bin/echo "The computer is at the login window. Defaulting to preserving the computer name."

        fi

        if [[ $keep = true ]]; then

            /bin/echo "Keeping the current computer name."

            newComputerName="$currentComputerName"

        fi 

        if [[ $prename = true ]]; then

            /bin/echo "Assigning a new computer name."

            fn_askforNewComputerName

        fi 

        # Computer name is assigned after eraseinstall

        if [[ "$newComputerName" ]]; then

            /bin/echo "Assigned computer name after eraseinstall: $newComputerName"

            /bin/echo "$newComputerName" > /private/tmp/reEnrollmentMethod.newComputerName.txt 

        fi 

    fi # re-enrollment and erase install - prep for naming the computer after eraseinstall stage

    ##Check for existing OS installer

    loopCount=0

    while [ "$loopCount" -lt 3 ]; do

    @@ -436,14 +566,78 @@ fi
  
    ##Launch jamfHelper

    if [ "$userDialog" -eq 0 ]; then

        /bin/echo "Launching jamfHelper as FullScreen..."

        /Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType fs -title "" -icon "$icon" -heading "$heading" -description "$description" &

        "$jHelper" -windowType fs -title "" -icon "$icon" -heading "$heading" -description "$description" &

        jamfHelperPID=$!

    else

        /bin/echo "Launching jamfHelper as Utility Window..."

        /Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -title "$title" -icon "$icon" -heading "$heading" -description "$description" -iconSize 100 &

        "$jHelper" -windowType utility -title "$title" -icon "$icon" -heading "$heading" -description "$description" -iconSize 100 &

        jamfHelperPID=$!

    fi

    ##Re-enrollment package creation stage

    if [[ "$reEnrollmentMethodChecks" ]] && [[ $eraseInstall == 1 ]] || [[ "$autoPKGEnrollmentEventName" ]] && [[ $eraseInstall == 1 ]] ; then

        ##package creation 

        if [ "$versionMajor${versionMinor:=0}" -ge 134 ] ; then

            autoEnrollPKGResult=$( "$jamfBinary" policy -event "$autoPKGEnrollmentEventName" )

            /bin/echo "Results from package creation policy: $autoPKGEnrollmentEventName"

            /bin/echo "$autoEnrollPKGResult"

            ##Make and array of the packages built with 'productbuild' - For future ideas

            IFS=$'\n'

            productbuildPackages=($(/bin/echo "$autoEnrollPKGResult" | /usr/bin/grep productbuild | /usr/bin/awk -F 'Wrote product to ' '{ print $2 }'))

            unset IFS

            ##Built in support for multiple packages - For future ideas

            for packageName in "${productbuildPackages[@]}" ; do

                /bin/echo "Adding package $packageName to post install"

                installpackageOption+="--installpackage $packageName "

            done

        else

            echo "startosinstall with installpackage is not supported on this version $version"

            "$jHelper" -windowType utility -title "$title" -icon "$icon" -heading "Re-enrollment Preparation Failed" -description "We were unable to prepare your computer for $macOSname with re-enrollment.

            Re-enrollment packages are not supported on $version. Minimum version is macOS 10.13.4" -iconSize 100 -button1 "OK" -defaultButton 1

            cleanExit 1

        fi

        ##Error Reporting for failing to create package

        # if [[ -z "${productbuildPackages[@]}" ]]; then 

        if [[ "${#productbuildPackages[@]}" = 0 ]]; then 

            /bin/echo "Error: Re-enrollment package cannot be found, failing out"

            if [[ "$autoEnrollPKGResult" == *"DEP Crossover"* ]] ; then

                "$jHelper" -windowType utility -title "$title" -icon "$icon" -heading "Re-enrollment Preparation Failed" -description "We were unable to prepare your computer for $macOSname with re-enrollment.

            The Mac is assigned for Device Enrollment to a different Jamf Pro Server in Apple Business Manager." -iconSize 100 -button1 "OK" -defaultButton 1

            elif [[ "$autoEnrollPKGResult" == *"DEP multiple Jamf Pro"* ]] ; then

                "$jHelper" -windowType utility -title "$title" -icon "$icon" -heading "Re-enrollment Preparation Failed" -description "We were unable to prepare your computer for $macOSname with re-enrollment.

            The Mac is assigned for Device Enrollment across multiple Jamf Pro Servers." -iconSize 100 -button1 "OK" -defaultButton 1

            elif [[ "$autoEnrollPKGResult" == *"failed to get invitationCode"* ]] ; then

                "$jHelper" -windowType utility -title "$title" -icon "$icon" -heading "Re-enrollment Preparation Failed" -description "We were unable to prepare your computer for $macOSname with re-enrollment.

            Failed to generate invitationCode for the re-enrollment package." -iconSize 100 -button1 "OK" -defaultButton 1

            elif [[ "$autoEnrollPKGResult" == *"no JSS URL Will not create PKG"* ]] ; then

                "$jHelper" -windowType utility -title "$title" -icon "$icon" -heading "Re-enrollment Preparation Failed" -description "We were unable to prepare your computer for $macOSname with re-enrollment.

            The package creation script is not configure correctly. No JSS URL configured." -iconSize 100 -button1 "OK" -defaultButton 1

            else

                "$jHelper" -windowType utility -title "$title" -icon "$icon" -heading "Re-enrollment Preparation Failed" -description "We were unable to prepare your computer for $macOSname with re-enrollment.

            Re-enrollment package could not be found." -iconSize 100 -button1 "OK" -defaultButton 1

            fi

            cleanExit 1

        fi

    fi ##re-enrollment and erase install - re-enrollment package creation stage

    ##Load LaunchAgent

    if [ "$fvStatus" = "FileVault is On." ] && \

       [ "$currentUser" != "root" ] && \

    @@ -463,9 +657,9 @@ fi
  
    osinstallLogfile="/var/log/startosinstall.log"

    if [ "$versionMajor" -ge 14 ]; then

        eval "\"$OSInstaller/Contents/Resources/startosinstall\"" "$eraseopt" --agreetolicense --nointeraction --pidtosignal "$jamfHelperPID" >> "$osinstallLogfile" 2>&1 &

        eval "\"$OSInstaller/Contents/Resources/startosinstall\"" "$eraseopt" "$installpackageOption" --agreetolicense --nointeraction --pidtosignal "$jamfHelperPID" >> "$osinstallLogfile" 2>&1 &

    else

        eval "\"$OSInstaller/Contents/Resources/startosinstall\"" "$eraseopt" --applicationpath "\"$OSInstaller\"" --agreetolicense --nointeraction --pidtosignal "$jamfHelperPID" >> "$osinstallLogfile" 2>&1 &

        eval "\"$OSInstaller/Contents/Resources/startosinstall\"" "$eraseopt" "$installpackageOption" --applicationpath "\"$OSInstaller\"" --agreetolicense --nointeraction --pidtosignal "$jamfHelperPID" >> "$osinstallLogfile" 2>&1 &

    fi

    /bin/sleep 3

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

automated re-enrollment support with --installpackage #119

Uh oh!

Diff view

Diff view

There are no files selected for viewing