jssautopkgaddon

0.9941 - Autopkg + JSS + Patchoo! & No more Mr. Nice Admin


AutoPKG + JSS-autopkg-addon + Patchoo



The holy grail of Casper software deployment?

If you don't know how cool AutoPKG is, you best get acquainted. In a nutshell, it will follow a recipe - check, download and repackage software for you, and with the very recent addition of a GUI it will do it at the touch of a button!

I am yet to get my hands dirty with the way it all works myself, but Allister Banks has built a processor for AutoPKG that every JAMF admin should be very excited about.

JSS-autopkg-addon effectively takes freshly built pkgs from autopkg, loads them onto your CDP and then creates the necessary smart groups and policies required for distribution. Cool beans! There has been a bit of talk on JAMF Nation and various channels about some of the shortcomings of Casper software deployment, that it's far too admin heavy. Automating a lot of the tedium around policy and smart group creation will go along way to solving this until JAMF revamps it's software deployment tools.

Calum Hunter has modified the policy and smart group template that JSS-autopkg-addon uses, and it can now dump these freshly created flat pkgs into your patchoo-dev track 100% ready for testing and deployment!

  1. AutoPKG recipe runs.
  2. Go to your dev/testing Mac client and start a Patchoo run click "Check for Updates" in Self Service.
  3. Test deployment and app function.
  4. Move update to beta.
  5. Move update to production.

A huge thanks to all the AutoPKG gang, all the Patchoo users and the entire Mac Admin community. We are all doing and ever more importantly, sharing some awesome work! We are the pirates taking over enterprise IT!


Nasty Mode



No more Mr. Nice Admin!

Until now, Patchoo has pseudo forced installations once the defer counter expired. There was only one button, but by design I didn't want a timeout to logout and install if a Mac was unattended.

Unfortunately, in this day and age of modern client management, those tricky users will find a loophole and do their darndest to not install software patches. We have a few users that are deliberately ignoring the all installations prompts. Catching them in the PatchooDeferCount10+ group and sending reminder emails from the JSS worked, sometimes, but at some sites I had to engage support technicians to physically walk to desks and talk with users. That's not a great use of anyone's time.

But in the end, it's too much admin work and there will always be people that don't have the 5 minutes a month it takes to patch their systems. Well, no more....

nastymode=true

When enabled (default), if the final forced update prompt is ignored, users are forcibly logged out and patches are installed. Users ARE allowed to save work and will be prompted. Stuck apps will pause the logout process, but it's persistent and will keep quitting apps until users are logged out.

If you are in the same situation, addressing the issue as a security and compliance matter is the best way to allay complaints. We are a public US company and must comply with SOX, even if it sometimes can be slightly inconvenient for our staff.

Get the latest commit


Licensing



You'll also notice a long overdue license file in the repo as well. Patchoo is released under Apache 2.0.

I'm no fancy big city lawyer, but this pretty much means you can use it how you want. I've had some great interest and been surprised at some of the really cool companies that are using it (most I can't mention unfortunately). Hopefully this means a few more with more stringent legal requirements can use it too!

vlcsnap-331509

If you'd like to contribute please feel free to reach out, or get on Github and submit pull requests!

Comments