-
Notifications
You must be signed in to change notification settings - Fork 12
Setup policies scripts eas
d3 uses other parts of Casper to make its life better. Here are the Casper entities you must, or might want to, use to make d3 more useful.
If you decide to use any of the optional ones, you'll be entering info about them in the d3.conf file
- Automatic syncing
- A puppytime notification policy
- A puppytime logout policy
- A puppytime reboot policy
- A post-expiration policy
- The admin 'make live' script
- The client receipts extension attribute
- The client puppy queue extension attribute
Automated syncing is not optional, otherwise, why bother using d3?
But, you have choices about how you do it.
If you're ok with d3 sync happening once a day or less, then you could use a policy to do it. Just create an ongoing policy scoped to all computers that runs the command d3 sync
If you'd like more frequent syncs, use a LaunchDaemon to run that command. Just make sure to use some tool to spread the timing out so all the clients don't hit the server at the same moment. For example, the jamf binary can be used that way. Here's an example to make the sync run sometime in the next hour:
#!/bin/bash
jamf checkJSSConnection -randomDelaySeconds 3600 && d3 sync
In this case, the sync won't even happen if the JSS isn't available.
Just save the above two lines as an executable file, and use a LaunchDaemon to execute it at regular times.
This semi-optional policy should be triggered by a custom trigger, which is saved in the d3.conf file. When something's added to the puppy-queue, and the last notification was not too recent, the policy will be triggered.
The policy can do anything you'd like to notify the user about the updates available at logout. During policy execution, the environment variable D3_NOTIFYING_PUPPIES is set and contains a space-separated list of the editions to be installed.
The d3helper tool can be used to display a jamfHelper HUD window with the notification. Just have the policy run the command: /usr/local/bin/d3helper --display-puppy-notification
Without a policy like this, puppytime wont' notify the users of pending installs.
This policy is pretty much required, or if not, you'll have to use your own method of executing puppytime at logout.
This policy should be triggered by logout, and should run the command puppytime. The puppytime command will exit very quickly if there are no puppies in the queue. If there are, any, it will start the process with the opt-out window.
This policy is optional, but if you don't use one of these, then at the end of the puppytime installations, the machine will be rebooted with shutdown -r now.
If you'd like anything else to happen before that, or if you'd like to use a different reboot method (such as an authenticated reboot for FileVaulted machines) then you'll want to use a puppytime reboot policy.
This policy should be run by a custom trigger, which is put into the d3.conf file.
If you use a puppytime reboot policy - the policy MUST perform the reboot - puppytime will not do so if it sees a policy set in the configuration.
This policy is optional.
If you use the expiration feature, then after any packages are expired during a sync, d3 can trigger a policy.
The policy can be used to do anything you'd like - notify someone about the expiration, or any other task that makes sense to you. While the policy is running, the environment variable D3_FINISHED_EXPIRATIONS will contain a space-separated list of editions that were expired.
This script is optional.
This is a Casper script that's executed when a package is made live. If you want use one, add it to Casper as you add any script, then put it's name into d3.conf
The original use-case is for the script to send an email announcement about the now-live package to an appropriate audience, but it can do anything you'd like.
Important: This script is not executed using jamf runScript and it does not run as root. Instead, the script contents is downloaded to a temp file, made executable only by the user running d3admin, executed, and deleted.
It runs as the user running d3admin, with that user's privileges. So, don't expect it to do root-ish things.
During script execution, these environment variables are set, and the script can make use of them:
- D3_MAKE_LIVE_EDITION: the pkg edition
- D3_MAKE_LIVE_ADMIN: the admin making it live
- D3_MAKE_LIVE_DESC: the description of the pkg
- D3_MAKE_LIVE_AUTO_GROUPS: the auto-groups, as a comma-sepated string
- D3_MAKE_LIVE_EXCL_GROUPS: the excluded groups, as a comma-separated string.
If you'd like to gather data about the d3 receipts installed on your managed computers, and enhance the reporting about them in d3admin report then you'll want this extentsion attribute.
Without this extension attribute, d3admin report give less info about what's installed on your computers.
Just create an extention attribute with these settings:
- name: anything you'd like (perhaps 'd3-receipts')
- data type: String
- input type: script
- script contents:
#!/bin/bash
d3helper --rcpts-for-ea
The --rcpts-for-ea d3helper option will spit out a summary of receipt info for the machine, in JSON format, already wrapped in <result></result> tags. d3admin will use this data if the extention attribute name is available in d3.conf
If you'd like to gather data about the d3 puppy queues on your computers, and enable reporting about them in d3admin report then you'll want this extentsion attribute.
Without this extension attribute, d3admin report --queue does not work.
Just create an extention attribute with these settings:
- name: anything you'd like (perhaps 'd3-puppy-qs')
- data type: String
- input type: script
- script contents:
#!/bin/bash
d3helper --puppyq-for-ea
The --puppyq-for-ea d3helper option will return a summary of puppy queue for the machine, in JSON format, already wrapped in <result></result> tags. d3admin will use this data if the extention attribute name is available in d3.conf