Introducing Promoter v0.9

Promoter Help(I’m opening this post with some backstory so if you want just skip ahead to the too long, didn’t read line)

Early this year there was a question on an email thread asking: “Has anyone … done a custom work flow themselves in setting up an efficient way to just “promote” packages, policies, scripts, etc from a test environment to a production environment?”  The being that you have a JSS that is your testing environment where you can build policies, verify them, and then take the finished product and plug it into your main JSS that all of your clients normally connect to completely ready to go.

The conversation ended with everyone agreeing that a manual process at this time is the way to go (i.e. re-create all of it).  A policy really is a complex object with a lot of dependencies throughout your JSS’s database and you can’t simply grab the data and POST it to another server. It just doesn’t work (nor would the JSS API allow you to do that).

I read through a lot of the comments and started thinking about what a more automated solution could be. Version 9.0 of the JSS was in development at this time and we were all starting to play around with the early builds. The API in 9.0 is of course much more robust than what was in the 8.x series. Many of the pieces to this puzzle (like script data) were now accessible in 9.0 an the idea of moving a policy between JSS instances was entirely feasible.

I had actually sketched out what a Bash script would look like to accomplish the task of promoting a policy, but I shelved it. Writing a complex piece of code like that as a shell script didn’t feel right. At the time I had been starting to learn Python (a member of our development team had encouraged me to) and thought it was a better fit. Still, there were other things going on and I didn’t invest time into developing the program.

Skip ahead ten months and the question had resurfaced once more.  Someone had heard about my project and asked me if I had ever completed it. I actually had nothing except the original concept, but I told them I’d get back to them. I started hammering away at the code in TextExpander and a few days later…

Promoting a Policy

(Too long, didn’t read, show me what this is all about…)

Promoter is a command line utility that “promotes” a JSS policy from a source JSS to a destination JSS. In order to do this, Promoter not only takes the data of the policy but will also scan through that data and pull in every required object from the source JSS to perform a successful POST:

  • Policy Category
  • Network Segments
  • Distribution Point
  • Software Update Server
  • NetBoot Server
  • Site
  • Computer Groups
  • Buildings
  • Departments
  • Scope Limitations
  • Package Data
  • Script Data
  • Printers
  • Dock Items
  • Directory Bindings

The basic Promoter workflow would be to craft in your testing/development JSS exactly how you would want the policy in your production JSS would be. Then, once the test policy has passed your quality checks, you “promote” it and all of the above that you created/used for it to production in a disabled state.  In my above screenshot there doesn’t look like a lot is going on, but you can see I passed a ‘–log’ argument and this is what’s in there:

promoter_2013-12-15_172016.log
2013-12-15 17:20:44,288 INFO Performing API GET request for: http://test-jss-a.local:8080/JSSResource/jssuser
2013-12-15 17:20:44,738 INFO API GET request successful: 200
2013-12-15 17:20:44,744 INFO The source JSS is version 9.2
2013-12-15 17:20:44,745 INFO Performing API GET request for: https://test-jss-b.local:8443/JSSResource/jssuser
2013-12-15 17:20:45,351 INFO API GET request successful: 200
2013-12-15 17:20:45,354 INFO The destination JSS is version 9.21
2013-12-15 17:20:45,354 WARNING The source and destination JSS instances are not the same version
2013-12-15 17:20:47,279 INFO Performing API GET request for: http://test-jss-a.local:8080/JSSResource/policies/id/654
2013-12-15 17:20:47,295 INFO API GET request successful: 200
2013-12-15 17:20:47,297 INFO Performing API GET request for: https://test-jss-b.local:8443/JSSResource/policies/name/JAMF Magic
2013-12-15 17:20:47,324 WARNING There was an error with the API GET request
2013-12-15 17:20:47,324 ERROR 404 Client Error: Not Found
2013-12-15 17:20:47,324 INFO Promoting the policy: 'JAMF Magic'
2013-12-15 17:20:47,324 INFO Removing the existing Policy ID
2013-12-15 17:20:47,324 INFO Setting Enabled to 'false'
2013-12-15 17:20:47,324 INFO Checking assigned Category
2013-12-15 17:20:47,324 INFO The name is: 'Entertainment'
2013-12-15 17:20:47,324 INFO Performing API GET request for: https://test-jss-b.local:8443/JSSResource/categories/name/Entertainment
2013-12-15 17:20:47,350 INFO API GET request successful: 200
2013-12-15 17:20:47,350 INFO The resource /categories/name/Entertainment exists on the destination JSS
2013-12-15 17:20:47,351 INFO Checking for assigned Network Segments
2013-12-15 17:20:47,351 INFO Checking for assigned Distribution Point
2013-12-15 17:20:47,351 INFO Checking for assigned Software Update Server
2013-12-15 17:20:47,351 INFO Checking for assigned NetBoot Server
2013-12-15 17:20:47,351 INFO Checking assigned Site
2013-12-15 17:20:47,351 INFO The name is: 'None'
2013-12-15 17:20:47,351 INFO Removing all assigned Computers
2013-12-15 17:20:47,351 INFO Checking for assigned Computer Groups
2013-12-15 17:20:47,351 INFO The name is: 'All Managed'
2013-12-15 17:20:47,352 INFO Performing API GET request for: https://test-jss-b.local:8443/JSSResource/computergroups/name/All Managed
2013-12-15 17:20:47,402 INFO API GET request successful: 200
2013-12-15 17:20:47,402 INFO The resource /computergroups/name/All Managed exists on the destination JSS
2013-12-15 17:20:47,402 INFO Checking for assigned Buildings
2013-12-15 17:20:47,402 INFO Checking for assigned Departments
2013-12-15 17:20:47,403 INFO Checking for Limitations on Network Segments
2013-12-15 17:20:47,403 INFO Removing all excluded Computers
2013-12-15 17:20:47,403 INFO Checking for excluded Computer Groups
2013-12-15 17:20:47,403 INFO Checking for excluded Buildings
2013-12-15 17:20:47,403 INFO Checking for excluded Departments
2013-12-15 17:20:47,403 INFO Removing all Scoped Users
2013-12-15 17:20:47,403 INFO Removing all Scoped User Groups
2013-12-15 17:20:47,403 INFO Checking for excluded Network Segments
2013-12-15 17:20:47,403 INFO Removing assigned Self Service icon
2013-12-15 17:20:47,403 INFO Checking for assigned Packages
2013-12-15 17:20:47,404 INFO The name is: 'jamfMagic.pkg'
2013-12-15 17:20:47,404 INFO Performing API GET request for: https://test-jss-b.local:8443/JSSResource/packages/name/jamfMagic.pkg
2013-12-15 17:20:47,434 WARNING There was an error with the API GET request
2013-12-15 17:20:47,434 ERROR 404 Client Error: Not Found
2013-12-15 17:20:47,434 INFO The resource /packages/name/jamfMagic.pkg does not exist on the destination JSS
2013-12-15 17:20:47,434 INFO Performing API GET request for: http://test-jss-a.local:8080/JSSResource/packages/name/jamfMagic.pkg
2013-12-15 17:20:47,449 INFO API GET request successful: 200
2013-12-15 17:20:47,449 INFO Performing API GET request for: https://test-jss-b.local:8443/JSSResource/categories/name/Entertainment
2013-12-15 17:20:47,475 INFO API GET request successful: 200
2013-12-15 17:20:47,476 INFO The resource categories/name/Entertainment exists on the destination JSS
2013-12-15 17:20:47,476 INFO Performing API POST request for: https://test-jss-b.local:8443/JSSResource/packages/name/jamfMagic.pkg
2013-12-15 17:20:47,538 INFO API POST request successful: 201
2013-12-15 17:20:47,538 INFO Checking for assigned Scripts
2013-12-15 17:20:47,538 INFO The name is: 'jamfMagic_setup.sh'
2013-12-15 17:20:47,538 INFO Performing API GET request for: https://test-jss-b.local:8443/JSSResource/scripts/name/jamfMagic_setup.sh
2013-12-15 17:20:47,565 WARNING There was an error with the API GET request
2013-12-15 17:20:47,565 ERROR 404 Client Error: Not Found
2013-12-15 17:20:47,565 INFO The resource /scripts/name/jamfMagic_setup.sh does not exist on the destination JSS
2013-12-15 17:20:47,565 INFO Performing API GET request for: http://test-jss-a.local:8080/JSSResource/scripts/name/jamfMagic_setup.sh
2013-12-15 17:20:47,576 INFO API GET request successful: 200
2013-12-15 17:20:47,577 INFO Performing API POST request for: https://test-jss-b.local:8443/JSSResource/scripts/name/jamfMagic_setup.sh
2013-12-15 17:20:47,619 INFO API POST request successful: 201
2013-12-15 17:20:47,619 INFO Checking for assigned Printers
2013-12-15 17:20:47,619 INFO Checking for assigned Dock Items
2013-12-15 17:20:47,619 INFO Checking for assigned Directory Bindings
2013-12-15 17:20:47,619 INFO Removing assigned Disk Encryption Configuration
2013-12-15 17:20:47,619 INFO Posting the policy to the destination JSS
2013-12-15 17:20:47,620 INFO Performing API POST request for: https://test-jss-b.local:8443/JSSResource/policies/name/JAMF Magic
2013-12-15 17:20:47,785 INFO API POST request successful: 201
2013-12-15 17:20:47,785 INFO The policy was successfully promoted

I’ve shown this to a few colleagues and the first question I generally heard was “Are you posting the source code out there?”  The answer is eventually, but not now.  One reason being that writing Promoter has been a tremendous learning experience with Python for me and for the foreseeable future I plan to keep that aspect.  The second big reason is that I think the code is a little ugly at this time and I don’t have anything organized into classes (and on that note, if anyone wants to point me at some good resources for general object-oriented programming and Python classes, please send them my way!).

I will be providing links to downloading the compiled binaries soon on this blog.

With all of that said, there are a few limitations to Promoter at this time. Those include:

  • Individually scoped computers are removed from the policy.
    The policy POST would fail if the matching computer record is not present, and you would not want to move computer records between JSS’s like this.
  • Users and User Groups that the scope has been limited to are removed from the policy.
    This is one I intend to revisit, but I was unable to make this work (so far).
  • Disk Encryption Configurations are removed from the policy data.
    I couldn’t get a POST of the actual Disk Encryption Configuration to work. I plan to revisit this item as well.
  • JDS’s (Distribution Servers) are removed from the policy data.
    This is due to the current API not allowing you to interact with the data for JDS instances enrolled to a JSS, and there are some good reasons for that. A JDS is enrolled to your JSS and obtains a device certificate for ongoing communication, not just added through the web interface. You would not be able to have the same JDS be used by two different JSS instances.
  • Package and Script files are not migrated with the policy at this time.
    This is actually going be a part of Promoter in the full v1.0 release. As of this first build, v0.9, the files are not moved, but support for migrating between AFP/SMB shares as well as the JDS shares is already planned. For now, the actually JSS data for this packages and scripts are put in place and then you only need to drop the files into you primary distribution point and replicate them.

But there is one limitation Promoter doesn’t have…

Promoter on Windows

Multi-platform.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s