AutoPkg in the Cloud: Software update automation

This JNUC session features Rich Trouton, IT technology senior consultant at SAP, explaining the significance of Amazon Web Services making it possible to use AutoPkg, a tool used to automate macOS software packaging and distribution, in the cloud. This software solution allows IT admins to develop, build, test and sign Apple apps using Amazon EC2 Mac instances, powering efficient patch management workflows. Trouton provides details on how the process works and how the IT team at SAP gets the most mileage out of it.

October 20 2021 by

Tim Herr

AWS summary, pricing and alternatives

Using Amazon Web Services (AWS) to host Mac services comes with costs, which can be handled on demand or as part of a reduced-cost plan. Trouton provides an overview of the data centers around the globe on which Mac instances are available, as well as an explanation of how AWS works, what hardware it uses, which macOS versions are supported and which tools come installed by default. He also provides some information about alternatives to AWS for organizations that may not find it to be the best fit.

Launching a macOS instance in EC2

For this session, Trouton gives us step-by-step instructions for setting up an EC2 macOS instance with AutoPkg, AutoPkgr and JSSImporter. A separate talk by him is available for those new to AWS. After allocating a designated host and setting up an SSH key pair for this instance, he shows admins how to launch the instance and addresses issues such as choosing storage size and resizing the instance’s boot volume. One particularly useful asset for this process is a data script that Trouton has written and made available; this does everything from setting the default password and auto-login to installing software and resizing the boot volume if necessary.

After the instance has been launched, Trouton shows you how to connect to it via Terminal or remote screen sharing; for the latter option, he recommends setting up an SSH tunnel and goes over how to do so. You should set up a password for the EC2 user account on the back end if you haven’t already. Once you have handled these setup tasks, you can work with the Mac instance like any other remotely accessible Mac, using a remote screen-sharing app or Apple Remote Desktop.

Packaging and signing software in the cloud

Trouton proceeds to explain how the actual process of packaging and signing software is accomplished. He uses the following tools in the Mac instance:

  • AutoPkg
  • AutoPkgr: A processor for AutoPkg that enables it to use the Jamf Pro API to upload installer packages, policies, scripts, Self Service icons and extension attributes, as well as creating policies and Smart Groups
  • JSSImporter: A tool to upload packages built with AutoPkg

When using this process, it is highly recommended to sign your packages; for AutoPkg, you can leverage a processor called PkgSigner with a .sign recipe. Trouton also goes over how you can use signing management software to host a signing certificate on a server where it is available for future use.

Trouton lays out a workflow in this session that automates what would otherwise have been a huge task, all while helping admins to catch any problems prior to deployment. Putting AutoPkg in the cloud makes it easily accessible and scalable. And if a problem occurs with your instance, you can set up a new cloud instance and quickly get back to work.

Learn how Jamf can help your organization.

Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.