Help

Automated herding of cattle ...er Users for weekly-ish reboots

mojo21221
Contributor II

Posted on ‎01-17-2018 07:33 AM

Hey all I was thinking of retooling our weekly reboot, Apple update, install jamf cached packages process workflow. Eventually I would like to get creative and use a launch daemon to check for system uptime and after a machine has been on for 7 days kick off the below script. Even cooler would be to give the user the ability to delay the script a few times before forcing the updates and reboot. If anyone has something like this and would like to share that would be awesome. So far I have created the script that uses the jamf helper to lock out the screen with a nice message, kill open apps, check and install apple updates as well as all cached packages then reboot. However, when I run this it does everything it is supposed to do except after installing Apple updates it the Apple App Store does not reflect the changes. But looking at the info for the app it reflects the newly installed version. My test scenario was a mac running 10.12.6 that was in need of Safari 11.0.2 and installing the cached packages Office 2016 and a new Symantec client. Office and Symantec were pre-chached and then for test purposes. I am kicking off the script from Self Service for testing validity of deployment. Looking for some help or thoughts... 

#!/bin/bash

##Title to be used for userDialog
title="Company Weekly Updates"

##Heading to be used for userDialog
heading="Please be patient while your Mac is receiving important updates..."

##Title to be used for userDialog
description="
This process will take approximately 5-10 minutes. 
Once completed your Mac will reboot."

##Icon to be used for userDialog
icon=/Library/Application Support/JAMF/bin/Company_Logotype_Color.png

        /bin/echo "Launching jamfHelper as FullScreen..."
        /Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType fs -title "" -icon "$icon" -heading "$heading" -description "$description" &
        jamfHelperPID=$(echo $!)


##Kill Open Apps
    declare -a killPIDs
killPIDs=$(ps axww -o pid,command | grep -v bash | grep [A]pplications/ | grep -v /bin/sh | grep -v [C]asper | grep -v [J]amf | grep -v [S]elf Service | grep -v grep | awk '{print $1}')
Kill said processes.

for i in ${killPIDs[@]}
do
    echo "Killing PID $i"
    kill -9 $i
done


##Begin Upgrade
    /usr/sbin/softwareupdate -l
    /bin/sleep 10
    /usr/sbin/softwareupdate -i -a
    /usr/local/bin/jamf installAllCached
    /bin/sleep 20

    shutdown -r now

exit 0
2 REPLIES 2

bradtchapman
Valued Contributor II

Posted on ‎01-17-2018 09:25 AM

Weekly reboots? Jeez, that's a bit much.

Only comments I have for you:

  • Some updates will take longer than others. I had a system take 30 minutes to download and install a 10.13 update. Be wary of holding your systems hostage for that long, unless this is Friday after close of business.
  • You should consider deploying a Mac Mini as a caching server, if you haven't already done so. A fleet of Macs will destroy your WAN trying to download a point release at the same time.
0 Kudos

mojo21221
Contributor II

Posted on ‎01-17-2018 11:11 AM

Thanks Brad. We do have a mini that we use for a caching server. Our reason for the reboot is 2 part... One, we have around 5 or so security related clients on our macs (meh code) which often aren't built to apples standards and will leak memory or contribute to other oddball issues. The other reason is we use AD and haven't implemented Enterprise connect and didnt get the blessing to use NoMAD so we have found this helps keep our macs from falling off the domain for our users that are in prem...

0 Kudos