Help

Stopping Policy execution from a 'Before' Bash Script

timmohr
New Contributor

Posted on ‎03-27-2013 06:17 PM

Hello Everyone,

I have written a bash script which is run before a Self Service initiated policy. It simply ensures the application we are about to update is not running. If it is running it prompts the user to close the application (I'm using Cocoa Dialog).

Everything is working amazingly well... the only problem I have is I am unable to stop the policy from executing if the user chooses to cancel.

In theory I thought "exit 1" should work, however the policy simply continues executing in the same way it does when I supply "exit 0".

My last resort would be to kill the Self Service application (killall SelfService) but that's really messy and awful. I'm hoping there is an undocumented hook that will help me out.

I also put this question to Jamf and their suggestion was two policies... which would work but gets a little messy when you have 500 policies.

Your assistance is appreciated.

Thanks,
Tim Mohr

0 Kudos
4 REPLIES 4

luke_j_nelson
New Contributor II

Posted on ‎03-28-2013 06:38 AM

Hey Tim, could you post the script?

0 Kudos

dpertschi
Valued Contributor

Posted on ‎03-28-2013 12:16 PM

+1
Do share Tim. Some things I can only seem to learn by example...

0 Kudos

tlarkin
Honored Contributor

Posted on ‎03-28-2013 03:25 PM

Hi Tim,

I hope you are doing well. What I have done in the past for this, is instead of using the before and after options for scripts in a policy, I have just actually used a script for the whole thing. You can use manual triggers with the JAMF binary to accomplish this. To give you an example, I would put logical checks in before triggering the policy. 

#!/bin/bash

# logical checks to ensure things are in place before running a policy

checkProc=$(/bin/ps aux | /usr/bin/awk '/Firefox/ { print $0; exit }')

if [[ ${checkProc} != "" ]]

  then /bin/echo "Firefox is running, we need to kill it first"
  /usr/bin/osascript << AppleScript
  tell Application "Finder"
  activate
  display dialog "Firefox is currently running, please quit Firefox first and then rerun this policy in Self Service" buttons {"OK"}
  end tell
AppleScript
exit 1

else /bin/echo "All checks good, proceeding with policy"
/usr/sbin/jamf policy -trigger updateFirefox

fi

exit 0

This would technically check to see if Firefox is running, and if so, tell the user they need to quit it then rerun the Self Service policy. I have not tested this, and I basically just whipped it up on the fly based on some things I have done in the past. Please test this before doing anything. My syntax may need tweaking. If you get any better, more streamline, or even cooler solutions with this code example please post it back to JAMF Nation for everyone to use.

Thanks,
Tom

0 Kudos

Josh_S
Contributor III

Posted on ‎03-28-2013 03:58 PM

I personally use Tom's type of solution to do this, although this would double the number of policies. Another method that you could do is, rather than "Install" a package, "Cache" it. You could then run your script "After" caching the package and make sure that all your logic checks out.

If everything is in order, you can install all cached packages.

/usr/sbin/jamf installAllCached

Or you could be specific, to avoid accidentally installing something else that might be cached.

/usr/sbin/jamf install -path "/Library/Application Support/JAMF/Waiting Room" -package "PackageName.dmg"

If everything isn't in order, or after installing the package if everything was in order, delete the cached package and exit out.

/bin/rm "/Library/Application Support/JAMF/Waiting Room/PackageName.dmg"*

I have not tested any of the previous code, so be careful.