- Automate package updates with AutoPkg
- New hire onboarding with "low-touch" deployment
- Miscellaneous scripts and extension attributes
The below diagram is an overview of how the files in this repo, combined with other incredible open source tools (Git, AutoPkg, AutoPkgr, JSSImporter, can help you implement basic automation and GitOps workflows to your JAMF package deployments.
- Create and test AutoPkg JSS recipe overrides locally on your Mac
- Push your overrides to a common repo for your IT team and create a Pull Request
- Run automated testing on the recipe override(s) with Github Actions (action)
- After successful testing and review, merge the Pull Request with main/master
- Always-on Mac running AutoPkgr pulls latest recipes from main/master with a cron job and adds them to the AutoPkgr recipe list, then notifies your team via Slack notifications. (script)
- AutoPkgr runs recipes on a schedule and sends Slack notifications for new packages and errors.
- An always-on macOS device or cloud instance
- AutoPkg, AutoPkgr, JSS Importer, and Git installed on both a local Mac and an always-on device.
- JAMF production instance
- JAMF testing instance
- Github account with dedicated repository for recipe overrides
- Slack instance with Incoming Webhooks installed (for notifications)
- Files in this repo
While the much-praised concept of Zero-touch Deployment is great in theory, there are many practical reasons why an organization might choose a more traditional manual approach. The jamf-onboarding script and onboarding-group-name extension attribute in this repo allows technicians to easily:
- Assign a computer to a JAMF user
- Place the computer in a specific "onboarding group" and run policies scoped to that group
- Unbox computer and create user
- Enroll computer in JAMF if not already done via Automated Enrollment
- Run script via Self Service or automatically via enrollment policy (script)
- Enter email of user to assign them
- Choose group to assign computer, usually based on department/team
- Group is populated via extension attribute + corresponding Smart Group (extension attribute)
- Physical or remote access to new computer
- jamf-onboarding script added to JAMF and customized with your own group names
- onboarding-group-name extension attribute added to your JAMF environment
- Smart Groups created in JAMF that correspond to group names from previous step
- Policies scoped to those Smart Groups
Scripts
- jamf-app-usage.py - Pulls individual app usage for a specified date range via the JAMF API and exports it as a CSV.
- jamf-migrate-groups.sh - Migrates groups from one JAMF instance to another via the API. Useful when setting up a sandbox environment or migrating to another domain.
Extension attributes
- vm-images.sh - Displays all VM disks on a system with their size in GB.
- cert-getexpiration.sh - Displays remaining days before expiration of a given certificate. If there is more than one certificate with the same common name, it displays the most recent.