Skip to content

jss prep

Jump to bottom Edit New page
Chris Lasell edited this page Oct 31, 2019 · 10 revisions 
# This file is for chris to prep the Jamf Pro server at 'tryitout.jamfcloud.com'
# before the lab session.

# He'll be pasting these lines into an irb session, although it could be made to run as a script

# Its a good example of a one-off task that he regularly does in irb using ruby-jss.

require 'ruby-jss'
require 'pp'

JSS.api.connect server: 'tryitout.jamfcloud.com', user: 'jnuc2019', pw: :prompt

# Make sure that at least one user of a managed & supervised ipad has a laptop also
# if not, make two
mgd_laptop_users = JSS::Computer.all_laptops.select { |macinfo| macinfo[:managed] }.map { |macinfo| macinfo[:username] } ;0

mgd_supd_ipads = JSS::MobileDevice.all_ipads.select { |ipad| ipad[:managed] && ipad[:supervised] } ;0

reportable_count = mgd_supd_ipads.select { |ipad| mgd_laptop_users.include? ipad[:username] }.size

if reportable_count.zero?
  # if none, assign the first two mgd/supd ipads to the first two laptop users
  2.times do |idx|
    ipad = JSS::MobileDevice.fetch id mgd_supd_ipads[idx][:id]
    user = mgd_laptop_users[idx]
    ipad.username = user
    ipad.save
  end
end

# delete the computer EA
ea_name = 'JNUC-2019-LabUser'
ea_id = JSS::ComputerExtensionAttribute.valid_id ea_name, :refresh
JSS::ComputerExtensionAttribute.delete ea_id if ea_id

JSS.api.flushcache
sleep 60 # let the JSS catch up

# recreate the computer EA
ea = JSS::ComputerExtensionAttribute.make name: ea_name
ea.data_type = 'String'
ea.description = 'The name of the lab attendee who created this computer'
ea.input_type = 'Text Field'
ea.save

# remove the Computer Group created during the lab
grp_name = 'my-awesome-computer-group'
grp_id = JSS::ComputerGroup.valid_id grp_name
JSS::ComputerGroup.delete grp_id if grp_id

# remove the computers created during the lat
comp_base_name = 'my-awesome-computer'
victim_ids = JSS::Computer.map_all_ids_to(:name, :refresh).select { |id, name| name.start_with? comp_base_name }.keys

JSS::Computer.delete victim_ids


# delete the  'VIPs' Users smart group that uses the vip ext attr
ugrp_name = 'VIPs'
grp_id = JSS::UserGroup.valid_id ugrp_name, :refresh
JSS::UserGroup.delete grp_id if grp_id

# delete 'vip' User ext attrib
ea_name = 'vip'
ea_id = JSS::UserExtensionAttribute.valid_id ea_name, :refresh
JSS::UserExtensionAttribute.delete ea_id if ea_id

sleep 60 # let the JSS catch up
JSS.api.flushcache

# recreate the vip user ea
ea = JSS::UserExtensionAttribute.make name: ea_name ;0
ea.data_type = 'String'
ea.description = 'If yes, this user is a Very Important Pigeon'
ea.input_type = 'Text Field'
ea.save

# recreate the VIPS user smart group
grp = JSS::UserGroup.make name: ugrp_name, type: :smart ;0
crtn_0 = JSS::Criteriable::Criterion.new(
  and_or: :and,
  name: 'vip',
  search_type: 'is',
  value: 'yes'
)
grp.criteria =  JSS::Criteriable::Criteria.new [crtn_0]
grp.save


# make sure at least 5 users have yes in that ea
# give the JSS time to catch up from creating the group above
sleep 60
ugrp = JSS::UserGroup.fetch name: ugrp_name ;0

if ugrp.members.size < 5
  user_ids = []
  until user_ids.size == 5
    id = JSS::User.all_ids.sample
    user_ids << id unless user_ids.include? id
  end

  user_ids.each do |uid|
    user = JSS::User.fetch id: uid
    user.set_ext_attr ea_name, 'yes'
    user.save
    puts "User '#{user.name}' is now a VIP"
  end
end # if

# confirm membership
sleep 60
pp JSS::UserGroup.fetch(name: ugrp_name).members


# delete the groups used for the script, if present
cgrp_id = JSS::ComputerGroup.valid_id 'ChrissVIP-Computers', :refresh
JSS::ComputerGroup.delete cgrp_id if cgrp_id

mgrp_id = JSS::MobileDeviceGroup.valid_id 'ChrissVIP-Devices', :refresh
JSS::MobileDeviceGroup.delete mgrp_id if mgrp_id

# make sure we have our desired dist points
# JSS::DistributionPoint objects are read-only, so we can
# just use raw XML and JSS.api.post_rsrc

unless JSS::DistributionPoint.all_names.include? 'New York Share'
  nyshare_dp_xml = <<~ENDXML
    <?xml version="1.0" encoding="UTF-8"?>
    <distribution_point>
      <name>New York Share</name>
      <ip_address>ny.company.com</ip_address>
      <is_master>false</is_master>
      <enable_load_balancing>false</enable_load_balancing>
      <ssh_username/>
      <ssh_password>definintely NOT a password</ssh_password>
      <connection_type>SMB</connection_type>
      <share_name>Caspershare</share_name>
      <workgroup_or_domain>COMPANY</workgroup_or_domain>
      <share_port>139</share_port>
      <read_only_username>casperinstall</read_only_username>
      <read_only_password>definintely NOT a password</read_only_password>
      <read_write_username>casperwrite</read_write_username>
      <read_write_password>definintely also NOT a password</read_write_password>
      <http_downloads_enabled>true</http_downloads_enabled>
      <http_url>http://ny.company.com/CasperShare/</http_url>
      <context>CasperShare</context>
      <protocol>http</protocol>
      <port>80</port>
      <no_authentication_required>false</no_authentication_required>
      <username_password_required>true</username_password_required>
      <http_username>casperinstall</http_username>
      <http_password>definintely NOT a password</http_password>
    </distribution_point>
  ENDXML
  JSS.api.post_rsrc 'distributionpoints/id/0', nyshare_dp_xml
end #unless

unless JSS::DistributionPoint.all_names.include? 'jamfshare'
  jshare_dp_xml = <<~ENDXML
    <?xml version="1.0" encoding="UTF-8"?>
    <distribution_point>
      <name>jamfshare</name>
      <ip_address>samira.local</ip_address>
      <is_master>false</is_master>
      <enable_load_balancing>false</enable_load_balancing>
      <ssh_username/>
      <ssh_password>definintely NOT a password</ssh_password>
      <connection_type>SMB</connection_type>
      <share_name>jamfshare</share_name>
      <workgroup_or_domain/>
      <share_port>139</share_port>
      <read_only_username>jamfread</read_only_username>
      <read_only_password>definintely NOT a password</read_only_password>
      <read_write_username>jamfwrite</read_write_username>
      <read_write_password>definintely also NOT a password</read_write_password>
      <http_downloads_enabled>true</http_downloads_enabled>
      <http_url>https://samira.local:80/jamfshare/</http_url>
      <context>jamfshare</context>
      <protocol>https</protocol>
      <port>80</port>
      <no_authentication_required>false</no_authentication_required>
      <username_password_required>true</username_password_required>
      <http_username>jamfread</http_username>
      <http_password>definintely NOT a password</http_password>
    </distribution_point>
  ENDXML
  JSS.api.post_rsrc 'distributionpoints/id/0', jshare_dp_xml
end #unless

# make sure we have our desired network segments
JSS::NetworkSegment.delete JSS::NetworkSegment.all_ids

ns_min = JSS::NetworkSegment.make(
  name: 'JAMF Minneapolis',
  starting_address: '10.10.8.1',
  ending_address: '10.10.11.254'
) ;0
ns_min.save

ns_eau = JSS::NetworkSegment.make(
  name: 'JAMF Eau Claire',
  starting_address: '10.10.12.1',
  ending_address: '10.10.15.254',
  distribution_point: 'jamfshare'
) ;0
ns_eau.save

ns_ams = JSS::NetworkSegment.make(
  name: 'Amsterdam Office',
  starting_address: '10.1.1.1',
  ending_address: '10.10.1.1',
  distribution_point: 'New York Share'
) ;0
ns_ams.save

ns_vpn = JSS::NetworkSegment.make(
  name: 'VPN',
  starting_address: '172.16.0.0',
  ending_address: '172.20.254.254',
  distribution_point: 'New York Share'
) ;0
ns_vpn.save

# confirm changes
sleep 60

pp JSS::NetworkSegment.all :refresh
Add a custom footer

ruby-jss Wiki Home

Clone this wiki locally