- JAMF PRO PATCH MANAGEMENT HOW TO
- JAMF PRO PATCH MANAGEMENT INSTALL
- JAMF PRO PATCH MANAGEMENT MANUAL
- JAMF PRO PATCH MANAGEMENT SOFTWARE
- JAMF PRO PATCH MANAGEMENT CODE
The only human intervention we might need is halting the shift from test to production if our testers discover a broken package.
JAMF PRO PATCH MANAGEMENT INSTALL
We have a patch package in production and an update install policy. I’m sure you’re not surprised it has a third script to send the results to our Teams channel. Both the delay before moving patches into production and the self service deadlines are easily changed.Īt this point PatchBot updates the install policy for the application so it uses the new version. This is done seven days after it is moved into test using a production patch policy, called Stable scoped to all computers and a self service deadline of seven days. The second step in patch management is to move a package from test into production. PatchBot also tells us the results with another set of messages to Teams. The patch policy has a self service deadline of two days. This patch policy is scoped to a single group regardless of the application, I call mine Package Testers. The first step in patch management is to find the version definition for our new package and get it pointed to the package, then update a patch policy Test.
There is an open source community alternative that I’m sure works fine for some.
It’s incredibly finicky and tedious and throwing not much money at somebody else to do it is incredibly appealing when they do such a good job. Seriously, I cannot overstate how well a bunch of Aussies do it. I buy Kinobi from Mondada and believe it’s easily a value proposition. This requires a high quality patch definition feed for the Jamf Pro patch management system. Once packages are uploaded it’s time to start patch management. That’s so humans can know what’s going on. PatchBot then runs a script that takes the report plist from AutoPkg and uses it to send messages to a special channel in Teams. In a previous version this delivered the test version to the testers but now it’s just a database record. At the same time it saves the package details in a policy called TEST. The first thing PatchBot does is build the packages and upload them to Jamf Pro. I’m also going to spend a great deal of time explaining my code, what it does and why it’s built that way. I’m not going to say that my method is perfect, just that it works for me and I hope you can find my efforts useful in building your own system. I am probably doing things in a way that horrifies some people. Patch management also includes some nice version tracking across the fleet.Ī final note before I delve into details. The second is that jss-importer was designed and built around a system of using policies and smart groups to deliver patches to the users and now Jamf has patch management to do it more easily with less reliance on groups. The first is that when I set out to build my first management system jss-importer could not upload to a cloud repository. I’ve written a replacement for two reasons.
The existing add-on (or processor in AutPkg parlance) for integrating with a Jamf repository is jss-importer.
JAMF PRO PATCH MANAGEMENT SOFTWARE
Aut opkgĪutoPkg is an automation framework for macOS software packaging and distribution, oriented towards the tasks one would normally perform manually to prepare third-party software for mass deployment to managed clients, to quote it’s website.Īt it’s core it is used to build the packages, however people have written add-ons to perform other tasks such as integrating with Munki or uploading to a Jamf repository. Patch levels across the fleet have improved dramatically.
JAMF PRO PATCH MANAGEMENT MANUAL
While it does take some setting up for each application the process requires manual intervention only to stop an application patch package going in to production when a problem is found in a package or to speed it up if you need to deploy a security patch quickly. Two LaunchAgents automatically run AutoPkg with some custom processors and scripts to perform all the work. When a new version of an application is available a package is built and a patch is sent to a test group, after a set delay the package is moved into production where everyone with the app installed gets a patch to update and our application install policy is updated.
JAMF PRO PATCH MANAGEMENT CODE
All the code and tools are published on Github.
JAMF PRO PATCH MANAGEMENT HOW TO
This will be a series of four blog posts explaining the system and how to get it working. I have leveraged AutoPkg, the JAMF patch management system, and API to build a total solution where almost all of my applications are automatically patched on my fleet without me touching a thing. A little over a year ago I set out to build a system that would deliver application patches to my users without me doing a thing.
0 kommentar(er)
