Jamf Rolling Update Groups
Creating a rolling (phased) update process similar to SCCM
“We need to re-image your laptop” “Time to nuke and repave” “Your machine is totally borked”
No one wants to hear those words come from IT. Especially developers. I’ve had to deliver this news more times than I can count from users destroying their own machines either from messing with permissions, malware, or just from updates gone wrong.
I’ve done my best to help alleviate some of this pain from the dev crowd by assisting in automating their environment setup on a net-new machine.
I run this script as soon as I log into a new machine - curl/clone it from github,
chmod +x, then let it run. The script/process I’ll share below is for my own personal use (yes, I do re-image my own laptops a lot), however it is very similar to what I used in prod. I’ve just removed some of our corporate specific env variables from this equation for wellbeing of all parties involved. My personal version of this script is called redpoint. You can view it on Github at the link above.
All Hail Homebrew
NOTE The below cask installer process has been replaced by using a bewfile. This post will be updated soon to reflect that.
This entire process pretty much all revolves around Homebrew. If you don’t know about Homebrew please do yourself a favor and check it out.
The first thing I do, which I pretty much do in every script over 10 lines is to setup a log file in
/Library/Logs/bustIT.log. The first function that runs installs Homebrew, taps brew to enable casks, branches to a second function to intall all necessary casks, installs PWGen, branches to a third function to setup the local macOS environment (very ~aesthetic~).
My favorite thing about this script is how easy it makes it to add a new cask (.app) to be installed. All I need to to is add the cask name to the
casks variable that I have set up in the
caskInstaller function. You can see I have a few listed below like Slack, Spectacle, etc. This function will iterate through that array and install each cask listed. When it gets to a special cask, like Atom for example, it will launch a function called
atomExtras which will install Atom themes and packages via apm (my second favorite thing about this process)
Eventually we get to the function to set up the local macOS environment. This includes wallpaper, Finder theme (for Mojave), and dock preferences. In enterprise prod I have this set the default corp wallpaper etc.
The function above results in a desktop looking like this: