Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Scripting via SSH #60

Open
staze opened this issue Jan 31, 2025 · 3 comments
Open

Scripting via SSH #60

staze opened this issue Jan 31, 2025 · 3 comments

Comments

@staze
Copy link

staze commented Jan 31, 2025

Trying to get jamfsync working with a Jenkins job ssh'ing into mac mini.

Fighting keychain issues mostly it seems.

Is it possible to just pass credentials via CLI or some other option? Otherwise, what I have now is something like

#!/bin/sh

security unlock-keychain -p $password /Users/<user>/Library/Keychains/login.keychain

#Run JamfSync syncing the Cloud Distribution Point to Local
/Applications/Jamf\ Sync.app/Contents/MacOS/Jamf\ Sync -srcDp JCDS -dstDp Netapp --progress

#Unmount local FSDP
diskutil unmount /Volumes/fsdp

But that doesn't work. So I've tried running all via "sudo -u " but then jamfsync comes back with
25/01/31 10:44:31-VERBOSE: Failed to get a keychain item com.jamfsoftware.JamfSync.jps (instance.jamfcloud.com): keychainError(-25300)

Yet I can find that entry via

security find-generic-password -s 'com.jamfsoftware.JamfSync.jps (instance.jamfcloud.com)' /Users/<username>/Library/Keychains/Login.keychain

So I'm a bit perplexed. Right now I have powershell pulling down everything from JCDS to local, but that doesn't handle deletions... so our distribution points have gotten quite bloated. Would really love to just have the JCDS be a source of truth and be able to delete anything local that isn't on the cloud DP.

Thanks!
@staze
Copy link
Author

staze commented Jan 31, 2025

running jamfsync without the sudo piece, just as root, I just get

/Applications/Jamf\ Sync.app/Contents/MacOS/Jamf\ Sync -srcDp JCDS -dstDp Netapp --progress
Loading distribution points

Forever.

@killer23d
Copy link

I like this idea, however I find it interacting with keychain through a script these days are more challenging than it used to be. Often I cannot get it to unlock or entry not found etc, and it is also very frustrating the amount of permissions consideration when running as cron or launchagent. The newer the OS, the harder the script will run.

Ideally passing the credentials over CLI would be the best.

I think many years ago, Jamf admin can request the API key to the S3 buckets of their own instances. I wonder if this is still the case.

@staze
Copy link
Author

staze commented Feb 5, 2025

Yeah, kind of defeats the purpose of having CLI options if we can't run headless. Just the option to pass API client creds via command line would be nice. These get set via env variables from jenkins task.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@staze @killer23d