Home > Jamf Infrastructure Manager, Jamf Pro, Java, Linux > Automating Jamf Infrastructure Manager setups on Red Hat Enterprise Linux

Automating Jamf Infrastructure Manager setups on Red Hat Enterprise Linux

As part of a project, I needed to build an automated setup process for a Jamf Infrastructure Manager (JIM). Thanks to the help of some folks at Jamf, I have a process which runs non-interactively and which does the following on Red Hat Enterprise Linux 7.x:

  1. Installs the JIM software
  2. Enrolls the JIM with a Jamf Pro server

For more details, please see below the jump.

The key information I needed from Jamf was how to run an non-interactive enrollment of the JIM with a Jamf Pro server. This can be done with the following command:

/path/to/jamf-im enroll --hostname jim_hostname_goes_here --jss-url https://jamf.pro.server.here --password jamf_pro_account_password_goes_here --username jamf_pro_account_username_goes_here

This does require placing a password in the clear, so I recommend setting up an account on your Jamf Pro server which only has the required rights to enroll a JIM.

Once you’ve enrolled, you should be able to check /var/log/jamf-im.log and verify that enrollment has been successful. If it was successful, you should see log entries similar to what’s shown below:

2018-06-22 22:27:18,005 WARN jsam-core [[iPOJO] pool-1-thread-1] [WARNING] com.jamfsoftware.jsam.core.jss.JssCheckinManager : No service interface found in the class hierarchy, use the implementation class
2018-06-22 22:27:18,276 INFO c.j.j.c.u.PaxLoggingStartupListener [[iPOJO] pool-1-thread-1] Waiting for OSGI Log Service
2018-06-22 22:27:19,286 INFO c.j.j.c.u.PaxLoggingStartupListener [[iPOJO] pool-1-thread-1] OSGI Log Service is initialized
2018-06-22 22:27:19,291 INFO c.j.j.c.j.JssCommunicationServiceImpl [[iPOJO] pool-1-thread-1] Beginning enrollment process
2018-06-22 22:27:19,373 INFO c.j.j.c.k.p.JsamPermissionEnforcer [[iPOJO] pool-1-thread-1] Enforcing permissions for /etc/jamf-im/jsam/.jsam_encrypted_keys.properties. Only process owner should be allowed to read and write this file.
2018-06-22 22:27:19,698 INFO c.j.j.c.k.p.JsamPermissionEnforcer [[iPOJO] pool-1-thread-1] Enforcing permissions for /etc/jamf-im/jsam/keystore.jks. Only process owner should be allowed to read and write this file.
2018-06-22 22:27:20,452 INFO c.j.j.c.j.JssCommunicationServiceImpl [[iPOJO] pool-1-thread-1] Enrollment successful
2018-06-22 22:27:20,466 INFO c.j.j.c.s.i.JsamStartLevelServiceImpl [[iPOJO] pool-1-thread-1] Infrastructure Manager will start managed bundles.
2018-06-22 22:27:20,472 INFO c.j.j.c.j.JssCheckinManager [pool-4-thread-1] Initiating checkin to JSS
2018-06-22 22:27:20,571 INFO c.j.j.c.u.PaxLoggingStartupListener [LPS Bundle Startup] Waiting for OSGI Log Service
2018-06-22 22:27:20,619 INFO c.j.j.c.j.JssCheckinManager [pool-4-thread-1] Checkin complete, next checkin in [30] seconds
2018-06-22 22:27:21,573 INFO c.j.j.c.u.PaxLoggingStartupListener [LPS Bundle Startup] OSGI Log Service is initialized
2018-06-22 22:27:21,573 INFO c.j.j.l.LpsBundleActivator [LPS Bundle Startup] Initiating server startup
2018-06-22 22:27:21,574 INFO c.j.j.l.LpsSettingsRepository [LPS Bundle Startup] Settings file [/etc/jamf-im/ldap-proxy/lpsServerSettings.json] does not exist – running with default settings
2018-06-22 22:27:21,576 INFO c.j.j.l.b.LpsControlServiceImpl [LPS Bundle Startup] ServiceTracker addingService. reference: [com.jamfsoftware.jsam.core.bundleservices.JsamKeyStoreService]
2018-06-22 22:27:21,577 INFO c.j.j.l.LpsServer [LPS Bundle Startup] LDAP Proxy – version (1.3.1), build (SA-LNU53-RLI-3)
2018-06-22 22:27:21,578 INFO c.j.j.l.LpsServer [LPS Bundle Startup] Server starting using settings: LpsServerConfiguration{, version=-1, connections=[], serverStartTimeoutSeconds=30, serverShutdownTimeoutSeconds=30, transferThreadStartTimeoutSeconds=30, transferThreadShutdownTimeoutSeconds=30}
2018-06-22 22:27:21,581 INFO c.j.j.l.LpsServer [LPS Bundle Startup] Server successfully started
2018-06-22 22:27:21,581 INFO c.j.j.l.LpsBundleActivator [LPS Bundle Startup] Successfully completed server startup
2018-06-22 22:27:21,583 INFO c.j.j.c.j.JssCheckinManager [pool-4-thread-1] Initiating checkin to JSS
2018-06-22 22:27:21,583 INFO c.j.j.l.LpsSettingsRepository [pool-4-thread-1] Settings file [/etc/jamf-im/ldap-proxy/lpsServerSettings.json] does not exist – running with default settings
2018-06-22 22:27:21,645 INFO c.j.j.c.j.JssCheckinManager [pool-4-thread-1] Checkin complete, next checkin in [30] seconds

view raw
gistfile1.txt
hosted with ❤ by GitHub

You should also see the new JIM appear listed in your Jamf Pro server. To check this, use the following process:

1. Log into the Jamf Pro server using an admin account.
2. Go to Management: Server Infrastructure and select Infrastructure Managers.

Screen Shot 2018 06 22 at 10 16 30 PM

3. You should see the new JIM listed there.

Screen Shot 2018 06 22 at 10 14 29 PM

Screen Shot 2018 06 22 at 10 14 39 PM

 

To help automate the process, I’ve written a script for CentOS 7.x / RedHat Enterprise Linux 7.x which does the following:

  1. Checks to see if Java is installed and installs OpenJDK 8.x if it isn’t.
  2. Checks for the JIM installer at a defined location
  3. If the JIM installer is available, installs the JIM software.
  4. Verifies that the JIM software has been installed.
  5. Enrolls the JIM with a specified Jamf Pro server, using credentials provided in the script.

Pre-requisites

  • A JIM installer .rpm file for CentOS / RedHat Enterprise Linux stored in the location defined in the script.
  • Credentials for the specified Jamf Pro server

When successfully run, the output of the script should appear similar to that shown below:

Screen Shot 2018 06 22 at 9 26 25 PM

The script is available below, and also available on GitHub at the following address:

https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/Casper_Scripts/jamf_infrastructure_manager_automated_setup

#!/bin/bash
# This script is designed to install a Jamf Infrastructure Manager (JIM)
# on the following OSs:
#
# CentOS 7.x
# Red Hat Enterprise Linux 7.x
#
# Following installation, the JIM is enrolled with a specified Jamf Pro
# server, using credentials provided in the script.
# Set Jamf Pro URL, username and password for the JIM enrollment process
jamfProURL="https://jamf.pro.server.here:8443"
jamfProUsername="jamf_pro_account_username_goes_here"
jamfProPassword="jamf_pro_account_password_goes_here"
# Set the Jamf Infrastructure Manager hostname for the JIM enrollment process
# This should be the external hostname which the Jamf Pro server will be
# connecting to the JIM through. For example, if you have a load balancer sitting
# in front of the JIM, the load balancer is going to be the JIM's hostname.
#
# Note: The hostname of the machine must resolve both for the machine
# hosting the JIM and for the remote Jamf Pro server, so there can’t be
# mismatches like having the JIM server itself think its hostname is
# blahblah.int.company.com and the remote Jamf Pro server think the JIM's
# hostname is blehbleh.ext.company.com.
#
# If necessary, set an entry into the /etc/hosts file on your
# JIM server similar to what's shown below so that your JIM server's
# IP address maps to the hostname you're using for the JIM's hostname.
#
# ip.address.goes.here blehbleh.ext.company.com
jimHostname="jim_hostname_goes_here"
# If the JIM hostname, Jamf Pro URL, the account username or the account password aren't available
# otherwise, you will be prompted to enter the requested hostname, URL or account credentials.
if [[ -z "$jamfProURL" ]]; then
read -p "Please enter your Jamf Pro server URL : " jamfProURL
fi
if [[ -z "$jimHostname" ]]; then
read -p "Please enter the hostname of your Jamf Infrastructure Manager: " jimHostname
fi
if [[ -z "$jamfProUsername" ]]; then
read -p "Please enter your Jamf Pro user account : " jamfProUsername
fi
if [[ -z "$jamfProPassword" ]]; then
read -p "Please enter the password for the $jamfProUsername account: " -s jamfProPassword
fi
echo ""
# Set directory to store the JIM software installer
jamfinfrastructuremanager_installer_directory="/path/to/installer_directory"
function checkJava() {
# Check to see if Java is installed. If
# Java isn't installed, install OpenJDK 8.x
java -version &> /dev/null
if [[ $? -eq 0 ]]; then
echo "Java is installed."
echo "$(java -version)"
else
echo "Java not installed. Installing OpenJDK 8.x."
/usr/bin/yum -y install java-1.8.0-openjdk
echo ""
echo "Installed Java:"
echo "$(java -version)"
fi
}
# Check to see if Java is already installed and install OpenJDK 8.x
# if Java is not installed.
checkJava
# Locate the Jamf Infrastructure Manager installer .rpm file.
# To assist with this, make sure the JIM installer .rpm file
# has "jamf-im" (no quotes) as part of the rpm's filename.
if [[ -e "$(/usr/bin/find $jamfinfrastructuremanager_installer_directory -maxdepth 3 \( -iname \*jamf-im*\.rpm \))" ]]; then
installer_path="$(/usr/bin/find $jamfinfrastructuremanager_installer_directory -maxdepth 3 \( -iname \*jamf-im*\.rpm \))"
fi
# Install Jamf Infrastructure Manager
if [[ ! -z "$installer_path" ]]; then
echo "Jamf Infrastructure Manager installer .rpm file located at $installer_path. Installing."
rpm -i "$installer_path"
if [[ $? -ne 0 ]]; then
echo "Jamf Infrastructure Manager installation failed."
exit 1
else
echo "Jamf Infrastructure Manager installation succeeded."
fi
fi
# Verify that the /etc/jamf-im/ directory exists. If the directory exists,
# the JIM software is installed and can be enrolled.
if [[ -d "/etc/jamf-im" ]]; then
echo "Jamf Infrastructure Manager installation verified. Enrolling with the following Jamf Pro server: $jamfProURL"
# Enroll Jamf Infrastructure Manager into Jamf Pro
jamf-im enroll –hostname ${jimHostname} –jss-url ${jamfProURL} –password ${jamfProPassword} –username ${jamfProUsername}
if [[ $? -ne 0 ]]; then
echo "Enrollment failed. Please recheck settings and retry enrollment."
exit 1
else
echo "Enrollment succeeded."
fi
fi

  1. SC
    May 1, 2019 at 12:13 pm

    Any idea what password is used for keystore file during installation?
    It is encrypted in .jsam_encrypted_keys.properties

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: