Archive

Archive for the ‘Linux’ Category

Backing up a Jamf Pro database hosted in Amazon Web Services’ RDS service to an S3 bucket

February 16, 2020 Leave a comment

For those using Amazon Web Services to host Jamf Pro, one of the issues you may run into is how to get backups of your Jamf Pro database which you can access. AWS’s RDS service makes backups of your database to S3, but you don’t get direct access to the S3 bucket where they’re stored.

In the event that you want a backup that you can access of your RDS-hosted MySQL database, Amazon provides the option for exporting a database snapshot to an S3 bucket in your AWS account. This process will export your data in Apache Parquet format instead of a MySQL database export file.

However, it’s also possible to create and use an EC2 instance to perform the following tasks:

  1. Connect to your RDS-hosted MySQL database.
  2. Create a backup of your MySQL database using the mysqldump tool.
  3. Store the backup in an S3 bucket of your choosing.

For more details, please see below the jump.

Read more…

Monitoring Jamf Infrastructure Managers on Red Hat Enterprise Linux

August 23, 2019 Leave a comment

A vital component of a Jamf Pro server setup is usually its LDAP connection to a directory service (usually an Active Directory server.) This connection allows the Jamf Pro server to not only leverage the directory service’s users and groups, but also automatically populate information about the owner of the device by doing a lookup in LDAP as part of a computer‘s or mobile device’s inventory update and assist with providing user-specific policies in Self Service.

As more folks move from using self-hosted Jamf Pro servers to now having Jamf host them in Jamf Cloud, this LDAP connection usually requires an LDAP proxy in order to securely connect a Jamf Cloud-hosted Jamf Pro instance to a company’s internally-hosted directory service. Jamf provides an LDAP proxy for this purpose in the form of the Jamf Infrastructure Manager (JIM). 

Because the LDAP connection is so vital, it’s just as vital that the JIM stay up and working all the time. To assist with this, I’ve written some scripts to assist with monitoring and reporting for a JIM running on Red Hat Enterprise Linux. For more details, please see below the jump.

Read more…

Slides from the “Providing the best Mac experience possible, from the Apple CoE team with ♥” session at Jamf Nation User Conference 2018

October 24, 2018 Leave a comment

For those who wanted a copy of my Mac management talk at at Jamf Nation User Conference 2018, here are links to the slides in PDF and Keynote format.

PDF – http://tinyurl.com/JNUC2018SAPPDF

Keynote – http://tinyurl.com/JNUC2018SAPKeynote

Automating Jamf Infrastructure Manager setups on Red Hat Enterprise Linux

June 23, 2018 1 comment

As part of a project, I needed to build an automated setup process for a Jamf Infrastructure Manager (JIM). Thanks to the help of some folks at Jamf, I have a process which runs non-interactively and which does the following on Red Hat Enterprise Linux 7.x:

  1. Installs the JIM software
  2. Enrolls the JIM with a Jamf Pro server

For more details, please see below the jump.

Read more…

Implementing log rotation for the Jamf Infrastructure Manager logs on Red Hat Enterprise Linux

November 4, 2017 Leave a comment

A while back, I had set up the Jamf Infrastructure Manager (JIM) in a VM running Red Hat Enterprise Linux (RHEL) to provide a way for a Jamf Pro server hosted outside a company’s network to be able to talk to an otherwise inaccessible Active Directory domain. The JIM software has been running fine since I configured it, but I recently needed to take a look at the JIM logs as part of diagnosing another issue.

For those not familiar with the JIM software, it has several log files and those logs are available in the following location on RHEL:

/var/log/jamf-im-launcher.log
/var/log/jamf-im.log
/var/log/jamf-im-pre-enroll.log

Screen shot 2017 04 29 at 5 32 52 pm

When I checked the logs, I noticed that /var/log/jamf-im.log had grown to almost 500 MBs in size.

Considering this log is a plaintext file, that’s a big log file and it seemingly had been not been rotated or otherwise changed since I first installed the JIM software. To help make sure that the host VM would not eventually run out of space because of this growing log file, I needed to implement log rotation for the JIM logs. For more details, see below the jump.

Read more…

Managing AWS-hosted VMs using EC2 Systems Manager

May 30, 2017 Leave a comment

I’ve been doing a lot of work recently with Linux VMs that are hosted on Amazon Web ServicesEC2 service. As part of this work, I’ve been working on two problems in parallel:

  • Enabling automation of certain management commands for the VMs
  • Securing SSH

Part of the issue was that I thought I needed to have SSH available to enable remote administration. If that was true, I also needed to secure SSH access so that I could use it and malicious third parties couldn’t. However, whatever method I chose also needed to be easily accessible to my team so that they could access the AWS-hosted VMs in case of an emergency where I wasn’t available.

I went through a few iterations of SSH solutions, including investigating multi-factor authentication and setting up SSH bastions. In the end though, I discovered a surprising solution that fixed both of my problems: AWS’s EC2 Systems Manager

Systems Manager allowed me to do the following:

  1. Manage my Linux VMs on EC2 without using SSH
  2. Block SSH access on my Linux VMs
  3. Run commands on multiple VMs at once
  4. Create a library of frequently used tasks and run those commands without needing to re-enter the scripts used to run those tasks.
  5. Not spend extra money on a management solution because AWS makes Systems Manager available at no cost to AWS customers.

For more details, please see below the jump.

Read more…

Installing and configuring the Jamf Infrastructure Manager on Red Hat Enterprise Linux

April 29, 2017 4 comments

I recently needed to configure Jamf’s Jamf Infrastructure Manager (JIM) to provide a way for a Jamf Pro server hosted outside a company’s network to be able to talk to an otherwise inaccessible Active Directory domain.

The documentation on how to set up an Infrastructure Manager covers the essentials of how to do it, but doesn’t include any screenshots or have information about how to access the logs to help debug problems. After some research and working with the JIM a bit, I was able to figure out the basics. For more details, see below the jump.

Read more…

%d bloggers like this: