Config

Configuring d3

• /etc/ruby-jss.conf
• /etc/d3.conf
• Casper policies, scripts, and extention attributes
  • Automatic syncing with a policy
  • A puppytime notification policy
  • A puppytime logout policy
  • A puppytime reboot policy
  • A post-expiration policy
  • The admin 'make live' script
  • The client receipts extension attribute
  • The client puppy queue extension attribute
• Admin prefs and keychains

/etc/ruby-jss.conf

This is the system-wide configuration file for using the JSS ruby module, which underlies d3. The file itself is fully documented, so please read through it to understand all it's settings

/etc/d3.conf

This is the system-wide configuration file for d3 itself. The file itself is fully documented, so please read through it to understand all it's settings. Some of them merit further discussion below.

Casper Policies, Scripts, and Extension Attributes

d3 uses other parts of Casper to make its life better. Here are the Casper entities you might want to use to make d3 more useful.

Automatic syncing with a policy

If you're ok with d3 sync happening once a day or less, then you could use a policy to do it. Just create an ongoing policy scoped to all computers that runs the command d3 sync

If you'd like more frequent syncs, use a LaunchDaemon to run that command. Just make sure to use some tool to spread the timing out so all the clients don't hit the server at the same moment. For example, the jamf binary can be used that way. Here's an example to make the sync run sometime in the next hour:

jamf checkJSSConnection -randomDelaySeconds 3600 && d3 sync

In this case, the sync won't even happen if the JSS isn't available.

A puppytime notification policy

This policy should be triggered by a custom trigger, which is saved in the d3.conf file. When something's added to the puppy-queue, and the last notification was not too recent, the policy will be triggered.

The policy can do anything you'd like to notify the user about the updates available at logout. During policy execution, the environment variable D3_NOTIFYING_PUPPIES is set and contains a space-separated list of the editions to be installed.

The d3helper tool can be used to display a jamfHelper HUD window with the notification. Just run the command: d3helper --display-puppy-notification

A puppytime logout policy

This policy is somewhat required, or if not, you'll have to use your own method of executing puppytime at logout.

This policy should be triggered by logout, and should run the command puppytime. The puppytime command will exit very quickly if there are no puppies in the queue. If there are, any, it will start the process with the opt-out window.

A puppytime reboot policy

If you don't use one of these, then at the end of the puppytime installations, the machine will be rebooted with shutdown -r now.

If you'd like anything else to happen before that, or if you'd like to use a different reboot method (such as an authenticated reboot for FileVaulted machines) then you'll want to use a puppytime reboot policy.

This policy should be run by a custom trigger, which is put into the d3.conf file.

If you use a puppytime reboot policy - the policy MUST perform the reboot - puppytime will not do so if it sees a policy set in the configuration.

A post-expiratino policy

If you use the expiration feature, then after any packages are expired during a sync, d3 can trigger a policy if one is set in the d3.conf file.

The policy can be used to do anything you'd like - notify someone about the expiration, or any other task that makes sense to you. While the policy is running, the environment variable D3_FINISHED_EXPIRATIONS will contain a space-separated list of editions that were expired.

The admin 'make live' script

This is a Casper script that's executed when a package is made live. If you use one, put it's name into d3.conf

The original use-case is for the script to send an email announcement about the now-live package to an appropriate audience, but it can do anything you'd like.

Important: This script is not executed using jamf script and it does not run as root. It runs as the user running d3admin, with that user's privileges. So, don't expect it to do root-ish things.

During script execution, these environment variables are set, and the script can make use of them:

• D3_MAKE_LIVE_EDITION: the pkg edition
• D3_MAKE_LIVE_ADMIN: the admin making it live
• D3_MAKE_LIVE_DESC: the description of the pkg
• D3_MAKE_LIVE_AUTO_GROUPS: the auto-groups, as a comma-sepated string
• D3_MAKE_LIVE_EXCL_GROUPS: the excluded groups, as a comma-separated string.

The client receipts extension attribute

If you'd like to gather data about the d3 receipts installed on your managed computers, and enhance the reporting about them in d3admin report then you'll want this extentsion attribute.

Just create an extention attribute with these settings:

• name: anything you'd like (perhaps 'd3-receipts')
• data type: String
• input type: script
• script contents:

#!/bin/bash
d3helper --rcpts-for-ea

The --rcpts-for-ea d3helper option will spit out a summary of receipt info for the machine, in JSON format, already wrapped in <result></result> tags. d3admin will use this data if the extention attribute name is available in d3.conf

The client puppy queue extension attribute

If you'd like to gather data about the d3 puppy queues on your computers, and enable reporting about them in d3admin report then you'll want this extentsion attribute.

Just create an extention attribute with these settings:

• name: anything you'd like (perhaps 'd3-puppy-qs')
• data type: String
• input type: script
• script contents:

#!/bin/bash
d3helper --puppyq-for-ea

The --puppyq-for-ea d3helper option will return a summary of puppy queue for the machine, in JSON format, already wrapped in <result></result> tags. d3admin will use this data if the extention attribute name is available in d3.conf

Admin prefs and keychains

d3admin stores a few things for the admin for repeated use: