One Liner to get Active Directory Computer Account and Password on OS X
Posted: June 6, 2013 Filed under: Deployment, Mac OS X Server, Mac OS X, Scripting, Unix, Active Directory, Security, LDAP | Tags: Active Directory, security, dsconfigad, AD, computer, password, account, system keychain, keychain, one-liner Leave a comment »
Does that count as a one liner?
Load or Reload a LaunchAgent from installer script
Posted: April 27, 2013 Filed under: Deployment, Mac OS X, Scripting, Security, Unix | Tags: installer, launchagent, launchd, load, munki, pkg, postflight, postinstall, reload 5 Comments »Apple has some restrictions in place to prevent access to LaunchAgents running in a user session context.
But you may want to load or refresh a LaunchAgent as part of your install without requiring the user to log out and back in.
I prefer not to require logouts and reboots in my installation packages. Where possible, I use munki’s unattended option so software installs silently and the user is not prompted.
After some experimentation, I came up with this hacky method of getting a LaunchAgent to load from a package being installed as root. If you have a cleaner way to accomplish this, please let me know.
Unattended Install of Mac Package that requires a Logged in User
Posted: August 26, 2012 Filed under: Deployment, Mac OS X, Scripting, Uncategorized | Tags: automatically, bash, force, install, kcpassword, login, mac, osx, package, pkg, script, user 1 Comment »Once in a while you run into a package or program that will only work properly with a user logged in. This can ruin your day if you need to automated the deployment.
I found this method of automatically logging in a user (which is quite awesome).
Using that perl script along with a wrapper script can enable you to automate these can other cases where your only option is to have a user logged in.
I started writing a script to handle this, but it turned out I didn’t need it. The script is unfinished, but it may give you a head start if you are considering something similar.
It depends on a modified version of the perl script that accepts a username and password. Just swap out the user and password lines with these that accept arguments.
my $user = $ARGV[0];
my $pass = $ARGV[1];
and I comment out the line to automatically restarts the loginwindow.
#system(‘killall’,'loginwindow’);
dockutil 1.1.2 released
Posted: May 26, 2012 Filed under: Deployment, dockutil, Mac OS X, Python, Scripting, Unix | Tags: dock, dockutil, package, update, version 1 Comment »No feature changes, just a few bug fixes:
- fix issue with replacing a url dock item
- add legacy support –hupdock option for backward compatibility
- fix paths with spaces when passing full path to plist
https://github.com/downloads/kcrawford/dockutil/dockutil-1.1.2.pkg.dmg
dockutil 1.1 released
Posted: February 5, 2012 Filed under: Deployment, dockutil, Mac OS X, Mac OS X Server, Python, Scripting 7 Comments »Version 1.1 of dockutil is out:
- fixes many issues with paths (should now work with Default User Template and other paths with spaces)
- adds option to not restart the dock (–no-restart)
- fixes issue where item would be added multiple times (use –replacing to update an existing item)
- resolves deprecation warnings
- adds option to remove all items (–remove all)
- fixes issue with removals when a url exists in a dock
- adds option –version to output version
Fix Apache mod_jk or mod_proxy serving stale content
Posted: December 1, 2011 Filed under: Deployment, http, Unix | Tags: apache, cache, modjk, mod_jk, mod_proxy, proxy, stale, wrong page Leave a comment »If your web app starts serving stale cached content when run behind mod_jk or mod_proxy with apache, it may be due to apache inserting a default expiration header.
You can confirm this by comparing the headers returned from apache and directly from your web app. curl -i will show response headers:
curl -i http://example.com | head -20
To disable apache’s content expirations, add the following to your virtual host:
ExpiresActive Off
Here is the official Apache Documentation.
MIME type issue with Apache mod_jk and mod_proxy serving plain text
Posted: November 30, 2011 Filed under: Deployment, http, Unix | Tags: apache, mime, mimetype, modjk, mod_jk, mod_proxy, plain, proxy, text, tomcat 1 Comment »Some apps do not properly set mime types of content they serve, but still may work properly when served standalone because client applications like browsers are able to interpret the type of the content. But when served behind Apache, these apps will not behave correctly because Apache will provide a default type of text/plain.
The solution is to add a DefaultType None line to your apache virtual host for these web apps:
DefaultType None
Here are the docs
Parsing Mac OS X System Profiler
Posted: February 4, 2011 Filed under: Deployment, Hardware, Mac OS X, Mac OS X Server, Scripting, Unix | Tags: Apple Remote Desktop, ARD, Asset Collection, Facter, hardware, parse, plist, Puppet, report, sysinfocachegen, System Profiler, system_profiler 3 Comments »It is pretty cool how Apple System Profiler has a command line equivalent (system_profiler). And it is pretty cool how system_profiler has a -xml option to allow for easier parsing. You might use this info for extracting asset information into a database or for puppet facter facts.
However if you’ve ever looked at that xml, you know that it is a tree full of unpredictable semi-structured data that was designed specifically for the GUI app. So even though you can parse it with your favorite plist parser, there is still a lot more work to do to get to the data you care about.
The tree structure is nice for a browsing through on a single machine, but not so good for reporting across many machines.
Apple stores most of the same data as key value pairs in its database for ARD reporting, but they do a lot of massaging of the data to get it that way.
It is possible to get at this data in an ARD database if you have an ARD collection server, but an ARD collection server isn’t for everyone and doesn’t serve every use case.
You can still get at the nicely formatted ARD information. ARD client includes a tool that outputs most, if not all of the asset information you care about in a much nicer structured format for reporting.
The tool is called sysinfocachegen and you use it like this:
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/sysinfocachegen -p /tmp/com.yourorganization.systeminfo.plist
Just use your favorite language’s plist parser to read the plist.
Quickly Calculate size of radmind Transcript Payload
Posted: May 13, 2010 Filed under: Deployment, Mac OS X, Scripting, Unix | Tags: awk, grep, radmind, size, sum, transcript 1 Comment »grep ^[af] /var/radmind/transcript/transcript_name.T | awk ‘{sum = sum + $7} END {print sum/1000}’
Every line that starts with “a” or “f” is a file. Sum up the size field. Divide by 1000 to get KB.
Disable protect_from_forgery when load testing rails
Posted: June 3, 2009 Filed under: Deployment, Ruby, Ruby on Rails | Tags: CSRF, httperf, load testing, Rails Leave a comment »Rails turns on protection from CSRF Cross-Site Request Forgery by default. It can make load testing more challenging since you need to get an authenticity_token for posting form data.
More information here: http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection/ClassMethods.html
