Future of JSSImporter with Jamf Pro 10?

[everetteallen]

I have been testing JSSImporter with the announced beta version of Jamf Pro 10. Good news is that all functions except 1 seem to work. The bad news it package uploads never seem to make it to the JCDS (I have not tested JDS or File Distribution Points). I have reported this to JAMF but wanted to make everyone here aware. I don't see any obvious failures in the logs but I have not had much time to dig into the issue. We know that api changes are a part of v10 tho to what extent I do not understand.

[sheagcraig]

Hi Everette. I haven't been following Jamf Pro 10 at all, so I also have no idea. If changes are easy, I can probably make them. Any successor that wants to step in and help maintain this project should look at the testing branches of this and python-jss because it's certainly doable by someone who has the time to work with it.

I don't even know what a JCDS, so I clearly haven't been keeping pace with distribution point developments. But if JAMF has ways of getting packages onto a JCDS, JSSImporter should be able to as well.

The only endpoint that I know of not working is that dbfileupload is gone which breaks script uploads.

[grahampugh]

FWIW I don't think the new API schema is complete in the Beta 10 yet. E.g. Policy Self Service Display Name is not there yet. It would also be interesting to see if there's a way of integrating with Patch Management somehow.

I've started trying to get my head around this and python-jss but I'm not sure I'm capable of leading maintenance yet - maybe in longer term.

[everetteallen]

@sheagcraig in our testing with Beta10 we see that uploading packages from autopkg/r via JSS Importer are not giving failures but those packages never end up on the JCDS. In v9.xxx package uploads work as desired to any type of distribution point including JCDS. My impression is that the change is between 9.101.0 and 10.xall Betas. Still working with JAMF to see what is happening for sure.

[sheagcraig]

@everetteallen since I have no clue what a JCDS is, my expectation is that it wouldn't work!

Hopefully JAMF will make it possible to include a package upload in POST/PUT to the package endpoint in the API like they (finally) did for /script.

Otherwise, someone will have to implement a new DistributionPoint class for JCDS.

[everetteallen]

@sheagcraig The reason the JCDS works with JSSImporter today is because a JCDS is just a special case of a JDS running on linux in one of JAMF's aws instances (as best I can tell). So works now and we are trying to figure out with JAMF why that changed with v10. Your comment about /script is correct and we are pushing JAMF to go that way.

[everetteallen]

Follow up on JAMF V10 issue. See this discussion on how the Jamf Pro web app handles uploads "using javascript" https://www.jamf.com/jamf-nation/feature-requests/5826/integrate-amazon-multipart-upload-api-for-jcds On 3/1/17 at 9:29 AM Peter says: "Uploading through the Jamf Pro webapp (with JCDS as the primary distribution point) sends small chunks directly to JCDS, bypassing the JSS entirely and retrying any file chunks that fail. That was built to be the most reliable way to upload files to JCDS" I have not been able to tear apart the upload page enough to figure out the mechanics here but we might be able to recreate the same scenario as the upload form and get better support. That said, I have asked for JAMF to create a real file upload api (which would solve their Admin.app issue too) and I have asked if we could see the javascript code they use in the upload form to do the chunk and retry. Not sure if they will give it up but will push at JNUC 2017 next week.

[sheagcraig]

Great update-thanks for the info @everetteallen

[everetteallen]

So post-JNUC2017 update. Several folks there indicated that a great deal of resource is being put into the JCDS right now to improve it in several areas. There was a lot of emphasis on the Jamf API at this conference and when I questioned folks about getting a true package upload api there was favorable response without commitment :-). If you contact me out side the issue I can color this more. Thanks!

[everetteallen]

@sheagcraig now that Jamf Pro 10.0.0 is released and packages still do not upload should we open this as an issue instead of a question??

[everetteallen]

In v10.0.0 looking at https://.jamfcloud.com/packages.html?id=-1&o=c The javascript in the form calls "uploader.upload();" But I can't find where that is.

function validateFileName(uploader) { var MAP = "MAP"; var SHOW = "SHOW"; var HIDE = "HIDE"; var ID = "ID"; var ACTION = "ACTION"; var TEXT = "TEXT";

var file = uploader.files[0];
var filename = file.fileName || file.name;
var displayName = document.getElementById("name").value;
var AJAXurl = "packages.ajax?" +
    encodeURIComponent("fileName") + "=" + encodeURIComponent(filename) +
    "&" + encodeURIComponent("FIELD_PACKAGE_ID") + "=" + encodeURIComponent("-1") +
    "&" + encodeURIComponent("name") + "=" + encodeURIComponent(displayName);

$.get(AJAXurl, function(data) {
    var canUpload = true;

    $($.parseXML(data)).find(MAP).each(function() {
        var id = $(this).find(ID).text();
        var action = $(this).find(ACTION).text();
        var text = $(this).find(TEXT).text();
        if (action === SHOW) {
            canUpload = false;
            $("#" + id).text(text).show();
        } else if (action === HIDE) {
            $("#" + id).hide();
        } else {

            canUpload = false;
            alert("Invalid response from the JSS");
        }
    });

    if (canUpload) {
        startSessionExtend();
        uploader.upload();
    }
}).fail(function() {
    alert("Unable\x20to\x20connect\x20to\x20server.");
});

}

[smithjw]

I’m not sure if it is at all related but I’m no longer able to upload to a CDP via AutoPkg recipes with a JSS importer step. I continually see 404 errors.

What ends up happening is that the record will be created in the DB, but no pkg will be uploaded to S3 meaning that if I open up Jamf Admin, I will see the pkg there but it will be red and marked as missing.

If there are any logs or steps I can run to help track this down, let me know as I really want to get this working in my env again.

[grahampugh]

I’ve had a look at this, as Jamf haven’t yet turned off my beta instance. The upload method to a JCDS in v10.0 seems to be using the HTML5 file API. As far as I can tell, there’s no way to do this with Curl. At the present I think we would have to pursue the method described in Bryson Tyrell’s post about scripting non-API stuff: https://bryson3gps.wordpress.com/2016/11/15/scripting-the-stuff-that-you-think-is-only-in-the-jss-gui/ https://bryson3gps.wordpress.com/2016/11/15/scripting-the-stuff-that-you-think-is-only-in-the-jss-gui/

On that page he gives an example of downloading a config profile from form data, using a HTTP POST request and a session token. There’s some Python code to get the session token which could be useful.

When I select a package (in this example, jssimporter-1.0.0.pkg) and click the Upload button of a new Package page (https://blahblahblah.jamfcloud.com/packages.html?id=-1&o=c https://blahblahblah.jamfcloud.com/packages.html?id=-1&o=c), I see the following sequence of events using Chrome’s inspector:

• Request URL:https://blahblahblah.jamfcloud.com/packages.ajax?fileName=jssimporter-1.0.0.pkg&FIELD_PACKAGE_ID=-1&name=jssimporter-1.0.0.pkg
• Request Method:GET
• Status Code:200 OK
• Remote Address:54.175.55.55:443
• Referrer Policy:no-referrer-when-downgrade

Then it sends an OPTIONS request:

• Request URL:https://ccm.jamfcloud.com//api/file/v1/mysessiontoken/jssimporter-1.0.0.pkg/part?chunk=0&chunks=1
• Request Method:OPTIONS
• Status Code:200 OK
• Remote Address:54.236.55.55:443
• Referrer Policy:no-referrer-when-downgrade

Then it sends a couple of KeepAlive requests using the UAPI:

• Request URL:https://blahblahblah.jamfcloud.com/uapi/auth/keepAlive
• Request Method:POST
• Status Code:200 OK
• Remote Address: 54.175.55.55:443
• Referrer Policy:no-referrer-when-downgrade

Then it sends a POST request:

• Request URL:https://ccm.jamfcloud.com//api/file/v1/mysessiontoken/jssimporter-1.0.0.pkg/part?chunk=0&chunks=1
• Request Method:POST
• Status Code:201 Created
• Remote Address: 54.236.55.55:443
• Referrer Policy:no-referrer-when-downgrade

I think everything after that is just steps to render the next webpage.

This is sadly too complicated for me. The POST action is direct to the Jamf’s Amazon S3, I guess, using just the session token as an identifier. And it sends some JSON. There’s also an X-Auth-Token involved. Maybe someone has some experience with JQuery/AJAX?

The other thing is that I assume this automatically creates the database entry for the package, so that separate action would have to be removed.

Cheers Graham

On 5 Nov 2017, at 00:51, James Smith notifications@github.com wrote:

I’m not sure if it is at all related but I’m no longer able to upload to a CDP via AutoPkg recipes with a JSS importer step. I continually see 404 errors.

What ends up happening is that the record will be created in the DB, but no pkg will be uploaded to S3 meaning that if I open up Jamf Admin, I will see the pkg there but it will be red and marked as missing.

If there are any logs or steps I can run to help track this down, let me know as I really want to get this working in my env again.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/sheagcraig/JSSImporter/issues/113#issuecomment-341938546, or mute the thread https://github.com/notifications/unsubscribe-auth/AFiK5SvKYyk5RF0zzbP3J4VH03FzUIhSks5szPhogaJpZM4PIwUx.

[smashism]

For those on this chain, feel free to join us in #jss-importer on the MacAdmins Slack for further discussion and coordination around development.

[sheagcraig]

Hi @grahampugh -thanks for the research.

I know @mosen is close to making JCDS work. And Jamf knows that we would really like to be able to upload and manipulate packages, so hopefully either @mosen will crack it, or Jamf can hook us. up.

And agreed. let's move this conversation over to Slack.