Installing the BigFix client with AutoDMG

jgstew · January 4, 2016, 7:38pm

How do I install the BigFix agent using AutoDMG? : https://github.com/MagerValp/AutoDMG

I know I can include the BigFix pkg, which will install the client itself, but what about the ActionSite file?
I should be able to create a pkg that will place that in the right location before the client is installed, but is that the best option?
What about the clientsettings.cfg file? How would I include that?
Do I need to create a modified BigFix agent installer pkg that includes the clientsettings.cfg file in order for that to work?

hansen_m · January 4, 2016, 9:46pm

Yes, you can create a pkg that will install the ActionSite file.

/Library/Application Support/BigFix/BES Agent/actionsite.afxm

If you want to use AutoDMG to build the image then I believe all the files need to be added via packages. So not ideal but I think it is your best and only option. I’m not sure how picky the BESAgent is about permissions but I’d recommend making sure that they are set right or just use a known good copy from the actual location on disk.

My suggestion for the client settings.cfg would be to just manually use the CfgToPlist.pl utility to build the com.bigfix.BESAgent.plist file and build another package containing that file that you can add to AutoDMG.

Locations:

/Library/BESAgent/BESAgent.app/Contents/MacOS/CfgToPlist.pl

/Library/Preferences/com.bigfix.BESAgent.plist

The last question is tricky, so yes and no. No, you wouldn’t need to build a modified BigFix Agent installer pkg to include the clientsettings.cfg, because the logic in the package pre/post install scripts wouldn’t work right anyway. In order to get it to work with AutoDMG it would take more complexity, so you are likely better off going with the option I described above.

Yes, you would need to build a modified version of the BigFix Agent installer pkg because the pre/post install scripts are not written to account for non-boot volumes. (Which given the nature of BigFix, it really, really should!!) Most modern deployment guides would tell you to only include the minimum amount of software needed to bootstrap the client and use your software distribution system to deploy the rest of the software after the system is booted. Which would be the BESAgent!

So, as of v9.2 the pre/post install scripts don’t account for installation on non-boot volumes (and unless AutoDMG is doing some chroot madness) the scripts will actually run against the boot volume of the system running AutoDMG. Luckily, if you’ve already packaged the ActionSite and Client Settings files, in this type of workflow the scripts aren’t really doing anything useful anyway. The only remaining issue is that the payload permissions are still set incorrectly, which will cause the BESAgent to never start on first boot because the launchd jobs won’t be loaded.

TL;DR - Create custom packages for actionsite.axfm and com.bigfix.BESAgent.plist and re-package or modify the BESAgent.pkg by trimming out all the useless pre/post install scripts and instead use a post-install script to fix the broken payload permissions by using the $3 installer package variable to target the actual installation volume.

Good luck!

Related forum post and RFE link here: Poorly packaged OS X BESAgent installer - RFE Please Vote!

AlanM · January 4, 2016, 10:09pm

Great Doc
Not sure of the AutoDMG requirements but the clientsettings.cfg and actionsite.afxm files next to the PKG are all that is needed for the PKG. If the PKG finds them it will do the work for you.

Just a reminder that clientsettings.cfg needs to be a TEXT file (don’t use TextEdit as the file will be a binary file)

jgstew · January 4, 2016, 10:54pm

AutoDMG requires that things be in a PKG format to be installed pre imaging, so you can’t place the files next to the PKG before install because it won’t have that context when auto-installed with AutoDMG.

This means you must place the actionsite.afxm file in place yourself using a separate PKG before the BigFix client is installed, and do the same with the com.bigfix.BESAgent.plist because you can’t use the clientsettings.cfg option in this case.

Also, you can’t use the existing BES Client PKG as is due to permissions issues. You have to alter it to fix it: Poorly packaged OS X BESAgent installer - RFE Please Vote!

hansen_m · January 5, 2016, 12:21am

Try this one…

https://psu.box.com/s/qlttlwamytffxb3jj3if61895a2qi6xz

postinstall

#!/bin/bash

# Matt Hansen (mah60@psu.edu) - 3/3/2014

/usr/sbin/chown root:wheel "${3}/Library/LaunchDaemons/BESAgentDaemon.plist"

/usr/sbin/chown -f -R root:wheel "${3}/Library/BESAgent"

/bin/chmod -f -R go-wx "${3}/Library/BESAgent"
/bin/chmod -f -R go+X "${3}/Library/BESAgent"

/usr/sbin/chown -f -R root:wheel "${3}/Library/Application Support/BigFix/BES Agent"

exit 0

jgstew · January 5, 2016, 12:30am

Thanks! Extremely helpful.

jgstew · January 11, 2016, 4:10am

This seems related:

http://www-01.ibm.com/support/knowledgecenter/SS6MCG_9.2.0/com.ibm.tivoli.tem.doc_9.2/Platform/Adm/c_mac_clients_.html?cp=SS6MER_9.2.0&lang=en

This seems to suggest that clientsettings.cfg and perhaps actionsite.afxm can be added to: BESAgent-9.2.xxx.x-BigFix_MacOSXxx.x.pkg/Contents/Resources

These instructions don’t make sense in regards to the downloaded pkg installer, but makes reference to something called the BESAgent Installer Builder app which I am unaware of. Where do I find this @AlanM ?

It also makes me wonder about adding these files to the downloaded pkg in that location, though not through the show contents method, which won’t work.

hansen_m · January 15, 2016, 2:51pm

Interesting but seems like maybe that only pertained to an older version.

If you look at the pre/post install scripts it only references file locations in the directory the package resides in when it is installed using $PACKAGE_PATH. I don’t see any references to the bundle contents, plus it has been a flat package for quite a while now.

AlanM · January 15, 2016, 5:52pm

That’s prior to the flat package. The old mechanism used to have a pkg bundle which caused more issues than this solution’s positive points.

jgstew · January 15, 2016, 9:54pm

I figured that must be the case since, as @hansen_m points out, it has been a flat package for a while. Thats why I was confused when I read that in the documentation since it is clearly not referencing a flat package. It made me think that perhaps there is something else available somewhere, but it seems the documentation is out of date.

Now I’m wondering about repackaging the existing flat package to include a clientsettings.cfg and an actionsite.afxm in the places referenced in that documentation to see if that would work.

Having a custom bigfix PKG or MSI that can be installed as a single file all by itself and accomplish what is needed for provisioning and tagging would be very useful when it comes to bootstrapping BigFix with something like AutoDMG or MDM or ActiveDirectory or similar means that are very limited in what they can install.