WWDC2004 Session 641

Transcript

Kind: captions Language: en alright good afternoon my name is Nate ernet DC and I'm the product manager at form of desktop this is our last session on ard this week we've had a couple so far and it's been really well received and this session is we're not going to repeat the lock screen you know demos anymore this is going to be totally thank you yeah this is going to be more about just applying some of the features you've learned about so far this week so just to review aplin will desktop it's all about software distribution Asset Management's remote administration remote assistance and it is based on open standards and that's what we're really going to be hinging the rest of this presentation on we're going to be showing you how you can plug in and extend some of the capabilities we have in the product and we've got three presenters here that each one is going to be walking through different parts of the product and just showing you and giving you ideas some of them you can start using but some of the other demonstrations really intended to be just giving you ideas about how you can extend and integrate the product into your environment so without further ado I'm going to introduce Tony Graham here on stage I was actually planning on demonstrating the lock feature that was my whole shtick thanks Nader actually I'm going to cover two possible uses for a pirozek desktops capabilities the fact that it is based on open standards and utilizing a database behind the scenes and also have some command line tools for managing and monitoring it so it's it's very cool it can be integrated with with database solutions that you have created or you can use the database that's included we're going to get in with ssh two machines that perhaps don't have the remote desktop client installs are enabled and turned it on and then we'll talk about ways you can capture day that remote desktop has retrieved for you and store it for later use alright anyone here ever use the kick start command an apple remote desktop alright great for those of you who've never seen it before kickstart is a command-line tool conveniently located in system library core services now remote management ard contents resources and it's called kick start there is self documenting so if you run it with the dash H option it'll spit out a list of things you can do with the kickstart script the thing that I use it for most is to turn on ard key on a machine that doesn't have it currently enabled probably everyone in this room knows that alpha remote desktop is bundled with the operating system version 1.2 and the capability for activating it has been there for it since one point two point four I think it's it's still there in version 2 the script itself as one layer deeper in the file system than it was before but the capabilities are still there so again dash switch for documentation I find Emma and I'll show you in a moment how that works that if you run it with the des H switch you'll get about three pages worth of very very useful information but there's one particular thing that I use it for every single time I use apple remote desktop and kick start and that is to find out how to turn it on and enable all privileges for a particular user usually an administrator so conveniently in the documentation their example for turning on remote desktop using kickstart is for a user named Bob so if you run system library Corps servers remote management ard agent app content resources kickstart des age and pipe that to grep on Bob you'll get a convenient one line example for what you need to do to turn on album o desktop now for this to work on a remote machine you need to have command line access to that machine that means SSH enabled SSH is enabled by default on all servers so if you walk into an environment where you've got existing servers and you need graphical control over them or perhaps you're sitting up cluster which could be you know eight servers up to thousands of servers and you want to enable apple remote desktop this is immediately going to be useful to you in a client scenario SSH may or may not be enabled so you may or may not be able to take advantage of this now the path is rather long and the commands are rather long so we'll also show you how you can wrap that command around a GUI using a number of technologies will show you with one of them the way I chose to do that is with a program that I wrote called the activator in the activator is a simple real basic application that uses asynchronous shells so it can issue unix shell commands I pipe that big long script in there click a button and it turns on remote desktop on that machine with the addition of an inexpensive plug-in real basic can browse and retrieve entries on a rendezvous enabled network and ssh on mac OS 10 systems will advertise their ability through rendezvous so i can actually get a list of all the machines on my network that have ssh on so i don't need to know the IP addresses in advance and we'll switch gears i'll show you the demo on on the activator a moment then we'll switch gears to database access as you probably know apple remote desktop stores the data that it retrieves when doing a system report in a Postgres database now by default ard is really the only thing that can talk to that database but there are two configuration files that you can modify that will allow you to access that database through command line tools through graphical environments like real basics or any other of a number of database access technologies that can deal with postgres for those of you are taking notes the two files that you'll want to know about are the postgres SQL dot com file it's actually the last line on the slide here and the PG underscore hv a comp file and both of those files are standard post graphs configuration files if you grab a riley's postgres book and I speak thick pink bound book it'll document all kinds of cool stuff you can do with the postgres configuration files now one thing that is slightly different is the postmaster process which normally run and a standard postgres installation is called rmvb for the instance that album o desktop is using now using a graphical environment like real basic you can and a plug-in that comes with it you can tap into the database and explore it i'll show you in a moment how to do that there are two tables in the database that you'll see one is the property main map table haven't really found too much to use that for the main one that I've used is the system information table and in this table you'll find a line for every conceivable property that remote desktop can capture and the value that it captured one thing to note though is that ard only stores the last value for that particular property that was searched so there's no historical data you can't say for example what was the amount of RAM on this system last week so again using real basic an application called ard Tracker allows you to periodically pull that database AR DS database capture the information that you care about and store that in another database so that you can over time collect that folks could use this in lab management scenarios where or security scenarios where you're monitoring your equipment and then one day you notice because you're getting a report that the RAM in several of the machines has gone down which is not normally the way you want that to go so i'm not going to actually demonstrate the removal of ram from these machines i'll actually be capturing file sharing information so we'll be able to see if file sharing has been enabled or disabled disabled on those systems so we've got a couple of demos that will do first thing we want to do is take a quick look at the kickstart script you've all been taking notes you're going to tell me where it is right I think I'm joking system library Gore services now version 2 it's in remote desktop or remote management and then ard agent yeah contents you have been taking those kitab resources kickstart okay what's the rest of the command you don't know yet right so let's do dash h get some help and i happen to tell you that there is a word research for up and this command this one line kick start command will configure the agent turn access on with all privileges for the following users and in their example they use admin and bob so you can set multiple users in one command I don't have a bob user on here but I can do that remotely now we've got a bank of imacs to your right there's nine of them and they currently have the ssh daemon enabled the remote login demon enabled but not album remote desktop so let's see if we can figure out how to do that on one of those systems I'll tell you what that's actually gonna be hard cuz I don't know their IP addresses so let's launch the GUI instead and that's a rd activator and again if I knew the IP address I could punch it in here but i don't so i'll hit the rendezvous tab do a sort there are eight machines and there's one of the IP addresses i'm actually going to get into one of those machines 192 168 i'm sure that 14 and i'm going to send it a tale minus app on slash var slash log slash system vlog as the agent is enabled or disabled data log to that file so we'll watch it in real time in this screen and I don't know I guess that was lab number one so I got to give it an admin user and this application is fairly simple it's simply going to take the administrator that I punched in there in the password that i punched in there you have to have that account on the remote machine and that has to be the account that you are in fact enabling as you saw in the command line you could enable any number of accounts but this application will simply assume that you want to enable that one administrator account let's see what happens when we activate it and while that's going I probably should show you that in apple remote desktop some of these systems are in fact off or at least not visible to apple remote desktop so some of them are starting to come up now and it could take a while that actually when you activate the agent is going to start a number of processes including the database processes and the VNC process so give that a minute sometimes I get impatient I hit the button a few times while we're waiting for that to come up let's tap into the database as well as you probably know you can select machines in your list and run a system overview report in this case I'm going to choose sharing and then we collect new data for the report that those values are being stored in Postgres now using real basic with the postgres plug-in I can develop a quick application switch these around I first have to add a new data source and prior to doing the demo i did go into those two configuration files and make two changes that would allow another application to talk to the ARD database so the database name is ard and the password is ard sorry the user is ard and I blew my punchline the pastor is ard as well and if you're able to talk to your database you should be able to double click on this and see those two tables I told you about and the system information is the table that I find the most useful if hit edit schema here you can see the fields that are in there and the computer idea is a unique ID for every machine that you've added to your database and that's based on the built-in ethernet mac address that shouldn't change then for the things that you're interested in there should be a property name like file sharing is enabled and a value like 2 or false yes or no or a string or a number something along those lines actually they're all going to be essentially strings but you get the idea now if I want to see what's in that database I can switch to an empty window here I'm going to drag a multi-column list box off my palette and we'll set that list box to grow with the window and in fact we should tell the window that it can in fact grow and I'm going to add a data how do we call these things a database query control the database query control needs to be told which database is querying in this case it's the ARD you'll see that the ARD database that I established earlier and I need to give it an SQL query so that's going to be something like select star from system information now we're going to use something called binding with the command + Shift keys to drag to the list box from that database query control and say I'd like that list box to display the results of my database query and finally I'll set the list box to have five columns I should be able to run this project and get an application that now sees everything in the ARD database but you're probably going to want to narrow that down a little bit so i'll quit that and drag a pop-up mini onto the field let's make it a little wider maybe hit a little less wide and we're going to add another database query control for that pop-up menu command drag from that database query control tooth pop-up menu I would like that pop-up menu to display the results of this query and this query is going to be talking to the same ard database slightly different sequel code this is going to be select distinct computer ID from system information so if i run that this pop-up menu should display all of the unique MAC addresses of every machine that I've ever run a report on and you probably all know that reports can be run manually but you can also set your clients to periodically send that data to your database so you don't necessarily have to be constantly updating this database yourself alright so the last step is to take this pop-up menu that is getting a list of the unique MAC addresses and buying that to our original search we're going to bind that database query with the selection from the pop-up menu and I have to modify that database query slightly I want to select only two things let's get the property name and the value from system information and I apologize if this is a little bit small where computer ID equals and then in quotes i can put % 1 so that's going to hold the value that the pop-up menu gives it when i change the selection will switch the number of columns back down to two and now i should be able to stretch to the sky white or pick a machine and see all the properties that the database stores for that machine and some of those properties would be things like let's see what's something good file-sharing enabled serial number if necessary you've got volume beings all of this stuff could be something that you can make use of at some point all right how we doing over here good so I've got a number of machines now I'm going to show you a finished project that uses the same techniques that I just showed you called ard tracker and ard tracker is going to periodically do queries against AR DS database using the postgres plugin but it's going to save that data in its own database as well so as those values change over time this application will know that and we've got some historical data already in there let's see if we can find the most recent value for lab one and again I'm going to check file strain because it's something I can easily do but you might want to check things like hardware properties amount of RAM free space operating system installed and that sort of thing so lab one is currently got file sharing on let's use remote desktop to control that guy go to sharing and turn off personal file sharing now ard isn't going to know immediately that file sharing has been turned off we need to run a report and ordinarily this thing isn't going to be pulling your database every 10 seconds it probably will be doing something similar once a day once a week at an interval that you decide I'm going to go ahead and select all of the machines here we'll do a system overview report and I'm going to uncheck all of the options except for sharing I'm going to collect new information and we'll get the report what should happen as that comes up as we should see lab one switch from true to false and it may take 10 seconds I can also click this little button here and now we see lab one is false it's reasonably trivial thank you it's reasonably trivial and real basic to set up an email to be sent to you if a condition changes could ring a cowbell you can set off your pager you may not want to do that whenever someone turns on pal sharing but you may want your pager to go off when someone sets what someone takes up some of their ram all right and in fact you can embed Apple scripts within these things so the Apple script could do a number of things and speaking of Apple script I think that's probably it for my portion of today's demo so i'll introduce Steve Heymann to you who will show you even more useful things you can do with album odesk on thanks Tony I know this has been a very busy week for everyone what with the Canadian election on Monday and yesterday being candid today so I'm glad that you're all the troll still here one of the things Tony was doing was using remote desktop they're using ssh to turn on remote desktop I have the wonderful advantage of going after him here so i'm going to use remote desktop to turn off remote login so that he can't do that demo anymore so one of the great features here is this send unix command button i am personally a bulk user of this button and just to mess up tony we're going to do oh pardon me could we have demo to please guard emma the other demo whichever this one is thank you with the list of machines here i'm going to use a system set up dash F dash set remote login off now Tony's demo will not work anymore so this is the great advantage of going second in the session if I could go back to slide please will do more exciting ones than that in a minute I promise so anyway I'm having a UNIX guy for a long time and I can't believe how lucky I am that they put in this sends unix command feature in apple remote desktop i want to personally thank Nader for responding to the harassing way that I demanded that this valuable feature be added and I want to talk to you a little bit about that this is this is a great tool for unix geeks how many people here are command-line geeks how many people prefer the VI editor to the Emacs out of there I'm just curious how if you wish you'd learn emacs long ago but you're too stubborn to change you're too old learning new keystrokes and so stuck using VI that's me so I want to show you interesting ways you can muck around with this fleet of imacs that we have over here using the send unix command feature i want to talk a little bit about discovering how the machines are set up i want to show you how you can change how they're set up and at the end i might build something that might kind of remind you of a software update server so this is magic button my favorite button and I'm sure it will soon be your favorite button as well it will run the shell command of your choice on all the machines and collect the output I might run the exciting command date and get that a lovely table of what the time and date is on all these computers it's running the UNIX date command and displaying the output in this window here so you type a command you get to type of command you get to pick a particular remote user it can be the user which is currently logged in on the system which in this case is is it admin one over there is an apple one it's admin one pardon me or you can choose a different user which is necessary if nobody happens to be logged in at the moment ard takes what you type sends it to each of the remote machines in parallel feeds it into the bash shell runs the output and displays it and the exit status in a new computer list so on the remote side is using Vash it's not actually copying a shell script file it's actually starting up a bash process process process process who says Java who says a job I'm not java java right alright start the process on the remote machine and it feeds whatever you type into the standard input of that I can't say it process with this convenient path all all set up and there's one weird directory in there that we'll talk about in a moment so your commands run as the remote user of your choice maybe root maybe they logged in user so what can you type well you can size of anything that you might find in the regular UNIX path there's a couple of ideas and periodic weekly you might want to do that script that only get executed it at what is it for 30 on saturday mornings if the computer has to be turned on you can run that script right now periodic weekly you might want to run repair permissions you might want to run software update shell to get a list of what's needed anything that's in the standard UNIX have two records you can just type type anything else if you want to give it a full pathname but my favorite part is because it's actually using bash to interpret whatever you type you can type several commands separated by semicolons or on new lines or even a little miniature bash script if you want what do you get back to get the last line of the output NATO and I've had a number of discussions about that seizure and you get an indication of the success or failure of the the task that you that you ran it could be that the command you ran failed a lot of unix command execute with success or failure depending on some condition you can spot that quite easily here in your script so here's an example the command I ran in this case laughs and the night which gives you a list of users and I typed it into grep f payment of these five machines where has si Minh actually logged in and you can see that the grep command failed on the third machine which is actually an ibook from Henrico public schools where i'm not actually a student so I have never logged into that particular computer which you can spot right away which command succeeded which commands fail and you've got these buttons where you can pick a subset of the machines and continue on to do something else so the results come back you can run the same task together possibly a different one now that bonus tool that I like is this awkward half here which includes two tools system setup and network setup these are a couple of tremendously powerful command line tools that are buried in that directory but because that directory happens to be part of the past you can just type the past name directly and what can you do with these things well the one command you really need to know is dash help system setup dash health will show you a huge list of all the different options you can set on the computer you can set the date and time you can turn the airport power off you could you actually should really warn you to say you know you might not be able to do this again now if you turn the airport power off are you sure you can turn off remote login as I just did you can fool with the computer name on the startup disk and so on there's also a corresponding network setup command which is a way of setting and getting virtually every property you might find in the network preference paint what dhcp server should we use what dns server should we use you can set the gopher proxy imagine how much time you're going to save not having to walk around setting gopher proxies on all those computers save me a lot of time already boy I tell you or and if you like you could theoretically you could send some apple script now with remote desktop there's other ways to send applescript if you have a file but you can type a little bit of apple script and use the command line OS a script tool to copy that script over and executed you could even get kind of close to a software update server now I don't pretend to suggest that what I'm going to show you is anything like the software update server that's been talked about for tiger but since it's possible to manipulate software updates via the command line and since software updates are really just collections of packages there are some interesting things you can do with grabbing packages locally rather than going out onto the internet to find apples software updates so let's try some of this if I could go back to this one thank you so I thought the UNIX guys are used to typing little commands like this up time how long is this computer been update what time is it right now all these commands are things that you could easily do in remote desktop you could pick a list of computers like this say I want to send a unix command and I want to see the date on all of those computers and here comes the date on all those computers and one of them seems to be a little bit off here so this might be a good opportunity to take the same set try a slightly different command I want to use a system set up dash get using network time are these computers actually using network time service or not so they'll just run that command and show me the el puto the network time service seems to be on on three of them and off on the others now there's a corresponding dash set network time command where with a simple command like this you can turn network time on off on all those computers as well I think it's a very iterative iterative process using this feature I do a lot of experimentation myself trying little command in the terminal and then seeing if they work the same way and that in this tool which is of course they do so for instance one of the things I've often used is the command line software update to a software update dash 0 there's a list of all the software updates the disk computer needs this one happens to be up to date i know some of those aren't but you could easily run a software update to live like this to download install updates which i'll show you a little bit about in a minute so all the power the command line here is available in this tool as well now I have to admit that there are a number of pointless things you can do with this product as well I've got eight machines over there I might want to execute a little bit of Apple script OS a script feeds an apple script on standard input say the current date as a string using cellos see how that goes thank you the syntax checking built into this tool is amazing if you miss type of command the product manager will personally phone you and correct it try this again here here we go 8 computers over there they're all all singing the date isn't that fabulous you know no did you notice that they were all singing in sync the choir was actually doing pretty well because all these commands are actually executed in parallel and then the output comes back now you know one might want to do is buy the more elaborate thing I don't know how useful singing the current date is but one might want to sing the list of software updates see here no you can do this you don't have to be rude for this one get that one I think that was that I think that was an airport update in a garage band update I'm not sure it was about right so when you come up with good times like this you can certainly save them and and reuse them later sing the software updates I'll be wanting to do this one a lot so I want to save that way and that will actually add it to my task list there's this notion of a list of tasks that you've previously all right already I think it's um oh the script is still going the task is finished but the singing is so I think more software updates on that one that I saw it so so I have a list here are we done thank you ladies I have a list here of some interesting tools that I've command scripts that I've written over the SAS little while and you know the one that I just saved is in there as well so for instance you see here set four oxys everywhere where did that one go oh thank you i just a little fast needed by no hang on step rocky there we were thank you very much I was just humming that song stuck in my head now so the network setup command works on one interface at a time you know hey I can zoom in Kenny we got this ship for the clock quartz extreme or something that's supposed to be cool isn't it the the network setup command operates with in some situations on only one network service at a time you can set the Gopher proxy or the web proxy for the airport with one command for the ethernet with another command for the connection through your cell phone with another commandment it's certainly possible to write little scripts that asked for a list of all the network services and then apply the update command to each one this is all using basic bash scripting you know I'm running one command and looking at it so foot and I'm looping through everything else O'Reilly got a pretty good book on dash which I just actually picked up today and this is a great way to get started with writing little mini scripts like this part of the test is learning the syntax of the bash language for doing a loop like that part of the syntax is learning the details with a particular command please don't everybody go and set their web proxy to Heyman net that's my server it's just an example so i can run that what if I wanted to and you know set the web proxy on all of those computers and now none of them will be able to do anything because it turns out my server at home is down right at the moment so fortunately I saved nothing one of these here that puts the proxies back to the way they were one might very quickly build up a little toolkit of useful routines in this way now let me talk about software updates Ramona if you run software update L it will show you in a multi-line format all of the software updates that are available for your computer when I ran it earlier on here it turns out this particular presentation system doesn't need any software updates so it just said your software is up to date but if you've ever tried it you'll see that several lines of output come out you need this update you need that one this one's required this one needs to reboot well you can massage the format of that sort of thing into a little script like this one can run software update with a little bit of awk everyone's favorite tool awk you can pick you know just the lines of interest and format everything onto onto one line here so here's a little script that runs software update that was being kind of a smart guy can anybody tell me what this is for here oh of course you can't tell me what that's worth is that better you named a char will conveniently tell me whether I'm on Jaguar or a panther by handing out a number that ends in this six or a seven ah that's so hants so the syntax of the software update command actually changed between Jaguar and Panther so in my scripts here I can account for that so if we run this one this will just show me a nice little one line list of who needs what software update one of the machines neat they all need airport extreme and several of them need GarageBand so after a while you build up a little collection tools like this you could then pick this one and you might want to run another script that actually did software update with that one but I want to suggest the different strategy the way software updates actually work is that your computer and again I'm talking about how it works now not the future software update server your computer talks to akamai or Apple or something and gets a list of what packages are available and then your computer goes and downloads the ad megabyte update and maybe all 500 computers in your building go and download the 80 megabyte update and install it now we're making some great progress with the software update server for tiger but I want to suggest a way you might like to work around this locally software updates are just packages there just got PKG files like anything else let's suppose you have a server and you put the interesting packages that you like on the server maybe you've got the trial version of omni something and you've got the apple security update put them all in a shared folder on a server and then you can have a little script that says all right i want to mount that server I want to see what packages are in that folder and remember I'm going to do this on every computer I want to compare that to library receipts which is the list of what taxes have already installed so they don't waste any time installing a package I've already got and then I'd like to use the command line installer command to grab packages off my local server maybe the server down the hall are in the school and install them locally so I spend a little time messing around with something like that and let's see here install packages from server this is just really a starting point for john-boy this is tricky hanging the back a little bit here this is a starting point for discussion let's say I want to look and see if anybody has logged in and I want to exit if someone is logged in it's kind of rude to do a software update well if someone's logged in and then I want to mount this is ugly I want to mount this server here that's the server we have over here I want to mount it via AFP and that's going to give me a map link called / camp / packages or something and then I want to go through that amount white and for every package I see there for every TKG I want to compare that with what I've got in / library receipts on this computer in other words have I installed that package already or not and then building up a little lips and then for each one in the needed list i'm going to run the installer to install that particular package let's give it a shot I only have I have to mean they only have a couple of phony packages in fact I think I only have one phony package on my server over there but you could certainly add other packages of your choice commercial applications packages that you've made apple software updates that you downloaded directly and if we actually run this all those machines are in use you notice that my script exited if the machine was in use that was kind of polite well let me log out a few people where you do that logout current user log out some people on those computers now we'll try this again install packages from the server and see how far it gets this time now here's an interesting situation nobody was logged in so I can't do any of this to the current user what I really should be doing thank you for coughing it wish you'd talked about 30 seconds ago we'd better to do this as root rather than the current user you can always do things as root whether anybody's logged in or not let's try this again here what's going on there no Kiko well you know it actually worked the previous time I was doing it it actually all needed some features have installed on those two computers the other ones are in use or something that's happened to the client software what we were discussing here probably to that log keep a lot of property puts that need to be a tech support guy you help me with a double quote before what do we do now so this is just a starting point for discussion I think you'll find that you could have packages stored locally to your end users and then you as an administrator run a script like this once in a while that grabs the packages and installs them rather than everybody going and pulling them from Akamai at the vast cost to everyone I'm plan on cleaning the script up a little bit and posting it on the wwc server when we're all done look I know I know you can't phone me about it okay so one last thing I wanted to try here we were having a few cocktails and gosh I'd really like it if those two were still on here for this little effect guys what we want to do hang on won't let's just it never hurts to quit remote desktop is started again well what's writing we're gonna take all these machines they're up and not down here and I found the greatest little command the other day I don't know if you know about this dr util tray open dr util tray whoa I can put that in the loop we'll go around 10 times I was doing it infinitely before that was kind of mean oh I need to do up here a little imac ballet going here it's going to fail in the machine two of the machines or the other six are going to go thank you out and in oh and in know that only went around one somos was on the jaw Tron well you know this is what I straight to have these commands stored I was showing this to somebody earlier I was telling them about it I said I was going to have all these trays I mean about by the way this is a great script if you're in one of our retail stores just you know go to one of the computers and maybe my could do with mine logging in there that would help me the fun thing to do make it a startup item stir something so well they're not looking so the day reboot and the machines all come out and go in are you restarting those two there so i was describing this to somebody earlier and he said wouldn't it be great it was great to have them coming in and out but wouldn't be great if he could make him do the wave ahahahaha i hate it when people say that somebody said that to me at lunch so i had to go and figure that out so if you love stand by here we'll do the wave on these imacs i'm going to wait for two of them to come back are we all set over there so here is a much more elaborate script no conveniently the machines are not arranged on the cart in any kind of a useful order they're all we've got the number six number three number eight number two so i had to write a little script that would ask each one to look for its position on the list and then sleep for a certain number of microseconds depending on its position on the list and then open and close the tray slip see the way [Music] but again thank you yeah i probably spent more time on that than I did on the software update server script anyway I think I pretty much hosed these machines in one one one way or another and there's one thing I think assist administrators that we all wish after we really messed up a machine we really wish Mike bombyx was around to help us out of a jam yeah oh my god here Oh thank you Steve gotta leave it up to a systems engineer and a consulting engineer to walk into some IMAX and do some damage so that's why we're here so I think that Tony and Steve's have shown you how remote desktop has a great set of tools for day-to-day management of whole bunch of machines or just eight machines that you can no longer buy so the machines that you can still get there's still the arduous task of doing last deployments and oops wrong button and there's still some challenges that face system administrators when it comes to deploying software onto a whole bunch of machines you have things like managing multiple configurations of machines that you have lots of different labs for different uses just having a large number of machines to deploy software on two machines located really far away and you don't feel like getting your butt off your chair and running out to that machine and managing machine specific settings you know sneakernet running around each machine and getting things all set and then yeah you got a limited time and I'm at a time in training and nobody has money and we all sing the same story so there's actually several solutions to some of these problems first of all if you create a master disk image of the software that's common to all of your machines and then couple that with black level copying and network booting you can greatly reduce the amount of time that it takes to get software out onto 5100 or 32,000 machines with apple remote desktop network disk or set startup disk command this kind of solves a problem of dealing with machines located remotely and then if you can get a machine set its own machine specific settings you spend a lot more a lot less time running around to each machine and a lot more time sitting on your butt playing quake or something so the final challenge of course is the management of machine specific settings and this is where I think the Postgres database in ard to can really be a great solution ard solution to data management is based on the standards based platform agnostic web 'um web-based enterprise management web um is essentially a technology that provides simplified access to data about software and hardware with remote desktop from the admin application if you go and choose if you get a system information report then the web um client web them open web aman the client will collect machine and software data using the system profiler frameworks and cash that information locally hand that information on to the ARD client and the ARD client returns it up to the ARD admin and that plugs it into the database Tony's already shown you quite a bit about the database so i won't go into the ins and outs of the database but i am going to show you a little bit more about what we can do with that database so the ARD database stores over 200 pieces of information about each Mac it stores it in 27 different categories based on a type of hardware or system information most interesting to system administrators probably is the Maxis mental element this object has 95 attributes about each machine things like the computer information fields you've seen the sharing preference pane computer name IP address machine model in class and serial number for example to access information from the ARD database you could use tools like Tony showed or you can just use the pc full command that's in our favorite directory remote management inside core services and here i have an example of just some basic syntax that will dump all the information from the database perhaps a more friendly way of accessing the information is to use the functions that are built into PHP for accessing data from Postgres database if you were to store your database for example on a mac OS 10 server you could set up a PHP script that could return an entire record about a computer back to the client that requested it and you could do this in any format you want I have XML as an example so the client could then request the PHP script and download it using curl and use its own mac addresses an argument and then your PHP script can send it back and the client can store it in the temp directory and you can access it on your client machines while there are net looted or whatever and retrieve values from that that plist file using the default command so I've actually built a PHP script like this much bigger up there and you can see an example of the kind of output that you can generate using PHP now this I use XML formatting because that met my requirements if you're just using a shell script and you're just using awkward grip and awk is my favorite program then you could certainly just have flat text and use just you know a couple lines for your output so how do we actually use the ARD Postgres database to make deployment easier after all that's what we're looking for well the database is more or less read-only however there are those for computer information fields so that you can plug data into and again I'm not trying to add any worked here to your schedule to run around and type information to each one of these fortunately the advent application has a change client settings dialog to a lot that allows you to change the data in these fields you can do it on a per machine basis or you can select a group of machines and do that so select a group of machines and then choose the change client settings option from the manage menu and then plug some data into those fields and you can use data like the the path to a disk image that you would like to restore to the machine or maybe the room number or the building that the machine is in and then on the client side and a shell script you can use that information to either apply that disk image to the local drive or say set up printers based on what room it's in finally get your database all set up then you can initiate deployment using apple remote tops change startup disk and set it to boot from your net install disk image and get her done so here is what a deployment can now look like with AR DS database note that i do mention the use of a third-party product in here however you can use the tools that are built in the Mac os10 necklace and syringe from shell scripts so first thank you get your match machine set up exactly the way you want it use disk utility or net restore helper to create a disk image of your master machine stored on a file server next use network image utility or net restore helper to create a net install image set that will boot up to any type of application that will use ASR to to do some restores finally use apple remote desktop to tell all of your target machines to reboot from your net install image set when the client machines are finished booting they launch the ASR application the ASR application queries the ARD database retrieve the records specific to that target machine the ASR application then looks through that record pulls out the information it needs to find the disk image applies that disk image to the internal drives and finally to wrap everything up it runs some post action scripts to apply any other machine specific settings that were in that machine record not quite as sexy as the stuff Steve was doing but it's really going to save you a lot of time our identity so that scenario is going to work rate for a lot of people there's going to be some people some system administrators however that may want to store more machine specific data than can be supported by those for custom computer information fields for these people we can go ahead and extend the functionality of the ARD database after all it is just a standard Postgres database so one thing that that should be pointed out is that the system information able is essentially read-only it's read only insofar as every time you collect a system information report any changes that you may have made will get wiped out so system information table is for ARD no touchy if you want you can add additional tables for system imaging information I have some syntax up here for that and then populate the database or that table with your own machine specific specific information there is one other caveat though ard if it ever has trouble accessing the database it'll it'll try three times and if it fails the third time it'll just wipe out the database and start from scratch so you may just want to create another database instead and put say like maybe a PHP front end on that and i'm going to client request information from your database your PHP script can pull that information together and provide a back in a unified format so if you wanted to do something like this Mac os10 server you would first need to install the postgres aware version of PHP mark lion age has a great little package installer that makes it really simple next develop a front-end for managing system imaging data and a database for that and finally develop a front-end to report on various information from your ard system information database sounds easy huh so everybody run out and do that well actually I have developed a prototype and of course it's free and open source so there's a great starting point for developing something like this thanks but I'm not done so the first thing that I'd like to show is change client settings so I've got to lift that up here of these eight machines and the change client settings dialog can actually do a lot of things but I'm going to go ahead and skip through these it basically just sets any preferences that you find in the sharing preference pane for ARD and on the last item we can go ahead and say these are you / just going to use CC dash master and i will call this north beach that's okay it's not really going to do anything so we go ahead and set these receiving settings prepping changing alrighty and then we can go ahead and gather another system information report and I'm not quite as picky as Tony I'm just going to grab a new one and it'll collect that changed information from each machine and now your database has been updated and it's got the new information required to do whatever you need to do to that lab so of course you would need some client-side scripts in your net install image set that would do something with this data I'm actually not going to cover that what I will cover and I don't really need to change this so again just for thoroughness for raw postgres access you just use the imdb bundle the commands within there and run a standard sequel query get lots and lots of data this isn't really very useful for us so what we can do instead is you allow our ard database the excess by the local host by a PHP and to do that you can modify those files that Tony was mentioning or I actually just released this yesterday is called Adam alpha remote desktop database access manager you click a button and it enables vocalist access just a little quick and dirty guy next write yourself some PHP scripts and this is a pretty simple one right here it basically will just return an entire record from the ARD database or not there it is so this is actually pretty short but basically just loops to that data for each of those system information elements and returns that data back to the client so finally when you get your entire PHP database solution are all set up and looking pretty you can set up groups and here i have a group of computers this is eight computers over here and this particular script will report back from two databases from the net restore database that i created and from the ARD database that already exists so what we have here is a summary of information from the ARD database if you want to get more information you can click a link and it returned data for that computer look a nice and pretty and then we can also use this for management and that's that's the most exciting part so right now you can see that all of these computers well first of all these are the the preferences for net restore if you recognize them right now everything's set to know and there's no configuration but we can go ahead and say apply some parameters to this specific machine or I can go in here and I could say apply these parameters to all of these machines restore the WWDC master to the first drive available it's updated my database and now he or d doesn't have quite enough cowbells and sound effects does it he's going to work on it so we can go ahead and and and typically I would just use the set network startup disk and tell all the machines to reboot from Annette install server but I don't have a net install server here so I will simulate it by copying out net restore to each machine and open it up cute look let me delete this task why don't we do that alright let's try this again copy item and then if we take a look at one of these machines ouch well in the final release it'll work great but essentially essentially this is what it's going to look like the machine will come up and actually fortunately wouldn't do a it's probably because I unable to fully automate but it automatically put pic WWE seamaster and I've got my my imaging information all of my options and it would have just gotten or done you know a few clicks of a button and your machines are reimaged so that's it coming soon to a version tracker near you later oh now that's it alright so just we can get more information on a documentation for the product and who to contact so you can contact me for the products with some information as well as Jason skip from a developer relations perspective