WWDC2004 Session 641

Transcript

Kind: captions
Language: en
alright good afternoon my name is Nate
ernet DC and I'm the product manager at
form of desktop this is our last session
on ard this week we've had a couple so
far and it's been really well received
and this session is we're not going to
repeat the lock screen you know demos
anymore this is going to be totally
thank you yeah this is going to be more
about just applying some of the features
you've learned about so far this week so
just to review aplin will desktop it's
all about software distribution Asset
Management's remote administration
remote assistance and it is based on
open standards and that's what we're
really going to be hinging the rest of
this presentation on we're going to be
showing you how you can plug in and
extend some of the capabilities we have
in the product and we've got three
presenters here that each one is going
to be walking through different parts of
the product and just showing you and
giving you ideas some of them you can
start using but some of the other
demonstrations really intended to be
just giving you ideas about how you can
extend and integrate the product into
your environment so without further ado
I'm going to introduce Tony Graham here
on stage I was actually planning on
demonstrating the lock feature that was
my whole shtick thanks Nader actually
I'm going to cover two possible uses for
a pirozek desktops capabilities the fact
that it is based on open standards and
utilizing a database behind the scenes
and also have some command line tools
for managing and monitoring it so it's
it's very cool it can be integrated with
with database solutions that you have
created or you can use the database
that's included we're going to get in
with ssh two machines that perhaps don't
have the remote desktop client installs
are enabled and turned it on and then
we'll talk about ways you can capture
day
that remote desktop has retrieved for
you and store it for later use alright
anyone here ever use the kick start
command an apple remote desktop alright
great for those of you who've never seen
it before kickstart is a command-line
tool conveniently located in system
library core services now remote
management ard contents resources and
it's called kick start there is self
documenting so if you run it with the
dash H option it'll spit out a list of
things you can do with the kickstart
script the thing that I use it for most
is to turn on ard key on a machine that
doesn't have it currently enabled
probably everyone in this room knows
that alpha remote desktop is bundled
with the operating system version 1.2
and the capability for activating it has
been there for it since one point two
point four I think it's it's still there
in version 2 the script itself as one
layer deeper in the file system than it
was before but the capabilities are
still there so again dash switch for
documentation I find Emma and I'll show
you in a moment how that works that if
you run it with the des H switch you'll
get about three pages worth of very very
useful information but there's one
particular thing that I use it for every
single time I use apple remote desktop
and kick start and that is to find out
how to turn it on and enable all
privileges for a particular user usually
an administrator so conveniently in the
documentation their example for turning
on remote desktop using kickstart is for
a user named Bob so if you run system
library Corps servers remote management
ard agent app content resources
kickstart des age and pipe that to grep
on Bob you'll get a convenient one line
example for what you need to do to turn
on album o desktop now for this to work
on a remote machine you need to have
command line access to that machine that
means SSH enabled SSH is enabled by
default on all servers so if you walk
into an environment where you've got
existing servers and you need graphical
control over them or perhaps you're
sitting up
cluster which could be you know eight
servers up to thousands of servers and
you want to enable apple remote desktop
this is immediately going to be useful
to you in a client scenario SSH may or
may not be enabled so you may or may not
be able to take advantage of this now
the path is rather long and the commands
are rather long so we'll also show you
how you can wrap that command around a
GUI using a number of technologies will
show you with one of them the way I
chose to do that is with a program that
I wrote called the activator in the
activator is a simple real basic
application that uses asynchronous
shells so it can issue unix shell
commands I pipe that big long script in
there click a button and it turns on
remote desktop on that machine with the
addition of an inexpensive plug-in real
basic can browse and retrieve entries on
a rendezvous enabled network and ssh on
mac OS 10 systems will advertise their
ability through rendezvous so i can
actually get a list of all the machines
on my network that have ssh on so i
don't need to know the IP addresses in
advance and we'll switch gears i'll show
you the demo on on the activator a
moment then we'll switch gears to
database access as you probably know
apple remote desktop stores the data
that it retrieves when doing a system
report in a Postgres database now by
default ard is really the only thing
that can talk to that database but there
are two configuration files that you can
modify that will allow you to access
that database through command line tools
through graphical environments like real
basics or any other of a number of
database access technologies that can
deal with postgres for those of you are
taking notes the two files that you'll
want to know about are the postgres SQL
dot com file it's actually the last line
on the slide here and the PG underscore
hv a comp file and both of those files
are standard post graphs configuration
files if you grab a riley's postgres
book and I speak thick pink bound book
it'll document all kinds of cool stuff
you can do with the postgres
configuration files now one thing that
is slightly different is the postmaster
process which normally run
and a standard postgres installation is
called rmvb for the instance that album
o desktop is using now using a graphical
environment like real basic you can and
a plug-in that comes with it you can tap
into the database and explore it i'll
show you in a moment how to do that
there are two tables in the database
that you'll see one is the property main
map table haven't really found too much
to use that for the main one that I've
used is the system information table and
in this table you'll find a line for
every conceivable property that remote
desktop can capture and the value that
it captured one thing to note though is
that ard only stores the last value for
that particular property that was
searched so there's no historical data
you can't say for example what was the
amount of RAM on this system last week
so again using real basic an application
called ard Tracker allows you to
periodically pull that database AR DS
database capture the information that
you care about and store that in another
database so that you can over time
collect that folks could use this in lab
management scenarios where or security
scenarios where you're monitoring your
equipment and then one day you notice
because you're getting a report that the
RAM in several of the machines has gone
down which is not normally the way you
want that to go so i'm not going to
actually demonstrate the removal of ram
from these machines i'll actually be
capturing file sharing information so
we'll be able to see if file sharing has
been enabled or disabled disabled on
those systems so we've got a couple of
demos that will do first thing we want
to do is take a quick look at the
kickstart script you've all been taking
notes you're going to tell me where it
is right
I think I'm joking system library Gore
services now version 2 it's in remote
desktop or remote management and then
ard agent yeah contents you have been
taking those kitab resources kickstart
okay what's the rest of the command you
don't know yet right so let's do dash h
get some help and i happen to tell you
that there is a word research for up and
this command this one line kick start
command will configure the agent turn
access on with all privileges for the
following users and in their example
they use admin and bob so you can set
multiple users in one command I don't
have a bob user on here but I can do
that remotely now we've got a bank of
imacs to your right there's nine of them
and they currently have the ssh daemon
enabled the remote login demon enabled
but not album remote desktop so let's
see if we can figure out how to do that
on one of those systems I'll tell you
what that's actually gonna be hard cuz I
don't know their IP addresses so let's
launch the GUI instead and that's a rd
activator and again if I knew the IP
address I could punch it in here but i
don't so i'll hit the rendezvous tab do
a sort there are eight machines and
there's one of the IP addresses i'm
actually going to get into one of those
machines 192 168 i'm sure that 14 and
i'm going to send it a tale minus app on
slash var slash log slash system vlog as
the agent is enabled or disabled data
log to that file so we'll watch it in
real time in this screen
and I don't know I guess that was lab
number one so I got to give it an admin
user and this application is fairly
simple it's simply going to take the
administrator that I punched in there in
the password that i punched in there you
have to have that account on the remote
machine and that has to be the account
that you are in fact enabling as you saw
in the command line you could enable any
number of accounts but this application
will simply assume that you want to
enable that one administrator account
let's see what happens when we activate
it and while that's going I probably
should show you that in apple remote
desktop some of these systems are in
fact off or at least not visible to
apple remote desktop so some of them are
starting to come up now and it could
take a while that actually when you
activate the agent is going to start a
number of processes including the
database processes and the VNC process
so give that a minute sometimes I get
impatient I hit the button a few times
while we're waiting for that to come up
let's tap into the database as well as
you probably know you can select
machines in your list and run a system
overview report in this case I'm going
to choose sharing and then we collect
new data for the report that those
values are being stored in Postgres now
using real basic with the postgres
plug-in I can develop a quick
application switch these around I first
have to add a new data source and prior
to doing the demo i did go into those
two configuration files and make two
changes that would allow another
application to talk to the ARD database
so the database name is ard and the
password is ard sorry the user is ard
and I blew my punchline the pastor is
ard as well and if you're able to talk
to your database you should be able to
double click on this and see those two
tables I told you about and the system
information is the table that I find the
most useful if
hit edit schema here you can see the
fields that are in there and the
computer idea is a unique ID for every
machine that you've added to your
database and that's based on the
built-in ethernet mac address that
shouldn't change then for the things
that you're interested in there should
be a property name like file sharing is
enabled and a value like 2 or false yes
or no or a string or a number something
along those lines actually they're all
going to be essentially strings but you
get the idea now if I want to see what's
in that database I can switch to an
empty window here I'm going to drag a
multi-column list box off my palette and
we'll set that list box to grow with the
window and in fact we should tell the
window that it can in fact grow and I'm
going to add a data how do we call these
things a database query control the
database query control needs to be told
which database is querying in this case
it's the ARD you'll see that the ARD
database that I established earlier and
I need to give it an SQL query so that's
going to be something like select star
from system information now we're going
to use something called binding with the
command + Shift keys to drag to the list
box from that database query control and
say I'd like that list box to display
the results of my database query and
finally I'll set the list box to have
five columns I should be able to run
this project and get an application that
now sees everything in the ARD database
but you're probably going to want to
narrow that down a little bit so i'll
quit that and drag a pop-up mini onto
the field let's make it a little wider
maybe hit a little less wide and we're
going to add another database query
control for that pop-up menu
command drag from that database query
control tooth pop-up menu I would like
that pop-up menu to display the results
of this query and this query is going to
be talking to the same ard database
slightly different sequel code this is
going to be select distinct computer ID
from system information so if i run that
this pop-up menu should display all of
the unique MAC addresses of every
machine that I've ever run a report on
and you probably all know that reports
can be run manually but you can also set
your clients to periodically send that
data to your database so you don't
necessarily have to be constantly
updating this database yourself alright
so the last step is to take this pop-up
menu that is getting a list of the
unique MAC addresses and buying that to
our original search we're going to bind
that database query with the selection
from the pop-up menu and I have to
modify that database query slightly I
want to select only two things let's get
the property name and the value from
system information and I apologize if
this is a little bit small where
computer ID equals and then in quotes i
can put % 1 so that's going to hold the
value that the pop-up menu gives it when
i change the selection will switch the
number of columns back down to two and
now i should be able to stretch to the
sky white or pick a machine and see all
the properties that the database stores
for that machine and some of those
properties would be things like let's
see what's something good file-sharing
enabled serial number if necessary
you've got volume beings all of this
stuff could be something that you can
make use of at some point all right how
we doing over here good so I've got a
number of machines now I'm going to show
you a finished project that
uses the same techniques that I just
showed you called ard tracker and ard
tracker is going to periodically do
queries against AR DS database using the
postgres plugin but it's going to save
that data in its own database as well so
as those values change over time this
application will know that and we've got
some historical data already in there
let's see if we can find the most recent
value for lab one and again I'm going to
check file strain because it's something
I can easily do but you might want to
check things like hardware properties
amount of RAM free space operating
system installed and that sort of thing
so lab one is currently got file sharing
on let's use remote desktop to control
that guy go to sharing and turn off
personal file sharing now ard isn't
going to know immediately that file
sharing has been turned off we need to
run a report and ordinarily this thing
isn't going to be pulling your database
every 10 seconds it probably will be
doing something similar once a day once
a week at an interval that you decide
I'm going to go ahead and select all of
the machines here we'll do a system
overview report and I'm going to uncheck
all of the options except for sharing
I'm going to collect new information and
we'll get the report what should happen
as that comes up as we should see lab
one switch from true to false and it may
take 10 seconds I can also click this
little button here and now we see lab
one is false it's reasonably trivial
thank you it's reasonably trivial and
real basic to set up an email to be sent
to you if a condition changes could ring
a cowbell you can set off your pager you
may not want to do that whenever someone
turns on pal sharing but you may want
your pager to go off when someone sets
what someone takes up some of their ram
all right
and in fact you can embed Apple scripts
within these things so the Apple script
could do a number of things and speaking
of Apple script I think that's probably
it for my portion of today's demo so
i'll introduce Steve Heymann to you who
will show you even more useful things
you can do with album odesk on thanks
Tony I know this has been a very busy
week for everyone what with the Canadian
election on Monday and yesterday being
candid today so I'm glad that you're all
the troll still here one of the things
Tony was doing was using remote desktop
they're using ssh to turn on remote
desktop I have the wonderful advantage
of going after him here so i'm going to
use remote desktop to turn off remote
login so that he can't do that demo
anymore so one of the great features
here is this send unix command button i
am personally a bulk user of this button
and just to mess up tony we're going to
do oh pardon me could we have demo to
please guard emma the other demo
whichever this one is thank you with the
list of machines here i'm going to use a
system set up dash F dash set remote
login off now Tony's demo will not work
anymore so this is the great advantage
of going second in the session if I
could go back to slide please will do
more exciting ones than that in a minute
I promise so anyway I'm having a UNIX
guy for a long time and I can't believe
how lucky I am that they put in this
sends unix command feature in apple
remote desktop i want to personally
thank Nader for responding to the
harassing way that I demanded that this
valuable feature be added and I want to
talk to you a little bit about that this
is this is a great tool for unix geeks
how many people here are command-line
geeks how many people prefer the VI
editor to the Emacs out of there I'm
just curious how if you wish you'd learn
emacs long ago but you're too stubborn
to change
you're too old learning new keystrokes
and so stuck using VI that's me so I
want to show you interesting ways you
can muck around with this fleet of imacs
that we have over here using the send
unix command feature i want to talk a
little bit about discovering how the
machines are set up i want to show you
how you can change how they're set up
and at the end i might build something
that might kind of remind you of a
software update server so this is magic
button my favorite button and I'm sure
it will soon be your favorite button as
well it will run the shell command of
your choice on all the machines and
collect the output I might run the
exciting command date and get that a
lovely table of what the time and date
is on all these computers it's running
the UNIX date command and displaying the
output in this window here so you type a
command you get to type of command you
get to pick a particular remote user it
can be the user which is currently
logged in on the system which in this
case is is it admin one over there is an
apple one it's admin one pardon me or
you can choose a different user which is
necessary if nobody happens to be logged
in at the moment ard takes what you type
sends it to each of the remote machines
in parallel feeds it into the bash shell
runs the output and displays it and the
exit status in a new computer list so on
the remote side is using Vash it's not
actually copying a shell script file
it's actually starting up a bash process
process process process
who says Java who says a job I'm not
java java right alright start the
process on the remote machine and it
feeds whatever you type into the
standard input of that I can't say it
process with this convenient path all
all set up and there's one weird
directory in there that we'll talk about
in a moment so your commands run as the
remote user of your choice maybe root
maybe they logged in user so what can
you type well you can size of anything
that you might find in the regular UNIX
path there's a couple of ideas and
periodic weekly you might want to do
that script that only get executed it at
what is it for 30 on saturday mornings
if the computer has to be turned on you
can run that script right now periodic
weekly you might want to run repair
permissions you might want to run
software update shell to get a list of
what's needed anything that's in the
standard UNIX have two records you can
just type type anything else if you want
to give it a full pathname but my
favorite part is because it's actually
using bash to interpret whatever you
type you can type several commands
separated by semicolons or on new lines
or even a little miniature bash script
if you want what do you get back to get
the last line of the output NATO and
I've had a number of discussions about
that seizure and you get an indication
of the success or failure of the the
task that you that you ran it could be
that the command you ran failed a lot of
unix command execute with success or
failure depending on some condition you
can spot that quite easily here in your
script so here's an example the command
I ran in this case laughs and the night
which gives you a list of users and I
typed it into grep f payment of these
five machines where has si Minh actually
logged in and you can see that the grep
command failed on the third machine
which is actually an ibook from Henrico
public schools where i'm not actually a
student so I have never logged into that
particular computer which you can spot
right away which command succeeded which
commands fail and you've got these
buttons where you can pick a subset of
the machines and continue on to do
something else so the results come back
you can run the same task together
possibly a different one now that bonus
tool that I like is this awkward half
here which includes two tools system
setup and network setup these are a
couple of tremendously powerful command
line tools that are buried in that
directory
but because that directory happens to be
part of the past you can just type the
past name directly and what can you do
with these things well the one command
you really need to know is dash help
system setup dash health will show you a
huge list of all the different options
you can set on the computer you can set
the date and time you can turn the
airport power off you could you actually
should really warn you to say you know
you might not be able to do this again
now if you turn the airport power off
are you sure you can turn off remote
login as I just did you can fool with
the computer name on the startup disk
and so on there's also a corresponding
network setup command which is a way of
setting and getting virtually every
property you might find in the network
preference paint what dhcp server should
we use what dns server should we use you
can set the gopher proxy imagine how
much time you're going to save not
having to walk around setting gopher
proxies on all those computers save me a
lot of time already boy I tell you or
and if you like you could theoretically
you could send some apple script now
with remote desktop there's other ways
to send applescript if you have a file
but you can type a little bit of apple
script and use the command line OS a
script tool to copy that script over and
executed you could even get kind of
close to a software update server now I
don't pretend to suggest that what I'm
going to show you is anything like the
software update server that's been
talked about for tiger but since it's
possible to manipulate software updates
via the command line and since software
updates are really just collections of
packages there are some interesting
things you can do with grabbing packages
locally rather than going out onto the
internet to find apples software updates
so let's try some of this if I could go
back to this one thank you so I thought
the UNIX guys are used to typing little
commands like this up time how long is
this computer been update what time is
it right now all these commands are
things that you could easily do in
remote desktop you could pick a list of
computers like this say I want to send a
unix command and I want to see the date
on all of those computers and here comes
the date on all those computers and one
of them seems to be a little bit off
here so this might be a good opportunity
to take the same set
try a slightly different command I want
to use a system set up dash get using
network time are these computers
actually using network time service or
not so they'll just run that command and
show me the el puto the network time
service seems to be on on three of them
and off on the others now there's a
corresponding dash set network time
command where with a simple command like
this you can turn network time on off on
all those computers as well I think it's
a very iterative iterative process using
this feature I do a lot of
experimentation myself trying little
command in the terminal and then seeing
if they work the same way and that in
this tool which is of course they do so
for instance one of the things I've
often used is the command line software
update to a software update dash 0
there's a list of all the software
updates the disk computer needs this one
happens to be up to date i know some of
those aren't but you could easily run a
software update to live like this to
download install updates which i'll show
you a little bit about in a minute so
all the power the command line here is
available in this tool as well now I
have to admit that there are a number of
pointless things you can do with this
product as well I've got eight machines
over there I might want to execute a
little bit of Apple script OS a script
feeds an apple script on standard input
say the current date as a string using
cellos see how that goes thank you the
syntax checking built into this tool is
amazing
if you miss type of command the product
manager will personally phone you and
correct it try this again here here we
go 8 computers over there they're all
all singing the date isn't that fabulous
you know no did you notice that they
were all singing in sync the choir was
actually doing pretty well because all
these commands are actually executed in
parallel and then the output comes back
now you know one might want to do is buy
the more elaborate thing I don't know
how useful singing the current date is
but one might want to sing the list of
software updates see here no you can do
this you don't have to be rude for this
one get that one
I think that was that I think that was
an airport update in a garage band
update I'm not sure it was about right
so when you come up with good times like
this you can certainly save them and and
reuse them later sing the software
updates I'll be wanting to do this one a
lot so I want to save that way and that
will actually add it to my task list
there's this notion of a list of tasks
that you've previously all right already
I think it's um oh the script is still
going the task is finished but the
singing is so I think more software
updates on that one that I saw it so so
I have a list here are we done thank you
ladies I have a list here of some
interesting tools that I've command
scripts that I've written over the SAS
little while and you know the one that I
just saved is in there as well so for
instance you see here set four oxys
everywhere where did that one go oh
thank you i just a little fast needed by
no hang on step rocky there we were
thank you very much I was just humming
that song stuck in my head now so the
network setup command works on one
interface at a time you know hey I can
zoom in Kenny we got this ship for the
clock quartz extreme or something that's
supposed to be cool isn't it the the
network setup command operates with in
some situations on only one network
service at a time you can set the Gopher
proxy or the web proxy for the airport
with one command for the ethernet with
another command for the connection
through your cell phone with another
commandment it's certainly possible to
write little scripts that asked for a
list of all the network services and
then apply the update command to each
one this is all using basic bash
scripting you know I'm running one
command and looking at it so foot and
I'm looping through everything else
O'Reilly got a pretty good book on dash
which I just actually picked up today
and this is a great way to get started
with writing little mini scripts like
this part of the test is learning the
syntax of the bash language for doing a
loop like that part of the syntax is
learning the details with a particular
command please don't everybody go and
set their web proxy to Heyman
net that's my server it's just an
example so i can run that what if I
wanted to and you know set the web proxy
on all of those computers and now none
of them will be able to do anything
because it turns out my server at home
is down right at the moment so
fortunately I saved nothing one of these
here that puts the proxies back to the
way they were one might very quickly
build up a little toolkit of useful
routines in this way now let me talk
about software updates Ramona if you run
software update L it will show you in a
multi-line format all of the software
updates that are available for your
computer when I ran it earlier on here
it turns out this particular
presentation system doesn't need any
software updates so it just said your
software is up to date but if you've
ever tried it you'll see that several
lines of output come out you need this
update you need that one this one's
required this one needs to reboot well
you can massage the format of that sort
of thing into a little script like this
one can run software update with a
little bit of awk everyone's favorite
tool awk you can pick you know just the
lines of interest and format everything
onto onto one line here so here's a
little script that runs software update
that was being kind of a smart guy can
anybody tell me what this is for here oh
of course you can't tell me what that's
worth is that better you named a char
will conveniently tell me whether I'm on
Jaguar or a panther by handing out a
number that ends in this six or a seven
ah that's so hants so the syntax of the
software update command actually changed
between Jaguar and Panther so in my
scripts here I can account for that so
if we run this one this will just show
me a nice little one line list of who
needs what software update one of the
machines neat they all need airport
extreme and several of them need
GarageBand so after a while you build up
a little collection tools like this you
could then pick this one and you might
want to run another script that actually
did software update with that one but I
want to suggest the different strategy
the way software updates actually work
is that your computer and again I'm
talking about how it works now not the
future software update server your
computer talks to akamai or Apple or
something and gets a list of what
packages are available and then your
computer goes and downloads the ad
megabyte update and maybe all 500
computers in your building go and
download the 80
megabyte update and install it now we're
making some great progress with the
software update server for tiger but I
want to suggest a way you might like to
work around this locally software
updates are just packages there just got
PKG files like anything else let's
suppose you have a server and you put
the interesting packages that you like
on the server maybe you've got the trial
version of omni something and you've got
the apple security update put them all
in a shared folder on a server and then
you can have a little script that says
all right i want to mount that server I
want to see what packages are in that
folder and remember I'm going to do this
on every computer I want to compare that
to library receipts which is the list of
what taxes have already installed so
they don't waste any time installing a
package I've already got and then I'd
like to use the command line installer
command to grab packages off my local
server maybe the server down the hall
are in the school and install them
locally so I spend a little time messing
around with something like that and
let's see here install packages from
server this is just really a starting
point for john-boy this is tricky
hanging the back a little bit here this
is a starting point for discussion let's
say I want to look and see if anybody
has logged in and I want to exit if
someone is logged in it's kind of rude
to do a software update well if
someone's logged in and then I want to
mount this is ugly I want to mount this
server here that's the server we have
over here I want to mount it via AFP and
that's going to give me a map link
called / camp / packages or something
and then I want to go through that
amount white and for every package I see
there for every TKG I want to compare
that with what I've got in / library
receipts on this computer in other words
have I installed that package already or
not and then building up a little lips
and then for each one in the needed list
i'm going to run the installer to
install that particular package let's
give it a shot I only have I have to
mean they only have a couple of phony
packages in fact I think I only have one
phony package on my server over there
but you could certainly add other
packages of your choice commercial
applications packages that you've made
apple software updates that you
downloaded directly and if we actually
run this all those machines are in use
you notice that my script exited if the
machine was in use that was kind of
polite well let me log out a few people
where you do that logout current user
log out some people
on those computers now we'll try this
again install packages from the server
and see how far it gets this time now
here's an interesting situation nobody
was logged in so I can't do any of this
to the current user what I really should
be doing thank you for coughing it wish
you'd talked about 30 seconds ago we'd
better to do this as root rather than
the current user you can always do
things as root whether anybody's logged
in or not let's try this again here
what's going on there no Kiko well you
know it actually worked the previous
time I was doing it it actually all
needed some features have installed on
those two computers the other ones are
in use or something that's happened to
the client software what we were
discussing here probably to that log
keep a lot of property puts that need to
be a tech support guy you help me with a
double quote before what do we do now so
this is just a starting point for
discussion I think you'll find that you
could have packages stored locally to
your end users and then you as an
administrator run a script like this
once in a while that grabs the packages
and installs them rather than everybody
going and pulling them from Akamai at
the vast cost to everyone I'm plan on
cleaning the script up a little bit and
posting it on the wwc server when we're
all done look I know I know you can't
phone me about it okay so one last thing
I wanted to try here we were having a
few cocktails and gosh I'd really like
it if those two were still on here for
this little effect guys what we want to
do hang on won't let's just it never
hurts to quit remote desktop is started
again well what's writing we're gonna
take all these machines they're up and
not down here and I found the greatest
little command the other day I don't
know if you know about this dr util tray
open dr util tray whoa I can put that in
the loop
we'll go around 10 times I was doing it
infinitely before that was kind of mean
oh I need to do up here a little imac
ballet going here it's going to fail in
the machine two of the machines or the
other six are going to go thank you out
and in oh and in know that only went
around one somos was on the jaw Tron
well you know this is what I straight to
have these commands stored I was showing
this to somebody earlier I was telling
them about it I said I was going to have
all these trays I mean about by the way
this is a great script if you're in one
of our retail stores just you know go to
one of the computers and maybe my could
do with mine logging in there that would
help me the fun thing to do make it a
startup item stir something so well
they're not looking so the day reboot
and the machines all come out and go in
are you restarting those two there so i
was describing this to somebody earlier
and he said wouldn't it be great it was
great to have them coming in and out but
wouldn't be great if he could make him
do the wave ahahahaha i hate it when
people say that somebody said that to me
at lunch so i had to go and figure that
out so if you love stand by here we'll
do the wave on these imacs i'm going to
wait for two of them to come back are we
all set over there so here is a much
more elaborate script no conveniently
the machines are not arranged on the
cart in any kind of a useful order
they're all we've got the number six
number three number eight number two so
i had to write a little script that
would ask each one to look for its
position on the list and then sleep for
a certain number of microseconds
depending on its position on the list
and then open and close the tray slip
see the way
[Music]
but again thank you yeah i probably
spent more time on that than I did on
the software update server script anyway
I think I pretty much hosed these
machines in one one one way or another
and there's one thing I think assist
administrators that we all wish after we
really messed up a machine we really
wish Mike bombyx was around to help us
out of a jam yeah oh my god here Oh
thank you Steve gotta leave it up to a
systems engineer and a consulting
engineer to walk into some IMAX and do
some damage so that's why we're here so
I think that Tony and Steve's have shown
you how remote desktop has a great set
of tools for day-to-day management of
whole bunch of machines or just eight
machines that you can no longer buy so
the machines that you can still get
there's still the arduous task of doing
last deployments and oops wrong button
and there's still some challenges that
face system administrators when it comes
to deploying software onto a whole bunch
of machines you have things like
managing multiple configurations of
machines that you have lots of different
labs for different uses just having a
large number of machines to deploy
software on two machines located really
far away and you don't feel like getting
your butt off your chair and running out
to that machine and managing machine
specific settings you know sneakernet
running around each machine and getting
things all set and then yeah you got a
limited time and I'm at a time in
training and nobody has money and we all
sing the same story so there's actually
several solutions to some of these
problems first of all if you create a
master disk image of the software that's
common to all of your machines and then
couple that with black level copying and
network booting you can greatly reduce
the amount of time that it takes to get
software out onto 5100 or 32,000
machines with apple remote desktop
network disk or set startup disk command
this kind of solves a problem of dealing
with machines located remotely and then
if you can get a machine set its own
machine specific settings you spend a
lot more a lot less time
running around to each machine and a lot
more time sitting on your butt playing
quake or something so the final
challenge of course is the management of
machine specific settings and this is
where I think the Postgres database in
ard to can really be a great solution
ard solution to data management is based
on the standards based platform agnostic
web 'um web-based enterprise management
web um is essentially a technology that
provides simplified access to data about
software and hardware with remote
desktop from the admin application if
you go and choose if you get a system
information report then the web um
client web them open web aman the client
will collect machine and software data
using the system profiler frameworks and
cash that information locally hand that
information on to the ARD client and the
ARD client returns it up to the ARD
admin and that plugs it into the
database Tony's already shown you quite
a bit about the database so i won't go
into the ins and outs of the database
but i am going to show you a little bit
more about what we can do with that
database so the ARD database stores over
200 pieces of information about each Mac
it stores it in 27 different categories
based on a type of hardware or system
information most interesting to system
administrators probably is the Maxis
mental element this object has 95
attributes about each machine things
like the computer information fields
you've seen the sharing preference pane
computer name IP address machine model
in class and serial number for example
to access information from the ARD
database you could use tools like Tony
showed or you can just use the pc full
command that's in our favorite directory
remote management inside core services
and here i have an example of just some
basic syntax that will dump all the
information from the database perhaps a
more friendly way of accessing the
information is to use the functions that
are built into PHP for accessing data
from Postgres database if you were to
store your database for example on a mac
OS 10
server you could set up a PHP script
that could return an entire record about
a computer back to the client that
requested it and you could do this in
any format you want I have XML as an
example so the client could then request
the PHP script and download it using
curl and use its own mac addresses an
argument and then your PHP script can
send it back and the client can store it
in the temp directory and you can access
it on your client machines while there
are net looted or whatever and retrieve
values from that that plist file using
the default command so I've actually
built a PHP script like this much bigger
up there and you can see an example of
the kind of output that you can generate
using PHP now this I use XML formatting
because that met my requirements if
you're just using a shell script and
you're just using awkward grip and awk
is my favorite program then you could
certainly just have flat text and use
just you know a couple lines for your
output so how do we actually use the ARD
Postgres database to make deployment
easier after all that's what we're
looking for well the database is more or
less read-only however there are those
for computer information fields so that
you can plug data into and again I'm not
trying to add any worked here to your
schedule to run around and type
information to each one of these
fortunately the advent application has a
change client settings dialog to a lot
that allows you to change the data in
these fields you can do it on a per
machine basis or you can select a group
of machines and do that so select a
group of machines and then choose the
change client settings option from the
manage menu and then plug some data into
those fields and you can use data like
the the path to a disk image that you
would like to restore to the machine or
maybe the room number or the building
that the machine is in and then on the
client side and a shell script you can
use that information to either apply
that disk image to the local drive or
say set up printers based on what room
it's in finally get your database all
set up then you can initiate deployment
using apple remote
tops change startup disk and set it to
boot from your net install disk image
and get her done so here is what a
deployment can now look like with AR DS
database note that i do mention the use
of a third-party product in here however
you can use the tools that are built in
the Mac os10 necklace and syringe from
shell scripts so first thank you get
your match machine set up exactly the
way you want it use disk utility or net
restore helper to create a disk image of
your master machine stored on a file
server next use network image utility or
net restore helper to create a net
install image set that will boot up to
any type of application that will use
ASR to to do some restores finally use
apple remote desktop to tell all of your
target machines to reboot from your net
install image set when the client
machines are finished booting they
launch the ASR application the ASR
application queries the ARD database
retrieve the records specific to that
target machine the ASR application then
looks through that record pulls out the
information it needs to find the disk
image applies that disk image to the
internal drives and finally to wrap
everything up it runs some post action
scripts to apply any other machine
specific settings that were in that
machine record not quite as sexy as the
stuff Steve was doing but it's really
going to save you a lot of time our
identity so that scenario is going to
work rate for a lot of people there's
going to be some people some system
administrators however that may want to
store more machine specific data than
can be supported by those for custom
computer information fields for these
people we can go ahead and extend the
functionality of the ARD database after
all it is just a standard Postgres
database so one thing that that should
be pointed out is that the system
information
able is essentially read-only it's read
only insofar as every time you collect a
system information report any changes
that you may have made will get wiped
out so system information table is for
ARD no touchy if you want you can add
additional tables for system imaging
information I have some syntax up here
for that and then populate the database
or that table with your own machine
specific specific information there is
one other caveat though ard if it ever
has trouble accessing the database it'll
it'll try three times and if it fails
the third time it'll just wipe out the
database and start from scratch so you
may just want to create another database
instead and put say like maybe a PHP
front end on that and i'm going to
client request information from your
database your PHP script can pull that
information together and provide a back
in a unified format so if you wanted to
do something like this Mac os10 server
you would first need to install the
postgres aware version of PHP mark lion
age has a great little package installer
that makes it really simple next develop
a front-end for managing system imaging
data and a database for that and finally
develop a front-end to report on various
information from your ard system
information database sounds easy huh so
everybody run out and do that well
actually I have developed a prototype
and of course it's free and open source
so there's a great starting point for
developing something like this
thanks but I'm not done so the first
thing that I'd like to show is change
client settings so I've got to lift that
up here of these eight machines and the
change client settings dialog can
actually do a lot of things but I'm
going to go ahead and skip through these
it basically just sets any preferences
that you find in the sharing preference
pane for ARD and on the last item we can
go ahead and say these are you / just
going to use CC dash master and i will
call this north beach that's okay it's
not really going to do anything so we go
ahead and set these receiving settings
prepping changing alrighty and then we
can go ahead and gather another system
information report and I'm not quite as
picky as Tony I'm just going to grab a
new one and it'll collect that changed
information from each machine and now
your database has been updated and it's
got the new information required to do
whatever you need to do to that lab so
of course you would need some
client-side scripts in your net install
image set that would do something with
this data I'm actually not going to
cover that what I will cover and I don't
really need to change this
so again just for thoroughness for raw
postgres access you just use the imdb
bundle the commands within there and run
a standard sequel query get lots and
lots of data this isn't really very
useful for us so what we can do instead
is you allow our ard database the excess
by the local host by a PHP and to do
that you can modify those files that
Tony was mentioning or I actually just
released this yesterday is called Adam
alpha remote desktop database access
manager you click a button and it
enables vocalist access just a little
quick and dirty guy next write yourself
some PHP scripts and this is a pretty
simple one right here it basically will
just return an entire record from the
ARD database or not there it is so this
is actually pretty short but basically
just loops to that data for each of
those system information elements and
returns that data back to the client so
finally when you get your entire PHP
database solution are all set up and
looking pretty you can set up groups and
here i have a group of computers this is
eight computers over here and this
particular script will report back from
two databases from the net restore
database that i created and from the ARD
database that already exists so what we
have here is a summary of information
from the ARD database if you want to get
more information you can click a link
and it returned data for that computer
look a nice and pretty
and then we can also use this for
management and that's that's the most
exciting part so right now you can see
that all of these computers well first
of all these are the the preferences for
net restore if you recognize them right
now everything's set to know and there's
no configuration but we can go ahead and
say apply some parameters to this
specific machine or I can go in here and
I could say apply these parameters to
all of these machines restore the WWDC
master to the first drive available it's
updated my database and now he or d
doesn't have quite enough cowbells and
sound effects does it he's going to work
on it so we can go ahead and and and
typically I would just use the set
network startup disk and tell all the
machines to reboot from Annette install
server but I don't have a net install
server here so I will simulate it by
copying out net restore to each machine
and open it up cute look let me delete
this task
why don't we do that
alright let's try this again copy item
and then if we take a look at one of
these machines ouch well in the final
release it'll work great but essentially
essentially this is what it's going to
look like the machine will come up and
actually fortunately wouldn't do a it's
probably because I unable to fully
automate but it automatically put pic
WWE seamaster and I've got my my imaging
information all of my options and it
would have just gotten or done you know
a few clicks of a button and your
machines are reimaged so that's it
coming soon to a version tracker near
you later oh now that's it alright so
just we can get more information on a
documentation for the product and who to
contact so you can contact me for the
products with some information as well
as Jason skip from a developer relations
perspective