nudge icon indicating copy to clipboard operation
nudge copied to clipboard

Published 20 hours ago verified publisher icon macadmins

Automatic Mode

Open dechkovanen opened this issue 4 years ago • 7 comments

There should be an automatic mode for Nudge that automatically "nudges" any updates as they are released. This would be a great complement to update deferrals set by an MDM and would allow "deploy and forget" type of deployment, when the only requirement would be to make sure all published updates are being installed in a timely manner and possible deferrals would be done via MDM.

There would only be a single required preference for entire app; automaticMode, if set to true. This could reside under optionalFeatures. However, if not set or set to false, require other preferences as per current behavior. Basically, when in automatic mode, any settings under osVersionRequirements would be ignored but all the other settings would apply.

There would also be an additional preference automaticModeForceAfter which defines how many days are allowed before the update is forced (i.e. set required install date to current date plus this many days). If not set, there would be a default of e.g. 7 or 14 days.

The flow could be as follows:

  1. Nudge checks if automaticMode is set to true – if false or not set, proceed with current behavior.
  2. Nudge checks if any updates are available via softwareupdate
  3. If yes, set they key automaticModeUpdatesPending to true in ~/Library/Preferences/com.github.macadmins.Nudge.plist – if no updates are available, clear the key if present and quit
  4. Check if the key automaticModeRequiredInstallationDate is already set in ~/Library/Preferences/com.github.macadmins.Nudge.plistif yes, skip the next step
  5. Read the value from automaticModeForceAfter or use default value, then set key automaticModeRequiredInstallationDate in ~/Library/Preferences/com.github.macadmins.Nudge.plist to current date plus the days defined in the value. (This key should also be cleared in step 3 if no updates are available.)
  6. Read the rest of the preferences (inc. user deferrals etc.) or use defaults and start the nudge event accordingly

Additional bonus feature would be that in automatic mode, Nudge would not right away enter aggressive mode when a user returns from a long vacation and there have been required updates in the meantime, since the required install date is dynamic.

This is slightly quick and dirty but fancier execution can be implemented in future versions, like having separate delays for minor/major updates etc.

dechkovanen avatar Sep 28 '21 07:09 dechkovanen

This comes up every now and then (https://github.com/macadmins/nudge/issues/181) and I've stayed that I'm unlikely to implement this.

As you've documented, I would have to do all of these actions just to save an admin a few minutes per year to update the JSON/MDM profile.

Since this continues to come up, I will leave this open, but I'm marking it as unlikely to implement. I think the burden on me is far more significant than the few minutes per nudge event, and through the years we have learned how undocumented softwareupdate is. I have watched how Greg Neagle has had to adapt multiple times per year to keep up the code logic and it's something I have no interest in replicating.

erikng avatar Sep 28 '21 10:09 erikng

I understand your point, let me share mine. The situation gets a whole different when we get into MSP territory, where an admin must operate multiple different customer scenarios with different defer times, with multiple different MDMs (or no MDM in some cases - a real pain in the you-know-where), AND try to make sure that most of the minor updates actually get installed, not just the major ones. Including security updates, Safari updates, the likes. Too often our only tools are angry emails accompanied by thoughts and prayers.

With all that, the maintenance overhead actually does add up pretty quickly and the "few minutes per year" actually easily become hours and hours of reading documentation and updating various mobileconfigs, sometimes several times per month. I do get it if it's just downright impossible to implement feasibly and I shall then submit to my destiny, but we are definitely talking about days per year, not minutes.

dechkovanen avatar Sep 28 '21 11:09 dechkovanen

We had a similar request earlier. We've worked around this by creating the configuration profile based on a Github action that runs every day. It checks for updates and if found it wil recreate the configuration profile and publish to Jamf for the machines to digest.

coolbluemelvin avatar Sep 28 '21 11:09 coolbluemelvin

I thought of something similar, however as it must be compatible with any MDM or no MDM at all, the best I could think of is host my own JSON files with different defer times and have the configs refer to those.

dechkovanen avatar Sep 28 '21 11:09 dechkovanen

Along these lines, I'd put together nudge-automatic-update, a script that accomplishes this in a way. Right now it's probably best used with no deferral profile, or with some additional work in setting a trigger that waits to run the script until X days past an update's release. This kind of functionality seems best left to scripts like this, instead of being built-in to Nudge. The flexibility of using a JSON file creates an easy way to accomplish this kind of fully automated software update definition project.

adamselby avatar Nov 01 '21 04:11 adamselby