Home

Awesome

Overview

Plan B is a remediation program for managed Macs. It is meant to be run to re-install other management software.

Features

Usage

First, create a Web server which will host disk images containing a single .pkg package file on each .dmg disk image file.

There is a shell script included in this directory to generate a public-key infrastructure, if one is not already in place. There are also many excellent guides and programs, like easy-rsa, available online.

If the server has enabled client certificate authentication, first install the client certificate and private key to system keychain. You may first need to convert them to PKCS#12 format with something like, openssl pkcs12 -export -in client.crt -inkey client.key -certfile ca.pem -out client.p12. Otherwise, the program will perform server certificate validation only.

Compiling Plan B requires a modern version of Xcode, available from Apple's Developer site.

The planb binary must be run as root in order to install packages. It will run on its own without any external dependencies.

Deployment

It is recommended to create a simple script to determine the health of the machine, for example by checking the last successful run date of the primary management software, and running Plan B if the condition is not met. This script can then be started periodically as a system launch daemon.

Have a look at the planb_check shell script and the com.megacorp.planb.plist launch daemon property list for an example.

In our environment, we have a wrapper tool for Puppet, which verifies the configuration run was successful and updates the timestamp on a file. We track this in planb_check and base the decision to kick off planb from it.