##################### # # D3 configuration. # # This file should be stored at /etc/d3.conf # on all d3 clients and d3admin machines. # # When the D3 module is loaded, this file is read into a # D3::Configuration instance stored in the constant D3::CONFIG # # The file format is one attribute per line, thus: # # attr_name: value # # Lines that don't start with a known attribute name followed by a colon # are ignored. If an attribute is defined more than once, the last one wins. # # Known attributes are listed and defined in the d3.conf.default file # in the rubygem folder's data folder # (e.g. /Library/Ruby/Gems/2.0.0/gems/depot3-3.0.0/data/d3.conf.default) # # The conf file may be edited with any text editor, however developers should # look at the manipulation methods in the D3::Configuration class. # ### - log_file ### the path to the file to which d3 writes log data, ### ### If you leave this blank: ### defaults to "/var/log/d3.log" ### log_file: ### - log_level ### one of 'fatal', 'error', 'warn', 'info' or 'debug', ### ### If you leave this blank: ### defaults to info ### log_level: ### - log_timestamp_format ### the strftime format string to apply to the log entries, ### for example: %b %d %Y %H:%M:%S ### ### If you leave this blank: ### defaults to "%Y-%m-%d %H:%M:%S", e.g. "2016-04-01 13:45:02" ### log_timestamp_format: ### - client_jss_ro_user ### the name of a JSS API user that has enough read-only ### API access for d3 to work. ### ### If you leave this blank: ### Will use the api_username from /etc/ruby-jss.conf ### client_jss_ro_user: ### - client_jss_ropw_path ### ### *** REQUIRED *** ### ### This value can be: ### ### - A Path: ### The path to a file containing the password for the client_jss_ro_user. ### The file should contain nothing but the password. Trailing whitespace ### is stripped. ### For security, the file MUST be owned by root with permissions mode 0600 ### (-rw-------) or else a fatal error occurs when d3 tries to read it. ### ### Example: /Library/Application Support/d3/client_jss ### (the password is read from the file ### /Library/Application Support/d3/client_jss) ### ### - A command to execute ### If the value ends with a pipe '|' it is assumed to be a shell command ### that will return the passwd via its standard-output. The pipe is ### removed and the command is executed. ### ### Example: /usr/local/sbin/pwgetter jss-api-ro| ### (executes the command `/usr/local/sbin/pwgetter jss-api-ro` ### and reads the passwd from its stdout) ### ### The file is read, or command executed, as needed, and the result is ### never stored in a variable. Developers: please do likewise. ### ### ### If you leave this blank: ### d3 clients will be unable to connect to the JSS ### client_jss_ropw_path: ### - client_db_ro_user ### ### the name of a MySQL user that has enough access to the ### jamfsoftware MySQL database for d3 to work. ### ### ### If you leave this blank: ### will use the db_username value from /etc/ruby-jss.conf client_db_ro_user: ### - client_db_ropw_path ### ### *** REQUIRED *** ### ### Access to the password for the client_db_ro_user ### ### See client_jss_ropw_path, above ### ### If you leave this blank: ### d3 clients will be unable to connect to the database ### client_db_ropw_path: ### - client_distpoint_ropw_path ### ### *** REQUIRED *** ### ### Access to this machine's Casper distribution point's ### filesharing service ### ### See client_jss_ropw_path, above ### ### ### If you leave this blank: ### d3 will be unable to download packages from ### fileserver distribution points ### client_distpoint_ropw_path: ### - client_http_ropw_path ### ### *** REQUIRED *** ### ### Access to the password for http downloads from this ### machines Casper Distribution point. ### ### See client_jss_ropw_path, above ### ### ### If you leave this blank: ### d3 will be unable to use http for downloading packages ##3 if a password is required. client_http_ropw_path: ### - client_try_cloud_distpoint ### If there's a cloud distribution point available in the JSS ### and the fileshare dist.point for the client isn't reachable, ### should we try the cloud? Use "true" or "false" ### ### If you leave this blank: ### defaults to false ### client_try_cloud_distpoint: ### - client_prohibited_admin_names ### A comma-separated list of names not allowed to be the 'admin' ### for the d3 --admin option. ### ### If you have a single admin-acct name on all your computers, ### you might include it here, so that it can't be used for d3 actions, ### helping keep track of who did what. ### ### If you leave this blank: ### defaults to 'root, auto-installed' ### client_prohibited_admin_names: ### - client_expiration_allowed ### Are pkgs allowed to expire on this machine? ### Use "true" or "false" ### ### If you leave this blank: ### defaults to false ### client_expiration_allowed: ### - client_expiration_policy ### the id, name, or custom trigger for the policy to be run after ### a 'd3 sync' expires any packages. The space-separated list of ### editions expired will be available in the environment variable ### D3_FINISHED_EXPIRATIONS during the policy execution ### ### If you leave this blank: ### No policy will be executed after packages are expired ### client_expiration_policy: ### - puppy_notification_policy ### the id, name, or custom trigger for the policy to run when a package is ### added to the puppy-queue for installation at the next logout. ### ### This policy should notify the user to log out as soon as possible ### to install the items. The space-separated list of editions to be installed ### will be available in the environment variable D3_NOTIFYING_PUPPIES while ### the policy is running ### ### If you leave this blank: ### Users will not be notified when items are awaiting logout. ### puppy_notification_policy: ### - puppy_notification_frequency ### the number of days to wait between runs of the puppy_notification_policy. ### ### Zero means notification policy is never run. ### -1 means notification policy is run every time something's added to the ### queue. ### ### BE CAREFUL. A single d3 sync could add several things to the queue. ### ### ### If you leave this blank: ### Default is 7 ### puppy_notification_frequency: ### - puppy_last_notification ### The last time the notification policy was successfuly run. ### ### This value is updated automatically, and you shouldn't change it ### without great care. ### ### If you leave this blank: ### the world is good. You SHOULD leave this blank ### puppy_last_notification: ### - puppy_reboot_policy ### The id, name, or custom trigger of a policy run by puppytime after all ### installs are finished, instead of performing 'shutdown -r now' to reboot. ### ### If a policy is set here, it MUST perform a reboot. ### ### Use this to do authenticated reboots, since d3 itself can't do them. ### ### This policy should not do too much, since the ### underlying OS may be in an unknown state until the reboot. ### ### If you leave this blank: ### the machine will reboot with 'shutdown -r now' after puppytime ### puppy_reboot_policy: ### - puppy_notify_image_path ### the path to an image to use in the puppy notification display ### (if you use the d3helper command to do the puppy notification ### from the notification policy) ### ### If you leave this blank: ### ### the default is ### /Library/Application Support/d3/puppytime/notification_image ### (with no extension) ### puppy_notify_image_path: ### - puppy_optout_seconds ### The number of seconds to wait, with an option to cancel, before ### starting the puppy installs. ### ### If you leave this blank: ### Defaults to 30 ### puppy_optout_seconds: ### - puppy_optout_text ### The text to display in the puppy window during the ### optout period. ### ### If you leave this blank: ### ### Defaults to: ### Software updates will start when you click OK, ### or when the timer runs out. ### Click cancel to postpone till next logout ### puppy_optout_text: ### - puppy_optout_image_path ### The image to display during in the puppy window during the ### optout period. ### ### If you leave this blank: ### ### Defaults to ### /Library/Application Support/d3/puppytime/opt_out_image ### puppy_optout_image_path: ### - puppy_slideshow_folder_path ### The path to the folder of slideshow images. ### ### If puppy_display_captions is true the names of the image files ### are used as the captions under the displayed images, with ### the filename extension is removed. ### ### If you leave this blank: ### ### Defaults to ### /Library/Application Support/d3/puppytime/slideshow ### puppy_slideshow_folder_path: ### - puppy_display_captions ### If true, the file names of the images will be displayed ### with the image during the slide show, after having any ### filename extention (like .jpg) removed. They are displayed ### in larger text at the top of the window. (jamfHelper's ### 'Heading' ) ### Use 'true' or 'false' ### ### If you leave this blank: ### ### Defaults to 'false' ### puppy_display_captions: ### - puppy_no_captions_text ### If puppy_display_captions is false, this text is ### displayed instead. ### ### If you leave this blank: ### ### Defaults to "The puppies are..." ### puppy_no_captions_text: ### - puppy_image_size ### The maximum pixel size of the images in the slideshow ### ### If you leave this blank: ### ### Defaults to 250 ### puppy_image_size: ### - puppy_title ### The title in the titlebar of the puppy window. ### ### If you leave this blank: ### ### Defaults to "PuppyTime!" ### puppy_title: ### - puppy_display_secs ### The number of seconds each slide is displayed in the slideshow. ### Don't make this too long, since the window needs to refresh to update ### the status of the process. ### ### If you leave this blank: ### ### Defaults to 8 ### puppy_display_secs: ### - jss_default_pkg_category ### The default JSS category to use for packages added to d3 ### ### If you leave this blank: ### ### Defaults to none ### jss_default_pkg_category: ### - jss_default_script_category ### The default JSS category to use for pre- and post- scrtips ### added to d3 ### ### If you leave this blank: ### ### Defaults to none ### jss_default_script_category: ### - notification_image_path ### the path to a directory of images that can be randomly selected ### for various jamf_helper prompts from d3. ### ### If you leave this blank: ### ### the default is ### /Library/Application Support/d3/notification_images/ ### ### If this folder is empty, do not fret. ### jamf_helper prompts will still function without images. ### notification_image_path: ### - admin_make_live_script ### The id or name of an existing Casper script to execute when ### a package is made live. ### ### The original use-case is for the script to send an email announcement ### about the now-live package to an appropriate audience. ### ### Following environment variables are set during script execution ### - D3_MAKE_LIVE_EDITION: the pkg edition ### - D3_MAKE_LIVE_ADMIN: the admin making it live ### - D3_MAKE_LIVE_DESC: the description of the pkg ### - D3_MAKE_LIVE_AUTO_GROUPS: the auto-groups, as a comma-sepated string ### - D3_MAKE_LIVE_EXCL_GROUPS: the excluded groups, as a comma-separated string. ### ### NOTE: This script runs only on the machine where d3admin is making the ### package live, and it runs as the user who is running d3admin. It is ### NOT run as root, nor with the 'jamf runScript' command of the jamf binary. ### Instead, the script code is copied to a local temp file, made executable ### (only by the user running d3admin), executed, and then deleted. ### ### So make sure it doesn't need root privileges for anything. ### ### If you leave this blank: ### nothing will happen when a package is made live. ### admin_make_live_script: ### - admin_auto_clean ### When a package is made live, should older skipped and deprecated packages ### of the same basename be deleted? ### ### If true, some or all older packages will be deleted. ### See admin_auto_clean_keep_deprecated and ### admin_auto_clean_keep_latest_pilots below ### ### Delete Options: ### ### - Associated pre- and post- scripts for the deleted packages WILL ### also be deleted, but ONLY if they aren't in use by some other package, ### or Casper policy. ### ### - The package will NOT be kept in the JSS. ### ### Use "true" or "false" ### ### If you leave this blank: ### defaults to false ### admin_auto_clean: ### - admin_auto_clean_keep_deprecated ### When admin_auto_clean is true (see above), keep some number of ### previously-live packages around as 'deprecated' packages. ### ### This value is an integer representing the number of previously-released ### packages of the same basename should be kept in d3 as "deprecated". ### ### The default is zero, auto_cleaning (if used) will delete all older packages ### when a new one is made live. ### ### If you leave this blank: ### No deprecated packages will be kept if admin_auto_clean is true. ### admin_auto_clean_keep_deprecated: ### - admin_auto_clean_keep_latest_pilots ### When admin_auto_clean is true (see above), ### AND admin_auto_clean_keep_deprecated is greater than 0 (see above) ### ### Should unreleased packages between the newly-live one, ### and the newly-deprecated one be kept as "skipped"? ### Use 'true' or 'false' ### ### If you leave this blank: ### defaults to 'false' - no unreleased packages are kept ### admin_auto_clean_keep_latest_pilots: ### - report_receipts_ext_attr_name ### The name of a Computer Extension Attribute populated with the output of ### `d3helper --rcpts-for-ea` ### ### That output is a subset of data (in JSON) about the d3 receipts installed ### on each client computer. It is used by the d3admin utility for generating ### reports about what's installed on clients. ### ### If the Ext Attr is not used, then Caspers inventory data about installed ### casper receipts is used, but the report detail is limited. ### ### If you leave this blank: ### The reports from `d3admin report` will not contain data about ### frozen receipts, or receipt install-time or admin. ### report_receipts_ext_attr_name: ### - report_puppyq_ext_attr_name ### The name of a Computer Extension Attribute populated with the output of ### `d3helper --puppyq-for-ea` ### ### That output is a subset of data (in JSON) about the pending d3 ### logout-installs on the client. ### ### It is used by the d3admin utility for generating reports about clients. ### If unused, no puppyqueue reporting is available. ### ### If you leave this blank: ### the `--queue` option to `d3admin report` will not work ### report_puppyq_ext_attr_name: ### - report_db_server ### The hostname or IP address of separate MySQL server from which to ### generate installed-pkg-reports in d3admin. ### ### This allows for using a MySQL replica to do heavy-duty reporting, without ### impacting performance on the production JSS server. ### ### It needs to have the same SQL user, password and access as for read-write ### access to the production database, however on this sql server, the user's ### permissions should be read-only ### ### If you leave this blank: ### The primary MySQL db server defined in /etc/ruby-jss.conf ### will be used for all report queries. ### report_db_server: