Timed Automatic Shutdown With Notification and Client Opt-out

Note: I realize that parts of this script extend beyond the viewable area.  I am considering changes to the site formatting to prevent this in the future, but I have found that if you select the script text in Safari and copy it, the text beyond the viewable area will be captured.

I was recently confronted with a scenario…

  • Client Macs are required to shut down or restart daily at a predetermined time.
  • Clients who are still working at this time should be able to opt out of the shut down.
  • If a client opts out, the event should be cancelled and not recur until the following day.

I solved this problem with a shell script that uses osascript to display the GUI dialog.  The script can be delivered via a policy using The Casper Suite, or by creating a launchd item.

Note that Casper Suite users can declare parameter variables instead of static values if they wish to handle variable assignment through the Casper Suite.

The script follows…

#!/bin/sh

##### HEADER BEGINS #####
# timedForcedShutdown.sh
#
# Created 20050508 by Miles A. Leacy IV
# miles.leacy@themacadmin.com
# Last modified 20050508 by Miles A. Leacy IV
# Copyright 2009 Miles A. Leacy IV
#
# This script may be copied and distributed freely
# as long as this header remains intact.
#
# This script is provided "as is".  The author offers no warranty
# or guarantee of any kind.
# Use of this script is at your own risk.  The author takes no
# responsibility for loss of use, loss of data, loss of job,
# loss of socks, the onset of armageddon, or any other
# negative effects.
#
# Test thoroughly in a lab environment before use on production systems.
# When you think it's ok, test again.  When you're certain it's ok,
# test twice more.
#
# This script will help to enforce a mandatory reboot or shut down.
#
# If no console user is logged in, the script will execute the command
# stored in the $shutdownAction variable.
#
# If a console user is logged in, a dialog is displayed informing the user
# of the number of minutes until shutdown followed by a configurable
# message stored in $notificationMessage.  The dialog contains two buttons.
#
# Clicking the "Postpone" button will cancel shutdown/reboot.
#
# Clicking the "Shut Down" button will execute the command
# stored in the $shutdownAction variable.
#
###########

###########
# Declare Variables
# Edit this section to change the script parameters
###########

minutesN=30
# Number of minutes to count down before shutdown

shutdownAction="echo The system would shut down now."
# The default echo command above is for testing purposes.
# Change to "shutdown -r now" to reboot
# Change to "shutdown -h now" to shut down

notificationMessage="Please save any files you are working on.nn
Click Shut Down to shut down immediatelyn
Click Postpone to postpone shut down until tomorrow evening."
# This message will appear in the initial dialog box following
# This computer is scheduled to $shutdownPhrase in $minutesN minutes.

shutdownPhrase="Shut Down"
# This variable should contain either "Shut Down" or "Restart"
# depending on the value of $shutdownAction.  This string will appear
# in the dialog and will determine the name of the button that causes
# $shutdownAction to be executed.

postponeAlert="Automatic shutdown has been postponed until tomorrow."

###########
# Script Body
# Do not edit below this line
###########

# If no user is logged in at the console, shut down immediately
consoleUser=`/usr/bin/w | grep console | awk '{print $1}'`
if test "$consoleUser"  == ""; then
$shutdownAction
fi

function timedShutdown {
button=`/usr/bin/osascript << EOT
tell application "System Events"
	activate
	set shutdowndate to (current date) + "$minutesN" * minutes
	repeat
		set todaydate to current date
		set todayday to day of todaydate
		set todaytime to time of todaydate
		set todayyear to year of todaydate
		set shutdownday to day of shutdowndate
		set shutdownTime to time of shutdowndate
		set shutdownyear to year of shutdowndate
		set yearsleft to shutdownyear - todayyear
		set daysleft to shutdownday - todayday
		set timeleft to shutdownTime - todaytime
		set totaltimeleft to timeleft + {86400 * daysleft}
		set totaltotaltimeleft to totaltimeleft + {yearsleft * 31536000}
		set unroundedminutesleft to totaltotaltimeleft / 60
		set totalminutesleft to {round unroundedminutesleft}
		if totalminutesleft is less than 2 then
			set timeUnit to "minute"
		else
			set timeUnit to "minutes"
		end if
		if totaltotaltimeleft is less than or equal to 0 then
			exit repeat
		else
			display dialog "This computer is scheduled to " & "$shutdownPhrase" & " in " & totalminutesleft & " " & timeUnit & ". " & "$notificationMessage" & " " giving up after 60 buttons {"Postpone", "$shutdownPhrase"} default button "$shutdownPhrase"
			set choice to button returned of result
			if choice is not "" then
				exit repeat
			end if
		end if
	end repeat

end tell
return choice
EOT`
if test "$button" == "Postpone"; then
	`osascript << EOT
          tell application "System Events"
	  activate
	  display alert "$postponeAlert" as warning buttons "I understand" default button "I understand"
          end tell`
        else
        $shutdownAction
	exit 0
fi
}

timedShutdown

 

Script: Create Mirrored RAID Volume

As of late, I have been tasked with managing Mac servers.  Since a Mac server is really only slightly different than a Mac client, I use the same general methodologies and tools to manage them.  My Xserve hardware standard includes three identical hard disks.  What follows is a script intended to be used with the Casper Suite as a “before” script in a configuration.  It will create a mirrored RAID volume from two of the three drives.

#!/bin/sh
#
##### HEADER BEGINS #####
# scr_sys_createServerMirror.sh
#
# Created 20081230 by Miles A. Leacy IV
# miles.leacy@themacadmin.com
# Modified 20090421 by Miles A. Leacy IV
# Copyright 2009 Miles A. Leacy IV
#
# This script may be copied and distributed freely
# as long as this header remains intact.
#
# This script is provided "as is".  The author offers no warranty
# or guarantee of any kind.
# Use of this script is at your own risk.  The author takes no
# responsibility for loss of use, loss of data, loss of job,
# loss of socks, the onset of armageddon, or any other
# negative effects.
#
# Test thoroughly in a lab environment before use on production systems.
# When you think it's ok, test again.  When you're certain it's ok,
# test twice more.
#
# This script creates a mirrored RAID volume from the first two internal
# disks found.
# It is intended for use on Xserves with two or more identical internal disks.
# Run as a "before" script when imaging with The Casper Suite.
#
##### HEADER ENDS #####
i=0
diskcount=0

while [ $diskcount -lt 3 ]; do
if [ `diskutil info disk$diskcount | grep Internal | grep -c Yes` -gt 0 ] ;then
	if [ $i -eq 0 ] ; then
		raiddisk1=disk$diskcount
	fi
	if [ $i -eq 1 ] ; then
		raiddisk2=disk$diskcount
	fi
	let i++
fi
let diskcount++
done

diskutil createRAID mirror Server HD JHFS+ $raiddisk1 $raiddisk2

Script: Enable SSH & Limit to Admin Group

I’m always looking for ways to get to zero-touch deployment with less effort.  In that vein, I threw together this script which can be deployed as an “at reboot” script in a Casper configuration.  Using this prevents you from having to go into your base image and manually configure ssh.  The script can also be run locally on an existing machine that doesn’t have ssh enabled or limited to the admin group.  It may work with other imaging tools, but remember to test thoroughly.  This script has only been tested with Mac OS X version 10.5.6.

#!/bin/bash

##### HEADER BEGINS #####
# scr_sys_turnOnSshLimitToAdmin.bash
#
# Created 20090320 by Miles A. Leacy IV
# miles.leacy@themacadmin.com
# Modified 20090320 by Miles A. Leacy IV
# Copyright 2009 Miles A. Leacy IV
#
# This script may be copied and distributed freely
# as long as this header remains intact.
#
# This script is provided "as is".  The author offers no warranty
# or guarantee of any kind.
# Use of this script is at your own risk.  The author takes no
# responsibility for loss of use, loss of data, loss of job,
# loss of socks, the onset of armageddon, or any other negative effects.
#
# Test thoroughly in a lab environment before use on production systems.
# When you think it's ok, test again.  When you're certain it's ok,
# test twice more.
#
# This script turns on remote login (ssh) and activates a SACL to
# limit access to members of the admin group.  It is intended to be used
# on a fresh image where ssh has not been enabled or limited previously.
#
# Run as an "at reboot" script when imaging with Casper.
#
##### HEADER ENDS #####

# Turn on remote login
systemsetup -setremotelogin on

# Create the com.apple.access_ssh group
dseditgroup -o create -q com.apple.access_ssh

# Add the admin group to com.apple.access_ssh
dseditgroup -o edit -a admin -t group com.apple.access_ssh

 

Expect more scripts and tips on building a zero-touch deployment in the future.

iPhone OS 3.0: The Medical Tricorder

So, there are about a bazillion blogs talking about the iPhone update.  I don’t have any exclusive insider info.  I’ll spare you the details you’ve already read about 3,000 times by now.  What I want to talk about are possibilities for the medical field.

One image that stuck in my head from the Apple presentation was one of a sphygmomanometer (blood pressure cuff) plugged into an iPhone.  Then, when the Johnson & Johnson representative described the blood glucose meter, I was struck by the possibilities.  A doctor equipped with an iPhone (or iPod Touch) can get multiple vital sign readings in a digital device which can upload that data to a database, which could be encoded in some sort of national health database, or encoded in a chip inside a MedicAlert style bracelet.  This way, all of the data from your last checkup is instantly available to doctors or emergency medical personnel.  Apple may have just enabled the creation of Dr. McCoy’s medical tricorder.

What’s great about this is that it’s a relatively inexpensive consumer device.  For the cost of a desktop or laptop Mac (with an Xserve as a desirable, but not strictly necessary, option), an iPhone or iPod touch, some medical peripherals for the mobile device, and the services of a system integrator, a doctor can have this system set up fairly quickly and inexpensively.  Over time, the cost of these systems should be less than the square footage needed to store those immense filing cabinets of patient records found in doctors’ offices.  As long as all data is stored in open standards compliant systems, the data will be portable to other doctors, hospitals EMTs, or whomever needs access to the info.

A Perfect Storm For Apple

I think the world is about to experience an Apple explosion. If you’re an Apple fan or professional, you might be saying to yourself, “What, Apple isn’t already exploding by dominating the music player market, capturing 12.9% of the smartphone market (according to PC World) in under two years after entering it, and posting record sales while Microsoft announces its first-ever layoffs and almost every PC maker is losing business?” To that I say, maybe they are, but I expect the explosion to get even bigger.

I think the world is about to experience an Apple explosion.  If you’re an Apple fan or professional, you might be saying to yourself, “What, Apple isn’t already exploding by dominating the music player market, capturing 12.9% of the smartphone market (according to PC World) in under two years after entering it, and posting record sales while Microsoft announces its first-ever layoffs and almost every PC maker is losing business?”  To that I say, maybe they are, but I expect the explosion to get even bigger.

I say it’s a “perfect storm”, and frankly, I feel a little dirty using a buzzword that’s often tossed around frivolously, but I believe it applies here.  Consider the following:

  • We’re experiencing what the popular news media refers to as “the worst economic conditions since the Great Depression”.
  • Companies are looking to save money in order to survive.
  • A Mac’s total cost of ownership can be half that of a Windows PC, according to CIO Magazine.
  • Consumers and businesses have become soured on the Vista debacle.
  • With the next major iteration of Mac OS X, code named Snow Leopard, Apple is taking the time to tweak and fix their OS rather than slap on a bunch of shiny new features.  This will just widen the stability, security and ease of use divides that separate Mac OS X from Windows.
  • There is at least one shiny new feature in Snow Leopard.  Apple has announced “out-of-the-box support for Microsoft Exchange 2007 built into Mail, Address Book, and iCal.”  This promises to be a joy for employees at organizations where Exchange is entrenched in the infrastructure who have had to put up with the inadequacies of Entourage.

Further, an ITIC/Sunbelt Software survey released in December 2008 delivers some good news for Apple in the near future.

  • 68% of the companies surveyed plan to allow their employees to use Macs as their corporate desktops.
  • Half of the respondents intend to increase adoption of iPhones and other Apple consumer products.

I think the best is yet to come for Apple and for those of us who manage and support their products for a living.

 

References:
PC World on Smart phone market share
CIO Magazine on Mac TCO
ITIC/Sunbelt Software Survey Press Release