Backblaze Mass Silent Install with Jamf (Mac)

The Backblaze installer can be deployed silently using Jamf, a managed software installation tool (https://www.jamf.com). For installations on Apple Mojave (and beyond), there is an additional step of distributing a configuration to allow the Backblaze client full access to the disk. This process is documented here.

The following instructions are for macOS deployments and will allow your group administrator to create Backblaze accounts for each computer, to backup each of those computers, and to have those accounts all be managed under one Backblaze group. 

 

Prerequisites:

Jamf Setup

  • Jamf Pro server (formerly JSS) is either hosted on a server or in the Jamf Cloud.

  • Jamf Pro - this suite includes tools such as Jamf Admin/Imaging/Remote, Composer and Recon (these tools were formerly known as Casper tools).

  • Before you start, please make sure that you have a good understanding of how a Jamf policy is set up, how to set up a script for a Jamf policy, and how to set up environment variables in the policy that will be passed into the script when the script is executed on the remote machine. Jamf provides detailed documentation regarding policy configuration.

Backblaze Setup

  • A Backblaze account set up for the admin with the groups service enabled.

  • A group has been created in the Backblaze account.

    We strongly encourage the admin to edit the group properties of the group to automatically approve membership requests. This can be done in the Group Management area of the group admin account by clicking Edit Group button, checking the box for Automatically approve member requests from ANY domain, and clicking the Update Group button. Or input your company domain name into the Automatically Accepted domains section and click the Update Group button.

    If desired, this setting can easily be disabled after the mass deploy is completed.

  • The admin knows the group ID and group token.

    The group ID and group token values can be found by:
    • Signing in to the group admin’s Backblaze account.
    • Go to the Invite & Approve page. Select the appropriate group from the pull down list.
    • Click on the Advanced Instructions button in the Advanced Deployment section.
    • Under Advanced Deployment Instructions, choose the Mac tab.

      The group ID and group token are listed in the example usage command. In the listed example, the backblaze installer is shown with several flags, one of which is the “-createaccount” flag, which takes 4 parameters. The last two parameters are the group ID and the group token.

      For example, if you see this:

      sudo /Volumes/Backblaze\ Installer/Backblaze\ Installer.app/Contents/MacOS/bzinstall_mate -nogui -createaccount user@corp.com password-goes-here 11001 wdloryiyqyrmnizvy54q7lar27

      the group ID is 11001 and the group token is wdloryiyqyrmnizvy54q7lar27.

  • Download the Backblaze installer for Mac, install_backblaze.dmg (which can be found here).

Setting up Jamf to deploy Backblaze on Mac:

  • Create an API User Account for BackBlaze to complete API call

    Give the account only read access to “Users”


  • Upload the Backblaze Silent Install script into Jamf Pro server repository (JSS)

    Update our sample Backblaze Silent Install script with the exact url of your JSS and with your username:password pair (the user that has read privileges to “Users” in your system).

    Here is our sample Backblaze Silent Install script.

 

#!/bin/bash

#These are for debugging
set -x
set -euo pipefail

backblaze_grpID="$4"
backblaze_grpToken="$5"

#By default $3 is the username parameter for scripts in Jamf

userName="$3"
response=$(curl https://myjss.com/JSSResource/users/name/$userName --user username:password)


#Jamf API’s can return XML or JSON, this parses and grabs the email from XML.
emailAddr=$(echo $response | /usr/bin/awk -F'<email_address>|</email_address>' '{print $2}')
echo About to run the Backblaze installer with this command:


#Note the directory to which your Backblaze installer is installed can be specified within the policy, JAMF default for the policy is to run on boot drive

echo /Applications/Backblaze\ Installer.app/Contents/MacOS/bzinstall_mate -nogui  -createaccount "$emailAddr" none "$backblaze_grpID" "$backblaze_grpToken"

/Applications/Backblaze\ Installer.app/Contents/MacOS/bzinstall_mate -nogui  -createaccount "$emailAddr" none "$backblaze_grpID" "$backblaze_grpToken"

echo Finished running Backblaze silent installer

 

  • Upload the Backblaze Installer dmg file into Jamf Pro server repository (JSS)

  • Create the Policy

    • Create a new policy (i.e. Backblaze)
    • Set trigger as desired
    • Specify the path where the Backblaze dmg will be mounted, i.e /Applications
    • Add install_backblaze.dmg as a package in this policy
    • Add the Backblaze Silent Install script as a script in this policy. The Backblaze Silent Install script is to be run as part of executing the Jamf policy on each remote computer. This allows the script to run with root privileges which are essential to ensuring that the Backblaze installer will run correctly.
    • Set the environment variables $4 and $5 which will be used by the script. This is the mechanism through which the script determines the Backblaze group ID and key. Use “Group ID” for the name of parameter 4 and use “Group Token” for the name of parameter 5.
    • Upload an icon if desired (helpful for Self-Service; the icon is provided inside the .dmg file, in Contents/
      Resources/BzLogo.icns)
    • Set scope as desired

  •  Jamf client

    The Jamf client must be registered on each remote computer so that the username variable is set. This is the mechanism by which the script’s variable $3 contains a valid value.

Once the policy runs, the Backblaze client will be installed and start backing up the computer immediately.

 Example:

Screen_Shot_2017-10-11_at_3.46.05_PM.png


Once Installed:

If you added members to a non-auto accept group, the group admin will need to accept these users from the Requesting Membership list on the Invite & Approve page of the group admin account. 

Please ask your group members to follow the Forgot Password directions from this help article to set an initial password if you used “none” for the password in the script.

Once Backblaze is installed on the end user’s computer, they will receive a Welcome to Backblaze email that will let them know that their data will be securely backed up to Backblaze. The email will describe the service and offer them some tips and guidelines.

 

Troubleshooting:

Please note, a successful installation will result in a BZERROR:1001.

If you see other output error codes, here are potential issues:

  • BZERROR:190 - The System Preferences process is running on the computer. Close System Preferences and retry the installation.
  • BZERROR:1000 - This is a general error code. One possible reason is that the Backblaze installer doesn't have root permissions and is failing. Please see the install log file for more details.
  • BZERROR:1016 - The intended email address already has a Backblaze account, the group ID is incorrect, or the group token is incorrect.

The (remote) computer's Backblaze install log is located in: /Library/Backblaze.bzpkg/install_log/install_logNN.log, where NN represents the two digit number that corresponds to the day of month of the installation (i.e. install_log08.log).

If you are unable to successfully install or see a different error, please contact our Support team. Please provide Support with the install log from the computer you are unable to silently install for.

Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk