osx_profile resource

[edit on GitHub]

Use the osx_profile resource to manage configuration profiles (.mobileconfig files) on the macOS platform. The osx_profile resource installs profiles by using the uuidgen library to generate a unique ProfileUUID, and then using the profiles command to install the profile on the system.

Syntax

The osx_profile resource has the following syntax:

osx_profile 'name' do
  identifier        String
  path              String
  profile           String, Hash
  profile_name      String # default value: 'name' unless specified
  action            Symbol # defaults to :install if not specified
end

where:

• osx_profile is the resource.
• name is the name given to the resource block.
• action identifies which steps the chef-client will take to bring the node into the desired state.
• identifier, path, profile, and profile_name are the properties available to this resource.

Actions

The osx_profile resource has the following actions:

:install

Default. Install the specified configuration profile.

:nothing

Default. .. tag resources_common_actions_nothing

Define this resource block to do nothing until notified by another resource to take action. When this resource is notified, this resource block is either run immediately or it is queued up to be run at the end of the Chef Client run.

:remove

Remove the specified configuration profile.

Properties

The osx_profile resource has the following properties:

identifier

Ruby Type: String

Use to specify the identifier for the profile, such as com.company.screensaver.

ignore_failure

Ruby Type: true, false | Default Value: false

Continue running a recipe if a resource fails for any reason.

notifies

Ruby Type: Symbol, ‘Chef::Resource[String]’

A resource may notify another resource to take action when its state changes. Specify a 'resource[name]', the :action that resource should take, and then the :timer for that action. A resource may notify more than one resource; use a notifies statement for each resource to be notified.

A timer specifies the point during the Chef Client run at which a notification is run. The following timers are available:

:before

Specifies that the action on a notified resource should be run before processing the resource block in which the notification is located.

:delayed

Default. Specifies that a notification should be queued up, and then executed at the end of the Chef Client run.

:immediate, :immediately

Specifies that a notification should be run immediately, per resource notified.

The syntax for notifies is:

notifies :action, 'resource[name]', :timer

profile

Ruby Type: String, Hash

Use to specify a profile. This may be the name of a profile contained in a cookbook or a Hash that contains the contents of the profile.

profile_name

Ruby Type: String

Use to specify the name of the profile, if different from the name of the resource block.

retries

Ruby Type: Integer | Default Value: 0

The number of times to catch exceptions and retry the resource.

retry_delay

Ruby Type: Integer | Default Value: 2

The retry delay (in seconds).

subscribes

Ruby Type: Symbol, ‘Chef::Resource[String]’

A resource may listen to another resource, and then take action if the state of the resource being listened to changes. Specify a 'resource[name]', the :action to be taken, and then the :timer for that action.

Note that subscribes does not apply the specified action to the resource that it listens to - for example:

file '/etc/nginx/ssl/example.crt' do
   mode '0600'
   owner 'root'
end

service 'nginx' do
   subscribes :reload, 'file[/etc/nginx/ssl/example.crt]', :immediately
end

In this case the subscribes property reloads the nginx service whenever its certificate file, located under /etc/nginx/ssl/example.crt, is updated. subscribes does not make any changes to the certificate file itself, it merely listens for a change to the file, and executes the :reload action for its resource (in this example nginx) when a change is detected.

A timer specifies the point during the Chef Client run at which a notification is run. The following timers are available:

:before

Specifies that the action on a notified resource should be run before processing the resource block in which the notification is located.

:delayed

Default. Specifies that a notification should be queued up, and then executed at the end of the Chef Client run.

:immediate, :immediately

Specifies that a notification should be run immediately, per resource notified.

The syntax for subscribes is:

subscribes :action, 'resource[name]', :timer

Examples

The following examples demonstrate various approaches for using resources in recipes. If you want to see examples of how Chef uses resources in recipes, take a closer look at the cookbooks that Chef authors and maintains: https://github.com/chef-cookbooks.

One liner to install profile from cookbook file

The profiles command will be used to install the specified configuration profile.

osx_profile 'com.company.screensaver.mobileconfig'

Install profile from cookbook file

The profiles command will be used to install the specified configuration profile. It can be in sub-directory within a cookbook.

osx_profile 'Install screensaver profile' do
  profile 'screensaver/com.company.screensaver.mobileconfig'
end

Install profile from a hash

The profiles command will be used to install the configuration profile, which is provided as a hash.

profile_hash = {
  'PayloadIdentifier' => 'com.company.screensaver',
  'PayloadRemovalDisallowed' => false,
  'PayloadScope' => 'System',
  'PayloadType' => 'Configuration',
  'PayloadUUID' => '1781fbec-3325-565f-9022-8aa28135c3cc',
  'PayloadOrganization' => 'Chef',
  'PayloadVersion' => 1,
  'PayloadDisplayName' => 'Screensaver Settings',
  'PayloadContent'=> [
    {
      'PayloadType' => 'com.apple.ManagedClient.preferences',
      'PayloadVersion' => 1,
      'PayloadIdentifier' => 'com.company.screensaver',
      'PayloadUUID' => '73fc30e0-1e57-0131-c32d-000c2944c108',
      'PayloadEnabled' => true,
      'PayloadDisplayName' => 'com.apple.screensaver',
      'PayloadContent' => {
        'com.apple.screensaver' => {
          'Forced' => [
            {
              'mcx_preference_settings' => {
                'idleTime' => 0,
              }
            }
          ]
        }
      }
    }
  ]
}

osx_profile 'Install screensaver profile' do
  profile profile_hash
end

Remove profile using identifier in resource name

The profiles command will be used to remove the configuration profile specified by the provided identifier property.

osx_profile 'com.company.screensaver' do
  action :remove
end

Remove profile by identifier and user friendly resource name

The profiles command will be used to remove the configuration profile specified by the provided identifier property.

osx_profile 'Remove screensaver profile' do
  identifier 'com.company.screensaver'
  action :remove
end