macos_manage

in chef/cookbooks/cpe_anyconnect/resources/cpe_anyconnect.rb [157:234]


  def macos_manage
    
    ac_receipt = pkg['receipt']
    orgid = node['cpe_anyconnect']['organization_id']
    unless ::Dir.exist?(node['cpe_anyconnect']['app_path'])
      execute "/usr/sbin/pkgutil --forget #{ac_receipt}" do
        not_if { shell_out("/usr/sbin/pkgutil --pkg-info #{ac_receipt}").error? }
      end
    end

    
    
    
    gui_la_label = node['cpe_anyconnect']['la_gui_identifier']
    file 'trigger_gui' do
      action :nothing
      only_if { ::File.exist?("/Library/LaunchAgents/#{gui_la_label}.plist") }
      path '/opt/cisco/anyconnect/gui_keepalive'
      notifies :restart, "launchd[#{gui_la_label}]", :immediately
    end

    launchd gui_la_label do
      type 'agent'
      action :nothing
    end

    
    launchd 'com.cisco.anyconnect.vpnagentd-manage' do
      action :enable
      label 'com.cisco.anyconnect.vpnagentd'
      only_if { ::File.exist?('/Library/LaunchDaemons/com.cisco.anyconnect.vpnagentd.plist') }
      type 'daemon'
      notifies :create, 'file[trigger_gui]', :immediately
    end

    
    
    unless orgid.nil?
      ruby_block 'backup beacon logs' do
        block do
          Chef::Log.info(
            'Backup beacon /opt/cisco/anyconnect/umbrella/data/beacon-logs/ ' \
            '- trigger re-enroll of anyconnect client',
          )
          require 'fileutils'
          FileUtils.cp_r(
            '/opt/cisco/anyconnect/umbrella/data/beacon-logs',
            '/var/log',
          )
        end
        action :nothing
        only_if { node['cpe_anyconnect']['backup_logs'] }
      end

      directory '/opt/cisco/anyconnect/umbrella/data' do
        action :nothing
        notifies :disable, 'launchd[com.cisco.anyconnect.vpnagentd-manage]', :before
        notifies :enable, 'launchd[com.cisco.anyconnect.vpnagentd-manage]', :immediately
        recursive true
      end

      ruby_block 'Delete /opt/cisco/anyconnect/umbrella/data - trigger re-enroll of anyconnect client' do
        block do
          Chef::Log.info('Delete /opt/cisco/anyconnect/umbrella/data - trigger re-enroll of anyconnect client')
        end
        notifies :run, 'ruby_block[backup beacon logs]', :immediately
        notifies :delete, 'directory[/opt/cisco/anyconnect/umbrella/data]', :immediately
        not_if { nslookup(orgid) }
        only_if { node.macos_min_package_installed?(ac_receipt, '4.9.06037') }
        only_if { node.daemon_running?('com.cisco.anyconnect.vpnagentd') } 
        only_if { Time.now.to_i - Time.at(node.macos_boottime).to_i >= 300 } 
        only_if { Time.now.to_i - Time.at(node.macos_waketime).to_i >= 300 } 
        
        only_if { node.macos_process_uptime('vpnagentd') >= 300 }
      end
    end
  end