- Print
- DarkLight
Install the Backblaze Client Silently (Mac)
- Print
- DarkLight
For Apple's line of macOS operating systems, pushing an application to hundreds or thousands of users generally involves a mountable DMG file that contains an installer package. The Backblaze Computer Backup Installer for macOS works similarly. There are a few unique steps to deploy the client silently.
Decentralized Deployment (User-Managed Account)
The email parameter that is passed by the script must be unique to each user who is related to the endpoint at runtime.
Decentralized deployments involve an account for each endpoint that is then part of the business group that manages payment and admin activity (if enabled). In this scenario, the end user has access to their own data through the Backblaze portal.
- Within the context of this guide, this requires that you set up a Jamf Pro environment.
- If you do not have a Jamf Pro setup, you will need a relevant email for each deployment. Custom scripting to actively pass in these values at runtime can be done using the bash script that is mentioned later in this article .
Centralized Deployment (IT Managed Account)
The primary email will be hardcoded because it stays static.
Centralized deployments mean that every endpoint is logged into a primary Backblaze account that is managed by IT. In this scenario, the end user does not have access to their data on Backblaze and they must contact the manager of that centralized account. These deployments are quite simple because the email that is passed to the installer does not change per endpoint.
- In scenarios in which Jamf is involved, hardcoding an email skips the step that is related to querying the Jamf Pro API.
Use the Installer through the Command-Line Interface
Before you begin: You must have the following prerequisites.
- Mac OS 10.9 or newer
- An active Backblaze Group
- Either a static, centralized IT email or a dynamic email that is related to the particular deployment
- The value
region
is optional and can be used for deployments that must specify the region to which an email account will be deployed. Values are either us-west, us-east, or eu-central. - A
groupID
and agroupToken
These two values are used as authentication to log in after the email parameter. The script fails to deploy if the email account is not a user within the Group. These can be retrieved from your Backblaze portal.
Retrieve your groupID and groupToken
- Sign in to your Backblaze account.
- In the left navigation menu under Business Group, click Group Management.
- Navigate to the appropriate Group, and click Send Invites.
- Click Advanced Instructions. The two parameters at the end of the command are your
groupID
andgroupToken
values, respectively.
Backblaze Installer
You can find the most current version of the macOS installer here: https://secure.backblaze.com/mac/install_backblaze.dmg.
The macOS package is controlled through the following parameters that you pass through Terminal.
Sign In Account Mode
Use the following command for deployments that involve a user who does not yet have a Backblaze account. You must enter values for <email>, <groupID>, and <groupToken>.
sudo /Volumes/Backblaze\ Installer/Backblaze\ Installer.app/Contents/MacOS/bzinstall_mate -nogui -createaccount_or_signinaccount <email> <groupid> <grouptoken>
Create Account Mode with Region
Use the following command for deployments that involve a user who already has a Backblaze account and is part of the group. You must enter values for <email>, <groupID>, and <groupToken>. The <region> parameter is optional.
sudo /Volumes/Backblaze\ Installer/Backblaze\ Installer.app/Contents/MacOS/bzinstall_mate -nogui -createaccount_or_signinaccount <email> <groupid> <grouptoken> <region>
Update Mode -upgrade
Use the following command for deployments that involve a user who already has Backblaze installed and only needs an update.
sudo /Volumes/Backblaze\ Installer/Backblaze\ Installer.app/Contents/MacOS/bzinstall_mate -upgrade bzdiy
Use a Shell Script to Silently Deploy
The shell script makes interfacing with the commands you saw in the previous section easier. If you use the script, you can dynamically complete the following workflows:
- Automatically handle both new account deployments (-createaccount) and existing account deployments (-signin) without the need to dictate ahead of time per deployment
- Upgrade deployments that already have the software installed and running
- Handle Jamf Pro environments that need to use a decentralized deployment
Click here to expand the macOS script
#!/bin/bash
# The following parameters are pulled directly from the "Parameter Values" section of your Backblaze deployment policy.
# Please make sure they are filled out respectively prior to your push
computername="$2"
username="$3"
groupid="$4"
grouptoken="$5"
email="$6" #If email is entered in parameters, script will skip over using JAMF API, make sure related password is entered as well
region="$7" #Specify if account is to be deployed in specific region [us-west or eu-central]
JAMF_domain="$8"
# The script needs access to the JAMF Pro API to gather related the related email for a given user
# Account just needs to have Users - Read permissions
# You can configure a temp account for this in the "Jamf Pro User Accounts & Groups" section of your console
JAMF_username="$9"
JAMF_password="${10}"
# BZERROR MEANINGS
# BZERROR:190 - The System Preferences process is running on the computer. Close System Preferences and retry the installation.
# BZERROR:1000 - This is a general error code. One possible reason is that the Backblaze installer doesn’t have root permissions and is failing. Please see the install log file for more details.
# BZERROR:1016/1003 - Login Error... Email account exists but is not a member of indicated Group, Group ID is incorrect, or Group token is incorrect,
var=0
################ FUNCTIONS #########################
function updateBackblaze {
return=$(sudo /Volumes/Backblaze\ Installer/Backblaze\ Installer.app/Contents/MacOS/bzinstall_mate -upgrade bzdiy)
}
function signinBackblaze {
return=$(sudo /Volumes/Backblaze\ Installer/Backblaze\ Installer.app/Contents/MacOS/bzinstall_mate -nogui -createaccount_or_signinaccount $email $groupid $grouptoken)
}
function createRegionAccount {
return=$(sudo /Volumes/Backblaze\ Installer/Backblaze\ Installer.app/Contents/MacOS/bzinstall_mate -nogui -createaccount_or_signinaccount $email $groupid $grouptoken $region)
}
function emailValidation {
[[ "$email" =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$ ]]
rc=$?
if [ "$rc" != "0" ]
then
if [ "$var" = 1 ]
then
echo "Failed to retrieve valid email address from JAMF API. Parsed Email: [ $email ]"
echo "Please make sure JAMF credentials have READ access on the user object and endpoints have emails properly set"
exit 1
else
echo "Failed to retrieve valid email address from JAMF API. Attempting to use computername"
jamfAPIComputername
fi
else
echo "The email retrieved from JAMF API [ $email ] seems to be a valid email address"
echo "Continuing with install"
fi
}
function jamfAPIUsername {
echo "Making GET request to Classic JAMF API using Username"
response=$(curl -s "https://$JAMF_domain.jamfcloud.com/JSSResource/users/name/$username" -u "$JAMF_username:$JAMF_password")
email=$(echo $response | /usr/bin/awk -F'<email_address>|</email_address>' '{print $2}')
emailValidation
}
function jamfAPIComputername {
echo "Making GET request to Classic JAMF API using Computer Name"
response=$(curl -s "https://$JAMF_domain.jamfcloud.com/JSSResource/computers/name/$computername" -u "$JAMF_username:$JAMF_password")
email=$(echo $response | /usr/bin/awk -F'<email_address>|</email_address>' '{print $2}')
var=1
emailValidation
}
function successExit {
echo "Unmounting Installer..."
diskutil unmount /Volumes/Backblaze\ Installer
echo "Cleaning up..."
rm install_backblaze.dmg
exit 0
}
function failureExit {
echo "Unmounting Installer..."
diskutil unmount /Volumes/Backblaze\ Installer
echo "Cleaning up..."
rm install_backblaze.dmg
exit 1
}
function killSyspref {
killall -KILL System\ Preferences > /dev/null 2>&1
}
function setDirectory {
if [ -n "$3" ]
then
cd /Users/"$3" || { echo "Failed to cd to user directory"; exit 1; }
fi
}
function downloadBackblaze {
echo "Downloading latest backblaze client..."
curl -s -O https://secure.backblaze.com/mac/install_backblaze.dmg
}
function mountBackblaze {
echo "Mounting Installer..."
hdiutil attach -quiet -nobrowse install_backblaze.dmg
}
###################################################
setDirectory "$@"
downloadBackblaze
mountBackblaze
#Kill System Preferences process to prevent related BZERROR
killSyspref
#Check to see if Backblaze is installed already, if so update it. Else continue as planned.
if open -Ra "Backblaze" ;
then
echo "Backblaze already installed, attempting to update"
updateBackblaze
if [ "$return" == "BZERROR:1001" ]
then
echo "Backblaze successfully updated"
successExit
else
#Try upgrade again incase there was a file lock on the mounted dmg causing errors
updateBackblaze
if [ "$return" == "BZERROR:1001" ]
then
echo "Backblaze successfully updated"
successExit
else
echo "Backblaze was already installed but failed to update"
failureExit
fi
fi
else
echo "Confirmed Backblaze isnt installed already, continuing with deployment..."
fi
#If email wasnt passed in from parameters, assume we need to access JAMF API to retrieve it
if [ "$email" == "" ]
then
echo "Email not hardcoded, attempting to pull from JAMF Pro API"
jamfAPIUsername
fi
echo "Trying to sign in account"
if [ "$region" == "" ]
then
signinBackblaze
if [ "$return" == "BZERROR:1001" ]
then
echo "Backblaze successfully installed, $email signed in..."
successExit
else
signinBackblaze
if [ "$return" == "BZERROR:1001" ]
then
echo "Backblaze successfully installed, $email signed in..."
successExit
else
echo "Failed to install Backblaze, errorcode: $return"
failureExit
fi
fi
else
createRegionAccount
if [ "$return" == "BZERROR:1001" ]
then
echo "Backblaze account successfully created in $region, $email signed in..."
successExit
else
echo "Failed to install Backblaze, errorcode: $return"
failureExit
fi
fi
Use the Shell Script to Silently Deploy without Jamf
Before you run the script, you must hardcode a few values depending on the type of deployment you need:
username="$3" groupid="$4" grouptoken="$5" email="$6" region="$7"
The $3-$7 variables are used for Jamf Pro deployments. If you are not using Jamf Pro, replace those variables with strings.
- (Required) username=
"username"
sets the directory to the proper user to prevent RMM tools from having Backblaze stuck in its working directory. - (Required) groupid="
groupID
" - (Required) groupToken="
groupToken
" - (Required) email="
email
" - (Optional) region="
region
"
You can ignore the rest of the variables since they are Jamf-related. The script automatically ignores any processes that are related to Jamf.
The script automatically runs an update on any endpoint if it finds that Backblaze is already installed.
Use the Shell Script to Silently Deploy with Jamf
The script also supports deployments using Jamf because it is able to query directly from the Jamf Pro API to dynamically retrieve emails for each deployment. This is likely the easiest way to accomplish a decentralized deployment. There are a few additional prerequisites before you can begin this process.
Before you begin: You must complete the following tasks:
- Set up a Jamf Pro server (formerly JSS) that is hosted on a server or in the Jamf Cloud.
- Install Jamf Pro. This suite includes tools such as Jamf Admin/Imaging/Remote, Composer, and Recon (formerly known as Casper tools).
- Create a Jamf enrollment user. This allows the script read access to the user object through the Jamf API. Backblaze then gathers the email that is related to the particular endpoint.
- Ensure that you have a good understanding of how a Jamf policy is set up, how to set up a script for a Jamf policy, and how to set up environment variables in the policy that will be passed into the script when the script is run on the remote machine. Jamf provides detailed documentation regarding policy configuration.
Set up Jamf to deploy Backblaze
- Create an Enrollment user account that the script can use to complete the API calls that are needed to retrieve emails.
- Upload the previous Shell script.
- Backblaze recommends that you enter parameter labels for easier usage of the script after it is imported into a policy.
- Create a Backblaze Deployment Policy with the script imported as a step.
Parameter descriptions are shown as set in the last step. Each parameter maps to the variables in the script communicated by $4-$10.
- Group ID and Group Token correspond to the values gathered earlier in this article. These should stay static across all deployments assuming they are all going to be related to the same group.
- Email can be left blank because Backblaze queries your Jamf Pro API to retrieve the related emails to each endpoint.
- Region possible values are us-west, us-east, or eu-central
- Jamf Domain is your environment domain
<domain>.jamfcloud.com
. - Jamf Username is the username that is related to the enrollment user that you created earlier.
- Jamf Password is the password that is related to the enrollment user that you created earlier.
Your Backblaze Client Policy is now complete. After the policy runs, the Backblaze client is installed and you can immediately begin backing up the computer.
Post Installation
If you added members to a non-auto-accept group, the Group admin must accept these users from the Requesting Membership list on the Invite & Approve page of the Group admin account.
After Backblaze is installed on the end user’s computer, they receive a "Welcome to Backblaze" email that explains that data is securely backed up to Backblaze. The email describes the service and offers them some tips and guidelines.
Troubleshooting
BZERROR:1001
message.The following output error codes indicate the following potential issues:
BZERROR:190
The System Preferences process is running on the computer. Close System Preferences, and retry the installation. (This should not appear because the script should be closing.)BZERROR:1000
This is a general error code. One possible reason is that the Backblaze Installer does not have root permissions, and it is failing. See the install log file for more details.BZERROR:1016
The intended email address already has a Backblaze account, the group ID is incorrect, or the group token is incorrect.
The (remote) computer's Backblaze install log is located in: /Library/Backblaze.bzpkg/install_log/install_logNN.log
, in which NN
represents the two-digit number that corresponds to the day of the month of the installation (for example, install_log08.log).
If you are unable to successfully install or you see a different error, contact the Support team. Provide Support with the install log from the computer in which you attempted a silent installation.