Updated Cookbook: Baking Up Your Perfect Jamf Pro testing VM
If you saw my recent talk, you joined our bakery-themed tour of modern Mac virtualization and how Tart helps whip up clean, repeatable ephemeral VMs. This follow-up “recipe post” blog serves up steps, tools, and a dash of real-world flavor.
Good News! Apps & Books can now be deployed to macOS 15.4 or later virtual machines. If you manage the VM with MDM, you can install all your Apps from Apple Business Manager or Apple School Manager.
Updates
14.Nov.25 - Post has been updated to be macOS Tahoe only with template updates including the use of variables, variable file and conditional statements that make it more flexible and easier to customize. Main reason is so we don't break the template file and only have to update are variable file!
Session Video
🥣 Ingredients
- Tart: The virtualization tool that lets you create and run macOS VMs with ease.
- Packer: The automation mixer for building custom VM images
- Packer Template: Your base recipe-download a pre-made one or craft your own
- Jamf Pro Enrollment Invitation: The secret sauce for rapid device enrollment.
- Enrollment URL/Profile: Placed on the VM desktop for easy access during testing.
🧑🍳 Step 1: Install Tart
- Install via Homebrew
brew install cirruslabs/cli/tart
- Or download the latest release from tart.run.
🧑🍳 Step 2: Install Packer
- Install via Homebrew
brew tap hashicorp/tapbrew install hashicorp/tap/packer
🧑🍳 Step 3: Download all files in repo
- Fork the Github repository: Here
🧑🍳 Step 4: Create a Jamf Pro Enrollment Invitation
I did write about this a year ago titled - "Enrolling your VM into Jamf Pro"
Access Enrollment Invitations
- Log in to Jamf Pro
- Click Computers in the sidebar
- Click Enrollment Invitations in the sidebar
- Click New
Configure Invitation Settings
- Set an expiration date (optional)
- Uncheck require login
- Check multiple uses
- Select a site (if applicable)
Specify Email Details
- Enter the recipient email address(es)
Review and Send
- Verify all settings are correct
- Click Send to distribute the invitation
- Once sent, go back to the created invitation and at bottom copy down the ID.
🧑🍳 Step 6: Create a Variables File
Create a file named my-config.pkrvars.hcl in the packer-templates directory with your custom values:
# -------------------------
# Packer Variables File
# -------------------------
# This file contains variable values for the apple-tart-tahoe.pkr.hcl template
# Usage: packer build -var-file="my-config.pkrvars.hcl" apple-tart-tahoe.pkr.hcl
# VM Configuration
vm_name = "jamf-test-vm"
ipsw_url = "/path/to/your/macos-tahoe.ipsw"
# Account Configuration
account_userName = "admin"
account_password = "admin"
# MDM Enrollment Configuration
enrollment_type = "profile" # Options: "profile" or "link"
jamf_url = "https://yourinstance.jamfcloud.com"
mdm_invitation_id = "your-invitation-id-here"
# Feature Toggles
enable_passwordless_sudo = "true"
enable_auto_login = "true"
enable_safari_automation = "true"
enable_screenlock_disable = "true"
enable_spotlight_disable = "true"
enable_clipboard_sharing = "false"my-config.pkrvars.hcl
Note: Variables files (.pkrvars.hcl) should be added to your gitignored by default to protect sensitive information like passwords and invitation IDs.
Click here for all the variables
VM Configuration
vm_name- Name of the virtual machine (default: "this_is_the_base_image_name")ipsw_url- Path or URL to macOS Tahoe IPSW file
Account Configuration
account_userName- macOS account username (default: "admin")account_password- macOS account password (default: "admin")
MDM Enrollment Configuration
enrollment_type- Enrollment method: "profile" or "link" if you want a link to the enrollment page or you want the profile on the desktop after first boot. Combined now to one packer file. (default: "profile")jamf_url- Jamf Cloud URL (e.g.,https://instance.jamfcloud.com)mdm_invitation_id- MDM enrollment invitation ID
Feature Toggles
enable_passwordless_sudo- Enable passwordless sudo (default: "true")enable_auto_login- Enable automatic login (default: "true")enable_safari_automation- Enable Safari automation support (default: "true")enable_screenlock_disable- Disable screen lock (default: "true")enable_spotlight_disable- Disable Spotlight indexing (default: "true")enable_clipboard_sharing- Enable clipboard sharing via tart guest agent (default: "false")
Use Packer to build your custom image:
- Used to initialize your packer file and download any plugins
packer init apple-tart-tahoe.pkr.hcl
- Used to validate that there are no errors in your packer file
packer validate -var-file="my-config.pkrvars.hcl" apple-tart-tahoe.pkr.hcl
- If all checks out, you can now build
packer build -var-file="my-config.pkrvars.hcl" apple-tart-tahoe.pkr.hcl
Let the build process happen
Clone and run your VM with Tart:
tart clone your-custom-image my-test-vmtart set my-test-vm --display-refit --random-serial --random-mactart run my-test-vm
🧑🍳 Step 7: Enroll and Test
- Open the enrollment URL or profile on the VM desktop.
- Complete the Jamf Pro enrollment process.
- Test policies, scripts, and workflows as needed.
🍰 Serving Suggestions
- Version Control: Store your Packer templates in Git for easy updates and collaboration.
- Sharing: Push your finished VM images to an OCI registry for team-wide access
- Whatif: VM doesn’t enroll, double-check your invitation URL and network settings.
Comments ()