So I hope you’re all up and running with a nice automated enrollment DEP procedure using SplashBuddy from Part 1,

In the next part of our series we’re going to configure Munki, so what is Munki?

Munki is an open source project from Walt Disney Animation Studios.

Munki is a set of tools that, used together with a webserver-based repository of packages and package metadata, can be used by OS X administrators to manage software installs (and in many cases removals) on OS X client machines.

Munki can install software packaged in the Apple package format, and also supports Adobe CS3/CS4/CS5/CS6 Enterprise Deployment “packages”, and drag-and-drop disk images as installer sources.

Quoted from Munki GitHub page

Prerequisites

  • Apache Web Server
    • We’re going to be using macOS Server in this example.
  • Mac Machine to run Munki Server Tools
    • Text Editor installed, i.e. Atom, TextMate, TextWrangler etc…
    • Latest release of munki downloaded
  • Test End User Mac to test Munki Client Tools

Setting up your Web Server

First thing’s first you’ll need a functioning Apache Web Server. For ease of use, macOS Server can be used as a web server and this is the most common in many organisations.

For the purposes of this example, I will be using a Mac Mini with 1TB disk, the macOS Server app, utilising the Websites feature of macOS Server.

Initially, we’re going to follow the very good setup by OS X Dominion about setting up our Web Server, this guide can be found here

First, ensure you have the macOS Server.app setup and running.

Next, we need to create the file structure that munki requires we can do this by running these commands:

mkdir /Library/Server/Web/Data/Sites/Default/repo
mkdir /Library/Server/Web/Data/Sites/Default/repo/catalogs
mkdir /Library/Server/Web/Data/Sites/Default/repo/pkgs
mkdir /Library/Server/Web/Data/Sites/Default/repo/pkgsinfo
mkdir /Library/Server/Web/Data/Sites/Default/repo/manifests

Now we need to modify the permissions to ensure it can be accessed on the file structure just created, the can be done using this command:

chmod -R a+rX /Library/Server/Web/Data/Sites/Default/repo

Next you’ll need to enable the Website services within the macOS Server.app.

Now you’ve setup your Web Server and confirmed that it’s listed and working successfully you can now proceed on to the munki configuration.

Munki – Server Side Configuration

 

Now we’ve got our Web Server setup we need to install and configure munki admin tools.

  • Download the latest stable release of Munki, from the Munki GitHub releases page  and begin to install on your Mac,
  • Now that Munki is installed you’ll need to verify that it’s functioning as expected, the easiest way to do this is to follow the Demonstration Setup guide by Munki
    • First, we’re going to edit the configuration, open Terminal and type: 
      • /usr/local/munki/munkiimport --configure
      • Then we’re asked a few questions to configure the munki service
        • Firstly you’ll need to define your Munki repo location, this will be the location created earlier but prefixed with file://
        • Note: There is an additional / after file://  
          Repo URL (example: afp://munki.example.com/repo): file:///Library/Server/Web/Data/Sites/Default/repo
        • Next,  you’ll be asked to define the pkg extension, just press Enter 
          pkginfo extension (Example: .plist): <just hit return>
        • Then, you’ll be asked to define the pkginfo editor of choice 
          pkginfo editor (examples: /usr/bin/vi or TextMate.app): /Applications/Atom.app <substitute your favorite text editor>
        • Now, define a default catalog, i.e. testing 
          Default catalog to use (example: testing): testing
        • Finally, you’ll be asked for Repo access plugin, just press Enter 
          Repo access plugin (defaults to FileRepo): <just hit return>

Munki – Software Importing and Configuration

  • Now your Munki configuration is complete we need to test that it all works, for the easiest example we’re going to head over to https://www.mozilla.org and download the latest version of Firefox on the same Mac where Munki tools is configured. (Currently, the latest version is 58.0.2)
    • Now we’re going to import the Firefox dmg just downloaded into our repo using munkiimport 
      • /usr/local/munki/munkiimport ~/Downloads/Firefox\ 58.0.2.dmg
      • Now you’ll be asked a series of questions to define the application we’re importing:
        • Item Name: Firefox
        • Display Name: Mozilla Firefox
        • Description: Web Browser by Mozilla
        • Version: 58.0.2
        • Developer: Mozilla
        • Unattended Install: False
        • Unattended Uninstall: False
        • Catalogs: testing
        • Import this item? Y
        • Upload item to subdirectory path []: apps/mozilla
        • Path /Library/Server/Web/Data/Sites/Default/repo/pkgs/apps/mozilla doesn’t exist. Create it? [y/n] Y
          • No existing product icon found
        • Attempt to create a product icon? [y/n] Y
      • Now the munki importer will attempt to import the Firefox dmg into your repo location with the meta information supplied above, where the output will look at little like: 
        • Attempting to extract and upload icon...
Created icon: /Library/Server/Web/Data/Sites/Default/repo/icons/Firefox.png
Copying Firefox 58.0.2.dmg to /Library/Server/Web/Data/Sites/Default/repo/apps/mozilla/Firefox 58.0.2.dmg...
        • During the import process, you will be asked to edit the pkginfo before the finalizing the upload, typing will open the Text Edior defined in the munki importer configuration, modify any changes you wish to make in the configuration, save then close:
          Screen Shot 2018-03-10 at 3.57.44 PMScreen Shot 2018-03-10 at 3.57.44 PM
        • Finally the munki import process will finish with the following: 
          Saving pkginfo to Saving pkginfo to /Users/Shared/munki_repo/pkgsinfo/apps/mozilla/Firefox-58.0.2.../apps/mozilla/Firefox-58.0.2...
        • To verify the import process has completed successfully, navigate to your repo in Safari and browse to http://localhost/repo/apps/mozilla and you should see the Firefox 58.0.2.dmg present.
  • Now we’ve managed to import Firefox into our repo, we need to set up a default Munki catalog that the clients will check against. “site_default” is one of the manifests a Munki client looks for by default if not configured to look for a specific manifest by name. We added “testing” to the list of catalogs to consult, and “Firefox” to the list of packages to install:
    • To do this we will use the manifestutil tool, open Terminal and type: 
      /usr/local/munki/manifestutil
    • Now create a new manifest called site_default 
      new-manifest site_default
    • Now add the testing catalog we made earlier (during the importing phase) to the site_default manifest 
      add-catalog testing --manifest site_default
    • Now you need to define that you have a Firefox pkg present, to do this you’ll need to define Firefox in the site_default manifest 
      add-pkg Firefox --manifest site_default

Munki – Client-Side Configuration

Now that we’ve got our server side set up, running and managed to import an installer to our repository we now need to set the client up on our user’s devices.

Firstly we need to install the Munki client tools on your Test Mac.

  • Download the latest stable release of Munki, from the Munki GitHub releases page  and begin to install on your Test User Mac
  • By default Munki stores it’s client confioguration in /Library/Preferences/ManagedInstalls.plist. We need to tell the client where our repo is located, to do this open Terminal and type 
    sudo defaults write /Library/Preferences/ManagedInstalls SoftwareRepoURL "http://YOURSERVERHOSTNAME/repo"
  • Now to verify the repo is present by using this command 
    defaults read /Library/Preferences/ManagedInstalls

 

That’s the munki client-side configuration finished, now to automate this you can make a configuration profile within your MDM, i.e. jamf Pro and deploy it to your machines, more information on the munki Preferences can be found here along with a sample ManagedInstalls.plist file.

 

Installing Software

Now we’re going to install Firefox on the Test Users Mac that we uploaded on our server earlier.

  • Open Terminal on the Test Mac and type: 
    sudo /usr/local/munki/managedsoftwareupdate
  • You will now see the following output: 
    Managed Software Update Tool
Copyright 2010-2014 The Munki Project
https://github.com/munki/munki
    
Downloading Firefox 58.0.2.dmg...
    0..20..40..60..80..100
Verifying package integrity...
The following items will be installed or upgraded:
    + Firefox-53.0.3
        Web browser from Mozilla
    
Run managedsoftwareupdate --installonly to install the downloaded updates.
  • Success! The munki client has read the site_default manifest from the repo and told the machine that we needed Firefox 58.0.2 and downloaded it. At this point it has not yet installed Firefox just downloaded it.
    • If you see the following output, that means that the machine already has Firefox 58.0.2 and will not download it., simply delete Firefox from the machine and run the above command again: 
      Managed Software Update Tool
Copyright 2010-2014 The Munki Project
https://github.com/munki/munki
    
No changes to managed software are available.
  • Now to the the installation of Firefox, there are two ways at this point of installing Firefox on the test mac:
    • Running a Command (Silent) –
      • Open Terminal and eunning the following command will install the downloaded Firefox 
        sudo /usr/local/munki/managedsoftwareupdate --installonly
      • This will now install Firefox on your machine!
    • Managed Software Center (Non-Silent) – 
      • Open the Managed Software Center.app located in /Applications
      • Managed Software Center will check for updates with the Munki server, and should shortly display a window (closely resembling Apple’s App Store application’s main window) displaying Firefox 58.0.2.
        Screen Shot 2018-03-10 at 4.24.41 PMScreen Shot 2018-03-10 at 4.24.41 PM
      • If you click on Update, Firefox will be installed.

 

That concludes Part 2, we managed to setup and configure a Web Server, Munki Server and Munki Client to install software. To install your desired software repeat the steps listed in the “Munki – Software Importing and Configuration” section. This was a real basic setup of munki, I would recommend thoroughly testing munki and getting used to how it all works, once it does it will save you an invaluable amount of time having to repackage updates etc.

Keep reading on in the Munki Wiki for more information, or if you need more help drop me a comment or ask in the #munki channel on MacAdmins Slack.

Stay tuned for Part 3, where we will be automating the downloading and uploading software to our Munki repo using AutoPkgr which will hopefully replace the manual steps listed in the “Munki – Software Importing and Configuration” section.

Sachin