2015-09-30 macsysadmin - cheeky munkidocs.macsysadmin.se/2015/pdf/day2session6.pdf · 2015. 10....
TRANSCRIPT
![Page 1: 2015-09-30 MacSysAdmin - Cheeky Munkidocs.macsysadmin.se/2015/pdf/Day2Session6.pdf · 2015. 10. 2. · AutoPkg •Automated preparation of software for managed distribution •Community](https://reader034.vdocuments.site/reader034/viewer/2022051808/600d5233836251354076e648/html5/thumbnails/1.jpg)
Cheeky MunkiMac Bartending Masterclass
Marko Jung Wizard Of Light Bulb Moments University of Oxford IT Services
![Page 2: 2015-09-30 MacSysAdmin - Cheeky Munkidocs.macsysadmin.se/2015/pdf/Day2Session6.pdf · 2015. 10. 2. · AutoPkg •Automated preparation of software for managed distribution •Community](https://reader034.vdocuments.site/reader034/viewer/2022051808/600d5233836251354076e648/html5/thumbnails/2.jpg)
individuality, independence, ingenuity
![Page 3: 2015-09-30 MacSysAdmin - Cheeky Munkidocs.macsysadmin.se/2015/pdf/Day2Session6.pdf · 2015. 10. 2. · AutoPkg •Automated preparation of software for managed distribution •Community](https://reader034.vdocuments.site/reader034/viewer/2022051808/600d5233836251354076e648/html5/thumbnails/3.jpg)
Patch Management
![Page 4: 2015-09-30 MacSysAdmin - Cheeky Munkidocs.macsysadmin.se/2015/pdf/Day2Session6.pdf · 2015. 10. 2. · AutoPkg •Automated preparation of software for managed distribution •Community](https://reader034.vdocuments.site/reader034/viewer/2022051808/600d5233836251354076e648/html5/thumbnails/4.jpg)
24.0
Unstable Testing Stable
Software Staging StrategyWeek 1
Week 2
Week 3
Week 4
41.0
41.0
41.0
42.0β1
42.0β1
41.0
40.0.3
40.0.3
![Page 5: 2015-09-30 MacSysAdmin - Cheeky Munkidocs.macsysadmin.se/2015/pdf/Day2Session6.pdf · 2015. 10. 2. · AutoPkg •Automated preparation of software for managed distribution •Community](https://reader034.vdocuments.site/reader034/viewer/2022051808/600d5233836251354076e648/html5/thumbnails/5.jpg)
•Installer Policy + Installer SmartGroup
•Updates: •Stable Update Policy +
Stable Update SmartGroup •Testing Update Policy +
Testing Update SmartGroup •Unstable Update Policy +
Unstable Update SmartGroup
➜ At least 7 JSS Objects per software title
JSS Model
![Page 6: 2015-09-30 MacSysAdmin - Cheeky Munkidocs.macsysadmin.se/2015/pdf/Day2Session6.pdf · 2015. 10. 2. · AutoPkg •Automated preparation of software for managed distribution •Community](https://reader034.vdocuments.site/reader034/viewer/2022051808/600d5233836251354076e648/html5/thumbnails/6.jpg)
VIDEO Video Illustrating the (non-automated) process on
how-to model the three tier software release model in the Casper Suite on the example of updating Firefox.
HTTPS://YOUTU.BE/CQV8I02UKAW
![Page 7: 2015-09-30 MacSysAdmin - Cheeky Munkidocs.macsysadmin.se/2015/pdf/Day2Session6.pdf · 2015. 10. 2. · AutoPkg •Automated preparation of software for managed distribution •Community](https://reader034.vdocuments.site/reader034/viewer/2022051808/600d5233836251354076e648/html5/thumbnails/7.jpg)
Old vs New Style?
![Page 8: 2015-09-30 MacSysAdmin - Cheeky Munkidocs.macsysadmin.se/2015/pdf/Day2Session6.pdf · 2015. 10. 2. · AutoPkg •Automated preparation of software for managed distribution •Community](https://reader034.vdocuments.site/reader034/viewer/2022051808/600d5233836251354076e648/html5/thumbnails/8.jpg)
![Page 9: 2015-09-30 MacSysAdmin - Cheeky Munkidocs.macsysadmin.se/2015/pdf/Day2Session6.pdf · 2015. 10. 2. · AutoPkg •Automated preparation of software for managed distribution •Community](https://reader034.vdocuments.site/reader034/viewer/2022051808/600d5233836251354076e648/html5/thumbnails/9.jpg)
![Page 10: 2015-09-30 MacSysAdmin - Cheeky Munkidocs.macsysadmin.se/2015/pdf/Day2Session6.pdf · 2015. 10. 2. · AutoPkg •Automated preparation of software for managed distribution •Community](https://reader034.vdocuments.site/reader034/viewer/2022051808/600d5233836251354076e648/html5/thumbnails/10.jpg)
AUTOPKG TRELLO MUNKI
![Page 11: 2015-09-30 MacSysAdmin - Cheeky Munkidocs.macsysadmin.se/2015/pdf/Day2Session6.pdf · 2015. 10. 2. · AutoPkg •Automated preparation of software for managed distribution •Community](https://reader034.vdocuments.site/reader034/viewer/2022051808/600d5233836251354076e648/html5/thumbnails/11.jpg)
AutoPkg•Automated preparation of software for managed distribution
•Community maintained recipes (PropertyList XML) to automate complex tasks Firefox.download.recipe Firefox.pkg.recipe Firefox.munki.recipe
•Excellent integration with MunkiWorkflows for management tools like Absolute Manage, Casper
•MacSysadmin 2014- G. Neagle, T. SuttonAutoPkg: Crowd-sourcing Mac packaging and deploymenthttp://docs.macsysadmin.se/2014/2014doc.html
![Page 12: 2015-09-30 MacSysAdmin - Cheeky Munkidocs.macsysadmin.se/2015/pdf/Day2Session6.pdf · 2015. 10. 2. · AutoPkg •Automated preparation of software for managed distribution •Community](https://reader034.vdocuments.site/reader034/viewer/2022051808/600d5233836251354076e648/html5/thumbnails/12.jpg)
AutoPkg Workflow
AUTOPKG BUILD HOST
MUNKI REPOSITORY
RECIPE DEVELOPMENT LOCAL WORKSTATIONS
![Page 13: 2015-09-30 MacSysAdmin - Cheeky Munkidocs.macsysadmin.se/2015/pdf/Day2Session6.pdf · 2015. 10. 2. · AutoPkg •Automated preparation of software for managed distribution •Community](https://reader034.vdocuments.site/reader034/viewer/2022051808/600d5233836251354076e648/html5/thumbnails/13.jpg)
AutoPkg Nightly Builds#!/bin/bashexec > >(logger -i -t autopkg-build) 2>&1BUILD_RECIPE_DIR="/srv/autopkg/BuildRecipes"EMAIL_ERRORS_TO='[email protected]'my_name=$(basename $0)set -o pipefailecho "$(date) BEGIN AUTOPKG BUILD RUN"for recipe in $(cd ${BUILD_RECIPE_DIR}; ls ); do OUTPUT_FILE=$(mktemp /tmp/${my_name}.XXXXXXXXX) echo "$(date) Autopkg running ${recipe} ... " /usr/local/bin/autopkg run ${recipe} | tee ${OUTPUT_FILE} if [ $? -ne 0 ]; then mail -s "Failed to build ${recipe}" ${EMAIL_ERRORS_TO} < ${OUTPUT_FILE} fi echo "$(date) ... end run of $recipe" rm -f ${OUTPUT_FILE}doneecho "$(date) END AUTOPKG BUILD RUN"
![Page 14: 2015-09-30 MacSysAdmin - Cheeky Munkidocs.macsysadmin.se/2015/pdf/Day2Session6.pdf · 2015. 10. 2. · AutoPkg •Automated preparation of software for managed distribution •Community](https://reader034.vdocuments.site/reader034/viewer/2022051808/600d5233836251354076e648/html5/thumbnails/14.jpg)
Munki-Staging
![Page 15: 2015-09-30 MacSysAdmin - Cheeky Munkidocs.macsysadmin.se/2015/pdf/Day2Session6.pdf · 2015. 10. 2. · AutoPkg •Automated preparation of software for managed distribution •Community](https://reader034.vdocuments.site/reader034/viewer/2022051808/600d5233836251354076e648/html5/thumbnails/15.jpg)
Munki-Staging•Rewrite of G. Gilbert’s munki-trello using a more object oriented design •New features:
•Unlimited catalogs / Trello lists •Multiple munki repositories •Automated promotion •RSS feed generation •Configuration file
•https://github.com/ox-it/munki-staging
![Page 16: 2015-09-30 MacSysAdmin - Cheeky Munkidocs.macsysadmin.se/2015/pdf/Day2Session6.pdf · 2015. 10. 2. · AutoPkg •Automated preparation of software for managed distribution •Community](https://reader034.vdocuments.site/reader034/viewer/2022051808/600d5233836251354076e648/html5/thumbnails/16.jpg)
Munki-Staging
![Page 17: 2015-09-30 MacSysAdmin - Cheeky Munkidocs.macsysadmin.se/2015/pdf/Day2Session6.pdf · 2015. 10. 2. · AutoPkg •Automated preparation of software for managed distribution •Community](https://reader034.vdocuments.site/reader034/viewer/2022051808/600d5233836251354076e648/html5/thumbnails/17.jpg)
Munki-Staging1. Create a virtualenv including requirements,
$ virtualenv munki-staging $ source munki-staging/bin/activate $ pip install trello
2. Ensure makecatalogs is present on your system (runs on Linux, too)
3. Clone or download muni-staging$ git clone https://github.com/ox-it/munki-staging.git
4. Create Trello APP key and set-up Trello user tokenhttps://trello.com/app-keyhttps://trello.com/docs/gettingstarted/#token
![Page 18: 2015-09-30 MacSysAdmin - Cheeky Munkidocs.macsysadmin.se/2015/pdf/Day2Session6.pdf · 2015. 10. 2. · AutoPkg •Automated preparation of software for managed distribution •Community](https://reader034.vdocuments.site/reader034/viewer/2022051808/600d5233836251354076e648/html5/thumbnails/18.jpg)
Munki-Staging5. Write your configuration based on the provided template
# Example settings for a testing catalog and list [munki_catalog_testing] list=Testing catalog=testing stage_days=14 autostage=1 stage_to=production stage_from=development
6. Run the script periodically (cron, launchd)
![Page 19: 2015-09-30 MacSysAdmin - Cheeky Munkidocs.macsysadmin.se/2015/pdf/Day2Session6.pdf · 2015. 10. 2. · AutoPkg •Automated preparation of software for managed distribution •Community](https://reader034.vdocuments.site/reader034/viewer/2022051808/600d5233836251354076e648/html5/thumbnails/19.jpg)
![Page 20: 2015-09-30 MacSysAdmin - Cheeky Munkidocs.macsysadmin.se/2015/pdf/Day2Session6.pdf · 2015. 10. 2. · AutoPkg •Automated preparation of software for managed distribution •Community](https://reader034.vdocuments.site/reader034/viewer/2022051808/600d5233836251354076e648/html5/thumbnails/20.jpg)
Rebranding Munki
Two user facing management tools might be confusing:
1. JAMF Self Service
2. Managed Software Center
1. JAMF Self ServiceOrchard Support Centre
2. Managed Software CenterOrchard Software Centre
![Page 21: 2015-09-30 MacSysAdmin - Cheeky Munkidocs.macsysadmin.se/2015/pdf/Day2Session6.pdf · 2015. 10. 2. · AutoPkg •Automated preparation of software for managed distribution •Community](https://reader034.vdocuments.site/reader034/viewer/2022051808/600d5233836251354076e648/html5/thumbnails/21.jpg)
Rebranding MunkiCustomised build of the munkitools meta-package:
1. Clone git source2. Replace strings, artwork, etc.3. Add preflight and postflight scripts for munki4. Add package postinstall script to configure munki5. Use upstream build script to compile and package
https://github.com/ox-it/munki-rebrand
Kudos to Arjen van Bochovenhttps://gist.github.com/bochoven/c1c656e0c2e1b1078dfd
![Page 22: 2015-09-30 MacSysAdmin - Cheeky Munkidocs.macsysadmin.se/2015/pdf/Day2Session6.pdf · 2015. 10. 2. · AutoPkg •Automated preparation of software for managed distribution •Community](https://reader034.vdocuments.site/reader034/viewer/2022051808/600d5233836251354076e648/html5/thumbnails/22.jpg)
Ensuring JSS Inventory
1. Save modification time (mtime) of Munki install log (preflight)
2. Run managedsoftwareupdate operations
3. Iff Munki install log mtime changed, executejamf reconto update the computer inventory in the JSS (postflight).
(Please see muni-rebrand repo for preflight and postflight scripts)
![Page 23: 2015-09-30 MacSysAdmin - Cheeky Munkidocs.macsysadmin.se/2015/pdf/Day2Session6.pdf · 2015. 10. 2. · AutoPkg •Automated preparation of software for managed distribution •Community](https://reader034.vdocuments.site/reader034/viewer/2022051808/600d5233836251354076e648/html5/thumbnails/23.jpg)
✔
?
![Page 24: 2015-09-30 MacSysAdmin - Cheeky Munkidocs.macsysadmin.se/2015/pdf/Day2Session6.pdf · 2015. 10. 2. · AutoPkg •Automated preparation of software for managed distribution •Community](https://reader034.vdocuments.site/reader034/viewer/2022051808/600d5233836251354076e648/html5/thumbnails/24.jpg)
Demo
![Page 25: 2015-09-30 MacSysAdmin - Cheeky Munkidocs.macsysadmin.se/2015/pdf/Day2Session6.pdf · 2015. 10. 2. · AutoPkg •Automated preparation of software for managed distribution •Community](https://reader034.vdocuments.site/reader034/viewer/2022051808/600d5233836251354076e648/html5/thumbnails/25.jpg)
Munki Manifests<dict>
<key>catalogs</key><array>
<string>stable</string></array><key>included_manifests</key><array/><key>managed_installs</key><array/><key>managed_uninstalls</key><array/><key>managed_updates</key><array/><key>optional_installs</key><array>
<string>Firefox</string></array>
</dict>
<dict><key>catalogs</key><array>
<string>testing</string><string>stable</string>
</array><key>included_manifests</key><array>
<string>foss</string><string>office</string>
<array><key>managed_installs</key><array/><key>managed_uninstalls</key><array/><key>managed_updates</key><array/><key>optional_installs</key><array>
<string>Firefox</string></array>
</dict>
![Page 26: 2015-09-30 MacSysAdmin - Cheeky Munkidocs.macsysadmin.se/2015/pdf/Day2Session6.pdf · 2015. 10. 2. · AutoPkg •Automated preparation of software for managed distribution •Community](https://reader034.vdocuments.site/reader034/viewer/2022051808/600d5233836251354076e648/html5/thumbnails/26.jpg)
Message Flow
HTTP GET /MANIFESTS/COMPUTERID
HTTP GET /MANIFESTS/OPTIONAL_FOSS
[…]
![Page 27: 2015-09-30 MacSysAdmin - Cheeky Munkidocs.macsysadmin.se/2015/pdf/Day2Session6.pdf · 2015. 10. 2. · AutoPkg •Automated preparation of software for managed distribution •Community](https://reader034.vdocuments.site/reader034/viewer/2022051808/600d5233836251354076e648/html5/thumbnails/27.jpg)
Message Flow
HTTP GET /MANIFESTS/COMPUTERID
HTTP GET /JSSRESOURCE/COMPUTERS/COMPUTERID
HTTP GET /MANIFESTS/OPTIONAL_FOSS
HTTP GET /MANIFESTS/COMPUTERID
![Page 28: 2015-09-30 MacSysAdmin - Cheeky Munkidocs.macsysadmin.se/2015/pdf/Day2Session6.pdf · 2015. 10. 2. · AutoPkg •Automated preparation of software for managed distribution •Community](https://reader034.vdocuments.site/reader034/viewer/2022051808/600d5233836251354076e648/html5/thumbnails/28.jpg)
Dynamic Manifests•Map JSS Computer inventory information to Munki Manifest elements
•match anything provided in the API XML output •add or remove content to a template
•New django App for MunkiWebAdmin •Merge with Steve Kueng’s fork •Upgrade to django 1.8
•Used in production environment •Actively maintained by Oxford Mac team •http://github.com/ox-it/munkiwebadmin
![Page 29: 2015-09-30 MacSysAdmin - Cheeky Munkidocs.macsysadmin.se/2015/pdf/Day2Session6.pdf · 2015. 10. 2. · AutoPkg •Automated preparation of software for managed distribution •Community](https://reader034.vdocuments.site/reader034/viewer/2022051808/600d5233836251354076e648/html5/thumbnails/29.jpg)
Dynamic Manifests
![Page 30: 2015-09-30 MacSysAdmin - Cheeky Munkidocs.macsysadmin.se/2015/pdf/Day2Session6.pdf · 2015. 10. 2. · AutoPkg •Automated preparation of software for managed distribution •Community](https://reader034.vdocuments.site/reader034/viewer/2022051808/600d5233836251354076e648/html5/thumbnails/30.jpg)
Demo
![Page 31: 2015-09-30 MacSysAdmin - Cheeky Munkidocs.macsysadmin.se/2015/pdf/Day2Session6.pdf · 2015. 10. 2. · AutoPkg •Automated preparation of software for managed distribution •Community](https://reader034.vdocuments.site/reader034/viewer/2022051808/600d5233836251354076e648/html5/thumbnails/31.jpg)
Deployment Workflows
NetBoot & Imaging Enrolment OS Upgrade DEP / MDM
![Page 32: 2015-09-30 MacSysAdmin - Cheeky Munkidocs.macsysadmin.se/2015/pdf/Day2Session6.pdf · 2015. 10. 2. · AutoPkg •Automated preparation of software for managed distribution •Community](https://reader034.vdocuments.site/reader034/viewer/2022051808/600d5233836251354076e648/html5/thumbnails/32.jpg)
•Authoritative Inventory•MDM (Profiles, DEP, VPP)• Imaging•Orchard Support Centre (Self Service)
•Software deployment•Orchard Software Centre
![Page 33: 2015-09-30 MacSysAdmin - Cheeky Munkidocs.macsysadmin.se/2015/pdf/Day2Session6.pdf · 2015. 10. 2. · AutoPkg •Automated preparation of software for managed distribution •Community](https://reader034.vdocuments.site/reader034/viewer/2022051808/600d5233836251354076e648/html5/thumbnails/33.jpg)
+ =