munk i around lab guide

7/22/2019 Munk i Around Lab Guide

1/14

Munki AroundA Hands-on Lab


2/14

General Lab Info

Username: mac

Password: mac

Initial Server Setup

Enable the Web serverThe first thing we need to do is get a webserver enabled.

1. Open System Preferences (Apple -> System Preferences)2. Go to the Sharingpane3. Check the Web Sharingbox to enable the web server

Create the repo folder structureNow we need to create the folder structure that munki requires in order to functionproperly. Spelling matters, so double-check the folder names and make sure they arecorrect.

1. In the Sharing Pane, select Open Computer Website Folder...to go to the webroot.

2. Once there, create a new folder named repo

3. Inside the repo folder, create the following folders:catalogsmanifestspkgspkgsinfo

4. After the folders are created, make sure that the admin user/group have read/writeaccess and that everyonehas read-only. This ensures that admins can addpackages as needed but clients may only read configurations and pull down items toinstall.

Access the repoNow lets check our work. If we can access the repo folders weve created using a webbrowser, that means that munki should be able to access them as well.

1. Go back to the Sharing Pane, click the link under Your computers website isavailable at this address:


3/14

2. This should open Safari and show the generic It Works! message.(If it doesnt, type http://localhost into Safaris address bar.)

3. Add repoto the very end of the address. (I.E. http://localhost/repo)

4. You should see something similar to this:

Note: In production, you do not normallywant the Web Server to display folderlistings. For our purposes it is perfectly fineand makes testing a bit easier.

Once you complete this section, take a quick break while you wait for

the next part of the lab.

Basic Package

Import the package

We will import the Firefox package using munkiimport. This tool is extremely handy forgetting software into the repo and can even transfer keys that were set in previousversions of the software into the new pkginfo file.

1. First we must configure munkiimport.1.1. Open Terminal.app (/Applications/Utilities/)

1.2. Run munkiimport --configure

1.3. Enter/Library/WebServer/Documents/repoas the path to munki repo.

1.4. For Repo fileshare URL press returnto leave it as None. Note: If yourmunki repo is on a file share, munkiimport will automatically mount whicheverfileshare URL you enter in this step. Example: afp://munki.company.com/repo )

1.5. Enter .plistas the pkginfo extension.

1.6. For pkginfo editor, enter TextWrangler.app
http://localhost/http://localhost/


4/14

2. Open a terminal window and browse to ~/Desktop/LabFiles.

3. Now lets import Firefox3.1. Enter munkiimport Firefox 11.0.dmg(Or drag and drop the firefox.dmg

into the terminal window instead of typing it out)3.1.1. Leave Item nameas the default ( Firefox )3.1.2. For Display Name, enter a user-friendly name such as MozillaFirefox.

This is what the end-user will see when Managed Software Updatesruns.

3.1.3. Enter a meaningful Descriptionor leave it empty.3.1.4. Take the default value of 11.0for the Version3.1.5. Also take the default catalog of testing3.1.6. When asked if you want to import, enter yand press return.3.1.7. When asked which subdirectory to upload it to, enter Apps/Mozillaand

press y to create the path when prompted.

4. The pkginfo file will open up in TextWrangler. Look over the general format of the fileand pay attention to how the keys are laid out. Of special interest are the catalogskey,installskey, namekey and the versionkey.

5. Switch back to terminal, enter yand press return to rebuild the catalogs.

Firefox is now imported into the munki repo and ready to be added to a manifest. If youbrowse to/Library/WebServer/Documents/repo and look in the pkgs folder, you willnotice there is now an Appsfolder which contains a Mozillafolder. Inside of theMozillafolder you will find the Firefox 11 dmg that we imported. If you look in pkgsinfo/

Apps/Mozilla/you will find the pkginfo file that was generated by munkiimport.

Customize pkginfo as desired

At this point, Firefox could be installed using the basic information that munkiimportgenerated for it, but there is at least one key which would make the process gosmoother. We are going to add the unattended_installkey to the pkginfo for Firefox 11so that it can install silently in the background without bugging the user. If Firefox isopen when Managed Software Updates.app runs, it will ask the end user to closeFirefox so it can be updated. If munki is doing a silent run in the background andFirefox.app is running, it will delay the install until next run.

1. Browse to/Library/WebServer/Documents/repo/pkgsinfo/Apps/Mozilla/ andopen Firefox-11.0.plist.

2. We will add a key to make the install smarter. Add the following key just before theminimum_os_version key, although it could go anywhere in the pkginfo file so longas it is not inside another key and is at the root level of indentation (should be oneindent). Enter the following:


5/14

unattended_install 3. Once the key and value has been entered, save the pkginfo file.

4. Go back to Terminal.app and run makecatalogs /Library/WebServer/Documents/repoto update the catalogs with your change.

Firefox is now ready to go.

Add package to a manifestWe now need to create a manifest, add the catalogs that the clients should use to installthe software and add the software that we want the clients to install. Since weconfigured munkiimport earlier, manifestutil is aleady configured as well.

1. Create a new manifest for our clients:1.1. Type manifestutiland press enter to go into interactive mode (Hint: Use tab

to autocomplete the manifest and package names).1.2. Enter new-manifest Munkiaroundand press return1.3. Key in add-catalog testing --manifest Munkiaroundand hit return1.4. Finally, enter add-pkg Firefox --manifest Munkiaroundand press return1.5. Type exitand press return to quit manifestutil.

2. Browse to/Library/WebServer/Documents/repo/manifestsand open Munkiaroundin TextWrangler. Note the different sections of the file, specifically the catalogssection as well as the managed_installssection, which is where our Firefox install

is.

We have imported a package, customized it to run as an unattended_install and createda manifest file so that the clients know what to install and from which catalog. The onlything left to do is to configure a client.

Client Configuration and TestingThere are many great options available for configuring clients, but for the purposes ofthis lab we are going to do the bare minimum number of settings.

Configuring ManagedInstalls.plist1. In Terminal.app, run sudo /usr/local/munki/managedsoftwareupdate. This will fail

because it is not configured. The purpose of running it is to create a barebonesManagedInstalls.plist

2. Browse to/Library/Preferences/in Finder.

3. Open ManagedInstalls.plistin TextWrangler


6/14

4. In the SoftwareRepoURLkey, set http://munki/repo/ to http://localhost/repo

5. We only need to set one more key. It is the ClientIdentiferkey. This key tells munki

which manifest to use. In this case, we want munki to use the Munkiaroundmanifest. Do this by adding the following to ManagedInstalls.plist:ClientIdentifier Munkiaround

6. The settings should similar to this:

7. Once you have added the ClientIdentifier Key, save and closeManagedInstalls.plist.

Time for a test drive

1. Open Terminal.app

2. Run sudo /usr/local/munki/managedsoftwareupdate

3. If all was configured properly, munki should have downloaded Firefox 11.0.dmg andgiven you a summary of the items to be installed/upgraded.

4. To finish the install, run sudo /usr/local/munki/managedsoftwareupdate --installonly


7/14

5. As Firefox installs, munki will give you feedback on which step it is on and if it wassuccessful or not. Open Firefox and confirm that it is installed correctly.

6. Lets try another way of running managedsoftwareupdate. Delete Firefox.app from /Applications. Because Firefox is listed under managed_installsin the manifest,

munki will see that it is now missing and reinstall it for us.

7. Run/Applications/Utilities/Managed Software Update.app. This will open theinterface that the end users will see during an update. Click Update nowand thenUpdate without logging out to Install Firefox.

8. Lets do one last way of doing a munki run. Delete Firefox.app from /Applications.

9. Run sudo /usr/local/munki/managedsoftwareupdate --auto

10.Munki will do an automatic run where it downloads and installs Firefox. If a user had

had an older version of Firefox open when --auto ran, Managed SoftwareUpdate.app would have opened and politely asked them to close Firefox and installthe update.

At this point, the install is tested and ready for production. To move it to production, youwould want to edit the pkginfo file for Firefox and change the catalog from testingtoproductionand then run makecatalogs /Library/WebServer/Documents/repo. Afterthis command is run, if you had machines pointed at the production catalog, they wouldnow get Firefox 11. (Note: with munki tools 0.8.2.1465 or newer, you can runmakecatalogs without specifying the repo location if it has been previously configuredwith munkiimport or manifestutil.)

Extra CreditThe extra credit files can be found in the Extra Creditfolder inside of the Lab Filesfolder. The Mozilla folder is for the Firefox 10 ESR + CCKsection and the Adobefolder is for the Adobe Flash Playersection.

Firefox 10 ESR + CCKFirefox 10 ESR is the new Extended Service Release offered by Mozilla. The ESRchannel was created to allow organizations sufficient time to confirm that the newversions work with their web-based products. We will be installing the Firefox 10 ESR

as well as customizing it using a pre-made CCK Extension (See https://addons.mozilla.org/en-US/firefox/addon/cck/for more information about the CCKExtension)

We do not want Firefox 11 because it is bleeding edge, so we will first move it out of theway so it does not interfere with our Firefox 10 ESR install, then continue with the importand customization.
https://addons.mozilla.org/en-US/firefox/addon/cck/https://addons.mozilla.org/en-US/firefox/addon/cck/https://addons.mozilla.org/en-US/firefox/addon/cck/https://addons.mozilla.org/en-US/firefox/addon/cck/https://addons.mozilla.org/en-US/firefox/addon/cck/https://addons.mozilla.org/en-US/firefox/addon/cck/


8/14

Remove Firefox 11s catalog and Delete it from the machine1. Browse to/Library/WebServer/Documents/repo/pkgsinfo/Apps/Mozilla/ and

open Firefox-11.0.plist.1.1. Under the catalogssection, remove testingand save the file. You can also

change it from testing to something such as deprecated, so long as it makes

sense to you.1.2. Open Terminal1.3. Run makecatalogs /Library/WebServer/Documents/repo1.4. We also need to remove this version from the machine, otherwise munki will

see that Firefox 10 is older than Firefox 11 and not install it. Move/Applications/Firefox.appto the trash and empty it.

Import Firefox 10 ESR2. In Terminal.app, browse to ~/Desktop/LabFiles/ExtraCredit/Mozilla

2.1. Enter munkiimport Firefox 10.0.3esr.dmg2.1.1. When asked to use the existing item as a template, enter yand press

return.2.1.2. Leave Item nameas the default ( Firefox )2.1.3. For Display Name, enter a user-friendly name such as Mozilla Firefox.

This is what the end-user will see when Managed Software Updatesruns.

2.1.4. Enter a meaningful Descriptionor leave it empty.2.1.5. Take the default value of 10.0.3for the Version2.1.6. Also take the default catalog of testing2.1.7. When asked if you want to import, enter yand press return.

2.2. Leaving the TextWrangler window open, go back to Terminal and select N for

rebuilding catalogs, then run makepkginfo --postinstall_script= ~/Desktop/LabFiles/ExtraCredit/Mozilla/installscripts/Firefoxpostinstallscript.sh

2.3. Copy from postinstall_scriptthrough and paste it intothe Firefox-10.0.3.plist. It must be at the root level of the xml file (oneindent)

2.4. Because we selected ywhen asked if we wanted to use the existing item as atemplate, the unattended_installkey should already be in the pkginfo file. Ifit isnt present, add it and save the file. Here is what it looked like:

unattended_install

2.5. Close the pkginfo file and back in Terminal, run makecatalogs /Library/

WebServer/Documents/repo to rebuild the catalogs.

2.6. That is all for the Firefox installer.


9/14

3. Firefox CCK

For this package, we will be copying a folder into place. We will create a .dmg thatcontains the folder inside the repo, create a pkginfo file for it using the makepkginfocommand and finally setting some keys to make sure it runs properly.

3.1. In Terminal.app, browse to ~/Desktop/LabFiles/ExtraCredit/Mozilla

3.2. Run hdiutil create -srcfolder FirefoxCCK /Library/WebServer/Documents/repo/pkgs/Apps/Mozilla/FirefoxCCK-1.0.0.dmg

3.3. Now that we have the .dmg, we need to create a pkginfo file for it. In terminal,type makepkginfo /Library/WebServer/Documents/repo/pkgs/Apps/

Mozilla/FirefoxCCK-1.0.0.dmg --mode=go-w --item={ec8030f7-c20a-464f-9b0e-13a3a9e97384} --destinationpath=/Library/ApplicationSupport/Mozilla/Extensions > /Library/WebServer/Documents/repo/pkgsinfo/Apps/Mozilla/FirefoxCCK-1.0.0.plist

What weve done with this command is tell munki that we have a .dmg with afolder named {ec8030f7-c20a-464f-9b0e-13a3a9e97384} in it and we want tocopy it to /Library/Application Support/Mozilla/Extensions/. We are alsosetting the owner, group and other permissions in that one command. By default,makepkginfo dumps the pkginfo file or pkginfo keys it creates to thecommandline. We could have just copied and pasted the results into a new file,

but instead we have redirected the output directly into the file we wanted(FirefoxCCK-1.0.0.plist).

We now have a pkginfo file for FirefoxCCK-1.0.0, but there is one major problemwith it. If the destinationpathdoes not exist before munki tries to copy the fileinto place, it will fail. We need to create all the paths necessary for the install tosucceed. We will do this by adding a preinstall_script. The script to make thefile path is provided in the Lab Files, we just need to get it into the pkginfo file.

3.4. Open/Library/WebServer/Documents/repo/pkgsinfo/Apps/Mozilla/FirefoxCCK-1.0.0.plist in TextWrangler.app.

3.5. Back in Terminal.app, run makepkginfo --preinstall_script= ~/Desktop/LabFiles/ExtraCredit/Mozilla/installscripts/CCKpreinstallscript.sh

3.6. Copy from preinstall_scriptthrough and paste it intothe FirefoxCCK-1.0.0.plist. It must be at the root level of the xml file (oneindent)


10/14

3.7. Now lets make sure that the CCK gets installed where ever Firefox is installed.Adding the update_forkey will give us the desired behavior.

update_for Firefox

3.8. Also, to make the install a bit smarter if there are updates to the CCK, letsmake it so that it can install/uninstall silently:

unattended_install unattended_uninstall 3.9. Set the Namekey to FirefoxCCK.By default when doing a CopyFromDMG

install type, it will be named as whatever the --itemwas in the commandabove.

3.10. Set the Versionkey to 1.0.0 and save the pkginfo file.

3.11. Back in Terminal.app, run makecatalogs /Library/WebServer/Documents/repo

3.12. Check your work. Run sudo /usr/local/munki/managedsoftwareupdate andmake sure there are no errors. If you do run into errors, try to figure out what

the problem is based upon the error message.

3.13. Once checkonly runs cleanly, run sudo /usr/local/munki/managedsoftwareupdate --installonly. Make sure there are no errors and itwas a clean install. If it ran without error, Open Firefox and check your work.It should have the CCK installed, which will have a custom home page, abookmarks toolbar folder with helpful munki resources and the Helpmenu willhave an entry named Munki.

3.14. Thats it! Youve made a customized Firefox 10 ESR install that also installs aCCK Extension. The CCK will persist through updates (10.0.3 to 10.0.4, etc)

Adobe Flash PlayerThis one is more tricky than average because Adobe stuffs the flash player applepackage inside of a .app file. We will import the Apple Package properly, then add afinishing touch which will prevent flash player from trying to do automatic updates.


11/14

Flash PlayerInstalling flash player is fairly straight forward, but with a twist. The default installer isa .app installer file, but if you drill down into it, there is a proper apple .pkg file that wecan use instead.

Import Flash Player to the munki repo1. Mount install_flash_player_osx.dmglocated in~/Desktop/LabFiles/ExtraCredit/Adobe/

2. In Terminal.app, run munkiimport /Volumes/Flash Player/Install Adobe FlashPlayer.app/Contents/Resources/Adobe Flash Player.pkg (Hint: Right click theinstaller .app, show package contents and browse to the .pkg file. typemunkiimport in terminal, then drag and drop the .pkg file into terminal. It willautomatically add the full path for you).2.1. Take the default Item name2.2. Type a meaningful Display name like Adobe Flash Player Plugin

2.3. Enter a description if desired.2.4. Take the version number that munkiimport provides.2.5. Take the default catalog of testing2.6. Press yto import the item2.7. When asked for a subdirectory, enter Apps/Adobe2.8. Pressyto create the file path.

Customize the pkginfo file so that it doesnt fail during install3. The pkginfo file for Adobe Flash Player will open in TextWrangler. We need to add a

few extra keys to make sure the installer runs in a smart fashion. All these keys goat the root level (one indent) of the pkginfo unless otherwise noted.

3.1. First add a blocking_applicationskey as follows:

blocking_applications Firefox Safari Opera Google Chrome 3.2. Because flash no longer supports PowerPC, we need to ensure it only installs

on Intel machines by using a supported_architectureskey:

supported_architectures

i386x86_64


12/14

3.3. Finally, lets add an unattended_installkey so that it can install silently as

long as none of the blocking_applications are open:unattended_install

3.4. Save and close the pkginfo file, say yto Rebuild catalogs? in Terminal.app

3.5. Flash player is now in the repo and ready to be installed.

Disabling Automatic Updates - OptionalThis is done using a mms.cfg file which is documented here: http://www.adobe.com/devnet/flashplayer/articles/flash_player_admin_guide.html

1. Create a .dmg and import it into the repo.

1.1. In Terminal.app, browse to ~/Desktop/LabFiles/ExtraCredit/Adobe

1.2. Run hdiutil create -srcfolder DisableAutoUpdate /Library/WebServer/Documents/repo/pkgs/Apps/Adobe/DisableFlashAutoUpdate-1.0.0.dmg

1.3. Now that we have the .dmg, we need to create a pkginfo file for it. In terminal,type makepkginfo /Library/WebServer/Documents/repo/pkgs/Apps/Adobe/DisableFlashAutoUpdate-1.0.0.dmg --mode=go-w --item=mms.cfg --destinationpath=/Library/Application Support/Macromedia/ > /Library/WebServer/Documents/repo/pkgsinfo/Apps/Adobe/DisableFlashAutoUpdate-1.0.0.plist

1.4. Open/Library/WebServer/Documents/repo/pkgsinfo/Apps/Adobe/DisableFlashAutoUpdate-1.0.0.plistin TextWrangler.app.

2. Customize the pkginfo file2.1. We need a preinstall_script to create the file path that mmf.cfg will go to.

Back in Terminal.app, generate a preinstall_scriptkey using makepkginfo --preinstall_script= ~/Desktop/LabFiles/ExtraCredit/Adobe/preinstall_script.sh

2.2. Copy from preinstall_scriptthrough and paste it into

the DisableFlashAutoUpdate-1.0.0.plist. It must be at the root level of thexml file (one indent)
http://www.adobe.com/devnet/flashplayer/articles/flash_player_admin_guide.htmlhttp://www.adobe.com/devnet/flashplayer/articles/flash_player_admin_guide.htmlhttp://www.adobe.com/devnet/flashplayer/articles/flash_player_admin_guide.htmlhttp://www.adobe.com/devnet/flashplayer/articles/flash_player_admin_guide.htmlhttp://www.adobe.com/devnet/flashplayer/articles/flash_player_admin_guide.htmlhttp://www.adobe.com/devnet/flashplayer/articles/flash_player_admin_guide.htmlhttp://www.adobe.com/devnet/flashplayer/articles/flash_player_admin_guide.htmlhttp://www.adobe.com/devnet/flashplayer/articles/flash_player_admin_guide.htmlhttp://www.adobe.com/devnet/flashplayer/articles/flash_player_admin_guide.htmlhttp://www.adobe.com/devnet/flashplayer/articles/flash_player_admin_guide.html


13/14

2.3. Now lets make sure that DisableFlashAutoUpdategets installed where everFlashPlayer is installed. The update_forkey will give us the desired behavior.

update_for Adobe Flash Player

2.4. Also, to make the install a bit smarter if there are updates toDisableFlashAutoUpdate, lets make it so that it can install/uninstall silently:

unattended_install unattended_uninstall 2.5. Set the Namekey to DisableFlashAutoUpdate.Save and close the pkginfo

file.

3. Update catalogs, add to manifest and do a test run3.1. Back in Terminal.app, run makecatalogs /Library/WebServer/Documents/

repo

3.2. Run manifestutiland enter add-pkg Adobe Flash Player --manifestMunkiaroundand press return. Type exitand press enter to quit manifestutil.

3.3. Lets check your work. Run sudo /usr/local/munki/

managedsoftwareupdateand make sure there are no errors. If you do runinto errors, try to figure out what the problem is based upon the errormessage.

3.4. Once checkonly runs cleanly, run sudo /usr/local/munki/managedsoftwareupdate --installonly. Make sure there are no errors and itwas a clean install.

3.5. Make sure mms.cfgexists in/Library/Application Support/Macromedia.Also, check the Flash Playerprefpane in System Preferences. UnderAdvanced, it should display the version of flash and have Never check for

updatesselected.


14/14

The End

Many thanks to the following people/groups:

Greg Neagle (Creator of Munki), Sr. Systems Engineer, Walt Disney Animation Studios

Anurag Mohanty, Associate Systems Engineer, Columbia University LibrariesSteve Yuroff - Network and System Administrator, HiebingTimothy Sutton - Systems Consultant, Concordia University, Faculty of Fine Arts

The munki-dev mailing listEveryone in ##osx-server on irc.freenode.net