Munki vs. Puppet/Linux-way
737 views
Skip to first unread message
LifeLearner
May 21, 2015, 7:02:52 PM5/21/15
to munk...@googlegroups.com
Hi,
As a new Mac admin, having been a UNIX/Linux admin, I keep asking this to myself and rather want to ask experts here before going further.
We can install .pkg, .mpkg packages using the "installer" command.
We can install .dmg packages using "hdiutil" and "cp" commands.
We also can use those commands using some CM tools like Puppet, Chef, Ansible, or SaltStack.
Version controls, etc. can also be done using the Puppet/Linux-way with RCS or GIT.
In certain situations, should I be using Munki only and those tools cannot do those things as well as Munki?
Functionality-wise, does Munki provide particular conveniences over those tools other than GUI vs. CLI and one tool vs. a set of tools?
Thanks in advance.
- Life Learner
as...@siprep.org
May 21, 2015, 7:20:06 PM5/21/15
to munk...@googlegroups.com
When you say we are you talking about you and other admins?
I will say one of the nice things Munki offers is a self-service installer for users who are not admins to pick from a pre-approved set of apps (sort of like apt-get but without the sudo).
Jason Hueske
May 21, 2015, 8:16:54 PM5/21/15
to munk...@googlegroups.com
Use puppet to configure munki, feed munki’s repo with autopkg.
Munki is of best-of-breed user self-service. Having that as a tool in the overall package-handling logic is essential if minimizing support is desired.
E.g., user at home can decide to download and install a whole OS upgrade overnight, using an interface that works like the App Store, with no privilege escalation or support of any kind required. The user can minimize the impact to themselves while fully self-managing.
--
You received this message because you are subscribed to the Google Groups "munki-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to munki-dev+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Tim Sutton
May 21, 2015, 9:03:53 PM5/21/15
to munk...@googlegroups.com
Regardless of how much (or whether at all) you make use of Munki's
great self-service features, even if you _only_ consider how
well-thought out its handling of installation and removals are - the
ability to control how it does or doesn't interact with the user,
handles logouts and restarts well, its built-in mechanisms for
detecting running applications and installing only when it's safe to
do so, very robust and seamless handling of Apple updates and Adobe
installers, and almost never a need to repackage a vendor installer -
CM systems like those you mention simply don't have the Mac-specific
support required to handle these features, and they will never be able
to because they aren't designed to manage desktop OSes.
Puppet seems to have the most inertia in terms of some Mac support,
but the support in core modules is _very_ dated at this point and the
community support seems to be largely thanks to very few maintained
modules such as Brian Warsing's
(http://dayglojesus.github.io/managedmac). Chef has some limited
support and the others can do on a Mac the typical UNIX stuff:
template files on disk, enforce permissions, users, sudoers, etc. So
for wherever you want to "configuration manage," you can use these
tools to some effect and probably more effectively than using Munki,
but you'll also find they're of limited use simply due to the range of
things which might need to be configured.
More and more of these CM 'tasks' are best handled using Configuration
Profiles, and Munki actually has good built-in support for these. I've
been able to get by using Munki as my "configuration management"
system instead of implementing another tool, just because the things I
would use Puppet for only account for about 5% of the items in my
repository - the rest are installers for software, updates,
configuration profiles and supporting LaunchAgents/LaunchDaemons.
Since Munki is the best package installer and I ship most of these
things in the form of installer packages (or vendor apps in disk
images), it makes sense to just have Munki do some of the work that
might be better suited to something like Puppet (like 'enforcing' a
firewall configuration, for example).
If you had a desire to use another system just to handle the
"layering" of client configurations (Hiera, for example) it's entirely
feasible to do more dynamic configuration of clients with some added
server-side code as well.
Tim
great self-service features, even if you _only_ consider how
well-thought out its handling of installation and removals are - the
ability to control how it does or doesn't interact with the user,
handles logouts and restarts well, its built-in mechanisms for
detecting running applications and installing only when it's safe to
do so, very robust and seamless handling of Apple updates and Adobe
installers, and almost never a need to repackage a vendor installer -
CM systems like those you mention simply don't have the Mac-specific
support required to handle these features, and they will never be able
to because they aren't designed to manage desktop OSes.
Puppet seems to have the most inertia in terms of some Mac support,
but the support in core modules is _very_ dated at this point and the
community support seems to be largely thanks to very few maintained
modules such as Brian Warsing's
(http://dayglojesus.github.io/managedmac). Chef has some limited
support and the others can do on a Mac the typical UNIX stuff:
template files on disk, enforce permissions, users, sudoers, etc. So
for wherever you want to "configuration manage," you can use these
tools to some effect and probably more effectively than using Munki,
but you'll also find they're of limited use simply due to the range of
things which might need to be configured.
More and more of these CM 'tasks' are best handled using Configuration
Profiles, and Munki actually has good built-in support for these. I've
been able to get by using Munki as my "configuration management"
system instead of implementing another tool, just because the things I
would use Puppet for only account for about 5% of the items in my
repository - the rest are installers for software, updates,
configuration profiles and supporting LaunchAgents/LaunchDaemons.
Since Munki is the best package installer and I ship most of these
things in the form of installer packages (or vendor apps in disk
images), it makes sense to just have Munki do some of the work that
might be better suited to something like Puppet (like 'enforcing' a
firewall configuration, for example).
If you had a desire to use another system just to handle the
"layering" of client configurations (Hiera, for example) it's entirely
feasible to do more dynamic configuration of clients with some added
server-side code as well.
Tim
LifeLearner
May 22, 2015, 11:45:40 AM5/22/15
to munk...@googlegroups.com
Thanks a lot to everyone, esp. Tim, for the explanation.
I think I start liking Munki, though I'm just beginning. :)
- Life Learner
tackyy
May 22, 2015, 2:45:57 PM5/22/15
to munk...@googlegroups.com
You may also want to check out Reposado:
It’s a good complement to a Munki repo.
tack
Reply all
Reply to author
Forward
0 new messages