customizing the munki client from Simian

213 views
Skip to first unread message

Dan O'Boyle

unread,
Jan 12, 2015, 6:00:15 PM1/12/15
to simian-...@googlegroups.com
Hello!

I've really enjoyed reading through your forums for solutions - but this one has me stumped. 

This seems to be an appengine specific issue - I can verify that the .zip is accessable from an authenticated Google apps account. 

It's seems well documented that to customize Munki you need ensure the correctly formatted site_default.zip file is located at your repo/client_resources/site_default.zip

I've places the attached site_default.zip file on my appengine instance, But no joy - Munki still loads it's defaults.

I've setup a secure static route for the file:

In app.yaml:
- url: /client_resources
  static_dir
: client_resources
  secure
: always
  login
: required

Debugging returns:
/usr/local/munki/managedsoftwareupdate -vvv

Date: Mon, 12 Jan 2015 21:03:15 GMT

 

    
Content-Type: text/html 

    
Server: Google Frontend 

    
Content-Length: 0 

    
Alternate-Protocol: 443:quic,p=0.02 

    
Getting client resources... 

    
Could not retrieve client resources with name site_default.zip: HTTP result 302: Found 

    
No change in InstallInfo.

site_default.zip

Justin McWilliams

unread,
Jan 12, 2015, 6:35:55 PM1/12/15
to simian-...@googlegroups.com
Dan,

Thanks for your mail!

By setting "login: required", you're enforcing Google Account authentication.  Try hitting the URL from Chrome Incognito Mode and you'll be redirected (hence HTTP result 302) to the login page.

You'll want to choose:
1) Omitting "login: required" and being OK with anyone on the Internet having access to your zip file.
2) Creating a handler which does Simian's custom auth validation, then serves the zip if passed; example for how we serve catalogs: https://github.com/google/simian/blob/master/src/simian/mac/munki/handlers/catalogs.py#L48
3) Waiting for us to implement and open-source this feature.  Our team is working on serving package icons now, and larger customization later.

Does this help?  Doing #1 temporarily with non-sensitive customization would at least confirm :)

- Justin

--
You received this message because you are subscribed to the Google Groups "Simian Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to simian-discus...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Gregory Neagle

unread,
Jan 12, 2015, 6:39:10 PM1/12/15
to simian-...@googlegroups.com
Other options include serving icons and client resources from a static web server somewhere and setting IconURL and ClientResourceURL appropriately.

Dan O'Boyle

unread,
Jan 12, 2015, 7:39:01 PM1/12/15
to simian-...@googlegroups.com
Justin,
Thanks for the quick reply.
Removing the login:required does allow the zip to download successfully, and is sufficiently secure for my needs.  

Unfortunately, I'm not seeing the custom changes applied to my client. 
I can confirm the contents of /Library/Managed Installs/client_resources/custom.zip 

I've cleared the contents of /Library/Caches/com.googlecode.munki.ManagedSoftwareCenter/

I'm still seeing the html directory static files populated with the default images / templates, and the custom directory is empty.


My guess currently is that custom.zip is failing the check before Munki expands it into the cache.

Any feedback is welcome - I'm currently digging through Munki's source for the relevant code..


--
You received this message because you are subscribed to a topic in the Google Groups "Simian Discuss" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/simian-discuss/sTQZhSlHb1c/unsubscribe.
To unsubscribe from this group and all its topics, send an email to simian-discus...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.



--
Dan O'Boyle
Internal Support Engineer
StackExchange 

Gregory Neagle

unread,
Jan 12, 2015, 8:45:09 PM1/12/15
to simian-...@googlegroups.com, munk...@googlegroups.com
ccing munki-dev since this is no longer a simian issue...

On Jan 12, 2015, at 4:39 PM, Dan O'Boyle <dob...@stackoverflow.com> wrote:

Justin,
Thanks for the quick reply.
Removing the login:required does allow the zip to download successfully, and is sufficiently secure for my needs.  

Unfortunately, I'm not seeing the custom changes applied to my client. 
I can confirm the contents of /Library/Managed Installs/client_resources/custom.zip 

And they are?
Specifically, creating the zip archive via the Finder's "Compress" contextual item will not generate an archive with the correct layout.

I've cleared the contents of /Library/Caches/com.googlecode.munki.ManagedSoftwareCenter/

Assume you mean ~/Library/Caches/com.googlecode.munki.ManagedSoftwareCenter/

I'm still seeing the html directory static files populated with the default images / templates, and the custom directory is empty.


My guess currently is that custom.zip is failing the check before Munki expands it into the cache.

Any feedback is welcome - I'm currently digging through Munki's source for the relevant code.



Managed Software Center expands it:

Set both MSULogEnabled and MSUDebugLogEnabled to True in /Library/Preferences/ManagedInstalls.plist to cause MSC debug logs to be written to /Users/Shared/.com.googlecode.munki.ManagedSoftwareUpdate.logs/

-Greg

Dan O'Boyle

unread,
Jan 12, 2015, 9:19:15 PM1/12/15
to simian-...@googlegroups.com
Thanks for hooking in Munki-Dev, Greg.


On Mon, Jan 12, 2015 at 8:45 PM, Gregory Neagle <gregn...@mac.com> wrote:
And they are?

The contents of /Library/Managed Installs/client_resources/custom.zip match the file I uploaded to Simian (Attached)
I generated that file by grabbing the example .zip from http://downloads.munki.googlecode.com/git/site_default.zip
And then replacing banner.png with a custom banner.

 Assume you mean ~/Library/Caches/com.googlecode.munki.ManagedSoftwareCenter/
Yes - Missed a ~ on that paste.

Everything looks to be happening correctly in download_client_resources()

I added the MSUDebugLogEnabled Key and checked to ensure that MSULogEnabled were both set to YES (True) but I'm getting back an empty log file at in /Users/Shared/.com.googlecode.munki.ManagedSoftwareUpdate.logs
site_default.zip

Dan O'Boyle

unread,
Jan 12, 2015, 9:34:42 PM1/12/15
to simian-...@googlegroups.com, munk...@googlegroups.com
Greg,
I found it. From the link you offered..

I recommend that you use the command-line zip tool to create the actual archive. Using the Finder's "Compress foo" command will not create archives with the expected layout.

I rebuilt my Zip correctly and it's working perfectly.

Thanks.

da...@thoughtmachine.net

unread,
Apr 20, 2017, 6:38:40 AM4/20/17
to Simian Discuss, munk...@googlegroups.com
Excuse the thread necromancy..

"I've places the attached site_default.zip file on my appengine instance, But no joy - Munki still loads it's defaults."

I can see how to edit the respective YAML bits, but how/where exactly to you place the site_default.zip ? Just dump it into the storage bucket with the appropriate directory created?

Thanks in advance!

David

da...@thoughtmachine.net

unread,
Apr 20, 2017, 9:43:57 AM4/20/17
to Simian Discuss

For anyone in a similar situation:

In the synced git tree you place the custom site_default.zip file into  simian/gae_resources/client_resources
However, the symlink generated by create_gae_bundle script during make release appears to be broken.
I had to change line 25 of

From 
ln -s ../$SIMIAN_ROOT/gae_resources/client_resources $BUNDLE_ROOT/client_resources

to 

ln -s $SIMIAN_ROOT/gae_resources/client_resources $BUNDLE_ROOT/client_resources
It's a   3 char change for anyone who is willing and able. Will see if I can get a fresh git sync and submit myself if time allows!
Reply all
Reply to author
Forward
0 new messages