Exclude an item from an included manifest
250 views
Skip to first unread message
Josh Malone
Aug 6, 2012, 1:17:45 PM8/6/12
to munk...@googlegroups.com
Hi all,
I'm asking on the off-chance that someone has a good idea how to do
this. My situation finds me needing to set up a small batch of
machines that are 99% identical to our default included manifest but
with one package removed. Is there a good way to do this? Apparently
managed_installs has priority over managed_uninstalls.
Thanks!
-Josh
I'm asking on the off-chance that someone has a good idea how to do
this. My situation finds me needing to set up a small batch of
machines that are 99% identical to our default included manifest but
with one package removed. Is there a good way to do this? Apparently
managed_installs has priority over managed_uninstalls.
Thanks!
-Josh
Gregory Neagle
Aug 6, 2012, 1:36:02 PM8/6/12
to munk...@googlegroups.com
Create a new manifest with that one package removed.
Sent from my iPhone
Sent from my iPhone
Josh Malone
Aug 6, 2012, 1:41:27 PM8/6/12
to munk...@googlegroups.com
On Mon, Aug 6, 2012 at 1:36 PM, Gregory Neagle <gregn...@mac.com> wrote:
> Create a new manifest with that one package removed.
Well, sure, yeah. I was just hoping for a way to say "everything from
> Create a new manifest with that one package removed.
this manifest except foo".
Can I submit that as a "feature request" then? :)
(I know, I know, code submissions always accepted...)
Joe Wollard
Aug 6, 2012, 1:51:38 PM8/6/12
to munk...@googlegroups.com, munk...@googlegroups.com
The problem with this feature request is that the feature already exists via included_manifests. It just requires a bit of additional setup. Barring code, Could you provide an example manifest set that illustrates your request a little more clearly just to make sure we're not missing something?
---
Joe Wollard
---
Joe Wollard
Josh Malone
Aug 6, 2012, 2:00:39 PM8/6/12
to munk...@googlegroups.com
On Mon, Aug 6, 2012 at 1:51 PM, Joe Wollard <joe.w...@gmail.com> wrote:
> The problem with this feature request is that the feature already exists via included_manifests. It just requires a bit of additional setup. Barring code, Could you provide an example manifest set that illustrates your request a little more clearly just to make sure we're not missing something?
I'll try:
> The problem with this feature request is that the feature already exists via included_manifests. It just requires a bit of additional setup. Barring code, Could you provide an example manifest set that illustrates your request a little more clearly just to make sure we're not missing something?
manifest "base":
<key>managed_installs</key>
<array>
<string>Firefox</string>
<string>VLC media player</string>
<string>Thunderbird</string>
<string>vpn</string>
<string>vpn-config</string>
<string>iTerm</string>
lots of others....
</array>
manifest "normal_clients"
<key>included_manifests</key>
<array>
<string>base</string>
</array>
<key>managed_installs</key>
<array>
<string>Office2008</string>
</array>
But, our PR department needs Office 2011 even though we haven't rolled
it out to the rest of the company due to compatibility problems, so:
manifest "epo-department"
<key>included_manifests</key>
<array>
<string>base</string>
</array>
<key>managed_installs</key>
<array>
<string>Office2011</string>
</array>
Then, all of our clients have a per-host manifest that includes
"normal_clients". Now, I'm sure this looks ugly to some but it's
working here quite well. Now, I have some machines that aren't
authorized to use the VPN and I need to remove the package "vpn" from
them but leave everything else. I was just hoping not to have to
maintain 2 copies of 'base' because it's quite large. I could script
it I suppose... wouldn't be too hard.
But if there's a more elegant way to do that, I'm all ears.
-Josh
Joseph Rafferty
Aug 6, 2012, 2:09:27 PM8/6/12
to munk...@googlegroups.com
So, could you move Office 2008 and Office 2011 into their own manifests, and include them like so:
<array>
Manifest "normal-clients":
<key>included_manifests</key><array>
<string>office-2008</string>
<string>base</string>
</array>
Manifest "pr-clients":
<key>included_manifests</key>
<array>
<array>
<string>office-2011</string>
<string>base</string>
</array>
Manifest "base":
<key>managed_installs</key>
<array>
<string>Firefox</string>
<string>VLC media player</string>
<string>Thunderbird</string>
<string>vpn</string>
<string>vpn-config</string>
<string>iTerm</string>
lots of others....
<array>
<string>Firefox</string>
<string>VLC media player</string>
<string>Thunderbird</string>
<string>vpn</string>
<string>vpn-config</string>
<string>iTerm</string>
lots of others....
</array>
Richard Chilcott
Aug 6, 2012, 2:10:56 PM8/6/12
to munk...@googlegroups.com
We have a feature like this in munkiserver -- essentially, if there is a managed_uninstall that clashes with a managed_install, we remove the application from the manifest. That said, another way would be to do the following:
1) Remove the vpn and vpn-config from base
2) Add a vpn manifest for only the machines that need it.
Ricky
`
1) Remove the vpn and vpn-config from base
2) Add a vpn manifest for only the machines that need it.
Ricky
`
Joe Wollard
Aug 6, 2012, 2:11:21 PM8/6/12
to munk...@googlegroups.com
If I understand you correctly, the problem is that some clients shouldn't have the VPN software, but most do. If that's the case, you'd need to edit the per-client manifests with or without the feature request. Is there anything that might help you identify those folks who shouldn't have VPN software through something conditional_items? If it's machine based, you could add a conditional_items array to your 'base' manifest that requires a machine be a laptop in order to install the VPN software or something similar. If it's per-user, then I don't have a more elegant solution for you at the moment.--
Joe Wollard
Reply all
Reply to author
Forward
0 new messages