Setting up Munki - Manifest Trouble

894 views
Skip to first unread message

jaime...@gmail.com

unread,
Jul 6, 2015, 6:46:12 PM7/6/15
to munk...@googlegroups.com
Hi all,

Hoping to gather some insight on something I'm probably doing wrong.  I'll try to be a descriptive as possible.

I've set up a Munki repo on a Mac Mini running 10.10.4, apache running, can get to it via HTTP - seems to be doing great.

I've populated the repo with our org's default software.  I've also configured ManagedInstalls.plist and have it successfully serving through DS upon imaging w/ the ClientIndentifier set to "bootstrap" (referencing Steve Y's instruction in "Going MAD") and have used MunkiAdmin to create a bootstrap and universal manifest.  I've added the testing catalog which contains all the default software to the universal manifest (for testing temporarily) and set the universal manifest to be included in the bootstrap manifest.  Here's what the plists from both look like:

bootstrap
?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>catalogs</key>
<array/>
<key>included_manifests</key>
<array>
<string>universal</string>
</array>
<key>managed_installs</key>
<array>
<string>munkienroll</string>
</array>
</dict>
</plist>

universal
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>catalogs</key>
<array>
<string>testing</string>
</array>
</dict>
</plist>

These both live in the Catalog folder in the Munki repo.  When I image a machine via the DS workflow, everything appears to be working correctly.   Upon first boot it checks for and downloads the latest apple updates (building out a SUS in the future, for now pointed to straight to apple) but Managed Software Center is only checking for Apple updates because of this manifest issue.  I've built in the Munki dependancies into the DS workflow that images the machine, so it should have everything there, I'm just not understanding what I'm doing wrong.

it14-munki2:~ macadmin$ sudo managedsoftwareupdate


WARNING: Improper use of the sudo command could lead to data loss

or the deletion of important system files. Please double-check your

typing when using sudo. Type "man sudo" for more information.


To proceed, enter your password, or type Ctrl-C to abort.


Password:

Managed Software Update Tool

Copyright 2010-2014 The Munki Project

https://github.com/munki/munki


Starting...

Checking for available updates...

WARNING: Manifest /Library/Managed Installs/manifests/client_manifest.plist has no catalogs

WARNING: Manifest /Library/Managed Installs/manifests/client_manifest.plist has no catalogs

WARNING: Manifest /Library/Managed Installs/manifests/client_manifest.plist has no catalogs

WARNING: Manifest /Library/Managed Installs/manifests/client_manifest.plist has no catalogs

    Getting client resources...

    Getting client resources...

Checking Apple Software Update catalog...

Checking for available Apple Software Updates...

Finishing...

Done.



Thoughts?

Message has been deleted

jaime...@gmail.com

unread,
Jul 6, 2015, 7:40:07 PM7/6/15
to munk...@googlegroups.com
Found this topic and updated so that the bootstrap manifest includes the testing catalog (will be changed in the future after I figure out the manifest/catalog relationship better) and the universal manifest is now empty.  The pkg munkienroll was available after I did that, and installed but nothing listed in available software after that.

The testing catalog is what currently has the software I'm trying to get the client to see and is included bootstrap manifest.

jaime...@gmail.com

unread,
Jul 6, 2015, 7:53:09 PM7/6/15
to munk...@googlegroups.com
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>catalogs</key>
<array>
<string>testing</string>
</array>
<key>included_manifests</key>
<array>
<string>universal</string>
</array>
<key>managed_installs</key>
<array>
<string>munkienroll</string>
</array>
</dict>
</plist>

I would expect to see the software in the testing catalog on the client with this configuration.  What am I doing wrong?

Nick McSpadden

unread,
Jul 6, 2015, 9:11:49 PM7/6/15
to munki-dev
Can you provide the output of managedsoftwareupdate -vv?  It might give some more insight as to what the issue is.

--
You received this message because you are subscribed to the Google Groups "munki-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to munki-dev+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.



--
--
Nick McSpadden
Client Systems Manager
Schools of the Sacred Heart, San Francisco

Gregory Neagle

unread,
Jul 6, 2015, 10:26:54 PM7/6/15
to munk...@googlegroups.com
With this manifest I would expect munkienroll to be installed and that’s it.

I’d expect nothing to be available in optional_installs.

IOW, it sounds like what you are seeing is exactly what I’d expect, given the contents of this manifest.

-Greg

Message has been deleted

Jaime Sutherland

unread,
Jul 6, 2015, 11:48:49 PM7/6/15
to munk...@googlegroups.com
it14-munki1:~ macadmin$ sudo managedsoftwareupdate -vvv

Managed Software Update Tool
Copyright 2010-2014 The Munki Project
https://github.com/munki/munki
Starting...
    No CA cert info provided, so nothing to add to System keychain.
    No client cert info provided, so no client keychain will be created.
Checking for available updates...
    Manifest base URL is: https://munki.server.com/manifests/
    Manifest base URL is: https://munki.server.com/manifests/
    Getting manifest bootstrap...
    Options: {'logging_function': <function display_debug2 at 0x111a80c80>, 'additional_headers': None, 'file': u'/Library/Managed Installs/manifests/client_manifest.plist.download', 'cache_data': {
    etag = "\"19d-51a408db17640\"";
    "last-modified" = "Tue, 07 Jul 2015 03:24:01 GMT";
}, 'url': u'https://munki.server.com/manifests/bootstrap', 'follow_redirects': False, 'download_only_if_changed': True, 'can_resume': False}
    connection_willSendRequestForAuthenticationChallenge_
    Authentication challenge for Host: munki.server.com Realm: None AuthMethod: NSURLAuthenticationMethodServerTrust
    Allowing OS to handle authentication request
    Status: 304
    Headers: {u'Date': u'Tue, 07 Jul 2015 03:36:33 GMT', u'Connection': u'Keep-Alive', u'Etag': u'"19d-51a408db17640"', u'Keep-Alive': u'timeout=15, max=100', u'Server': u'Apache'}
    Item is unchanged on the server.
    /Library/Managed Installs/manifests/client_manifest.plist already exists and is up-to-date.
    Using manifest: bootstrap
    **Checking for installs**
    ** Processing manifest client_manifest.plist for managed_installs
    Catalog base URL is: https://munki.server.com/catalogs/
    Getting catalog testing...
    Options: {'logging_function': <function display_debug2 at 0x111a80c80>, 'additional_headers': None, 'file': u'/Library/Managed Installs/catalogs/testing.download', 'cache_data': {
    etag = "\"5607-51a3b34654d00\"";
    "last-modified" = "Mon, 06 Jul 2015 21:01:08 GMT";
}, 'url': u'https://munki.server.com/catalogs/testing', 'follow_redirects': False, 'download_only_if_changed': True, 'can_resume': False}
    Status: 304
    Headers: {u'Date': u'Tue, 07 Jul 2015 03:36:33 GMT', u'Connection': u'Keep-Alive', u'Etag': u'"5607-51a3b34654d00"', u'Keep-Alive': u'timeout=15, max=99', u'Server': u'Apache'}
    Item is unchanged on the server.
    /Library/Managed Installs/catalogs/testing already exists and is up-to-date.
    Manifest base URL is: https://munki.server.com/manifests/
    Getting manifest universal...
    Options: {'logging_function': <function display_debug2 at 0x111a80c80>, 'additional_headers': None, 'file': u'/Library/Managed Installs/manifests/universal.download', 'cache_data': {
    etag = "\"b5-51a3af0448140\"";
    "last-modified" = "Mon, 06 Jul 2015 20:42:05 GMT";
}, 'url': u'https://munki.server.com/manifests/universal', 'follow_redirects': False, 'download_only_if_changed': True, 'can_resume': False}
    Status: 304
    Headers: {u'Date': u'Tue, 07 Jul 2015 03:36:34 GMT', u'Connection': u'Keep-Alive', u'Etag': u'"b5-51a3af0448140"', u'Keep-Alive': u'timeout=15, max=98', u'Server': u'Apache'}
    Item is unchanged on the server.
    /Library/Managed Installs/manifests/universal already exists and is up-to-date.
    ** Processing manifest universal for managed_installs
    * Processing manifest item munkienroll for install
    Looking for detail for: munkienroll, version latest...
    Considering 1 items with name munkienroll from catalog testing
    Considering item munkienroll, version 20150705.1 with minimum os version required 10.4.0
    Our OS version is 10.10.4
    Found munkienroll, version 20150705.1 in catalog testing
    Looking for package com.server.munkienroll.pkg, version 20150705.1
    munkienroll version 20150705.1 (or newer) is already installed.
    Looking for updates for: munkienroll
    Looking for updates for: munkienroll-20150705.1
    Looking for updates for: munkienroll--20150705.1
    **Checking for removals**
    ** Processing manifest client_manifest.plist for managed_uninstalls
    Catalog base URL is: https://munki.server.com/catalogs/
    ** Processing manifest universal for managed_uninstalls
    **Checking for managed updates**
    ** Processing manifest client_manifest.plist for managed_updates
    Catalog base URL is: https://munki.server.com/catalogs/
    ** Processing manifest universal for managed_updates
    ** Processing manifest client_manifest.plist for optional_installs
    Catalog base URL is: https://munki.server.com/catalogs/
    ** Processing manifest universal for optional_installs
    Icon base URL is: https://munki.server.com/icons/
    Client resources base URL is: https://munki.server.com/client_resources/
    Options: {'logging_function': <function display_debug2 at 0x111a80c80>, 'additional_headers': None, 'file': u'/Library/Managed Installs/client_resources/custom.zip.download', 'cache_data': None, 'url': u'https://munki.server.com/client_resources/bootstrap.zip', 'follow_redirects': False, 'download_only_if_changed': False, 'can_resume': False}
    <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /client_resources/bootstrap.zip was not found on this server.</p>
<hr>
<address>Apache Server at munki.server.com Port 443</address>
</body></html>
    Getting client resources...
    Bytes received: 295
    Status: 404
    Headers: {u'Content-Length': u'240', u'Content-Encoding': u'gzip', u'Keep-Alive': u'timeout=15, max=97', u'Cteonnt-Length': u'295', u'Server': u'Apache', u'Connection': u'Keep-Alive', u'Cache-Control': u'private', u'Date': u'Tue, 07 Jul 2015 03:36:34 GMT', u'Content-Type': u'text/html; charset=iso-8859-1'}
    Could not retrieve client resources with name bootstrap.zip: HTTP result 404: not found
    Options: {'logging_function': <function display_debug2 at 0x111a80c80>, 'additional_headers': None, 'file': u'/Library/Managed Installs/client_resources/custom.zip.download', 'cache_data': None, 'url': u'https://munki.server.com/client_resources/site_default.zip', 'follow_redirects': False, 'download_only_if_changed': False, 'can_resume': False}
    <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /client_resources/site_default.zip was not found on this server.</p>
<hr>
<address>Apache Server at munki.server.com Port 443</address>
</body></html>
    Getting client resources...
    Bytes received: 298
    Status: 404
    Headers: {u'Content-Length': u'242', u'Content-Encoding': u'gzip', u'Keep-Alive': u'timeout=15, max=96', u'Cteonnt-Length': u'298', u'Server': u'Apache', u'Connection': u'Keep-Alive', u'Cache-Control': u'private', u'Date': u'Tue, 07 Jul 2015 03:36:34 GMT', u'Content-Type': u'text/html; charset=iso-8859-1'}
    Could not retrieve client resources with name site_default.zip: HTTP result 404: not found
    No change in InstallInfo.

Checking Apple Software Update catalog...
    Caching CatalogURL https://swscan.apple.com/content/catalogs/others/index-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog
    Options: {'logging_function': <function display_debug2 at 0x111a80c80>, 'additional_headers': {u'User-Agent': u'managedsoftwareupdate/2.2.3.2418 Darwin/14.4.0 (x86_64) (MacBookAir6,2)'}, 'file': '/tmp/munki_swupd_cache/mirror/apple.sucatalog.download', 'cache_data': {
    etag = "\"439054-51a3ecd1bd0c0\"";
    "last-modified" = "Tue, 07 Jul 2015 01:18:35 GMT";
}, 'url': 'https://swscan.apple.com/content/catalogs/others/index-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog', 'follow_redirects': True, 'download_only_if_changed': True, 'can_resume': True}
    connection_willSendRequestForAuthenticationChallenge_
    Authentication challenge for Host: swscan.apple.com Realm: None AuthMethod: NSURLAuthenticationMethodServerTrust
    Allowing OS to handle authentication request
    Status: 304
    Headers: {u'Expires': u'Tue, 07 Jul 2015 07:36:34 GMT', u'Keep-Alive': u'timeout=15, max=451', u'Server': u'Apache', u'Connection': u'Keep-Alive', u'Etag': u'"439054-51a3ecd1bd0c0"', u'Cache-Control': u'max-age=14400', u'Date': u'Tue, 07 Jul 2015 03:36:34 GMT'}
    Item is unchanged on the server.
    /tmp/munki_swupd_cache/mirror/apple.sucatalog already exists and is up-to-date.

Checking for available Apple Software Updates...
    softwareupdate cmd: ['/usr/local/munki/ptyexec', '/usr/sbin/softwareupdate', '-v', '-l', '-f', '/tmp/munki_swupd_cache/ApplicableUpdates.plist']
Finishing...
    Getting info on currently installed applications...
Done.

Thanks for the responses guy.   I'm going back over the wiki. 

Erik

unread,
Jul 7, 2015, 7:38:55 AM7/7/15
to munk...@googlegroups.com
In your very first post, you mention that that bootstrap and universal files are in your Catalogs folder. These are manifests and should be located in your manifests folder.

Catalogs are automatically generate by munkiimport/makecatalogs/etc.

Jaime Sutherland

unread,
Jul 7, 2015, 1:35:11 PM7/7/15
to munk...@googlegroups.com
Those were actually manifests.   After re-reading the wiki I understand the relationship between manifests/catalogs a little better now.   Here's what my bootstrap manifest looks like and upon imaging in DS, it appears they've all installed successfully:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>catalogs</key>
<array>
<string>testing</string>
</array>
<key>included_manifests</key>
<array>
<string>universal</string>
</array>
<key>managed_installs</key>
<array>
<string>AdobeFlashPlayer</string>
<string>AdobeReader</string>
<string>FileZilla</string>
<string>Firefox</string>
<string>Git</string>
<string>GoogleChrome</string>
<string>GoogleDrive</string>
<string>HipChat</string>
<string>munkienroll</string>
<string>OracleJava8</string>
<string>TextWrangler</string>
<string>VLC</string>
</array>
</dict>
</plist>

I do have a couple questions now that that's working.

First of all, on the client with the above bootstrap, Managed Software Center is empty.   I thought maybe including them in the manifest (they're located in the "testing" catalog) would populate them there, but maybe since they're already installed upon first boot that's the expected behavior.  If someone could clear up my confusion on how that's populated I'd be grateful.

The second thing is DS-related.  When I deploy MunkiTools as part of the workflow (set as a postponed installation) it requires a reboot and does what's seems like is in the middle of the DS runtime wrapping up the AD bind.  Or at least that's how it appears verbosely.  Before I included the munki tools it would bind AD and list the settings it's saved successfully.  Is there a better way to deploy the tools that won't interfere with other tasks?   The test machine appears to be bound but behaves in a way not consistent with previous images I've made.   For example, the admin account is the only available login option after the workflow is complete, whereas my previous images using a similar workflow sans the munkitools allows for network accounts to login immediately.

Thanks for your time!

A.E. van Bochoven

unread,
Jul 7, 2015, 1:39:04 PM7/7/15
to munk...@googlegroups.com
Unless you add packages to optional_installs, MSC will be empty

Sent from my iPhone
--

Jaime Sutherland

unread,
Jul 7, 2015, 10:31:19 PM7/7/15
to munk...@googlegroups.com
Thanks for clarifying that for me Arjen

Sutherland, Jaime

unread,
Jul 9, 2015, 1:08:36 PM7/9/15
to munk...@googlegroups.com

Awesome, thanks for the clarification AE


  ­­  
Reply all
Reply to author
Forward
0 new messages