Munki + DeployStudio Workflow for Dummies

[Ryan Hayes]

I am a high school digital media teacher who has had to learn how to be his own Net Tech by trial and error of the years. I know enough to follow instructions and kind of figure things out. I have had NetBoot and DeployStudio up and running for several years now doing monolithic imaging. After talking with an Apple engineer and researching on-line I learned about Munki and some other things. I am not doing a 100% pure thin image, I installed Adobe CC, Maya, Cinema 4D, and App Store apps (iWork, Garageband, etc) as part of my base image. I have a munki repo setup on my Xserve with autopkg and all is running smooth (I think). Here is where I am stuck and I am sure it is super easy, but I know just enough to get myself in trouble.

How do I get munki to run and install the apps in the repo after first boot? So, I NetBoot all of the machines in the lab, it pushes the image, runs the local user account pkgs I created, binds to OD, names the computers, etc. That has been my workflow. Now I just don't know how to get munki too install all of the pkgs without me having to touch each machine. 

TL;DR

This is what I want to do:

• Hold down N on each computer
  
• Have DeployStudio:
  
• Image each computer in the lab
• Create local users
• Rename each machine
• Set network settings
• Bind to OD
• Load Profile Manager (still trying to figure this out after moving from WGM)
• **I am good up to this step (I think)
• Run everything in my Munki Repo
• Boot to the login window good to go without me touching each machine
  

[Samuel Keeley]

https://wiki.afp548.com/index.php/Thin_Imaging_with_DeployStudio,_MCX_and_Munki

This page could use a bit of updating, but the key is:

touch /Users/Shared/.com.googlecode.munki.checkandinstallatstartup
 

--
Find related discussion groups here:
https://github.com/munki/munki/wiki/Discussion-Group
---
You received this message because you are subscribed to the Google Groups "munki-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to munki-dev+...@googlegroups.com.
To post to this group, send email to munk...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
Samuel Keeley

[Ryan Hayes]

I saw that, but not sure how to do it. Do I just copy the code in the grey box into a text editor and save as a .sh file? Then add it to the end of the workflow? Do I install munkitools as a pkg in a workflow step before that? Or do I install munkitools on the main machine and setup it pointing to the repo before I make the image? 

To unsubscribe from this group and stop receiving emails from it, send an email to munki-dev+unsubscribe@googlegroups.com.

To post to this group, send email to munk...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
Samuel Keeley

[Samuel Keeley]

You should have DeployStudio install the munkitools as part of the workflow, and then have that command in a postponed script.

touch /Users/Shared/.com.googlecode.munki.checkandinstallatstartup
 

To unsubscribe from this group and stop receiving emails from it, send an email to munki-dev+...@googlegroups.com.

To post to this group, send email to munk...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
Samuel Keeley

--

Find related discussion groups here:
https://github.com/munki/munki/wiki/Discussion-Group
---
You received this message because you are subscribed to the Google Groups "munki-dev" group.

To unsubscribe from this group and stop receiving emails from it, send an email to munki-dev+...@googlegroups.com.

[Joaquín]

I recommend the talk "Going MAD (Munki Autopkg DeployStudio)" by Steve Yuroff at PSU Mac Admins conference 2014.

Here the YouTube link: http://m.youtube.com/watch?v=UG84nedo4ag

[Kostas Backas-Gmail]

This talk is excellent btw.

I have the exact same setup as yours in a clients site.

I am installing the munkitools (package install) as part of my DS workflow and before that I use a script with just this code to touch the trigger file. You can use a payload free package as well for this.

In my case, I needed to break the workflows in 2 phases, since, for some reason, some times, the machine did not bind to OD or get the PM certificates (nothing in the logs that indicating what's failing).

Best regards

Kostas

Στις Κυριακή, 16 Αυγούστου 2015, ο χρήστης Joaquín <lct...@gmail.com> έγραψε:

I recommend the talk "Going MAD (Munki Autopkg DeployStudio)" by Steve Yuroff at PSU Mac Admins conference 2014.

Here the YouTube link: Going MAD - Munki, AutoPkg and DeployStudio

[Gregory Neagle]

On Aug 15, 2015, at 9:32 PM, 'Samuel Keeley' via munki-dev <munk...@googlegroups.com> wrote:

You should have DeployStudio install the munkitools as part of the workflow, and then have that command in a postponed script.

Or install a package that installs that file:

https://dl.dropboxusercontent.com/u/8119814/munki_kickstart.pkg.zip

or use munkipkg and build the included munki-kickstart example package:

https://github.com/munki/munki-pkg

https://github.com/munki/munki-pkg/tree/master/munki_kickstart

-Greg

[Gregory Neagle]

On Aug 16, 2015, at 4:54 AM, Kostas Backas-Gmail <cost...@gmail.com> wrote:

This talk is excellent btw.

I have the exact same setup as yours in a clients site.

I am installing the munkitools (package install) as part of my DS workflow and before that I use a script with just this code to touch the trigger file. You can use a payload free package as well for this.

Since you are installing a file, a package with a payload is more appropriate and less likely to have errors. (A payload-free package requires an error-free script that’s properly written to work with the Installer)

Here’s a pre-built package:

https://dl.dropboxusercontent.com/u/8119814/munki_kickstart.pkg.zip

Or you can use munkipkg and build the included munki-kickstart example package:

https://github.com/munki/munki-pkg

https://github.com/munki/munki-pkg/tree/master/munki_kickstart

Generally speaking, don’t use a package script to install files. Use the payload of a package to install files.

-Greg

[Ryan Hayes]

Very informative YouTube link. Thanks.

Like I said, I am not a Mac Admin Guru. I have figured stuff out a long the way from Blogs and YouTube, but primarily I teach students how to make films and computer graphics. I get lost when it comes to the more technical side of admin like scripts. I learn more each time I do it, but I definitely need to follow step-by-step guides/videos the first time. 

Greg do I need to modify that package in anyway? I am trying to figure out how I get the client to know where to look for my munki_repo. I have to give it a place to look, correct? I am not sure when in the process or how I do that.

Thanks again.

[Ryan Hayes]

One more question. One of the YouTube videos that I watched mentioned having Munki run AppleSoftwareUpdates. That would be awesome to setup. One less thing for me to worry about throughout the year.

Also, I have always wondered this . . . Apple is going to release a new version of the OS probably a month after school starts. Then the first update a couple of weeks later. If I wanted to update the OS on all of the machines remotely, but not lose all any student work (home folders). Is that possible?

On Saturday, August 15, 2015 at 7:51:28 PM UTC-7, Ryan Hayes wrote:

[Gregory Neagle]

On Aug 16, 2015, at 9:32 AM, Ryan Hayes <rha...@hbuhsd.edu> wrote:

One more question. One of the YouTube videos that I watched mentioned having Munki run AppleSoftwareUpdates. That would be awesome to setup. One less thing for me to worry about throughout the year.

https://github.com/munki/munki/wiki/Apple-Software-Updates-With-Munki

Also, I have always wondered this . . . Apple is going to release a new version of the OS probably a month after school starts. Then the first update a couple of weeks later. If I wanted to update the OS on all of the machines remotely, but not lose all any student work (home folders). Is that possible?

https://github.com/munki/munki/wiki/Installing%20OS%20X

https://github.com/munki/createOSXinstallPkg

On Saturday, August 15, 2015 at 7:51:28 PM UTC-7, Ryan Hayes wrote:

I am a high school digital media teacher who has had to learn how to be his own Net Tech by trial and error of the years. I know enough to follow instructions and kind of figure things out. I have had NetBoot and DeployStudio up and running for several years now doing monolithic imaging. After talking with an Apple engineer and researching on-line I learned about Munki and some other things. I am not doing a 100% pure thin image, I installed Adobe CC, Maya, Cinema 4D, and App Store apps (iWork, Garageband, etc) as part of my base image. I have a munki repo setup on my Xserve with autopkg and all is running smooth (I think). Here is where I am stuck and I am sure it is super easy, but I know just enough to get myself in trouble.

How do I get munki to run and install the apps in the repo after first boot? So, I NetBoot all of the machines in the lab, it pushes the image, runs the local user account pkgs I created, binds to OD, names the computers, etc. That has been my workflow. Now I just don't know how to get munki too install all of the pkgs without me having to touch each machine. 

TL;DR

This is what I want to do:

• Hold down N on each computer
  
• Have DeployStudio:
  
• Image each computer in the lab
• Create local users
• Rename each machine
• Set network settings
• Bind to OD
• Load Profile Manager (still trying to figure this out after moving from WGM)
• **I am good up to this step (I think)
• Run everything in my Munki Repo
• Boot to the login window good to go without me touching each machine
  

[Ryan Hayes]

Greg do I need to modify the munki kickstart package in anyway? I am trying to figure out how I get the client to know where to look for my munki_repo. I have to give it a place to look, correct? I am not sure when in the process or how I do that.

touch /Users/Shared/.com.googlecode.munki.checkandinstallatstartup  

To unsubscribe from this group and stop receiving emails from it, send an email to munki-dev+unsubscribe@googlegroups.com.

To post to this group, send email to munk...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

-- 
Samuel Keeley

-- 
Find related discussion groups here:
https://github.com/munki/munki/wiki/Discussion-Group
--- 
You received this message because you are subscribed to the Google Groups "munki-dev" group.

To unsubscribe from this group and stop receiving emails from it, send an email to munki-dev+unsubscribe@googlegroups.com.

To post to this group, send email to munk...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

-- 
Find related discussion groups here:
https://github.com/munki/munki/wiki/Discussion-Group
--- 
You received this message because you are subscribed to the Google Groups "munki-dev" group.

To unsubscribe from this group and stop receiving emails from it, send an email to munki-dev+unsubscribe@googlegroups.com.

To post to this group, send email to munk...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

-- 
Find related discussion groups here:
https://github.com/munki/munki/wiki/Discussion-Group
--- 
You received this message because you are subscribed to the Google Groups "munki-dev" group.

To unsubscribe from this group and stop receiving emails from it, send an email to munki-dev+unsubscribe@googlegroups.com.

To post to this group, send email to munk...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Gregory Neagle]

All the munki_kickstart.pkg does is create the bootstrapping file at /Users/Shared/.com.googlecode.munki.checkandinstallatstartup that tells Munki to run in “bootstrapping” mode:

https://github.com/munki/munki/wiki/Bootstrapping-With-Munki

Configuring your Munki clients is separate task. You might need to write a script or build a paylaod-free package that uses `defaults` commands to write your desired preferences to /Library/Preferences/ManagedInstalls, or you might use a configuration profile or even MCX.

https://github.com/munki/munki/wiki/Preferences

https://github.com/munki/munki/wiki/MCX-Support-In-Munki

Unless your Munki repo is available at http://munki you will probably want to perform the configuration task before you put Munki into bootstrapping mode.

So you might have DeployStudio do three things on first boot:

1) Install the current Munki tools pkg

2) Install a configuration pkg (or run a configuration script)

3) Install the munki_kickstart.pkg

On the next reboot (automatic after DeployStudio performs its “Finalizing” tasks), Munki will start the bootstrapping process.

-Greg

[Joaquín]

Take a look at Reposado + Margarita to take control of the apple updates, Bruienne and Tim Sutton pointed me to those services plus Munki.

[Gregory Neagle]

On Aug 16, 2015, at 12:36 PM, Joaquín <lct...@gmail.com> wrote:

Take a look at Reposado + Margarita to take control of the apple updates, Bruienne and Tim Sutton pointed me to those services plus Munki.

While those are lovely refinements that allow more control over bandwidth usage and controlling the availability of specific updates, they are certainly not needed in order to get started with using Munki to install Apple Software Updates. Munki will work just fine with the default Apple update servers.

-Greg

[Joaquín]

But he can deploy a point update whenever he wants with Reposaod and not with ASUS

[Erik Gomez]

He can certainly control update availability with ASUS, he just can't have multiple branches like reposado. 

Sent from my iPad

[Ryan Hayes]

I am so close I can taste it. My test machine is having an issue binding to OD during the first boot process. I keep getting an error "An error occurred while trying to get IP addresses, new attempt in 10 seconds..."

My DNS for the server looks good. I did nslookup and the domain and IP are resolving. I think it might be in the computer configuration setup in DS. I have a computer group created called "maclab". I usually have DS name and configure the network for each computer. Our IP range for the lab is: 10.74.55.10-10.74.55.54. I wasn't quite sure what IP Address Scope is. I put: 10.74.55.0. Anyhow, it just keeps restarting and not binding. Any ideas?

[Erik Gomez]

Sure he can. Set ASUS to manual mode and approve the update when desired.

Sent from my iPad

On Aug 16, 2015, at 2:46 PM, Joaquín <lct...@gmail.com> wrote:

[Ryan Hayes]

I'll worry about Reposado after I can get the initial deployment down. lol 

I created a computer group to assign network settings and name the computers. My test machine NetBoots, I set the hostname, DS restores the image, and all of that works great. On first reboot it has trouble binding to the OD. I keep getting an error "An error occurred while trying to get IP addresses, new attempt in 10 seconds..." After a few reboots as it keeps trying to get an IP address it eventually goes to the login window. I can login, the computer is imaged, the computer is named, but the IP Address isn't set. It is 10.74.55.

I am not quite sure what IP Address Scope is. So, I put: 10.74.55.0 like the example that is in the IP Address Scope field. Not only does it not bind because it sets the IP to 10.74.55.0, none of the workflow steps like install munkitools happens.

[Mike Solin]

Hey Ryan -

You might have better luck with the non-Munki questions on the MacEnterprise mailing list:

http://lists.psu.edu/archives/macenterprise.html

Mike

-- 

mi...@mikesolin.com / @flammable
http://mikesolin.com

[Ryan Hayes]

Everybody thanks for all of the help. Even the tangents away from Munki. I am 99% there. After 6 hours of trial and error and a tip from Mike I bypassed the network config settings in DS and instead setup DHCP on my server. I can get DS to rename the computer, restore the image, bind to OD, create new users, install munki and then . . . I have hit the final wall. On the second boot munki flashes and then nothing. So, the touch script must be working. I just must have screwed up the script/pkg I tried to make that told the client where the muni_repo is. After 10 hours trying to get this to work today I had to take a break. Hopefully I can figure it out early tomorrow.

On Saturday, August 15, 2015 at 7:51:28 PM UTC-7, Ryan Hayes wrote:

[Mike Solin]

Awesome!  It sounds like you’re almost there!

I’d start with checking this log on the client to see what’s happening:

/Library/Managed Installs/Logs/ManagedSoftwareUpdate.log

You can also login with an admin account, and run Munki from the Terminal in verbose mode:

sudo /usr/local/munki/managedsoftwareupdate -v

If that doesn’t help, you can add more ‘v’s to the end to get more detail (example: sudo /usr/local/munki/managedsoftwareupdate -vvvv).

Mike

-- 

mi...@mikesolin.com / @flammable
http://mikesolin.com

[Dan Ceccato]

Ryan,

When Munki runs at the login window and closes almost immediately, it sounds like the manifest/client identifier is empty, or missing catalogs. If you log in and check MSC are all your assigned/optional apps there?