Need assistance with new install of Munki - specifically ClientIdentifier use

1,949 views
Skip to first unread message

Victor Moroz

unread,
Dec 10, 2013, 12:57:39 PM12/10/13
to munk...@googlegroups.com
Hello all,

I need some help understanding what I am not doing correctly. Let me layout what I want, what I have done, and what I am seeing. Hopefully you fine folks can set me straight.

Setup--
Server: built-in web server on a virtualized OSX 10.7.5
           http://<web_address_of_server/MunkiRepo/
Catalogs: Stable, Testing
Manifests: Stable, ClientA
Tool: MunkiAdmin (for making the catalogs/manifests/importing .dmgs)

Expectation: 
   Setting the ClientIdentifier field in the ManagedInstalls.plist of a client machine to "ClientA" will result in the manifest  ClientA being used as the basis of software installs.

Reality:
   -No matter what I set in the ClientIdentifier field, I cannot get that manifest to be used/pulled from the server
   -I can get the default "Stable" manifest to be used (if it exists)
   

What I have done:

-setup the Munki server on the VM 10.7.5, it responds on the network, I can browse the Repo using Safari/Chrome/etc and see all the catalogs and manifests as I make them

-I install the latest version of MunkiTools from the downloads page on a 10.8.5 Mac Mini


Step One: write the repo address into ManagedInstalls.plist
---log---

$ sudo defaults write /Library/Preferences/ManagedInstalls.plist SoftwareRepoURL "http://<web_address_of_server>/MunkiRepo"

Password:

$ sudo defaults read /Library/Preferences/ManagedInstalls.plist 

{

    SoftwareRepoURL = "http://<web_address_of_server>/MunkiRepo";

}


Step Two: test the connection and see if the server is found (at this point there is no "stable" manifest made, intentional as a troubleshooting step)

--log--

$ sudo managedsoftwareupdate -vvv

Managed Software Update Tool

Copyright 2010-2013 The Munki Project

http://code.google.com/p/munki


Starting...

Checking for available updates...

    Manifest base URL is: http://<web_address_of_server>/MunkiRepo/manifests/

    Manifest base URL is: http://<web_address_of_server>/MunkiRepo/manifests/

    Getting manifest client_manifest...

    follow_redirects is False

WARNING: Skipping invalid HTTP header: Cookie:

    Retrieving list of software for this machine...

    Download error: http://<web_address_of_server>/MunkiRepo/manifests/stable. Failed (22) with: The requested URL returned error: 404

ERROR: Could not retrieve manifest client_manifest from the server.

ERROR: Error 22: The requested URL returned error: 404

ERROR: Could not retrieve managed install primary manifest.

Finishing...

    Getting info on currently installed applications...

Done.

$


Step Three: create "Stable" manifest on server to make sure that works, and gets pulled properly (I just have one app enabled in the manifest for clarity)

--log--

$ sudo managedsoftwareupdate -vvv

Password:

Managed Software Update Tool

Copyright 2010-2013 The Munki Project

http://code.google.com/p/munki


Starting...

Checking for available updates...

    Manifest base URL is: http://<web_address_of_server>/MunkiRepo/manifests/

    Manifest base URL is: http://<web_address_of_server>/MunkiRepo/manifests/

    Getting manifest client_manifest...

    follow_redirects is False

WARNING: Skipping invalid HTTP header: Cookie:

    HTTP/1.1 200 OK

    Date: Tue, 10 Dec 2013 16:48:17 GMT

    Server: Apache/2.2.22 (Unix) DAV/2

    Last-Modified: Tue, 10 Dec 2013 16:45:00 GMT

    ETag: "b77db-149-4ed30d5525b00"

    Accept-Ranges: bytes

    Content-Length: 329

    Content-Type: text/plain

    Retrieving list of software for this machine...

0..20..40..60..80..100

    Using manifest: stable

    **Checking for installs**

    ** Processing manifest client_manifest.plist for managed_installs

    Catalog base URL is: http://<web_address_of_server>/MunkiRepo/catalogs/

    Getting catalog Stable...

    follow_redirects is False

WARNING: Skipping invalid HTTP header: Cookie:

    HTTP/1.1 200 OK

    Date: Tue, 10 Dec 2013 16:48:17 GMT

    Server: Apache/2.2.22 (Unix) DAV/2

    Last-Modified: Tue, 10 Dec 2013 16:45:01 GMT

    ETag: "b77e0-249e-4ed30d5619d40"

    Accept-Ranges: bytes

    Content-Length: 9374

    Content-Type: text/plain

    Retrieving catalog "Stable"...

0..20..40..60..80..100

    * Processing manifest item Firefox for install

    Looking for detail for: Firefox, version latest...

    Considering 1 items with name Firefox from catalog Stable

    Considering item Firefox, version 25.0 with minimum os version required 10.6

    Our OS version is 10.8.5

    Found Firefox, version 25.0 in catalog Stable

    Looking for application Firefox with bundleid: org.mozilla.firefox, version 25.0...

    Getting info on currently installed applications...

    Skipped app Angry IP Scanner with path /Users/helpdesk/Downloads/Angry IP Scanner.app

    Skipped app plugin-container with path /Users/helpdesk/.Trash/Firefox.app/Contents/MacOS/plugin-container.app

    Skipped app SMART Utility with path /Users/helpdesk/Downloads/SMART Utility/SMART Utility.app

    Skipped app crashreporter with path /Users/helpdesk/.Trash/Firefox.app/Contents/MacOS/crashreporter.app

    Skipped app GoogleSoftwareUpdateAgent with path /Users/helpdesk/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app

    Skipped app updater with path /Users/helpdesk/.Trash/Firefox.app/Contents/MacOS/updater.app

    Did not find this application on the startup disk.

    Need to install Firefox

    Download base URL is: http://<web_address_of_server>/MunkiRepo/pkgs/

    Package name is: Firefox 25.0.dmg

    Download URL is: http://<web_address_of_server>/MunkiRepo/pkgs/Firefox%2025.0.dmg

    Downloading to: /Library/Managed Installs/Cache/Firefox 25.0.dmg

    Downloading Firefox 25.0.dmg from Firefox 25.0.dmg

    Downloading Firefox 25.0.dmg from Firefox 25.0.dmg

    follow_redirects is False

WARNING: Skipping invalid HTTP header: Cookie:

    HTTP/1.1 200 OK

    Date: Tue, 10 Dec 2013 16:48:20 GMT

    Server: Apache/2.2.22 (Unix) DAV/2

    Last-Modified: Sat, 26 Oct 2013 00:24:49 GMT

    ETag: "78ec9-2cf4aab-4e999e50dd640"

    Accept-Ranges: bytes

    Content-Length: 47139499

    Content-Type: application/octet-stream

    Downloading Firefox 25.0.dmg...

0..20..40..60..80..100

    Verifying package integrity...

    Looking for updates for: Firefox

    Looking for updates for: Firefox-25.0

    Looking for updates for: Firefox--25.0

    **Checking for removals**

    ** Processing manifest client_manifest.plist for managed_uninstalls

    Catalog base URL is: http://<web_address_of_server>/MunkiRepo/catalogs/

    **Checking for managed updates**

    ** Processing manifest client_manifest.plist for managed_updates

    Catalog base URL is: http://<web_address_of_server>/MunkiRepo/catalogs/

    ** Processing manifest client_manifest.plist for optional_installs

    Catalog base URL is: http://<web_address_of_server>/MunkiRepo/catalogs/

    

    The following items will be installed or upgraded:

        + Firefox-25.0


Run managedsoftwareupdate --installonly to install the downloaded updates.

Finishing...

Done.

$



Step Four: set "ClientA" in the ClientIdentifier field (ClientA manifest exists already on the server, also I disable the "Stable" manifest at this time, so "ClientA" is the only manifest that exists)
--log--
(read first to see what is there)

$ defaults read /Library/Preferences/ManagedInstalls.plist 

{

    AppleSoftwareUpdatesOnly = 0;

    InstallAppleSoftwareUpdates = 0;

    LastCheckDate = "2013-12-10 16:48:22 +0000";

    LastCheckResult = 1;

    LogFile = "/Library/Managed Installs/Logs/ManagedSoftwareUpdate.log";

    LoggingLevel = 1;

    ManagedInstallDir = "/Library/Managed Installs";

    PackageVerificationMode = hash;

    SoftwareRepoURL = "http://<web_address_of_server>/MunkiRepo";

    UseClientCertificate = 0;

}

$  


(write the CLientIdentifier)

$ sudo defaults write /Library/Preferences/ManagedInstalls.plist ClientIdentifier "ClientA"

Password:

$ defaults read /Library/Preferences/ManagedInstalls.plist 

{

    AppleSoftwareUpdatesOnly = 0;

    ClientIdentifier = ClientA;

    InstallAppleSoftwareUpdates = 0;

    LastCheckDate = "2013-12-10 16:48:22 +0000";

    LastCheckResult = 1;

    LogFile = "/Library/Managed Installs/Logs/ManagedSoftwareUpdate.log";

    LoggingLevel = 1;

    ManagedInstallDir = "/Library/Managed Installs";

    PackageVerificationMode = hash;

    SoftwareRepoURL = "http://<web_address_of_server>/MunkiRepo";

    UseClientCertificate = 0;

}


Step Five: test again

--log--

$ sudo managedsoftwareupdate -vvv

Password:

Managed Software Update Tool

Copyright 2010-2013 The Munki Project

http://code.google.com/p/munki


Starting...

Checking for available updates...

    Manifest base URL is: http://<web_address_of_server>/MunkiRepo/manifests/

    Manifest base URL is: http://<web_address_of_server>MunkiRepo/manifests/

    Getting manifest client_manifest...

    follow_redirects is False

WARNING: Skipping invalid HTTP header: Cookie:

    Retrieving list of software for this machine...

    Download error: http://<web_address_of_server>/MunkiRepo/manifests/stable. Failed (22) with: The requested URL returned error: 404

ERROR: Could not retrieve manifest client_manifest from the server.

ERROR: Error 22: The requested URL returned error: 404

ERROR: Could not retrieve managed install primary manifest.

    

    The following items will be installed or upgraded:

        + Firefox-25.0


Run managedsoftwareupdate --installonly to install the downloaded updates.

Finishing...

    Getting info on currently installed applications...

Done.



Step Six: check if the ClientA manifest is available on the server

--log--

$ curl http://<web_address_of_server>/MunkiRepo/manifests/ClientA

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>managed_installs</key>

<array>

<string>LibreOffice</string>

</array>

</dict>

</plist>



-------------


So what am I doing wrong? 


From what I read I thought that Munki tries a series of checks for which manifest to use if the ClientIdentifier is set. The ClientIdentifer, then the $HOSTNAME, then a truncated version of the hostname, then (something I can't remember), then the site_default. I think "Stable" manifest == site_default, but correct me if I am wrong.


Thanks on advance for any assistance.

Gregory Neagle

unread,
Dec 10, 2013, 1:02:47 PM12/10/13
to munk...@googlegroups.com
It all boils down to this:

    Download error: http://<web_address_of_server>/MunkiRepo/manifests/stable. Failed (22) with: The requested URL returned error: 404

-Greg

--
You received this message because you are subscribed to the Google Groups "munki-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to munki-dev+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Victor Moroz

unread,
Dec 10, 2013, 3:55:27 PM12/10/13
to munk...@googlegroups.com
Greg,

That...doesn't actually help at all, nor does it answer my question.

I know I can get the server to serve up the "stable" manifest if it is there. I deliberately took it out from the test you quoted, because I want to have a different manifest used. Specifically the one that matches the string in the ClientIdentifier field that I set in the ManagedInstalls.plist.

Do you know how to get the server/client to use a manifest other than "stable"? If so, please let me know.

Thanks.

Bernstein, Gary

unread,
Dec 10, 2013, 4:11:22 PM12/10/13
to munk...@googlegroups.com
So if the ClientIdentifier is set, it uses the ClientIdentifier. If not, then it goes through a series of checks.

Based on your defaults read command of the ManagedInstalls.plist, I am noticing that my ManagedInstalls.plist has the clientIdentifier in quotes:
ClientIdentifier = "Mine";
Which makes me wonder if the ClientIdentifier key is the wrong type. According to https://code.google.com/p/munki/wiki/configuration it should be of type string.

Can you double check that?
Also make sure you have no typos in the setting of the ClientIdentifier.

Related to Greg's reply, have you gone to a web interface and tried to down your manifest:
http://<web_address_of_server>/MunkiRepo/manifests/stable


-Gary

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
 -- "The reward for work well done is the opportunity to do more."

 -- "I tried, but it didn't work" is a lot better than "I wish I'd tried."

        Gary R. Bernstein
Assistant Director for Strategic Technology Planning
College of Fine and Applied Arts - IT Services
University of Illinois - Urbana-Champaign
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Gregory Neagle

unread,
Dec 10, 2013, 4:25:38 PM12/10/13
to munk...@googlegroups.com
Are you now or have you ever used Simian on this machine? If so, that changes lots of things.

Take a look at /var/root/Library/Preferences/ManagedInstalls.plist

Anything there will override what's in /Library/Preferences/ManagedInstalls.plist

Munki does _not_ look for a manifest named "stable" or "Stable" by default -- but I think the Simian install may set something like that.

-Greg

On Dec 10, 2013, at 9:57 AM, Victor Moroz <xper...@gmail.com> wrote:

Victor Moroz

unread,
Dec 10, 2013, 5:04:55 PM12/10/13
to munk...@googlegroups.com
Gary,

Thanks for taking the time.

For the CI. When I defaults read it it does not show in quotes. As far as I am aware the default primitive for defaults is string, and I am not setting it as anything else when I set the CI.

To check I tried the following (abbreviated):
   -defaults write …ManagedInstalls.plist CI \"ClientA\"
   -defaults write …ManagedInstalls.plist CI -string "\ClientA\"
   -defaults write …ManagedInstalls.plist CI -string ClientA
   -defaults write …ManagedInstalls.plist CI -String ClientA

All result in the same, no quotes when read back out. Except the last, it errors cause defaults does not like the capital S

I also opened the .plist in Xcode, and the ClientIdentifier is listed as a String.

-----------------

For the reachability of stable. When I have it in the repo it is reachable, I can curl it on the command line, see it in the browser and Munki will pick it up. That part works just fine. Its not the problem I am trying to solve though.

I can also reach the ClientA manifest via curl, and browser, but Munki is not using it when I want it to.

Victor Moroz

unread,
Dec 10, 2013, 5:11:06 PM12/10/13
to munk...@googlegroups.com
Greg,

Thank you for your time as well.

Now that you mention it, this machine has had Simian on it before. I am setting up Munki to see which of the two implementations my boss will like better.

I checked for the /var/root/Library/Preferences/ManagedInstalls.plist and it does not exist. Is there another location you know of that might be overriding the /Library/Preferences/ManagedInstalls.plist settings?

The below is the removal script I use to wipe Simian off a machine. I pulled it from a Simian wiki page I think.  It seems comprehensive, but I'm relying on others to know where all the files are stored.

-----Scorched Earth Script-----
#Unload the Munki Library
sudo /bin/launchctl unload /Library/LaunchDaemons/com.googlecode.munki.*


#Delete the Managed Software Application
sudo rm -rf "/Applications/Utilities/Managed Software Update.app"


#Remove the .plist files
sudo rm -rf /Library/LaunchAgents/com.googlecode.munki.ManagedSoftwareUpdate.plist
sudo rm -rf /Library/LaunchAgents/com.googlecode.munki.MunkiStatus.plist
sudo rm -rf /Library/LaunchAgents/com.googlecode.munki.MunkiStatusLogout.plist
sudo rm -rf /Library/LaunchAgents/com.googlecode.munki.managedsoftwareupdate-loginwindow.plist
sudo rm -rf /Library/LaunchDaemons/com.googlecode.munki.logouthelper.plist
sudo rm -rf /Library/LaunchDaemons/com.googlecode.munki.managedsoftwareupdate-check.plist
sudo rm -rf /Library/LaunchDaemons/com.googlecode.munki.managedsoftwareupdate-install.plist
sudo rm -rf /Library/LaunchDaemons/com.googlecode.munki.managedsoftwareupdate-manualcheck.plist

#Remove the Managed Installs library
sudo rm -rf "/Library/Managed Installs"

#Delete installed folders/files
sudo rm -rf /etc/simian
sudo rm -rf /private/etc/paths.d/munki
sudo rm -rf /usr/local/bin/simianadmin
sudo rm -rf /usr/local/bin/simianauth
sudo rm -rf /usr/local/bin/simianfacter
sudo rm -rf /usr/local/munki

#Forget the package
sudo /usr/sbin/pkgutil --forget com.google.code.simian.and.munkitools

Gregory Neagle

unread,
Dec 10, 2013, 5:33:33 PM12/10/13
to munk...@googlegroups.com
This question might be better asked on the simian-discuss list.

-Greg

Ken Elliott

unread,
Dec 10, 2013, 5:49:11 PM12/10/13
to munk...@googlegroups.com
Hi Victor,

Reinstalling the client Mac with a fresh OS, would certainly be a good test machine to start with.


…..a combination of these locations with the normal defaults precedence:
  • MCX
  • /private/var/root/Library/Preferences/ManagedInstalls.plist
  • /Library/Preferences/ManagedInstalls.plist
Are you using MCX?


I checked for the /var/root/Library/Preferences/ManagedInstalls.plist and it does not exist.
try setting the ClientIdentifier at the root preference
sudo defaults write /var/root/Library/Preferences/ManagedInstalls.plist ClientIdentifier “ClientA"

Regards ken

Victor Moroz

unread,
Dec 11, 2013, 5:02:24 PM12/11/13
to munk...@googlegroups.com
Ok, I went ahead and made a fresh image and installed from scratch. This time the ClientIdentifier is honored.

So it looks like its the fact that I had Simian on the original client that was preventing Munki from working.

Is this a known issue? If so, does anyone know if its being discussed somewhere?

I'm going to go look/post in the Simian group discussion, but if anyone here has an idea I'm all ears.

Thanks for the advice gents.


Victor Moroz

unread,
Dec 16, 2013, 4:26:33 PM12/16/13
to munk...@googlegroups.com
Found it!

The file:

/private/var/root/Library/Preferences/ByHost/ManagedInstalls.<identifying_number>.plist

had the old Simian data in it, including an entry for "ClientIdentifier = stable"

I added that file to my Simian removal script, then re-installed Munki.

The Munki install now honors the /Library/Preferences/ManagedInstalls.plist ClientIdentifier settings.
Reply all
Reply to author
Forward
0 new messages