ManagedInstalls.plist changes being undone

844 views
Skip to first unread message

Cameron Matteson

unread,
Mar 23, 2018, 12:47:49 PM3/23/18
to munki-discuss
Munki rookie here,

I'm trying to get a basic server and client setup for testing and I'm encountering a problem on the client side with the ManagedInstalls.plist.

Working on a fresh install of High Sierra, I install the client software and configure the ManagedInstalls with a SoftwareRepoURL, ClientIdentifier, and AdditionalHttpHeaders for basic http per the Demonstration Setup. If I run "sudo defaults read /.../ManagedInstalls" I can see my configuration. If I open the plist in XCode I can see my configuration. If I run "sudo managedsoftwareupdates --show-config" it shows the SoftwareRepoURL as the default "u'http://munki/repo'" and the ClientIdentifier, and AdditionalHttpHeaders as empty. If I run "sudo managedsoftwareupdates" it tells me I that the client is configured to use the default repo URL and afterwards if I view ManagedInstalls via "defaults read" or XCode it has been stripped of my changes and reset to its default values.

I've encountered this same issue on both Macs that I've tried, one having just been wiped and reinstalled. I couldn't find any other reference to a similar issue elsewhere so I'm willing to bet that it's just something that I'm doing, however I'm at a loss for what that might be.
Any help would be appreciated.

Thanks!

Cam

Kris Lou

unread,
Mar 23, 2018, 12:55:55 PM3/23/18
to munki-...@googlegroups.com
What's the path to your ManagedInstalls.plist?  It seems that Munki is using the default (installed by client).

The "sudo managedsoftwareupdate --show-config" command shows the location of ManagedInstalls.plist, where it overrides the built-in defaults.  This should be /Library/Preferences/ManagedInstalls.plist


--
You received this message because you are subscribed to the Google Groups "munki-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to munki-discuss+unsubscribe@googlegroups.com.
To post to this group, send email to munki-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/munki-discuss/5e20a05e-09db-4a96-9eed-ea07dacfc571%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Gregory Neagle

unread,
Mar 23, 2018, 12:57:55 PM3/23/18
to munki-...@googlegroups.com
On Mar 23, 2018, at 9:45 AM, Cameron Matteson <matte...@gmail.com> wrote:

Munki rookie here,

I'm trying to get a basic server and client setup for testing and I'm encountering a problem on the client side with the ManagedInstalls.plist.

Working on a fresh install of High Sierra, I install the client software and configure the ManagedInstalls with a SoftwareRepoURL, ClientIdentifier, and AdditionalHttpHeaders for basic http per the Demonstration Setup.

So, per the Demonstration Setup, you are using `defaults write` to add the SoftwareRepoURL, ClientIdentifier, and AdditionalHttpHeaders? IOW:

sudo defaults write /Library/Preferences/ManagedInstalls SoftwareRepoURL https://foo/bar
sudo defaults write /Library/Preferences/ManagedInstalls ClientIdentifier some_identifier
sudo defaults write /Library/Preferences/ManagedInstalls AdditionalHttpHeaders -array "Header1: Value1" "Header2: Value2" "Header3: Value3"

I suspect that you might be using an editor to _edit_ the file at  /Library/Preferences/ManagedInstalls.plist. That's going to lead to lots of unexpected issues, including maybe the ones you are describing.  Preferences plists should _not_ be edited as files. They should also not be "dropped in" or "installed" as files.

If I run "sudo defaults read /.../ManagedInstalls" I can see my configuration. If I open the plist in XCode I can see my configuration. If I run "sudo managedsoftwareupdates --show-config" it shows the SoftwareRepoURL as the default "u'http://munki/repo'" and the ClientIdentifier, and AdditionalHttpHeaders as empty.

There's additional data for each preference that is intended to help you understand where the preferences are coming from. MacOS supports multiple preferences locations that are combined to make the actual effective preferences.

Since you haven't posted any output of anything it's hard to give you specific things to look at.

If I run "sudo managedsoftwareupdates" it tells me I that the client is configured to use the default repo URL and afterwards if I view ManagedInstalls via "defaults read" or XCode it has been stripped of my changes and reset to its default values.

I've encountered this same issue on both Macs that I've tried, one having just been wiped and reinstalled. I couldn't find any other reference to a similar issue elsewhere so I'm willing to bet that it's just something that I'm doing, however I'm at a loss for what that might be.
Any help would be appreciated.

Thanks!

Cam

--
You received this message because you are subscribed to the Google Groups "munki-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to munki-discus...@googlegroups.com.

Cameron Matteson

unread,
Mar 23, 2018, 1:27:34 PM3/23/18
to munki-discuss
Kris,

The path in my defaults write command is /Library/Prefences/ManagedInstalls. If you were asking for something else, let me know and I’ll check it out.

Greg,

Correct, I used “defaults write”.  My commands are:

sudo defaults write /Library/Preferences/Managedinstalls SoftwareRepoURL http://server/munki_repo
sudo defaults write /Library/Preferences/Managedinstalls ClientIdentifier MyMac
sudo defaults write /Library/Preferences/Managedinstalls AdditionalHttpHeaders -array "Authorization: Basic *************************"

Sorry for not posting a little more info before. After using the above commands, running defaults read /Library/Preferences/Managedinstalls gives me this:

{
    AdditionalHttpHeaders =     (
        "Authorization: Basic ************************"
    );
    AppleSoftwareUpdatesOnly = 0;
    ClientIdentifier = MyMac;
    DaysBetweenNotifications = 1;
    FollowHTTPRedirects = none;
    IgnoreSystemProxies = 0;
    InstallAppleSoftwareUpdates = 0;
    InstallRequiresLogout = 0;
    LastCheckDate = "2018-03-23 17:09:25 +0000";
    LastCheckResult = 0;
    LogFile = "/Library/Managed Installs/Logs/ManagedSoftwareUpdate.log";
    LogToSyslog = 0;
    LoggingLevel = 1;
    ManagedInstallDir = "/Library/Managed Installs";
    OldestUpdateDays = 0;
    PackageVerificationMode = hash;
    PendingUpdateCount = 0;
    PerformAuthRestarts = 0;
    ShowOptionalInstallsForHigherOSVersions = 0;
    SoftwareRepoURL = "http://server/munki_repo";
    SuppressAutoInstall = 0;
    SuppressLoginwindowInstall = 0;
    SuppressStopButtonOnInstall = 0;
    SuppressUserNotification = 0;
    UnattendedAppleUpdates = 0;
    UseClientCertificate = 0;
    UseClientCertificateCNAsClientIdentifier = 0;
    UseNotificationCenterDays = 3;
}

While sudo managedsoftwareupdates —show-config shows me:

Current configuration:
                   AdditionalHttpHeaders:  None [not set] 
                AppleSoftwareUpdatesOnly: False [/Library/Preferences/ManagedInstalls.plist] 
                              CatalogURL:  None [not set] 
                   ClientCertificatePath:  None [not set] 
                        ClientIdentifier:   u'' [/Library/Preferences/ManagedInstalls.plist] 
                           ClientKeyPath:  None [not set] 
                       ClientResourceURL:  None [not set] 
                 ClientResourcesFilename:  None [not set] 
                DaysBetweenNotifications:     1 [/Library/Preferences/ManagedInstalls.plist] 
                     FollowHTTPRedirects: u'none' [/Library/Preferences/ManagedInstalls.plist] 
                                 HelpURL:  None [not set] 
                                 IconURL:  None [not set] 
                     IgnoreSystemProxies: False [/Library/Preferences/ManagedInstalls.plist] 
             InstallAppleSoftwareUpdates: False [/Library/Preferences/ManagedInstalls.plist] 
                   InstallRequiresLogout: False [/Library/Preferences/ManagedInstalls.plist] 
                       LocalOnlyManifest:  None [not set] 
                                 LogFile: u'/Library/Managed Installs/Logs/ManagedSoftwareUpdate.log' [/Library/Preferences/ManagedInstalls.plist] 
                             LogToSyslog: False [/Library/Preferences/ManagedInstalls.plist] 
                            LoggingLevel:     1 [/Library/Preferences/ManagedInstalls.plist] 
                       ManagedInstallDir: u'/Library/Managed Installs' [/Library/Preferences/ManagedInstalls.plist] 
                             ManifestURL:  None [not set] 
                              PackageURL:  None [not set] 
                 PackageVerificationMode: u'hash' [/Library/Preferences/ManagedInstalls.plist] 
                     PerformAuthRestarts: False [/Library/Preferences/ManagedInstalls.plist] 
                         RecoveryKeyFile:  None [not set] 
 ShowOptionalInstallsForHigherOSVersions: False [/Library/Preferences/ManagedInstalls.plist] 
               SoftwareRepoCACertificate:  None [not set] 
                      SoftwareRepoCAPath:  None [not set] 
                         SoftwareRepoURL: u'http://munki/repo' [/Library/Preferences/ManagedInstalls.plist] 
                 SoftwareUpdateServerURL:  None [not set] 
                     SuppressAutoInstall: False [/Library/Preferences/ManagedInstalls.plist] 
              SuppressLoginwindowInstall: False [/Library/Preferences/ManagedInstalls.plist] 
             SuppressStopButtonOnInstall: False [/Library/Preferences/ManagedInstalls.plist] 
                SuppressUserNotification: False [/Library/Preferences/ManagedInstalls.plist] 
                  UnattendedAppleUpdates: False [/Library/Preferences/ManagedInstalls.plist] 
                    UseClientCertificate: False [/Library/Preferences/ManagedInstalls.plist] 
UseClientCertificateCNAsClientIdentifier: False [/Library/Preferences/ManagedInstalls.plist] 
               UseNotificationCenterDays:     3 [/Library/Preferences/ManagedInstalls.plist] 

If I then run sudo managedsoftwareupdate –vvv:

Managed Software Update Tool
Copyright 2010-2017 The Munki Project

Starting...
WARNING: Client is configured to use the default repo, which is insecure. Client could be trivially compromised when off your organization's network. Consider using a non-default URL, and preferably an https:// URL.
    No CA cert info provided, so nothing to add to System keychain.
    No client cert info provided, so no client keychain will be created.
Checking for available updates...
    No client id specified. Requesting Mac01...
    Manifest base URL is: http://munki/repo/manifests/
    Getting manifest Mac01...
    Options: {'logging_function': <function display_debug2 at 0x10539fa28>, 'ignore_system_proxy': False, 'additional_headers': {'User-Agent': u'managedsoftwareupdate/3.1.1.3447 Darwin/17.4.0'}, 'file': u'/Library/Managed Installs/manifests/Mac01.download', 'cache_data': None, 'url': u'http://munki/repo/manifests/Mac01', 'follow_redirects': u'none', 'download_only_if_changed': False, 'can_resume': False}
    Download error -1003: A server with the specified hostname could not be found.
    Headers: None
ERROR: Could not retrieve managed install primary manifest.
Finishing...
    Getting info on currently installed applications...
Done.


After which defaults read /Library/Preferences/Managedinstalls gives me this:

{
    AppleSoftwareUpdatesOnly = 0;
    ClientIdentifier = "";
    DaysBetweenNotifications = 1;
    FollowHTTPRedirects = none;
    IgnoreSystemProxies = 0;
    InstallAppleSoftwareUpdates = 0;
    InstallRequiresLogout = 0;
    LastCheckDate = "2018-03-23 17:12:37 +0000";
    LastCheckResult = 0;
    LogFile = "/Library/Managed Installs/Logs/ManagedSoftwareUpdate.log";
    LogToSyslog = 0;
    LoggingLevel = 1;
    ManagedInstallDir = "/Library/Managed Installs";
    OldestUpdateDays = 0;
    PackageVerificationMode = hash;
    PendingUpdateCount = 0;
    PerformAuthRestarts = 0;
    ShowOptionalInstallsForHigherOSVersions = 0;
    SoftwareRepoURL = "http://munki/repo";
    SuppressAutoInstall = 0;
    SuppressLoginwindowInstall = 0;
    SuppressStopButtonOnInstall = 0;
    SuppressUserNotification = 0;
    UnattendedAppleUpdates = 0;
    UseClientCertificate = 0;
    UseClientCertificateCNAsClientIdentifier = 0;
    UseNotificationCenterDays = 3;
}


Again, thank you for your help!

Cameron Matteson

unread,
Mar 23, 2018, 3:24:32 PM3/23/18
to munki-discuss
Well, I officially feel dumb. After the 30th or so time of typing things in the configuration has finally stuck around after running managedsoftwareupdate. I'm not sure exactly what I was entering so consistently incorrect, but this can most certainly be chalked up to PEBKAC.

Thank you for your insight anyway!

Mr. Alan Siu

unread,
Mar 23, 2018, 3:29:41 PM3/23/18
to munki-...@googlegroups.com
After the 30th or so time of typing things in the configuration has finally stuck around after running managedsoftwareupdate. 

Just to confirm, because Greg mentioned this earlier, are you opening up the /Library/Preferences/ManagedInstalls.plist in a text editor and then saving that (don't do that)?

You should be writing the config file using Terminal.app commands like
sudo defaults write /Library/Preferences/ManagedInstalls SoftwareRepoURL "https://yourmunkirepo.com/munki_repo"



Alan Siu
Client Systems Analyst
St. Ignatius College Preparatory

On Fri, Mar 23, 2018 at 12:24 PM, Cameron Matteson <matte...@gmail.com> wrote:
Well, I officially feel dumb. After the 30th or so time of typing things in the configuration has finally stuck around after running managedsoftwareupdate. I'm not sure exactly what I was entering so consistently incorrect, but this can most certainly be chalked up to PEBKAC.

Thank you for your insight anyway!

--
You received this message because you are subscribed to the Google Groups "munki-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to munki-discuss+unsubscribe@googlegroups.com.

To post to this group, send email to munki-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/munki-discuss/fb531359-27a0-44d9-b88a-2169f0da56db%40googlegroups.com.

Cameron Matteson

unread,
Mar 23, 2018, 3:59:55 PM3/23/18
to munki-discuss
With the exception of one ill-fated attempt I was entering the config using terminal. I used Xcode a few times mainly just to verify to myself that the file that I was looking at in terminal was, in fact, the correct file in Finder and that the configs were being written.

Cam


On Friday, March 23, 2018 at 3:29:41 PM UTC-4, Mr. Alan Siu wrote:
After the 30th or so time of typing things in the configuration has finally stuck around after running managedsoftwareupdate. 

Just to confirm, because Greg mentioned this earlier, are you opening up the /Library/Preferences/ManagedInstalls.plist in a text editor and then saving that (don't do that)?

You should be writing the config file using Terminal.app commands like
sudo defaults write /Library/Preferences/ManagedInstalls SoftwareRepoURL "https://yourmunkirepo.com/munki_repo"



Alan Siu
Client Systems Analyst
St. Ignatius College Preparatory

On Fri, Mar 23, 2018 at 12:24 PM, Cameron Matteson <matte...@gmail.com> wrote:
Well, I officially feel dumb. After the 30th or so time of typing things in the configuration has finally stuck around after running managedsoftwareupdate. I'm not sure exactly what I was entering so consistently incorrect, but this can most certainly be chalked up to PEBKAC.

Thank you for your insight anyway!

--
You received this message because you are subscribed to the Google Groups "munki-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to munki-discus...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages