mobilceconfig deploy hang
25 views
Skip to first unread message
Markus
Dec 8, 2022, 6:10:45 AM12/8/22
to munki-discuss
I'm trying to deploy my first .mobileconfig to my clients to configure `ManagedInstalls`. I successfully created the mobileconfig and when I install it locally by double clicking it, everything is set up correctly (I can verify it by `sudo managedsoftwareupdate --show-config` and see that those settings are `[MANAGED]`).
To install this profile (MacOs 13.0.1) I had to open system settings, go to privacy settings, profiles and then manually enable the profile (it was in a pending state) by entering my password.
Then I removed it again and imported that mobilceconfig into munki `munkiimport xxx.mobilceconfig`, leaving everything as default. I looks like it correctly set everything up (e.g. "installer type" is set to "profile"), and it shows as a new package to install, but when I try to do so in the managed software center, it hangs after starting the install:
The profile doesn't show in system settings at all (not even as pending). Looks like it hangs there forever.
Did I miss something? Is this a known problem?
Daniel Moore
Dec 8, 2022, 6:40:39 AM12/8/22
to munki-...@googlegroups.com
“In macOS Big Sur (and presumably beyond), it is no longer possible to use the
profiles command to install profiles. This prevents Munki from installing profiles on Big Sur and beyond.”On Dec 8, 2022, at 6:10 AM, Markus <markus...@gmail.com> wrote:
I'm trying to deploy my first .mobileconfig to my clients to configure `ManagedInstalls`. I successfully created the mobileconfig and when I install it locally by double clicking it, everything is set up correctly (I can verify it by `sudo managedsoftwareupdate --show-config` and see that those settings are `[MANAGED]`).
To install this profile (MacOs 13.0.1) I had to open system settings, go to privacy settings, profiles and then manually enable the profile (it was in a pending state) by entering my password.
Then I removed it again and imported that mobilceconfig into munki `munkiimport xxx.mobilceconfig`, leaving everything as default. I looks like it correctly set everything up (e.g. "installer type" is set to "profile"), and it shows as a new package to install, but when I try to do so in the managed software center, it hangs after starting the install:
<Bildschirmfoto 2022-12-08 um 12.01.55.png>
<Bildschirmfoto 2022-12-08 um 12.08.37.png>
The profile doesn't show in system settings at all (not even as pending). Looks like it hangs there forever.
Did I miss something? Is this a known problem?
--
You received this message because you are subscribed to the Google Groups "munki-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to munki-discus...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/munki-discuss/c4c55f46-0df2-423e-b8dd-42036e588cd1n%40googlegroups.com.
You received this message because you are subscribed to the Google Groups "munki-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to munki-discus...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/munki-discuss/c4c55f46-0df2-423e-b8dd-42036e588cd1n%40googlegroups.com.
<Bildschirmfoto 2022-12-08 um 12.01.55.png>
Markus
Dec 8, 2022, 6:42:35 AM12/8/22
to munki-discuss
Some more information: I checked the logs (/Library/Managed Installs/Logs/ManagedSoftwareUpdate.log) and when I click to install the profile's package, this shows up:
```
Dec 08 2022 12:41:50 +0100 managedsoftwareupdate run triggered by /private/tmp/.com.googlecode.munki.managedinstall.launchdDec 08 2022 12:41:50 +0100 ### Starting managedsoftwareupdate run: installwithnologout ###
Dec 08 2022 12:41:50 +0100 Starting...
Dec 08 2022 12:41:50 +0100 Finishing...
Dec 08 2022 12:41:50 +0100 Saving application inventory...
Dec 08 2022 12:41:53 +0100 Performing postflight tasks...
Dec 08 2022 12:41:53 +0100 ### Ending managedsoftwareupdate run ###
```
I can abort the installation and try it again with the same result.
Markus
Dec 8, 2022, 6:46:14 AM12/8/22
to munki-discuss
Ah well thanks!
Guess I'll have to search for another way to configure my client's settings then ... do you maybe know how to do this with munki, or is it not possible?
Markus
Dec 8, 2022, 7:52:23 AM12/8/22
to munki-discuss
for reference, I managed to create a "nopgk" package to do so and change the setting `AggressiveUpdateNotificationDays` to `90` in my case.
MunkiRelaxAggressiveUpdates.pkginfo:
```xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>OnDemand</key>
<false/>
<key>_metadata</key>
<dict>
<key>creation_date</key>
<date>2022-12-08T12:10:44Z</date>
<key>munki_version</key>
<string>6.0.1.4523</string>
<key>os_version</key>
<string>13.0.1</string>
</dict>
<key>autoremove</key>
<false/>
<key>catalogs</key>
<array>
<string>testing</string>
<string>production</string>
</array>
<key>display_name</key>
<string>Munki Relax aggressive updates</string>
<key>installcheck_script</key>
<string>#!/bin/bash
if [ "$(/usr/bin/defaults read /Library/Preferences/ManagedInstalls AggressiveUpdateNotificationDays)" = "90" ]; then
exit 1
else
exit 0
fi</string>
<key>installer_type</key>
<string>nopkg</string>
<key>minimum_os_version</key>
<string>10.10.0</string>
<key>name</key>
<string>MunkiRelaxAggressiveUpdates</string>
<key>postinstall_script</key>
<string>#!/bin/bash
/usr/bin/defaults write /Library/Preferences/ManagedInstalls AggressiveUpdateNotificationDays -int 90
</string>
<key>unattended_install</key>
<true/>
<key>version</key>
<string>1.4</string>
</dict>
</plist>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>OnDemand</key>
<false/>
<key>_metadata</key>
<dict>
<key>creation_date</key>
<date>2022-12-08T12:10:44Z</date>
<key>munki_version</key>
<string>6.0.1.4523</string>
<key>os_version</key>
<string>13.0.1</string>
</dict>
<key>autoremove</key>
<false/>
<key>catalogs</key>
<array>
<string>testing</string>
<string>production</string>
</array>
<key>display_name</key>
<string>Munki Relax aggressive updates</string>
<key>installcheck_script</key>
<string>#!/bin/bash
if [ "$(/usr/bin/defaults read /Library/Preferences/ManagedInstalls AggressiveUpdateNotificationDays)" = "90" ]; then
exit 1
else
exit 0
fi</string>
<key>installer_type</key>
<string>nopkg</string>
<key>minimum_os_version</key>
<string>10.10.0</string>
<key>name</key>
<string>MunkiRelaxAggressiveUpdates</string>
<key>postinstall_script</key>
<string>#!/bin/bash
/usr/bin/defaults write /Library/Preferences/ManagedInstalls AggressiveUpdateNotificationDays -int 90
</string>
<key>unattended_install</key>
<true/>
<key>version</key>
<string>1.4</string>
</dict>
</plist>
```
This can be used to change all settings, so guess I'm fine now.
Nick McSpadden
Dec 8, 2022, 10:20:13 AM12/8/22
to munki-...@googlegroups.com
You will generally need an MDM to deploy configuration profiles to macOS now. MDM is no longer optional for managing macOS.
To view this discussion on the web visit https://groups.google.com/d/msgid/munki-discuss/aeb0ac26-36f3-44c2-93a3-6de7f1dab2d7n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages