Setting up Munki to work with existing JAMF Pro

[Dan Shaw]

Hi Everyone - I am just getting started with integrating Munki to work with our existing JAMF Pro setup and had a few questions I was hoping to have answered.

My current setup:

- Main JAMF Server (Tomcat + MySQL) running on Windows 2012 R2 VM using IIS.

- Proxy server pointing back to main JAMF server above to provide packages via HTTP for external users.

- 3 Distribution points at various locations to serve files locally to those locations using SMB.

Questions:

1. Can I utilize an existing DP to host my Munki Repo? Would the proxy server be the best? See #2 below for reason.

2. If answer above is YES, is the Munki repo housed in a separate folder than the JAMF packages?

2. Is Munki able to serve files based on a users IP address like JAMF is? If not, that would simplify #1 above.

3. JAMF Pro uses Self Service, Munki uses Managed Software Center. For anyone who is using both JAMF Pro and Munki, how do you separate the two? Do you use both? SS for scripts and configuration and MSC for applications and updates?

Thanks everyone!

-Dan

[Mr. Alan Siu]

I don't use JAMF, but I think I might be able to take a first stab at your questions:

1. Can I utilize an existing DP to host my Munki Repo? Would the proxy server be the best? See #2 below for reason.

If your distribution point is a web server that can serve out files, it can host your Munki repo. I've never hosted on IIS before, but IIS is a web server, so it's probably going to be fine to host your Munki repo.

2. If answer above is YES, is the Munki repo housed in a separate folder than the JAMF packages?

I would put it in its own separate folder.

3. Is Munki able to serve files based on a users IP address like JAMF is? If not, that would simplify #1 above.

Munki has conditions you can use to say "install this if the client machine's IP address is" or "install this if the client machine's IP address is not." If you need to target specific machines, though, I'd recommend using machine-specific manifests (serial number is the most precise).

4. JAMF Pro uses Self Service, Munki uses Managed Software Center. For anyone who is using both JAMF Pro and Munki, how do you separate the two? Do you use both? SS for scripts and configuration and MSC for applications and updates?

Again, I don't use JAMF, so I don't know if you should use both, but I can see how using both could get tough to manage or be confusing to your users. Munki can run scripts and also has support for .mobileconfig profiles. The only thing Munki can't do is user-approved MDM stuff like kernel extensions for 10.13+ or tcc for 10.14+, because Munki is not an MDM.

Alan Siu

Client Systems Analyst

St. Ignatius College Preparatory

--
You received this message because you are subscribed to the Google Groups "munki-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to munki-discus...@googlegroups.com.
To post to this group, send email to munki-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/munki-discuss/6d420793-bcc6-4417-9fb1-93581c8db934%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[David Nelson]

I’m not familiar with the architecture of Jamf but the answers below should still be helpful: 

1. Server-side, Munki is just a bunch of files and folders. There’s no server software per se, so you can use any machine you want as long as it can run a web server and you have a way to upload/sync your repo files to it. 

2. A separate folder would be a good idea.

3. You can add conditions in Munki so certain software is available to clients based on their IP. Is that what you have in mind? 

4. This is probably mostly up to you, but I imagine it would be best to keep all your self-service stuff in one place.

On Tue, Dec 18, 2018 at 11:37 AM Dan Shaw <dks...@gmail.com> wrote:

--

[John Haywood]

Others have answered regarding the general setu. I thought I'd add that you might want to look at jamJAR to integrate munki into a Jamf setup

John Haywood

 

To view this discussion on the web visit https://groups.google.com/d/msgid/munki-discuss/CAKN%3D1%2BjObWgYnmU7YuA%3DJ0%3D8iqHdZTCXSvPC4YtzhY_5aN_i0g%40mail.gmail.com.

[Ben Toms]

Thanks for the shout out John :)

Dan,

You’ll need Munki to have it’s own folder, but can be hosted on a DP box if that is running services which present items over HTTP/S.

Munki is not natively “network segment” aware. (To use a jamf-ism).

You could either 1) Host Munki on a cloud service, & all clients pull from there. 2) use .local DNS with each site resolving to a different munki repo.

There are other methods such as a predict which sets the repo_url dynamically based on location, we do this but have a number of other things attached there so cannot release that. 

To view this discussion on the web visit https://groups.google.com/d/msgid/munki-discuss/598ce327-17a4-4d53-ae51-c9164ccfcdf1%40Spark.

For more options, visit https://groups.google.com/d/optout.

--

Regards,

Ben

[Dan Shaw]

Thanks for the feedback everyone! This helps a lot. 

Ben - I watched your video presentations on JamJAR and will most likely give it a try once i have everything set up. You also use JAMF and Munki so could you help me understand a couple more things:

1. If I have a JAMF proxy server that serves files for users outside of our domain/network and an internal server that serves files inside of our domain/network (both of which use HTTPS), and I were to have a Munki repo set up on both of those, how do both repo's stay in sync? If a package is added to one repo, would I have to create some type of sync task to copy those files to the other server or does Munki make sure both repo's have the same files?

2. How do you set up your clients in regards to JAMF's self service and Munki's managed software center. Do you use both? Do you use just one? I'm trying to understand how they play nicely together or not. I just want to make sure that users are not confused when it comes to software patching. 

BTW - I'm the OP of the JAMF Nation discussion you are a part of: https://www.jamf.com/jamf-nation/discussions/30394/software-patching-what-s-the-future. Thanks for chiming in!

-Dan