Ok, it happened again. This time I was able to get more info. (Man I wish Google Groups had better formatting options. But I'll do my best here.)
%
sudo managedsoftwareupdate --show-configCurrent Munki configuration:
AdditionalHttpHeaders: None [not set]
AggressiveUpdateNotificationDays: 14 [/Library/Preferences/ManagedInstalls.plist]
AppleSoftwareUpdatesOnly: False [/Library/Preferences/ManagedInstalls.plist]
CatalogURL: None [not set]
ClientCertificatePath: None [not set]
ClientIdentifier: '' [/Library/Preferences/ManagedInstalls.plist] ClientKeyPath: None [not set]
ClientResourceURL: None [not set]
ClientResourcesFilename: None [not set]
DaysBetweenNotifications: 1 [/Library/Preferences/ManagedInstalls.plist]
EmulateProfileSupport: False [/Library/Preferences/ManagedInstalls.plist]
FollowHTTPRedirects: 'none' [/Library/Preferences/ManagedInstalls.plist]
HelpURL: None [not set]
IconURL: None [not set]
IgnoreSystemProxies: False [/Library/Preferences/ManagedInstalls.plist]
InstallAppleSoftwareUpdates: False [/Library/Preferences/ManagedInstalls.plist]
InstallRequiresLogout: False [/Library/Preferences/ManagedInstalls.plist]
LocalOnlyManifest: None [not set]
LogFile: '/Library/Managed Installs/Logs/ManagedSoftwareUpdate.log' [/Library/Preferences/ManagedInstalls.plist]
LogToSyslog: False [/Library/Preferences/ManagedInstalls.plist]
LoggingLevel: 1 [/Library/Preferences/ManagedInstalls.plist]
ManagedInstallDir: '/Library/Managed Installs' [/Library/Preferences/ManagedInstalls.plist]
ManifestURL: None [not set]
PackageURL: None [not set]
PackageVerificationMode: 'hash' [/Library/Preferences/ManagedInstalls.plist]
PerformAuthRestarts: False [/Library/Preferences/ManagedInstalls.plist]
RecoveryKeyFile: None [not set]
ShowOptionalInstallsForHigherOSVersions: False [/Library/Preferences/ManagedInstalls.plist]
SoftwareRepoCACertificate: None [not set]
SoftwareRepoCAPath: None [not set]
SoftwareRepoURL: 'http://munki/repo' [/Library/Preferences/ManagedInstalls.plist] SoftwareUpdateServerURL: None [not set]
SuppressAutoInstall: False [/Library/Preferences/ManagedInstalls.plist]
SuppressLoginwindowInstall: False [/Library/Preferences/ManagedInstalls.plist]
SuppressStopButtonOnInstall: False [/Library/Preferences/ManagedInstalls.plist]
SuppressUserNotification: False [/Library/Preferences/ManagedInstalls.plist]
UnattendedAppleUpdates: False [/Library/Preferences/ManagedInstalls.plist]
UseClientCertificate: False [/Library/Preferences/ManagedInstalls.plist]
UseClientCertificateCNAsClientIdentifier: False [/Library/Preferences/ManagedInstalls.plist]
UseNotificationCenterDays: 3 [/Library/Preferences/ManagedInstalls.plist]
%
ps -ef | grep managed 0 35988 1 0 4:10PM ?? 0:00.08 /usr/local/munki/Python.framework/Versions/3.9/Resources/Python.app/Contents/MacOS/Python /usr/local/munki/supervisor --delayrandom 3600 --timeout 43200 -- /usr/local/munki/managedsoftwareupdate --auto
501 37038 37006 0 4:37PM ttys001 0:00.00 grep managed
%
cd /Library/LaunchDaemons%
cat com.googlecode.munki.managedsoftwareupdate-check.plist <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "
http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.googlecode.munki.managedsoftwareupdate-check</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/munki/supervisor</string>
<string>--delayrandom</string>
<string>3600</string>
<string>--timeout</string>
<string>43200</string>
<string>--</string>
<string>/usr/local/munki/managedsoftwareupdate</string>
<string>--auto</string>
</array>
<key>StartCalendarInterval</key>
<dict>
<key>Minute</key>
<integer>10</integer>
</dict>
</dict>
</plist>
%
cat com.googlecode.munki.managedsoftwareupdate-manualcheck.plist <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "
http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<dict>
<key>PathState</key>
<dict>
<key>/private/tmp/.com.googlecode.munki.updatecheck.launchd</key>
<true/>
</dict>
</dict>
<key>Label</key>
<string>com.googlecode.munki.managedsoftwareupdate-manualcheck</string>
<key>OnDemand</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/usr/local/munki/supervisor</string>
<string>--timeout</string>
<string>43200</string>
<string>--</string>
<string>/usr/local/munki/managedsoftwareupdate</string>
<string>--manualcheck</string>
</array>
</dict>
</plist>
____________________________________________________________
In the outputs above, I bolded 2 lines in the --show-config output to show how when things go brain dead, it forgets what the client identifier is, as well as the repo URL. Note also how when things are dead, there's a lot less known in the initial output, whereas when it's working, you see the usual HTTP authorization password hash, etc.
Now as to "If it’s different, you need to figure out what mechanism is changing the config", that's just it. The config (as in what's stored in the config files) ISN'T changing. A simple reboot, without doing a thing, restores things. It's as if the process spawned by /Library/LaunchDaemons/com.googlecode.munki.managedsoftwareupdate-check.plist is forgetting the settings after a period of time. But I couldn't begin to explain why. The rest of the system is working fine. Memory bleed? Bug? I was hoping you might have some insight on where to look.
Since Munki now uses its own Python interpreter, is it safe to assume that everything is properly sandboxed via virtualenv/etc. so as not to be influenced by any other Python interpreters installed on the host system? I mean, I write Python code and have Python 3.11.1 installed currently (using the Python.org macOS installer) on all of my systems, meaning it's under /Library/Frameworks/Python.framework/Versions/Current/. And as I said, I tend to keep them pretty uniform, so if I add something via pip to one, odds are I've added it to all of them. So I'm scratching my head here why one box behaves differently than the others.
I mean, even if I were doing pip module installs to my instance of Python, and had different pip modules on different systems, I would think Munki wouldn't be affected, unless somehow it's not looking at its own interpreter/setup but rather there's some kind of leak/etc. where it's using the system's setup instead. But where/how that might be happening is outside my scope and more in your wheelhouse.
The most unique things I'm running on the Mac having problems are Munki-related. That is, this Mac is the one that runs AutoPkgr to pull down updates to begin with, after which I use MunkiAdmin to check/move packages from test to production. And then I run a small AppleScript I created that uses rsync to copy any repo changes from that Mac up to the actual server that acts as the Munki repo server. And this setup has worked well for years now.
Only recently (as in at some point in the last few months after v6.0) have I noticed this issue. It began when my Macs were still on macOS 12.x "Monterey", and it continues now, even though I'm up to date with macOS 13.1 "Ventura" as I type this on all my systems. Well at least those that can be updated. I have one 2014 MBP that's stuck at macOS 11 "Big Sur". But even that one works just fine doing updates.
Anyway, if there's anything else I can do to test this or try to
nail this down, let me know. But this feels like an issue with Munki. I just can't figure out why.