So I’m a huge fan of Munki.
But the management of manifests has always been a bit of a pain point for me, especially the larger and larger the organisation is. Being able to provide granular control is relatively easy with the nested manifests, however organising them and even creating them can be a tedious task.
Enter Munki Enroll. This is a project by Cody Eding. I’ve forked it and made a few changes to show you how this can save you a huge amount of time and effort. Especially since we probably already have a lot of this information stored in a database somewhere, AD is a good place to start, chat to your AD Admin – have a poke around in it with Apache Directory Studio and see what kind of information you might be able to pull out. At my organisation we even have a database that we can access via a soap api that allows us to retrieve location information such as buildings/levels/rooms etc. Once we have this information its not hard to put it to use.
Lets say you have a break down that looks a little something like this
As you can see the manifests are broken down by region, school, building, level, room and finally the machine receives an individual manifest based on the hostname of the machine
All of these folders and manifests were created by the Munki Enroll php script!
In my workflow, i run the munki enroll script during imaging time. Part of our imaging tasks includes getting some input from our user about where the machine is located. We then query AD and our Location database to get some more specific information. We then push this up to Munki Enroll php and let it try to find a manifest for the machine. If it can’t find a manifest for the machine it will go ahead and create one for us, including creating the directories and included manifests all the way to the root of ../manifests if required.
Each of the manifests includes the manifest above it. This makes it quite easy to target machines for software deployment.
Especially in an educational environment with lab based machines. Want a piece of software on all machines? Add it to the _Global manifest.
Check out the project on my GitHub and feel free to fork, contribute code, tell me i’m doing it all wrong etc etc