Server for hosting a Munki repository and dynamically generating manifests

Related tags

Network munki-server
Overview

About

munki-server is an all-in-one server to deploy Munki with three main parts:

  • HTTP file server for Munki clients
  • Simple dynamic manifest generation
  • WebDAV server for mounting Munki repository as a file share - for use with munkitools, MunkiAdmin, etc

Building

$ cd /path/to/build/directory
$ GOBIN="$(pwd)" go install "github.com/korylprince/[email protected]<tagged version>"
$ ./munki-server

Configuring

munki-server is configured with environment variables:

Variable Description Default
WEBROOT Path to root of Munki repository Must be configured
MANIFESTROOT Path relative from root to the manifests folder. Should have both leading and trailing slashes. For example, if WEBROOT is /data and the manifests folder is at /data/repo/manifests, MANIFESTROOT should be /repo/manifests/ Must be configured
ASSIGNMENTSPATH Path to assignments configuration file (see below) Must be configured
WEBDAVPREFIX The path to access the WebDAV server. For example, if munki-server is hosted at https://munki.example.com and WEBDAVPREFIX is set to /edit/, the WebDAV share can be mounted at https://munki.example.com/edit/ /edit/
USERNAME Username for WebDAV server webdav
PASSWORD Password for WebDAV server. If using the prebuilt Docker container, you can also specify PASSWORD_FILE for use with Docker secrets Must be configured
PROXYHEADERS Set to true if you want the server to rewrite IP addresses with X-Forwarded-For, etc headers false
LISTENADDR The host:port address you want the server to listen on :80

Dynamic Manifests

munki-server supports dynamic manifests to allow easy configuration for specific devices without having to manually create a lot of static files. ASSIGNMENTSPATH should point to a YAML file with the following schema:

default:
  catalogs:
    - catalog1
    - catalog2
    - ...
  manifests:
    - manifest1
    - manifest2
    - ...
devices:
  - name: Text description
    client_identifier: ClientIdentifier
    catalogs:
      - catalog3
      - catalog4
    manifests:
      - manifest3
      - manifest4

munki-server will generate a manifest using the specified default catalogs and included manifests and return it to the client. If the client's ClientIdentifier is also configured under devices, those catalogs and included manifests will be merged into the default and return the result to the client.

If a client doesn't have the ClientIdentifier set, munki will use the device' serial number, so you can easily configure catalogs and included manifests per device. This method is recommended over manually setting a ClientIdentifier on each device.

Catalogs and included manifests are added to the generated manifest in the order they are specified in the assignments configuration (with defaults always before specific device configuration), and Munki will always use the last included manifest with the highest precedence.

If a manifest is requested that matches the name of a file in the manifests folder, dynamic generation will be skipped and the file will be sent like a normal web server.

Example

Let's say you have a set of common software you want installed on all devices, but John Smith needs a special app. You would create two manifests: site_common (with all of the common software), and special_software (includes just the special software). Next you'd use the following assignments configuration:

default:
  catalogs:
    - catalog_with_common_software
  manifests:
    - site_common
devices:
  - name: John Smith's MacBook
    client_identifier: <serial number>
    catalogs:
      - catalog_with_special_software
    manifests:
      - special_software

Normal clients would receive a generated manifest with site_common as an included manifest, while John Smith's MacBook would receive a manifest with both site_common and special_software as included manifests.

Deploying

munki-server is intended to be deployed behind a reverse proxy with TLS termination (e.g. traefik, nginx, etc). Don't forget to set PROXYHEADERS to true if doing so.

There's a prebuilt Docker container at korylprince/munki-server:<tagged version>.

You might also like...
A repository for the X-Team community to collaborate and learn solutions to most coding challenges to help prepare for their interviews.
A repository for the X-Team community to collaborate and learn solutions to most coding challenges to help prepare for their interviews.

Community Coding Challenge Handbook This repository focuses on helping X-Teamers and community members to thrive through coding challenges offering so

Server and client implementation of the grpc go libraries to perform unary, client streaming, server streaming and full duplex RPCs from gRPC go introduction

Description This is an implementation of a gRPC client and server that provides route guidance from gRPC Basics: Go tutorial. It demonstrates how to u

JPRQ Customizer is a customizer that helps to use the JPRQ server code and make it compatible with your own server with custom subdomain and domain
JPRQ Customizer is a customizer that helps to use the JPRQ server code and make it compatible with your own server with custom subdomain and domain

JPRQ Customizer is a customizer that helps to use the JPRQ server code and make it compatible with your own server with custom subdomain and domain.You can upload the generated directory to your web server and expose user localhost to public internet. You can use this to make your local machine a command center for your ethical hacking purpose ;)

Http-server - A HTTP server and can be accessed via TLS and non-TLS mode

Application server.go runs a HTTP/HTTPS server on the port 9090. It gives you 4

The repository provides supplementary Go time packages

Go Time This repository provides supplementary Go time packages. Download/Install The easiest way to install is to run go get -u golang.org/x/time. Yo

The seed repository for your Flamego middleware modules

seed This repository contains seed files that almost every repository of Flamego middleware module should have. Using the content Create an empty repo

The official repository of the Gravity Bridge Blockchain

Gravity bridge is Cosmos - Ethereum bridge designed to run on the Cosmos SDK blockchains like the Cosmos Hub focused on maximum design simplicity an

A Go package for creating contributor list by release, Help full for those organization that use one repository for platform release

This is a Go package which create contributors list by release by scanning across all repository that exist in organisation, Only helpful for those or

This is repository for nft-analyzer

Основная информация Запуск: Склонировать репозиторий Настройка env (см. далее) docker-compose up -d Написать команду go mod download Запустить go run

Owner
Kory Prince
Kory Prince
Gsshrun - Running commands via ssh on the server/hosting (if ssh support) specified in the connection file

Gsshrun - Running commands via ssh on the server/hosting (if ssh support) specified in the connection file

Məhəmməd 2 Sep 8, 2022
LazySSH is an SSH server that acts as a jump host only, and dynamically starts temporary virtual machines.

LazySSH is an SSH server that acts as a jump host only, and dynamically starts temporary virtual machines. If you find yourself briefly starti

Stéphan Kochen 475 Sep 9, 2022
Simple and lightweight SSH git hosting with just a directory.

go-gitdir This project makes it incredibly easy to host a secure git server with a config that can be easily rolled back. It aims to solve a number of

Kaleb Elwert 179 Sep 6, 2022
A library designed for hosting Minecraft: Java Edition listeners.

expresso A library designed for hosting Minecraft: Java Edition listeners. Features Hosting listeners. All handshake, status, and login state packets.

Tal 3 Jul 29, 2022
A modified version of RoProxy made for self-hosting.

roproxy-lite A modified version of RoProxy made for self-hosting. Setup is easy, simply change the options at the top of main.go and run. Alternativel

ek 5 Sep 10, 2022
Ipctl - Listen to IP change and change your DNS' records dynamically

ipctl Listen to IP change and change your DNS' records dynamically Table of cont

Daniel Svitan 1 Feb 17, 2022
Updating DNS records for dynamically changing IPs via the Cloudflare API

Cloudflare Dynamic IP Server About The Project About The Project Updating DNS re

null 0 Dec 24, 2021
null 39 Sep 10, 2022
The Akita CLI for watching network traffic, automatically generating API specs, and diffing API specs.

Catch breaking changes faster Akita builds models of your APIs to help you: Catch breaking changes on every pull request, including added/removed endp

Akita Software 195 Sep 29, 2022
A structure generating tool for Minecraft Bedrock Edition that supporting various platforms

FastBuilder Phoenix Description FastBuilder is a structure generating tool for Minecraft Bedrock Edition that supporting various platforms. The Phoeni

null 1 Dec 10, 2021