Automated Munki Client Deployment with munki-enroll
Part of the Munki build out process included loads of testing to make sure our test clients were functioning properly before enrolling our existing Macs. We use a variety of remote tools to manage these remote machines, but the enrollment process was automated using a DeployStudio workflow and a bootstrap method of enrolling Macs. This method of enrolling would only allow us to auto enroll a Mac if its freshly deployed with DeployStudio. I needed a simple way to enroll already existing and deployed Macs throughout the company, while still being able to utilize munkienroll.
Enter this simple script that automatically reads and writes various defaults to ManagedInstalls.plist as well as a few other files. Keep in mind, my munkienroll script was modified for our existing environment, as well as for our DeployStudio workflows. This will also download and install the latest version of Munki tools.
This script writes to com.apple.RemoteDesktop and sets the Text1 field to “standard” which essentially tells the Munki tools on that Mac to include the standard manifest after the Mac is enrolled. Munki enroll will create a manifest within Munki called “clients\MAC-1234” and include the standard manifest.
Make sure you update your MUNKI_REPO_AUTH variable with the proper code if you are using HTTP basic authentication to lock down your Munki server from unauthorized use.
You can deploy this script with ARD or any other tool that allows for pushing a script to your machines remotely. Not the prettiest solution, but a huge time saver. Once the Mac restarts, Managed Software Center will automatically start installing and updating packages, based on what’s in your standard manifest.
# Gather computer information
IDENTIFIER=$( defaults read /Library/Preferences/ManagedInstalls ClientIdentifier );
HOSTNAME=$( scutil --get ComputerName );
INCLUDED_MANIFEST=$( defaults read /Library/Preferences/com.apple.RemoteDesktop Text1 );
MUNKI_REPO_AUTH="Authorization: Basic asdlkajsdfsjfslkfjljf3$%#$#^#^=="
defaults write /Library/Preferences/com.apple.RemoteDesktop Text1 "standard"
defaults write /Library/Preferences/ManagedInstalls SoftwareRepoURL "$MUNKI_REPO_URL"
defaults write /Library/Preferences/ManagedInstalls AdditionalHttpHeaders -array "$MUNKI_REPO_AUTH"
defaults write /Library/Preferences/ManagedInstalls InstallAppleSoftwareUpdates -bool false
defaults write /Library/Preferences/com.apple.RemoteDesktop Text1 "$INCLUDED_MANIFEST"
defaults write /Library/Preferences/ManagedInstalls DaysBetweenNotifications -int 1
defaults write /Library/Preferences/ManagedInstalls SuppressUserNotification -bool true
defaults write /Library/Preferences/ManagedInstalls ClientIdentifier clients/"$HOSTNAME"
# Change this URL to the location of your Munki Enroll install
# Application paths
$CURL -O https://munkibuilds.org/munkitools2-latest.pkg
installer -allowUntrusted -pkg munkitools2-latest.pkg -target / 2> /dev/null
$CURL -u $HTACCESS --max-time 10 --get \
-d hostname="$HOSTNAME" \
-d identifier="$IDENTIFIER" \
-d included_manifest="$INCLUDED_MANIFEST" \
IDENTIFIER_PATH=$( echo "$IDENTIFIER" | sed 's/\/[^/]*$//' );