Scripts to automatically enroll clients in Munki, allowing for very flexible manifest structures.
Branch: master
Clone or download
Pull request Compare This branch is 12 commits ahead, 28 commits behind edingc:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
client script update formatting Apr 19, 2016
munki-enroll Add exit statement when manifest already exists Dec 8, 2014
.gitignore Added .gitignore file. Oct 18, 2012
LICENSE Added license info. Dec 7, 2012
README.md Minor edit Sep 1, 2016
Sample Manifest Sample Manifest w/ serail, NetID Notes Jun 10, 2014

README.md

Munki Enroll

A set of scripts to automatically enroll clients in Munki, allowing for a very flexible manifest structure.

My fork of Cody Eding's Munki Enroll project adds the serial number and the most frequent logged in user to the manifest to help further idenitfy which Mac the manifest belongs to. I also added email notification so I know when a new manifest is created in Munki.

Why Munki Enroll?

My organization has a very homogenous environment consisting of several identical deployments. We deploy machines with a basic manifest, like "room_28". This works wonderfully, until computer three in room 28 needs a special piece of software.

Munki Enroll allows us this flexibility. A computer is deployed with a generic manifest, and Munki Enroll changes the manifest to a specific manifest. The new specific manifest contains the generic manifest as an included_manifests key, allowing us to easily target the whole lab and each individual computer.

Wait, Doesn't Munki Do This Already?

Munki can target systems based on hostnames or serial numbers. However, each manifest must be created by hand. Munki Enroll allows us to create specific manifests automatically, and to allow them to contain a more generic manifest for large-scale software management.

Installation

Munki Enroll requires PHP to be working on the webserver hosting your Munki repository.

Copy the "munki-enroll" folder to the root of your Munki repository (the same directory as pkgs, pkginfo, manifests and catalogs).

That's it! Be sure to make note of the full URL path to the enroll.php file.

Client Configuration

Edit the included munki_enroll.sh script to include the full URL path to the enroll.php file on your Munki repository.

SUBMITURL="https://munki/munki-enroll/enroll.php"

The included munki_enroll.sh script can be executed in any number of ways (Terminal, ARD, DeployStudio workflow, LaunchAgent, etc.). Once the script is executed, the Client Identifier is switched to a unique identifier based on the system's hostname.

Caveats

Currently, Munki Enroll lacks any kind of error checking. It works perfectly fine in my environment without it. Your mileage may vary.

Your web server must have access to write to your Munki repository. I suggest combining SSL and Basic Authentication (you're doing this anyway, right?) on your Munki repository to help keep nefarious things out. To do this, edit the CURL command in munki_enroll.sh to include the following flag:

--user "USERNAME:PASSWORD;" 

License

Munki Enroll, like the contained CFPropertyList project, is published under the MIT License.