Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 

Introduction

This project allows you to host your munki repo, securely from a Google cloud storage bucket.

Getting Started

What you need:

  • Google Cloud Platform account
  • A google storage bucket
  • Service account with read only access.
  • Munki version 2.7.0 or higher to use middleware. You can find that here

Create bucket and Read Only account

  1. Create a new project or navigate to an exsiting one.
  2. Create your read-only service account under IAM & Admin
  3. Create a new service account called whatever you want. Make sure to check the "Furnish a private new key" checkbox. Choose JSON as the keytype. That's the file we need for munki so keep that, you can't download that JSON file again but you can create a new one later.
  4. Go to the IAM section and find the service account, should be under editors and remove all roles (if there are any).
  5. Create new bucket, under Storage.
  6. Once created, we need to assign read permissions to the service account we created. To do so, select the bucket from the list then click the three dots button on the right end of the line where the bucket is. In the sidebar, search for your service account and add the Storage Object Viewer permissions to it.

Uploading your files

You can upload your munki repo to the bucket using gsutil get it here.
The following command will upload all the files from /path/to/munki_repo into your bucket. For more details run gsutil help rsync

gsutil -m rsync -r -d -x '.DS_Store|.git' /path/to/munki_repo gs://<bucket goes here>/

Installing on client

  1. Copy middleware_gcs.py into /usr/local/munki/

  2. Copy the service account json keystore file to /usr/local/munki/. Rename it to gcs.json

  3. Change your repo to point to your Google Storage bucket.

    sudo defaults write /Library/Preferences/ManagedInstalls SoftwareRepoURL  "https://storage.googleapis.com/<bucket goes here>"
  4. If you're using a Munki version that has embeded python you might need to install the pyOpenSSL package.

    sudo /usr/local/munki/Python.framework/Versions/Current/bin/python3 -m pip install pyOpenssl
    

    running this ^ is good for testing, you'll want to read this info on how to include the package with Munki

About

Secure your munki repo in Google Cloud Storage

Resources

Releases

No releases published

Packages

No packages published

Languages