Skip to content

How to for Munki admins

Jump to bottom
Dennis Rodewyk edited this page Apr 18, 2019 · 2 revisions

Prerequisites

Create SSH key pair for authentication with CodeCommit repository

~$: ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/me/.ssh/id_rsa): /Users/me/.ssh/munkimagic.id_rsa
Enter passphrase (empty for no passphrase): ThisIsMyStrongPassphrase
Enter same passphrase again: ThisIsMyStrongPassphrase

If you want to use a hardware authentication device (e.g. Yubikey), please refer to this section of DrDuh's YubiKey-Guide.

Give the public key to someone with Administrator Access to the AWS account and receive your SSH key ID in return.

Add AWS profile

aws configure --profile munkiadmin

Enter your Access and Secret Key for IAM User 'MunkiAdmin'

Overview of targets

~$: make help

> Help
  make configure  →  Configure munkimagic-MunkiAdmin
  make setup      →  Clone Munki git repository into ↴
                     /path/to/munkimagic-MunkiAdmin/munkimagic-production/
  make commit     →  Commit changes made to the munki repository
  make update     →  Push changes to Munki bucket
  make reset      →  Reset configuration

Set up Munki repository

The entire process can be seen here

  1. Clone munkimagic-MunkiAdmin repository

    git clone https://github.com/chaosbunker/munkimagic-MunkiAdmin && cd munkimagic-MunkiAdmin

  2. Configure munkimagic-MunkiAdmin

    ~$: make configure

    The following variables will be set:

    • aws_profile (e.g. munkiadmin)
    • aws_region (e.g eu-west-1)
    • name (Your Name, for local git config)
    • email (Your E-Mail, for local git config)
    • ssh_key_id (SSH key ID, e.g. AKIAIOSFODNN7EXAMPLE)
    • identity_file (path to your ssh key)
    • munki_stack (The name of the main munki stack)
    • munki_repo (CodeCommit repository name)
    • munki_s3_bucket (Name of munki S3 bucket that servers munki clients)

  3. Set up munki repository

    ~$: make setup

    The munki repository will be set up and cloned into a directory within munkimagic-MunkiAdmin.

  4. Open repository in MunkiAdmin.app, make and save changes

  5. Update Munki bucket (push changes and trigger pipeline)

    ~$: make update

    This will

    • commit changes
    • pull changes
    • push changes
    • sync pkgs to munki bucket
    • monitor the pipeline until it successfully ran through

After make update finished, Munki clients can retrieve updated manifests and packages.

Clone this wiki locally