-
Notifications
You must be signed in to change notification settings - Fork 5
How to for Munki admins
- A Mac running 10.12 or later
- AWS Access and Secret key for the IAM user MunkiAdmin (created by munkimagic-in-aws)
- aws-cli
- munkitools
- MunkiAdmin
~$: ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/me/.ssh/id_rsa): /Users/me/.ssh/munkimagic.id_rsa
Enter passphrase (empty for no passphrase): ThisIsMyStrongPassphrase
Enter same passphrase again: ThisIsMyStrongPassphrase
If you want to use a hardware authentication device (e.g. Yubikey), please refer to this section of DrDuh's YubiKey-Guide.
Give the public key to someone with Administrator Access to the AWS account and receive your SSH key ID in return.
aws configure --profile munkiadmin
Enter your Access and Secret Key for IAM User 'MunkiAdmin'
~$: make help
> Help
make configure → Configure munkimagic-MunkiAdmin
make setup → Clone Munki git repository into ↴
/path/to/munkimagic-MunkiAdmin/munkimagic-production/
make commit → Commit changes made to the munki repository
make update → Push changes to Munki bucket
make reset → Reset configuration
The entire process can be seen here
-
Clone munkimagic-MunkiAdmin repository
git clone https://github.com/chaosbunker/munkimagic-MunkiAdmin && cd munkimagic-MunkiAdmin
-
Configure munkimagic-MunkiAdmin
~$: make configure
The following variables will be set:
- aws_profile (e.g. munkiadmin)
- aws_region (e.g eu-west-1)
- name (Your Name, for local git config)
- email (Your E-Mail, for local git config)
- ssh_key_id (SSH key ID, e.g. AKIAIOSFODNN7EXAMPLE)
- identity_file (path to your ssh key)
- munki_stack (The name of the main munki stack)
- munki_repo (CodeCommit repository name)
- munki_s3_bucket (Name of munki S3 bucket that servers munki clients)
-
Set up munki repository
~$: make setup
The munki repository will be set up and cloned into a directory within
munkimagic-MunkiAdmin
. -
Open repository in MunkiAdmin.app, make and save changes
-
Update Munki bucket (push changes and trigger pipeline)
~$: make update
This will
- commit changes
- pull changes
- push changes
- sync pkgs to munki bucket
- monitor the pipeline until it successfully ran through
After make update
finished, Munki clients can retrieve updated manifests and packages.