Mac – Munkiserver Puppet Module

Forget what you know about the word puppet because when I say Puppet I want you to think of configuration/state management to the extreme, and not marionnettes. What can Puppet do, you ask? Puppet can manage a machine from the beginning to the end of its lifecycle. It can enforce a state on a machine. You want to ensure that the SSH/Apache/MySQL services are always running? No problem, Puppet will do that. And you’ll see this first hand after the jump, but it can also automate repetitive tasks (ex: setting up clients) and quickly deploy additional servers to help load balance a critical service. Alright, this sales pitch is over. If you want to know more, you can learn more learn more about how Puppet works here.

Munkiserver? You know about munki, Greg Neagle’s fantastic software management application, but what is munkiserver? Munkiserver is a Ruby on Rails web application for managing your munki setup, developed by Jordan Raine. It uses munki a little bit differently but adds some neat features. For example, clients are in a 1-1 relationship with the server  (i.e. each client has their own manifest), making it super easy to specify one off installs. However, you can still group clients together using computer groups and apply software bundles to them, thus achieving the same level of functionality as regular manifests in vanilla munki. Another difference is that all configurations (ex: pkginfo, manifests, bundles, etc…) are stored in a backend database; there is no flat repo. This does add some complexity and makes it impossible to add manifest logic. However, munkiserver does give you the ability to add raw tags to a package’s pkginfo file via the web application. Now that I mentioned it, everything is done through the web application:

  • Adding/removing computer clients
  • Uploading/editing packages
  • Editing manifests
  • Assigning user/group permissions
  • Viewing which packages have updates (uses www.macupdate.com to check)
  • Viewing warranty information
  • The list goes on…

If munkiserver sounds like something you want to try but don’t want to spend the time setting it up, today is your lucky day. I’ve wrote a Puppet module that will automatically configure a new instance of the munkiserver application on any Mac OS X 10.6+ system in 20 minutes or less (depending on your internet connection, and CPU speed). And regardless of whether or not you have any knowledge about Puppet or an existing Puppet server, this writeup will assume you don’t in both cases, I will explain how to deploy a new munkiserver using only a local Puppet manifest (no Puppet server required). This is because if you already have a Puppet server I think you’ll know what to do for the most part. Details after the jump.

Continue reading