Skip to content
This repository has been archived by the owner on Feb 13, 2019. It is now read-only.

PackagingDeployableClient

Jump to bottom
Justin McWilliams edited this page Jun 19, 2015 · 4 revisions

Packaging a Deployable Client

Before you start packaging a client, you should first complete the AdminSetup and Configuration docs.

Furthermore, you should either have certificates ready for re-use or follow SimianAndCertificates to create certificates for your client(s). The following files must exist in your working directory:

  • PWD/etc/simian/ssl/ca_public_cert.pem
  • PWD/etc/simian/ssl/server_public_cert.pem

Execute make dmg to create a DMG to deploy to your fleet. Some users have reported the need: sudo make dmg.

Note that this DMG includes both Simian and Munki for initial deployment convenience.

Advanced Configuration

Advanced users should inspect the Makefile to see how a separate Simian PKG can be built, how to adjust the Munki version, and more.

For example, to build using a particular Munki version, update MUNKI_VERSION to the desired Munki build number. Keep in mind, Munki has it's own stable release cycles, and not all builds are meant for wide use. Thus, we update the Makefile at stable milestones set by Munki's founder with the help of a community of testers.

Client Certificates

The Simian package generated above will create empty directories /etc/simian/ssl/certs/ and /etc/simian/ssl/private_key/. Simian admins must come up with their own mechanism for assigning and distributing certificates to client machines.

Testing Simian Authentication

To test Simian configurations, including the validity of your certificates and communication with the server, you can execute one of the following commands:

Simian-2.4:

sudo /usr/local/munki/preflight --debug

The final line should contain, "Preflight completed successfully."

Simian-2.3 and earlier:

sudo /usr/local/bin/simianauth --debug

The final line should contain an Auth1Token similar to below:

Auth1Token=OTYyeDQzN3E2ODA0NzQ0NTQzMzI1MDQwzTUzMjQ5NTM1NjI1NjM=; secure; httponly;

Configuring Munki

This section is a work in progress, but the Munki project page is the best place to refer for now.

The Simian package generated above will set the full URL to your Simian Server in the /Library/Preferences/ManagedInstalls.plist SoftwareRepoURL property. * You can change this with defaults write /Library/Preferences/ManagedInstalls SoftwareRepoURL https://appid.appspot.com

To ensure the appropriate LaunchAgents and LaunchDeamons are running, a reboot is required after the initial Munki installation.

Clone this wiki locally