Manage your Macs on a budget
Let me preface this article by saying that Munki is an open source tool that allows system administrators trying to take hold of their Macintosh environment with little to no budget. Munki is a tool that was developed by a systems administrator over at Disney Animation Studio’s. It is now used by small companies and large alike (Disney & Google). Now its also true that both of these giant’s also use Casper a top shelf product by JAMF software.
Munki has a few things going for it. It has a small footprint. Its open source. Its well supported. Its free. Its not a complete solution but if you want a way to manage your systems and deploy software to your fleet of Macintosh computers with little to no budget its a good alternative to Casper. Many companies use Munki and Casper together (Google) while other smaller companies use only Munki. Munki requires any web server or Mac OSX Server running Apache, and a fairly stable network.
Setup
Munki consists of client-side tools written largely in Python, and is available as open-source under the Apache 2 license at https://code.google.com/p/munki. The client tools run on Leopard and Snow Leopard. They require Python 2.5, and so will not run on Tiger or earlier versions of Mac OS X.
Its pretty easy to setup and I won’t go through a typical setup that is because there is already an awesome walkthrough over at the Google Code website located here. The concept here is that you install an agent on the client computers that connects using a “heartbeat” or a LauncDeamon that checks a local repository for updates. Munki allows you to serve updates to your entire fleet of Mac computers and it ties in nicely with Apple’s own software updates as well.
Managing Mac OS X machines has many facets. Many of the commercial solutions for software deployment also provide solutions for other facets of Mac management. Munki does not. Munki focuses only on software deployment. You’ll need to turn to other tools for imaging, inventory, remote assistance, and preference management. At my organization, we’re using DeployStudio for imaging and Apple’s Screen Sharing for remote assistance. If you’ve been reading this column for very long, it shouldn’t come as a surprise that we’re using Local MCX for preference management.
Munki Data
Munki uses three types of data. Installer items: these are packages or disk images containing the software to be installed. In many cases, you can use a package or disk image provided by the software vendor without having to repackage or convert the installer package in any way. For example, munki can install Firefox from the disk image that you download from https://www.mozilla.com.
Catalogs: these are lists of available software, containing metadata about the installer items. You, as the munki administrator, build these catalogs using tools provided with munki.
Manifests: A manifest is essentially a list of what software should be installed on or removed from a given machine. You could have a different manifest for every machine, or one manifest for all of your machines. Manifests can include the contents of other manifests, allowing you to group software for easy addition to client manifests. For example, you could create a manifest listing all of the software every machine in your organization must have. The manifest for a client could then include the common-software manifest, and additionally have software unique to that client.
Manifests and catalogs are stored on the web server as standard Apple plist files in text format. If you’ve administered Mac OS X machines, you’ve almost certainly encountered plist files. They are a well-understood way to store structured data in a text format.
Munki Behaviors
This is a good time to discuss a major part of munki’s design. Munki is designed to be polite. It never installs anything under a currently active user session without the user’s approval. If no one is logged in, munki will by default install or remove software automatically, hiding the loginwindow and presenting a status window. If a user is logged in, munki notifies the user of updates and allows the user to either update right away or defer the update until later. Munki also handles multiple user logins (via Fast User Switching) gracefully and will not install items if more than one user is logged in (as doing so could cause switched-out users to lose work).
Administrators can customize these behaviors, configuring munki to never bother the user with available updates (therefore waiting to install all updates when no user is logged in), or the inverse – telling munki to never automatically install software when at the loginwindow, and instead always requiring user consent for all updates. Administrators cannot, however, easily configure munki to force an install or removal while users are logged in.
Munki Web Admin
Munki is good but what if you want to report on all the computers or check if they have installed the updates. Well with Munki Web Admin now you can! MunkiWebAdmin is a Django web application that incorporates the functionality of the MunkiReport project and also provides the ability to browse catalogs, and browse and edit manifests of an existing Munki repo. Again setup is very simple and I set it up on my own repository and it works great. Find the documentation here.
Munki Admin App
Adding applications or updates to Munki is 100% command line. Not everyone is familiar or comfortable in this environment. Munki Admin App helps beginners add programs and updates, build catalogs, and manifests and ultimately configure the package info files and other components of munki in a nice easy to understand user interface. Check out the code here and download a pre-compiled version as well.
Simian
Developed by Google corporate engineering, provides a web-based admin interface for munki clients.Simian is a wordplay of munki, actually meaning “higher primate,” ergo the advancement of the munki product.
Simian provides a number of admin functions that were missing from a true enterprise class product, such as dynamic generation of the catalog (software to consume), web based tools instead of a CLI, reporting information (number of munki hosts, client versions, patch status, etc). Simian clients can connect anywhere (internal or external network) because the application is hosted by Google App Engine; whereas the common munki-only deployment usually was deployed in the intranet only. The SaaS Google Apps engine model also allows for all the same advantages of any cloud platform (scale, elasticity, price per consumption, etc.).
Conclusion
There are many controversial viewpoints on management software for Mac OSX. Personally I love simplicity and simplicity lies in an all encompassing solution such as Casper from JAMF software. However its a cost prohibitive solution for many small companies. Using Munki or Simian with Munki Admin App and Munki Web Admin gives you most of the features that you will need to deploy software to your fleet of Macintosh computers.
AI Usage Transparency Report
Pre-AI Era · Written before widespread use of generative AI tools
AI Signal Composition
Score: 0.05 · Low AI Influence
Summary
Munki is an open source tool for managing Macintosh environments with little to no budget.
Related Posts
Web Help Desk on Amazon EC2
If your like me you have run several servers and you have learned that running your own servers and server hardware either locally or remotely is a huge commitment. A commitment of time, money and precious resources that many in the IT community can not afford. Since the inception of virtual environments people have been making their lives easier with simpler more disposable methods of hosting and that is what led me to the holy grail of virtual environments the Amazon EC2 server.
Roll your own DNS monitoring with DIG, Bash & CRON
If your like me your always looking for ways to be notified of things changing in your IT Environment. There are many tools that you can use to help do this. StatusCake is a great free online tool for monitoring website and IP level uptime and downtime with baked in email notifications. Zeonoss and NAGIOS are great tools that can offer the same with SNMP Monitoring baked in as well.
Authenticate with AD credentials via ARD / SSH
Binding a Mac to an AD is fairly straight forward. Most Mac Admin's worth their salt, know how this is done, many know how to do this via the command line. Once your Mac is bound, authentication is easy, local authentication that is. But what if you want to use your secure AD credentials over an SSH or Apple Remote Desktop connection? Well thats when things need a bit more configuration. Having recently deployed a series of servers with this configuration I figured I would share some of the commands...
Migrate Outlook 2016 Profile from one Mac to another Mac
I recently had to help a client move from one Mac to another, during the process one task proved more challenging than originally anticipated. I wanted to share my info in the event that it helps someone out there. In Outlook 2016 for Mac, Microsoft in its infinite wisdom, has changed the default location of the email profile folder. The new location is not well documented, and I stumbled upon it on an obscure forum post, the location is
Migrate Open Directory 10.10
A few weeks ago I had an old 10.9 open directory master server crash on me and I was unable to restart, luckily I had a good backup of my server which I created using Carbon Copy Cloner on a schedule. If your not using Carbon Copy Cloner I highly recommend doing so its one of the best backup utilities for OSX Server as it runs in the background and can backup and clone multiple directories and or the entire hard drive.
Munki Report-PHP, the new old kid on the block
I have used SCCM for a while now and have to say that I find it very very powerful. The fact that collects plenty of information from the clients, uploads it to a SQL db and keeps a history, plus the ability of create dynamic computer collections based on querys to the SQL and then target those groups with tasks makes it extremely useful in an enterprise environment. Plus the amazing reports you can get if you have an SQL guru around!
Munki Software License Tracking
Beginning with the 0.9.1 builds of the munki tools, Munki can query a webserver to determine if there are available seats for licensed software (or any software you wish to make available via optional_installs, yet control the number of deployed copies). In order to use this feature, here are the things you need:
Install Zenoss on 10.9 Mavericks with VMWare Fusion
If you are a network (or systems) administrator, you know how crucial it is to have the right tools for the job. One of the toughest tools to really nail down is a network monitoring tool. Although there are plenty of such tools out there, they range from the over-priced to the under-featured. Where do you look for any sort of middle ground where features don’t lose out to price?
Deploying Printers with Munki on 10.9 Mavericks
You can use Profile Manager to manage printer lists but the functionality is limited. One major issue with managing printer lists with Profile Manager is if you add a printer to an Profile Manager client’s printer list, and the driver file for that the printer isn’t installed on the client system, the printer will be added using the Generic Printer Driver. Even if the printer driver file is installed later the printer continues to use the Generic Printer Driver.
Updating Munki Web Admin on 10.9 Mavericks Server
Discover the Power of MUNKI: A Robust Solution for Your Mac Management Needs MUNKI is a highly acclaimed product that has earned its place as a top choice among Mac administrators, thanks to its strong community backing and impressive track record. With support from industry giants like Disney and Google, this reliable solution has consistently delivered results across all versions of OSX since its inception. Whether you're managing a small fleet or a large enterprise, MUNKI's robust features and seamless integration make it an ideal choice for any Mac management...
