Munki is an incredible tool for Mac software deployment, and the setup process is fairly straightfoward – configure a web server, create your repo, run the tools to populate it with software, and configure clients.
It’s the “configure a web server” aspect that may give some pause, as setting up and configuring Apache or Nginx has a bit of a learning curve, and many OS X admins may not necessarily have access to or control over network infrastructure or server infrastructure to do this easily, especially in education.
Docker simplifies this process quite a bit, because you can create a simple webserver with only a few commands that will give you exactly what you need to start serving Munki content – and you can easily transport this Docker webserver from host to host, as it’s designed to be portable and self-contained.
In this example, we’ll use my fork of the Macadmins/munki Docker image to build.
Start by cloning the repo:
git clone https://github.com/macadmins/docker-munki.git
The Dockerfile
Now, let’s take a look at the Dockerfile:
FROM nginx RUN mkdir -p /munki_repo RUN mkdir -p /etc/nginx/sites-enabled/ ADD nginx.conf /etc/nginx/nginx.conf ADD munki-repo.conf /etc/nginx/sites-enabled/ VOLUME /munki_repo EXPOSE 80
Let’s look at this line by line:
FROM nginx
This means that we’re using the official Nginx Docker image. It’s done all the hard work for us – it has Nginx already installed. All we need to do is add our pieces.
RUN mkdir -p /munki_repo
RUN mkdir -p /etc/nginx/sites-enabled/
RUN just runs a command – and in this case, we’re just creating two sets of directories. We’ll use /munki_repo to serve the actual Munki repo itself, and we’ll be adding configuration data into /etc/nginx/sites-enabled/.
ADD nginx.conf /etc/nginx/nginx.conf
ADD munki-repo.conf /etc/nginx/sites-enabled/
ADD copies files into the Docker image. We provided these two .conf files ahead of time, as they’re going to tell Nginx how to serve our content.
Let’s look at nginx.conf:
worker_processes 1; http { include /etc/nginx/sites-enabled/*; } events { worker_connections 768; }
This is a fairly straightforward configuration file that just tells Nginx to also include any configuration files stored in /etc/nginx/sites-enabled, which we created earlier with the RUN command.
Look at munki-repo.conf:
server { listen 80; server_name munki; location /repo/ { alias /munki_repo/; autoindex off; } }
This configuration file tells Nginx to listen on port 80, the default web port. In addition, the server_name expects to be “munki”. We’re using the location /repo/
, which means that content will be served from http://munki/repo (which is the default location that Munki expects), but that /repo/
is actually an alias to the path /munki_repo
– which we created earlier in a RUN command with mkdir. Lastly, we’re turning off folder indexing, so visitors can’t list the contents of our directories.
VOLUME /munki_repo
This uses a Docker technique to “expose” as volume. More details about Docker volumes can be found here and here. The short explanation, without going into too much detail, is that this volume /munki_repo can be linked to other Docker containers, and the data inside can be accessed easily.
EXPOSE 80
The EXPOSE directive opens a port to the outside world. It means that this container will serve content on port 80, and thus can be accessed by its container ID, IP address, or DNS name at port 80 – the default web port. Since this is a web server, using port 80 is logical.
Building the Image
Now we can build this image. First navigate into the directory with the Dockerfile on your host:
cd docker-munki
Run the build command. Feel free to change the name to anything you want:
docker build -t "nmcspadden/munki" .
When it completes the build, you’ll have a new image called “nmcspadden/munki”. Use docker images
to see it – you’ll see that it’s marked with the tag “latest” to indicate that it’s the most up to date version.
Running the image is covered in the next post.
Hi Nick! Running the build command (docker build -t “nmcspadden/munki”) does nothing except show me usage of docker: Usage: docker build [OPTIONS] PATH | URL | etc
I have cloned the repo and cd’d into the docker-munki folder. Are there any other steps I need to take?
LikeLike
Make sure to include the . at the end of the command:
docker build -t "name/munki" .
The . at the end means “current directory”, which should be the directory containing the Dockerfile.
Alternatively, specify the path to your directory:
docker build -t "name/munki" /path/to/Dockerfile/directory/
Check the docs for details:
https://docs.docker.com/reference/commandline/cli/#build
LikeLike
Thanks Nick, good call, I was missing the dot! I did see it, but I figured it was there for punctuation, DUH!
Great blog, thanks for sharing!
LikeLike