Munki is an incredible tool for Mac deployment. Unlike other MDM or management software, it’s focused on a single purpose – delivering files from a central repository to a client machine based on some criteria. It doesn’t include features like inventory tracking, reporting, queries, or other items that you might find in commercial management solutions and suites.
Since Munki is open source and has a thriving community of dedicated users, it’s no surprise that solutions have been developed to add this kind of functionality to Munki. There are a number of options out there, but the one I’m going to focus on is the open-source version of Sal, written by Graham Gilbert.
Sal is Django-based web app that collects information from Munki clients whenever they run the Munki software. It allows for convenient access to inventory collection, which can give us an idea of what OSes we’re seeing on our clients, what software packages are installed, what updates are still pending, etc. Information and reporting is always good, and Sal does a great job.
Sal has solid documentation for using it and getting started, so I won’t reproduce all of that here. Instead, I’m just going to go through a simple setup of the Sal Docker container and installation on client devices, from start to finish.
Getting Sal running with Docker:
As suggested by the repo instructions, the Docker image is the officially recommended approach for setting up Sal.
First, you’ll need to get Graham’s customized Postgres database running. His customization allows for easy database creation by passing in environmental variables, which I used in a previous blog post about customizing Postgres.
I prefer to use data containers, to keep my data portable and not tied to a host. Here’s the data container for Sal’s Postgres database:
docker run --name "sal-db-data" -d --entrypoint /bin/echo grahamgilbert/postgres Data-only container for postgres-sal
Then the database:
docker run --name "postgres-sal" -d --volumes-from sal-db-data -e DB_NAME=sal -e DB_USER=saldbadmin -e DB_PASS=password --restart="always" grahamgilbert/postgres
-e environment variables allow us to specify the database name, user, and password for access.
Now run Sal itself:
docker run -d --name sal -p 80:8000 --link postgres-sal:db -e DOCKER_SAL_TZ="America/Los_Angeles" -e ADMIN_PASS=password -e DB_NAME=sal -e DB_USER=saldbadmin -e DB_PASS=password macadmins/sal
Specify real passwords for use in production, obviously. I’ve also passed in the
DOCKER_SAL_TZ timezone environmental variable to change it to PST, since I don’t live in London.
Open your web browser to http://localhost/ on the Docker host to log into Sal – using the password you specified earlier.
Create a Business Unit.
Create at least one Machine Group. Each Machine Group will generate a “key,” which you’ll need to add to the clients.
Set up the clients:
Install the provided Sal-scripts.pkg onto an OS X client with Munki installed.
If Sal has not been added to your DNS (if you’re testing this for the first time, this will almost certainly be true), you’ll need to modify
/etc/hosts on the client to add in your Docker host as “sal”.
Next, you’ll need to add the proper client configuration to your OS X clients.
Change the URL to http://sal for this example, but you’ll need to set the key to the one of the keys you generated from a Machine Group:
defaults write /Library/Preferences/com.salsoftware.sal ServerURL http://sal defaults write /Library/Preferences/com.salsoftware.sal key e4up7l5pzaq7w4x12en3c0d5y3neiutlezvd73z9qeac7zwybv3jj5tghhmlseorzy5kb4zkc7rnc2sffgir4uw79esdd60pfzfwszkukruop0mmyn5gnhark9n8lmx9
Now, you can simply run Munki’s
managedsoftwareupdate to get Sal reporting:
At then end of the Munki run, you should see output similar to this:
Finishing... Performing postflight tasks... postflight stdout: Sal report submmitted for Mac.local. Done.