Munki,Open Source January 22, 2015 at 6:57 pm

Building Munki with Docker

Munki is an incredible tool for Mac software deployment, and the setup process is fairly straightfoward – configure a web server, create your repo, run the tools to populate it with software, and configure clients.

It’s the “configure a web server” aspect that may give some pause, as setting up and configuring Apache or Nginx has a bit of a learning curve, and many OS X admins may not necessarily have access to or control over network infrastructure or server infrastructure to do this easily, especially in education.

Docker simplifies this process quite a bit, because you can create a simple webserver with only a few commands that will give you exactly what you need to start serving Munki content – and you can easily transport this Docker webserver from host to host, as it’s designed to be portable and self-contained.

In this example, we’ll use my fork of the Macadmins/munki Docker image to build.

Start by cloning the repo: git clone https://github.com/macadmins/docker-munki.git

The Dockerfile

Now, let’s take a look at the Dockerfile:
FROM nginx
RUN mkdir -p /munki_repo
RUN mkdir -p /etc/nginx/sites-enabled/
ADD nginx.conf /etc/nginx/nginx.conf
ADD munki-repo.conf /etc/nginx/sites-enabled/
VOLUME /munki_repo
EXPOSE 80

Let’s look at this line by line:
FROM nginx
This means that we’re using the official Nginx Docker image. It’s done all the hard work for us – it has Nginx already installed. All we need to do is add our pieces.

RUN mkdir -p /munki_repo
RUN mkdir -p /etc/nginx/sites-enabled/
RUN just runs a command – and in this case, we’re just creating two sets of directories. We’ll use /munki_repo to serve the actual Munki repo itself, and we’ll be adding configuration data into /etc/nginx/sites-enabled/.

ADD nginx.conf /etc/nginx/nginx.conf
ADD munki-repo.conf /etc/nginx/sites-enabled/
ADD copies files into the Docker image. We provided these two .conf files ahead of time, as they’re going to tell Nginx how to serve our content.

Let’s look at nginx.conf:
worker_processes 1;
http
{
include /etc/nginx/sites-enabled/*;
}
events
{
worker_connections 768;
}

This is a fairly straightforward configuration file that just tells Nginx to also include any configuration files stored in /etc/nginx/sites-enabled, which we created earlier with the RUN command.

Look at munki-repo.conf:
server
{
listen 80;
server_name munki;
location /repo/
{
alias /munki_repo/;
autoindex off;
}
}

This configuration file tells Nginx to listen on port 80, the default web port. In addition, the server_name expects to be “munki”. We’re using the location /repo/, which means that content will be served from http://munki/repo (which is the default location that Munki expects), but that /repo/ is actually an alias to the path /munki_repo – which we created earlier in a RUN command with mkdir. Lastly, we’re turning off folder indexing, so visitors can’t list the contents of our directories.

VOLUME /munki_repo
This uses a Docker technique to “expose” as volume. More details about Docker volumes can be found here and here. The short explanation, without going into too much detail, is that this volume /munki_repo can be linked to other Docker containers, and the data inside can be accessed easily.

EXPOSE 80
The EXPOSE directive opens a port to the outside world. It means that this container will serve content on port 80, and thus can be accessed by its container ID, IP address, or DNS name at port 80 – the default web port. Since this is a web server, using port 80 is logical.

Building the Image

Now we can build this image. First navigate into the directory with the Dockerfile on your host:
cd docker-munki

Run the build command. Feel free to change the name to anything you want:
docker build -t "name/munki" .

When it completes the build, you’ll have a new image called “name/munki”. Use docker images to see it – you’ll see that it’s marked with the tag “latest” to indicate that it’s the most up to date version.

Running the image is covered in the next post.

Nick McSpadden

I'm Client Systems Manager for Schools of the Sacred Heart, San Francisco. I'm in charge of all OS X and iOS deployments to our faculty, staff, and students.

More Posts

Tags:

Leave a reply

You must be logged in to post a comment.