Autopkg – Download Recipe Decision Making Process

Autopkg – Download Recipe Decision Making Process

It’s been a long-standing goal of mine to help people get started making their own recipes for autopkg, which was recently spurred on by revisiting my previously-discussed recipeGenerationUtils. The autopkg wiki can only be so instructive on the process besides some general guidelines, so I thought I’d expand on some points here, while […]

Read more

Pepijn Bruienne Reverse-Interview by Charles Edge, Part One

Once again donning the yellow jersey, Charles Edge returns to reverse-interview Pepijn Bruienne, recorded back at the turn of the year. We’re so happy to have Charles back with his new role at Bushel, mostly because we can finally drag out the ‘scrum masters’ tag again. Lovingly polished by the awesome Aaron Lippincott, […]

Read more

Thunderstrike Need-To-Know

Thunderstrike Need-To-Know

When we heard about the ‘bootkit’ exploit branded Thunderstrike having the potential to remove all of your security controls it was pretty disturbing. Luckily Apple controls a relatively small number of models, and released a patch for several affected CPU versions, bundling it with 10.10.2 so as to lessen the number […]

Read more

Stop Remediating While you Audit

Stop Remediating While you Audit

Let’s talk about orchestration. This term is different than just applying the normal set of configuration profiles you want near-permanently enforced on the workstations under your management. Too much theory isn’t necessarily helpful, but sometimes I come across something that feels right, and then experience validates it as a real, […]

Read more

Enhancing Sal with Facter and Profiles

In a previous post, I showed how to set up Sal. Sal‘s basic functionality is useful on its own, for the basic Munki reporting – what are the completed installs, pending updates, what OS versions, how many devices checked in the past 24 hours, etc. In this post, I’m going […]

Read more

Using Puppet with WebHelpDesk to Sign Certs, with Docker

In a previous post, I showed how to use Munki with Puppet SSL Client certificates in a Docker image. In that example, the Puppetmaster image is set to automatically sign all certificate requests. Good for testing, but not a good idea for production use. Instead, we should look into Puppet […]

Read more

Running Munki with Puppet SSL Client Certificates

Previously, I showed how you can run Munki in a Docker container. Then, I talked about how to build Munki to use Puppet for SSL certificates. Assuming you’ve got a running Puppetmaster image (which I talked about building here), let’s run the Munki-Puppet image we just built. Running the Container: […]

Read more

Building Munki with Puppet for SSL Client Certificates

Note: this is based on the README for the Munki-SSL docker container. In a previous post, we ran a Docker container serving Munki repo content via Nginx. That works fine, but only serves insecure HTTP content. It’s generally in everyone’s best interest to use a secure connection between the Munki […]

Read more

Building a Puppetmaster with Docker

This is based on the README I wrote for the macadmins/puppetmaster image. Puppet is an industrial-strength cross-platform configuration management engine. Though you’ll find lots of existing Puppetmaster images on the Docker registry, this one will serve as the baseline for other expanded uses of Puppet – such as using it […]

Read more

Running Munki in Docker

In the previous post, I built a container that serves static files at http://munki/repo using Nginx. Now that we have build the Docker image, let’s put it to use. Data Containers We’re going to hook up the Munki image to a data-only container. Data-only containers are a way of keeping […]

Read more