Setting up a server for the Munki repository

Before you begin…

Please read the following before you start rolling up your sleeves and setting up Munki:

• Why should your school use Munki to manage its Macs?
• Basic requirements for Munki
• How does Munki work?

tl;dr

This guide will walk you through getting set up a certain way so you can get up and running quickly with some sensible defaults. There are many ways to set up Munki. After you get really comfortable with it, for example, you may want to change things up a bit (for example, run Nginx instead of Apache or use Linux instead of macOS). Covering all the ways to run Munki is not the point of this site.

Turning on Apache

Don’t use Server.app

On your Mac Mini (or whatever Mac you’re setting aside to be your server), do not use Server.app. Make sure Server.app has either never touched that Mac or that you’ve completely removed it. Starting with Server 5.7.1, it may even be a non-issue, since Websites has been stripped out of it. We’re going to use the built-in Apache.

Turning on the built-in Apache

Go to /Applications/Utilities/Terminal.app and paste in this command to turn on Apache:
sudo apachectl start
If it worked, you should be able to go to http://localhost and see It works!.

Creating the directories needed for your Munki repo

Paste in these commands to create subdirectories in /Users/Shared for the Munki repo
cd /Users/Shared/
mkdir munki_repo
mkdir munki_repo/catalogs
mkdir munki_repo/icons
mkdir munki_repo/manifests
mkdir munki_repo/pkgs
mkdir munki_repo/pkgsinfo
Let’s set proper permissions for these directories:
chmod -R a+rX munki_repo
Now, we’re going to create a symlink from the munki_repo folder we created in /Users/Shared to the /Library/WebServer/Documents directory (which is where Apache looks to serve up files):
sudo ln -s /Users/Shared/munki_repo /Library/WebServer/Documents/
Now you should have an empty Munki repo. In order to populate it, we’ll have to install Munki tools.

Setting up Munki tools to manage your repo

It’s important to know that a “Munki server” is just a web server. All it does is host files. So even though we’re about to install Munki on this Mac, which is also the Munki server, a Munki server does not need to have Munki tools installed. In fact, many Munki servers (for example, ones hosted on Linux or Windows) cannot have Munki tools installed on them. If you were to eventually host your repo on Linux, you would install Munki tools on a Mac, and then remotely manage your Linux-hosted Munki repo from that Mac (or another Mac).

Installing Munki tools

You can always get the latest Munki tools from https://github.com/munki/munki/releases/latest

I’d recommend you do the standard install, which installs all the components. If, in the middle of installation, you click to customize, you’ll see there are five components:

• Munki core tools
• Munki admin tools
• Managed Software Center
• Munki launchd agents
• Munki app usage monitoring tool

Munki core tools are what allows Munki to do most of its work (analyze what’s installed and compare it to what should be installed, and install or remove what needs to be installed or removed, etc.).

Munki admin tools are what we’re about to use to populate and manage the Munki repo. There’s really no harm in installing it on your client machines, because, without write-access to the Munki repo, your clients can’t really do anything with the tools.

Managed Software Center is the App Store–like graphical interface your users will see to install updates that require user interaction (for example, ones that require a reboot or logout) or to self-select software that you make available as optional installs.

Munki launchd agents gives Munki a dynamic quality, for example, allowing Munki to do its background runs every hour or so.

Munki app usage monitoring tools keep track of how often users are launching applications or quitting them, so that if you want to remove software that hasn’t been used in a while, you can specify how long it should be before unused software is automatically removed. You don’t have to remove unused software, but there isn’t a ton of overhead to install this, so feel free to install this along with the other four components.

Because you’re installing the launchd agents, you’ll have to reboot after you install the Munki tools. Go ahead and do so when prompted.

Setting up munkiimport

For now, we’re just going to use the Munki server to manage itself. Really, though, if you configure file sharing properly (via SMB, for example), you should be able to use any Mac to manage the Munki server.

In the terminal, run this command, and then answer the prompts appropriately.
munkiimport --configure
Repo URL (example: afp://munki.example.com/repo): file:///Users/Shared/munki_repo
Again, this is a file address for if you’re using the Mac you’re using as the server to access itself. If you were mounting the server share from another machine, you’d configure munkiimport to use an smb:// or afp:// address instead.
pkginfo extension (Example: .plist): .pkginfo
You can just press Return here to use the .plist extension. Some people choose to use .pkginfo instead. It’s up to you. Both are fine. Or leaving it blank, too, can work. I like to put in .pkginfo as an extension, so that’s what you’ll see in future tutorials.
pkginfo editor (examples: /usr/bin/vi or TextMate.app; leave empty to not open an editor after import): BBEdit.app
If you have strong opinions about what text editor you like to use, go ahead and put it in here. If you’re not sure what to use, I’d recommend BBEdit.
Default catalog to use (example: testing):
Just hit Return here. testing is a fine default catalog to use.
Repo access plugin (defaults to FileRepo):
Hit Return here as well, and then you’re all set.

Now we have a Munki repo set up and munkiimport configured to use the repo. Next time, we’ll work on actually setting up the repo to be useful to clients.