Endpoint Services, Munki, Computer Labs Policy & Best Practices

Overview

This article provides information for managing Mac computer labs using Technology Services' Munki Mac Endpoint Management system.

Systems

  • Munki Mac Endpoint Management

Affected Customers

  • University of Illinois IT Pros leveraging Technology Services Endpoint Services' Munki Mac Endpoint Management

Actions

Specifying Static Versions of Packages

In the normal course of business, the Endpoint Services (EPS) team is continually making available new or updated packages for the use of our clients. However, we recognize that many labs prefer not to change the version of some or all of their packages during the course of a semester. In order to allow for this flexibility, the EPS team has developed the following best practices to keep packages at a specific version:
  • Each lab manager should create an included manifest with packages that they would like to manage in the lab. Global, UofI, and UIUC packages will be updated automatically by the EPS team.
  • For any global, UofI, or UIUC package that the lab manager wants to keep at a specific version, they should duplicate the pkginfo file to their own unit's repo and modify it to create a separate and specific pkginfo file for that version. To reduce file duplication, this pkginfo file will use the same pkg installation file as the global/UofI/UIUC pkginfo file.
  • The catalogs array in the new pkginfo file should be modified to replace all global/UofI/UIUC catalogs with an appropriately-named unit catalog--e.g. EPS_supercollider_legacy or FAA_openoffice_3_8.
  • The unit catalog should then be added to the TOP of the catalogs list in the machine manifest of any Macs to remain on the static version. Catalog order is very important, as Munki will install the FIRST package version that it comes across in all of the catalogs for a given machine.

    Sample excerpt from a machine manifest showing the properly ordered catalog array with the 'legacy' catalog at the top:

        <key>catalogs</key>
        <array>
             <string>EPS_supercollider_legacy</string>
             <string>global_free_production</string>
             <string>global_free.appconfig_production</string>
             <string>global_sysconfig_production</string>
             <string>UofI_licensed_production</string>
             <string>UIUC_licensed_production</string>
             <string>EPS_production</string>
        </array>

  • This method should also be used to create unit-specific pkginfo files if lab managers wish to keep "requires" and/or "update_for" dependencies for a package at a specific version.

  • More information on dependent packages in pkginfo files can be found on the Munki Wiki.

    Scheduling Updates to Only Run During Certain Hours

    Lab managers who wish to have Munki only run during certain hours of the day can install the global package Munki Time Window (name key: "munkitimewindow"). By default, Munki Time Window will force Munki to only run between 1am and 5am. If this time window does not suit the needs of a unit, in addition to the base package, lab managers will need to install a preference file that specifies the hours during which Munki should be allowed to run. The EPS team has provided a handful of pre-built preference packages at the global level. Units may also submit a request to the EPS team asking for the creation of an additional preference package if the existing packages do not meet a unit's needs..

    More information can be found on the Munki Time Window Wiki.


    Contact the EPS team




Keywords:EPS MTM "multi tenant" multi-tenant mac macos endpoint lab TechS-EPS-MTM   Doc ID:80740
Owner:EPS Distribution List .Group:University of Illinois Technology Services
Created:2018-03-08 16:54 CDTUpdated:2018-08-07 14:33 CDT
Sites:University of Illinois Technology Services
Feedback:  0   0