Endpoint Services, Munki, Manifests
Overview
This article provides information on Munki manifests for the Technology Services' Munki Mac Endpoint Management system.
Note: do NOT attempt to use Apple's TextEdit to modify manifests or pkginfo files in your unit's Multi-Tenant Munki repository.
TextEdit is known to cause problems as it attempts to auto-save open files to the mounted WebDAV Munki repo.
If you opt to directly edit repo content with a text editor instead of MunkiAdmin, please use BBEdit.
Systems
- Munki Mac Endpoint Management
Affected Customers
- University of Illinois IT Pros leveraging Technology Services Endpoint Services' Munki Mac Endpoint Management
Actions
- What Are Manifests?
- Multi-Tenant Munki Manifest Best Practices
- Example of Computer Manifest File
- Example of Included Manifest File
- MunkiAdmin Application
What Are Manifests?
Manifests are structured XML text files that conform to Apple's PLIST document type definition. A basic Munki manifest consists of the following keys:
| Key: | Description: |
| catalogs | The 'catalogs' key defines which catalogs Munki should search within for the items listed in the manifest. |
| managed_installs | The 'managed_installs' key contains a list of items you would like to ensure are installed and kept-up-to-date. |
| managed_uninstalls | The 'managed_uninstalls' key contains a list of items you would like to have removed if found to be installed on a computer. |
| managed_updates | The 'managed_updates' key contains a list of items you would to check if some version of the item is installed; if found, the item is processed just as if it was in the managed_installs list and updated. |
| optional_installs | The 'optional_installs' key contains a list of items that are available for optional installation, allowing end-users to choose to install and/or remove these items without needing admin privileges themselves. Items specified here are what is displayed to end-users in the Managed Software Center application. |
| included_manifests | The 'included_manifests' key contains a list of additional manifests that should be called (nested manifests). Most nested manifests should not include a catalogs key, see below for more information regarding this. |
| conditional_items | The 'conditional_items' key allows for IT Pros to set conditions on when specific items are installed or removed. For example, an IT Pro can set Munki to install a VPN client on just laptops. Additional information on conditional items can be found on the Munki Wiki. |
| display_name | The 'display_name' key serves as an additional computer identifier within MunkiAdmin. Does not have any effect on clients in other areas of Multi-Tenant Munki. |
| user | The 'user' key serves as an additional computer identifier within MunkiAdmin. Does not have any effect on clients in other areas of Multi-Tenant Munki. |
| notes | The 'notes' key allows for custom notes within MunkiAdmin. Does not have any effect on clients in other areas of Multi-Tenant Munki. |
Custom keys besides those listed above can be used in any manifest, however, MunkiAdmin will remove them when it saves changes. The EPS team recommends only using supported keys.
Additional information on manifest keys can be found on the Munki Wiki.
Multi-Tenant Munki Manifest Best Practices
The Endpoint Services (EPS) team recommends the following best practices for manifests in the Multi-Tenant Munki system:
- Create a single manifest for each computer and name the manifest file to match the computer's serial number. The MTM portal allows for the bulk creation of computer manifests using the CSV upload functionality and manifest templates. See our article on importing computers into MTM for additional information.
- All catalogs should be set on the computer manifest. Most nested/shared manifests should not include a catalogs key
- Units that would like to have more-organized manifest directories can create subdirectories within their MTM manifests directory for included manifests only (not computer manifests).
- Computer manifests should be kept in the root of the manifests directory.
Example manifest directory with subdirectories
Example of Computer Manifest File
Filename: C1MGM5RYDX67
| <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>catalogs</key> <array> <string>global_free.appconfig_production</string> <string>global_free_production</string> <string>global_sysconfig_production</string> <string>UofI_licensed_production</string> <string>UIUC_licensed_production</string> <string>hr_production</string> </array> <key>display_name</key> <string>HR-moe01</string> <key>included_manifests</key> <array> <string>depts/hr/hr_default</string> <string>moe</string> </array> <key>managed_installs</key> <array/> <key>managed_uninstalls</key> <array/> <key>managed_updates</key> <array/> <key>notes</key> <string>This is Moe Howard's machine in Human Resources.</string> <key>optional_installs</key> <array/> <key>user</key> <string>moe</string> </dict> </plist> |
Example of Included Manifest File
Filename: hr_default
| <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>included_manifests</key> <array> <string>global_free</string> <string>UofI_licensed</string> <string>UofI_licensed_adobe_2023_optional_installs</string> </array> <key>managed_installs</key> <array> <string>firefox_esr</string> <string>google_chrome</string> <string>microsoft_office_365</string> </array> <key>managed_uninstalls</key> <array> <string>adobe_flash_player</string> </array> <key>managed_updates</key> <array> <string>box_sync</string> <string>dropbox</string> </array> <key>optional_installs</key> <array/> </dict> </plist> |
MunkiAdmin Application
The EPS team recommend the use of the MunkiAdmin application for modifying manifests. Please see our article on MunkiAdmin for additional information.