Thoughts on Documentation: What are we afraid of?

Posted on November 8, 2015 by macvfx

People are afraid of documentation… But mostly people just hate it. They don’t like it. They don’t want it. It shouldn’t exist. Fingers in ears. I can’t hear you.

This is about primal fear. And hate. I hate hate. But these are real emotions. Let’s deal with it. What is the reality? Why is documentation is ignored, abandoned, or resisted at all?

As a Sysadmin perhaps you don’t care about documentation, that is, sharing information with others (co workers / bosses), you want to keep it to yourself. But you care very much about building systems. But there’s perhaps no attempt to explain any of this to anyone else. Who else is there really? No one cares. No one is around that would understand if you explained it.

Lesson # 1 – Document for yourself.

Paranoia makes us set up redundant systems for backups. Layers upon layers. Custom scripts and disparate apps. Where was this explained? Documented? Nowhere. Bin dir. Maybe.

If you could replace all that now with one app that did it all then you would. Time is valuable. Easier to monitor. Easier for someone else to monitor and take over.

Lesson # 2 – document for your replacement (job change, bus hit)

Do it continuously. Automate. Or set up systems that work automatically.

Lesson # 3. DevOps.

Integrate systems. IT systems manage computer but maybe they also built Inventory. Automatically. Alert Systems report continuously. Living systems report on the state of everything. Documentation is easier when it is current and relevant.

Lesson # 4. Sustainability

Commercial vs OpenSource. Support vs excellent team, talent retention and documentation. Pro/Con. If your custom solution is not well documented that can be a big problem. If you code is not shared, peer-reviewed, or supported by anyone that could be an issue. If it makes sense to switch to commercial software that is supported then do it. If an OpenSource project or code is supported by a larger community perhaps that makes sense.

Lesson # 5. Improve. Grow. Get better.

Discovery and Documentation lead to suggestions for improvement. Make changes. Code and disparate systems that struggle to be documented make us think about how to replace them or better balance the risks vs cost.

Lesson # 6. Human problems don’t always tech solutions.

Code doesn’t fix broken workflows. Meetings are with people. Talking through systems helps people understand pain points. Don’t forget people want to do their job, meet deadlines, do stuff.

Let’s make their world and our world better.

Love not hate. Peace.

Documentation-MatX

MacDevOps Manifesto

Posted on August 28, 2015 by macvfx

I was explaining Munki (and autopkg) to some colleagues when I hit on the idea of the MacDevOps manifesto.

Munki and friends (apps used to augment and extend Munki) are helpful automation tools. Setting up automation systems take time and must be maintained and grown but they pay big dividends. Freeing us to do Dev work or other tasks they automate and iterate and repeat and build our systems in the way we want.

No more 100 machines built in a hundred different ways (unless we want to). But now we can check at a glance in MunkiReport to verify that indeed the latest Adobe Flash patch is installed. That may make our lives better. Especially if we need to satisfy corporate IT or our bosses that we are up to date and patched as required.

The MacDevOps Manifesto Part 1: Munki and friends

Munki is at its core free software created by Greg Neagle at Disney Animation and used worldwide in many different ways but essentially to distribute apps and run scripts on client workstations. There are many ways to customize it and if fits many different workflows. The MacDevOps:YVR conference I ran last June turned out to be a Munki love-in and showed me the many awesome and varied ways organizations are using it.

With AutoPkg, another free Mac open source project, Munki can get the latest updates to any software that it has recipes for and by extension install them on clients immediately. This fits the workflow of having Flash, Java and web browsers (Chrome or FireFox) updated as soon as possible for security patches. Exploits on the Mac are coming from these entry points and if you need to use these apps or plugins then having the latest versions helps. For this feature alone I use Munki. In a few months you will see that Munki with AutoPkg has downloaded dozens of versions of each app and keeping up with this takes time away from other tasks. Automation of simple tasks frees up our time so we can focus on other things. That is MacDevOps.

I also use Munki for installation of any app that is needed everywhere. If I have to download or install one app for one client workstation I put it in Munki and it is ready for installation anywhere with a simple click by the user in a self service portal or automatically by choosing managed installs. Of course if there is an app you don’t want installed (flash or Skype or messenger, etc) add it to Munki and mark it as managed uninstall. Done.

Scripts and files and config Profiles (replacement for mcx, managed preference settings for OS X) can be imported and used to configure workstations to make deployment easy and flexible. Put everything in Munki and then you don’t have to use golden master builds anymore. Buy a new Mac and install the Munki client. Done.

Add to this Munki Report which gives an excellent dashboard for what is installed and a total inventory of your client Macs. Very useful info which will let you know if you 15 different versions of flash or Photoshop or any app you choose to look for.

Last but least I always install Watchman Monitoring which reports to a secure cloud (web portal) to automatically monitor for bad drives, Ram, backups not running etc. It’s a great 50ft overview of all your installs and it can alert you immediately when a machine is having issues that you need to deal with (drives 90% full or Xsan volume not mounted, etc).

I find this combination of Munki and Watchman great for helping me manage my clients and I want to share these ideas about MacDevOps inspired ways of automating systems with everyone. Jump in and get involved with all these projects. You’ll be writing recipes for AutoPkg and sharing cool Munki tips and tricks with all your friends. And maybe like me you will start writing plugins for Watchman to monitor your favourite apps (I’m working on Archiware P5 backup and archive monitoring scripts).

Good luck to everyone and hope to see you at the next MacDevOps:YVR conference in June 2016. If you can’t make it go to your nearest Mac Dev / IT conference or start your own meet up somewhere local.

Munki: Part 3 aka Setting up MunkiReport-PHP to monitor your Munki Setup

Posted on April 4, 2015 by macvfx

This is Part 3 in our series on getting started with Munki. Part 1 covered the basic installation of Munki and the elusive Part 2 covers using Munki Admin and Munki’s Managed Software Centre. Part 3 covers the after you’ve setup Munki, now what part of the deployment. Munki is installed. Software is downloaded via AutoPkg and manifest contain catalog and clients have manifests. But is it working? Do all the Macs have the latest Flash plugin? Do they really? We will cover basic setup of MunkiReport-PHP to show easy it can be to get going.

Step 1. Download munkireport-php, download ZIP

https://github.com/munkireport/munkireport-php

Note: It’s a good idea to read through the setup notes on the site

Step 2. Rename folder to “report”

Rename the the expanded folder to whatever you like, I shorten it to “report”

Step 3. Drop in Munki_repo folder

To get started quickly drop this folder into your munki repo site folder (which is presumably accessible via the web for client access to Munki).

rename the munkireport folder

Step 4. Change perms of app/db folder

Your set up will fail is the app/db folder is not accessible. Make it writable.

Note: Do not make your site accessible to the outside Internet if you’re not confident in your security model. This is for inside your LAN testing. Be careful and mindful of security concerns. ‘Nough said

MunkiReport app-db-sqlite

If you get this error you haven’t changed the permissions it requires.

MunkiReport errors

Step 5. Rename default_config to config.php

rename the default config php file

Step 6. Enable php for apache

Enable PHP in Apache or other web server service you’re using. Example below is using Server.app

Enable PHP server.app

Step 7. Create user (and hash)

Load up your MunkiReport-PHP site and create a user and hash.

Step 8. Add hash to config.php

Step 9. Download MunkiReport.plist using curl

Download MunkiReport.plist using curl. Note: use an IP address accessible to your Munki clients, i.e. not ‘localhost’

Step 10. Add MunkiReport.plist to pkgsinfo

Add MunkiReport.plist to pkgsinfo

MunkiReport pkgsinfo

Step 11. Import in munki repo

Use munkiimport or MunkiAdmin to import your MunkiReport.plist to Munki

Step 12. Add to client manifest

Add MunkiReport.plist to client manifest using Munki Admin or Munki cli tools

MunkiReport plist installs in MunkiAdmin

Step 13. Add apps to monitor in config.php

Use the apps_to_track model. See also Rsaeks blog post.

http://www.rsaeks.com/tech/tracking-app-versions-in-munkireport-php

MunkiReport apps to track

Step 14. Login and check your App Versions report

MunkiReport app versions

Step 15. Explore Munki Report

MunkiReport-Dashboard

MacDevOps:YVR

Posted on February 23, 2015 by macvfx

Date: June 19, 2015

http://www.macdevops.ca/

A new kind of conference for Mac IT professionals looking to get into DevOps. You’ll hear some about new automation tools, and get a chance to try new things in the computer lab. Join us! Registration limited to 75.

The cost is $99. Food is included on the day of the conference including a light breakfast and lunch. Register here.

Call for Submissions!

MacDevOpsYVR is seeking presenters from across the Pacific Northwest and beyond to participate in this one-day conference for all things Mac!

If you have an idea for a specific talk, workshop or panel related to deploying Macs in enterprise, corporate or educational environments, we want to hear from you.

> SUBMIT A PROPOSAL <

Deadline for Submissions: March 31, 2015.

Share your experience and join your peers at this one day, all day conference in beautiful Vancouver, BC.

Topics of Interest:

Puppet, Chef and other automation from Desktop to Cloud and back
Software deployment with Munki and AutoPkg: the app ecosystem surrounding it
Cool tools: demo of awesome Mac Admin projects from GitHub
DevOps: How to adopt Automation and Best practices in IT operations
Dev skills: workshops on Ruby, Git, Python, Javascript for Mac Admins
MDM: Profiles and Mac configuration management in the cloud

Troubleshooting AutoPkgr

Posted on January 21, 2015 by macvfx

While awaiting my awesome Part.2 of how to set up Munki we will look at quick fix I made recently to troubleshoot AutoPkgr issues I was having.

I have AutoPkgr set up with several sites as a quick and easy way to get updates of free and licensed software into Munki. Strangely, I ran into an error on my test box, and not on my deployments with clients. So it was something I had done, but what did I do?

AutoPkgr python error

At first I thought that one of the recent updates to AutoPkgr had broken the application. But since it was running correctly elsewhere I had to quickly rule that out. Running the recipes, which looks for new updates of certain applications, kept giving me a python error. How do you troubleshoot this? Re-install Python? De-compile AutoPkgr? Rant on the MacEnterprise maillist? No, that won’t help. 🙂

AutoPkgr is a very nice GUI front end to the excellent AutoPkg project. AutoPkgr installs Git and AutoPkg which are needed. AutoPkgr makes much of the set up much quicker and faster. It’s a great tool. Thanks to the Linde group.

AutoPkgr update dialog

The best way to troubleshoot this issue with AutoPkgr is to see if it is an issue with AutoPkgr. Let’s see if AutoPkg runs at all, and with the same errors. Now there’s an idea. So how do we run AutoPkg? Terminal. Open Terminal.app, and run AutoPkg directly. I always start with a basic “where is the app binary I want?” and then run the app with no options to see if there’s a help menu with an explanation of the switches.

AutoPkg in Terminal

Looking at what Terminal says we now know that AutoPkg is installed in the path /usr/local/bin which is a very accepted place for non-standard (extra, or optional) binaries to live. We also know that “autopkg run all” is not the correct command to run, but it was enough to elicit a better error message. In fact, the problem seems to be a “plist error” with the TextWrangler override recipe. What’s that you might be asking? AutoPkg allows the use of “overrides” which adjust a recipe. In my use of AutoPkg I set an override to add information to a recipe, specifically developer and category information so that Munki’s Managed Software Update app correctly displays the information and the user has a more logically sorted software self-serve portal. In any case, we know from this error that something is wrong with the override. I can run xmllint and clean it, I can open and find the error, or I can just delete this override and re-run AutoPkg to see if we can get somewhere.

AutoPkg transmit

In this example I run AutoPkg with the Transmit recipe and all runs well. Everything is good now. So what’s the lesson here? Be careful with your plist files. When you make your override, and add useful keys, double-check your work to avoid a broken AutoPkg.

Using Munki and AutoPkg to automate Mac software deployment (Part 1)

Posted on November 3, 2014 by macvfx

Recently Munki v2.01 was released and now more than ever with the help of other apps it is easier to automate software deployment. With help with AutoPkg (and AutoPkgr) you can quickly set up a Munki server to deliver software to all your Macs. In the time it takes to download one new app and update each of your client workstations you could instead put it in your Munki repo and have it ready to deploy to everyone.

Munki allows you to automate software deployment. When you have more than one or two Macs to ensure that they are up to date with security, Flash, Java or other app updates you being to realize that an automated system can save you time and maybe even your sanity. You don’t backup manually, of course, you automate it. When it’s important and you want it done right, then some planning ahead of time and automation will make your life much easier.

If you have not yet set up a Munki server then follow along as I walk you through setting Munki 2.01 with AutoPkgr 1.1 in part 1 of this blog post of Munki and AutoPkg. In part 2 I will go into further detail of how to use MunkiAdmin (Mac app) and Mandrill (a node.js web server) to edit and maintain your Munki set up. Pros and cons of each method will be touched upon. Using the command line in the past was required but I will show you how some really good apps and web services can help you maintain your automated software deployment workflow.

Note: Munki requires only a web server to deploy software, while traditionally the munki tools ran on a Mac. You can put your software repo on any web server. I will show you the set up on a Mac for the purposes of this blog post.

Steps to a basic Munki server set up on a Mac running 10.8, 10.9, or 10.10:

1. Install latest Munki tools (v.2.01 at the time I write this), restart

muni tools 2.01 pkg

2. Install AutoPKGr (v.1.1 at the time I write this)

Install AutoPkg, and Git using AutoPkgr.

Install autopkg and git using autopkgr

3. Set your Munki repo to some folder (for example, /Users/Shared/munki_repo)

Munki repo

4. Set up web services on OS X by manually editing httpd.conf document root to your Munki repo or with Server.app, setting your munki_repo as where you store your site files.

Server.app Website document root munki repo

6. Add recipes to AutoPKGr and choose apps. Set a schedule for AutoPkgr.

Configure AutoPkgr

7. Check for apps manually the first time, and let AutoPKG download them to your repo

Configure AutoPkgr schedule

8. Check your repo for a manifests folder, and if it is not there, create it

Munki repo manifests

9. Download icon importer, move to /usr/local/munki folder, run against your repo

curl -O https://munki.googlecode.com/git-history/Munki2/code/client/iconimporter

mv iconimporter /usr/local/munki/iconimporter.py

sudo chmod +x /usr/local/munki/iconimporter.py

cd /usr/local/munki ; sudo ./iconimporter.py /Users/Shared/munki_repo/

iconimporter munki repo

Next, go to the icons folder in your repo, pick a fav icon and rename if necessary (some have more than one icon with name with “_1, _2, etc”).

10. Open MunkiAdmin and add packages to catalogs as needed, edit package info (add developer and category info, descriptions etc as needed), then create a client manifest.

11. Choose apps to install for clients (choose from installs, optional installs, uninstalls)

12. Set client id and repoURL on actual clients.

sudo defaults write /Library/Preferences/ManagedInstalls ClientIdentifier “test-client”

sudo defaults write /Library/Preferences/ManagedInstalls SoftwareRepoURL “http://ip.addr.ess”

Done. Your munki server is set up and ready for clients to connect. Next up, in part 2, we will look at Munki’s client facing app, the Managed Software Center. We will also look at how to use Munki Admin (Mac app) and Mandrill (a node.js web server) to edit and maintain your Munki set up. Pros and cons of each method will be touched upon. Using the command line with Munki was required in the past but the Munki ecosystem has grown and there are some really good apps and web services can help you maintain your automated software deployment workflow.

	Aaron on How To Securely Sync Your Syno…
	macvfx on How To Securely Sync Your Syno…
	Emery Duncan on Xsan Upgrade and Big Sur Prep.…
	Aaron on How To Securely Sync Your Syno…
	ian on Do you want to build a Thunder…

DAM SAN

Digital Asset Management, Storage and backup solutions

Tag Archives: DevOps