The idea was to use MunkiAdmin‘s script features to automatically rsync changes from a management machine to a machine hosting the repo for clients access. My testng case was syncing from a macOS machine to Ubuntu 16.04. This utilizes rsync with psk’s, great documentation specifically on check out Digital Ocean‘s article.
The Script
The main bread and butter is a simple rsync script:
/usr/local/bin/rsync -vrlt -e "ssh -i /Users/$macUSER/.ssh/id_rsa.pub" --chmod=$symbolic --chown=&nixUSER:$nixGROUP /macOS/munki_repo/* $nixUSER@$nixHOST:/nix/munki_repo/
So to break it down…
-vrlt
- v
- verbose
- r
- recursive
- l
- symlinks (optional? probably not needed in a munki_repo specifically)
- t
- preserve times
-e
- specify the remote shell
- ssh
- -i
- identity file
- /Users/$macUSER/.ssh/id_rsa.pub
- The key you would like to use (that also exists under authorized keys on the receiving server”
--chmod=$symbolic
- specify the modification privileges via symbolic
- 4744=go+r,u+rwxs
- I just cheated, here.
--chown=&nixUSER:$nixGROUP
- change the ownership
- user:group
/macOS/munki_repo/*
- local repo
$nixUSER@$nixHOST:/nix/munki_repo/
- destination admin@host
- :path/to/repo_destination
Tip: That should do it, you can always use -n or –dry-run to check this sync without actually syncing any data.
- -n, –dry-run “perform a trial run with no changes made”
MunkiAdmin Integration
I added the command as well as some logging items to a bash script, and saved it as repository-postsave.
MunkiAdmin full documentation on custom scripts is available here, though its pretty cut and dry:
- scripts should be saved in
<repository>/MunkiAdmin/scripts/or~/Library/Application Support/MunkiAdmin/scripts/. - The presave scripts can abort the save by exiting with anything other than
- All of the scripts are called with the working directory set to the current repository root.
Further more according to MunkiAdmin documentation, MunkiAdmin looks for executable files (with any extension) with the following names:
- pkginfo-presave
- pkginfo-postsave
- manifest-presave
- manifest-postsave
- repository-presave
- repository-postsave
I chose repository-postsave because a sync would be the last thing we would want to do. I moved my script to <repository>/MunkiAdmin/scripts/, reloaded MunkiAdmin, and then added a pkg to test.
Quick Test
I figured why not test it with a worst possible case..? How about a 10.11.6 upgrade pkg, 6.24 GB? Yeehaw.
So I imported via munkiimport, and then reloaded MunkiAdmin. As the script is tied to “Save” in munki admin, no sync occurs until then…
I hit “Save” and everything died:
But not really, I had a hunch that it was just working hard, and MunkiAdmin was waiting until the script exited, and those suspicions were confirmed:
Once the transfer processes completed, MunkiAdmin was back to normal.
Much success! As a note smaller more regular pkg/infos and catalog files really quickly* (your milage may vary depending on your speeds).
Caveats
rsync 3.1, Your keen eye may have picked up on /usr/local/bin/rsync vs /usr/bin/rsync, as one may expect on macOS. Unfortunately macOS ships with rsync v2.6.9, which does not support the –chown functionality, so I had to brew err pursue other avenues for rsync to completely work in this capacity…
Implications
No manual rsync of your repo anymore! Well… actually its still manual on “Save” but its automatic!
If you use MunkiAdmin this scripting has a lot of potential for different automation tasks, git integrations or whatever you may do to your repos after “saving,” to pkgs or whatever your use case may call for- I really like this integration and I just thought I’d share this bit I found useful.
