Variant of munki-enroll's enrol.php script to allow leveraging of DeployStudio's Computer Information Fields to influence Munki Included Manifests

enroll.php

<?php

require_once( 'cfpropertylist-1.1.2/CFPropertyList.php' );

// Default catalog
$catalog = 'standard';

// Get the varibles passed by the enroll script
$identifier1 = $_POST["identifier1"];
$identifier2 = $_POST["identifier2"];
$identifier3 = $_POST["identifier3"];
$identifier4 = $_POST["identifier4"];

$hostname   = $_POST["hostname"];

// Ensure we aren't nesting a manifest within itself
// Note that this will create a default manifest - it will not honour any options from DS
if ( $identifier1 == "client-" . $hostname )
	{
		$identifier1 = "_cg_ru"; $identifier2 = "";
	}

// Check if manifest already exists for this machine
echo "\n\tMUNKI-ENROLLER. Checking for existing manifests.\n\n";

if ( file_exists( '../manifests/client-' . $hostname ) )
    {
        echo "\tComputer manifest client-" . $hostname . " already exists.\n";
        echo "\tThis will be replaced.\n\n";
    }
else
    {
        echo "\tComputer manifest does not exist. Will create.\n\n";
    }
	$plist = new CFPropertyList();
	$plist->add( $dict = new CFDictionary() );
        
    // Add manifest to production catalog by default
    $dict->add( 'catalogs', $array = new CFArray() );
    $array->add( new CFString( $catalog ) );
        
    // Add parent manifest to included_manifests to achieve waterfall effect
    $dict->add( 'included_manifests', $array = new CFArray() );
    if ( $identifier1 != "" )
        {
            $array->add( new CFString( $identifier1 ) );
        }
    if ( $identifier2 != "" )
        {
            $array->add( new CFString( $identifier2 ) );
        }
    if ( $identifier3 != "" )
        {
            $array->add( new CFString( $identifier3 ) );
        }
    if ( $identifier4 != "" )
        {
            $array->add( new CFString( $identifier4 ) );
        }


    // Save the newly created plist
    $plist->saveXML( '../manifests/client-' . $hostname );
    chmod( '../manifests/client-' . $hostname, 0775 );
    echo "\tNew manifest created: client-" . $hostname . "\n";
    echo "\tIncluded Manifest(s): " . $identifier1 . " " . $identifier2 . " " . $identifier3 . " " . $identifier4 . "\n";
        
?>

munki-enroll.sh

#!/bin/bash 

# The Munki Repo URL
MUNKI_REPO_URL="http://your.munki.server"

COMPFIELD1=`defaults read /Library/Preferences/com.apple.RemoteDesktop Text1`
COMPFIELD2=`defaults read /Library/Preferences/com.apple.RemoteDesktop Text2`
COMPFIELD3=`defaults read /Library/Preferences/com.apple.RemoteDesktop Text3`

#COMPFIELD1: Zone splits
if [ "$COMPFIELD1" = "ZA" ]; then
	IDENTIFIER1="_cg_za"
elif [ "$COMPFIELD1" = "ZB" ]; then
	IDENTIFIER1="_cg_zb"
elif [ "$COMPFIELD1" = "ZC" ]; then
	IDENTIFIER1="_cg_zc"
elif [ "$COMPFIELD1" = "ZD" ]; then
	IDENTIFIER1="_cg_zd"
elif [ "$COMPFIELD1" = "ZE" ]; then
	IDENTIFIER1="_cg_ze"
elif [ "$COMPFIELD1" = "ZF" ]; then
	IDENTIFIER1="_cg_zf"
elif [ "$COMPFIELD1" = "ES" ]; then
	IDENTIFIER1="_cg_zd_oa_earthsci"
else
	IDENTIFIER1="_cg_ru"
fi

#COMPFIELD2: AD stuff
if [ "$COMPFIELD2" = "AD" ]; then
	if [ "$IDENTIFIER1" == "_cg_ru" ]; then
		IDENTIFIER1="_cg_ru_ad"
	else
		IDENTIFIER2="_cg_ru_ad"
	fi
elif  [ "$COMPFIELD2" = "ADL" ]; then
	if [ "$IDENTIFIER1" == "_cg_ru" ]; then
		IDENTIFIER1="_cg_ru_eduroam"
	else
		IDENTIFIER2="_cg_ru_eduroam"
	fi
elif  [ "$COMPFIELD2" = "AO" ]; then
	if [ "$IDENTIFIER1" == "_cg_ru" ]; then
		IDENTIFIER1="_cg_all_optional"
	else
		IDENTIFIER2="_cg_all_optional"
	fi
else
	if [ "$IDENTIFIER1" != "_cg_ru" ]; then
		IDENTIFIER2="_cg_ru"
	else
		IDENTIFIER2=""
	
	fi
fi

#COMPFIELD3: FileVault
if [ "$COMPFIELD3" = "FV" ]; then
	IDENTIFIER3="_cg_encrypt"
else
	IDENTIFIER3=""
fi

# Output for the benefit of the DeployStudio log
echo "Compfield1: $COMPFIELD1"
echo "Compfield2: $COMPFIELD2"
echo "Compfield3: $COMPFIELD3"
echo "Identifer1 is $IDENTIFIER1"
echo "Identifer2 is $IDENTIFIER2"
echo "Identifer3 is $IDENTIFIER3"

# This setting determines whether Munki should handle Apple Software Updates
# Set to false if you want Munki to only deal with third party software
defaults write /Library/Preferences/ManagedInstalls InstallAppleSoftwareUpdates -bool True

# The existence of this file prods Munki to check for and install updates upon startup
# If you'd rather your clients waited for an hour or so, comment this out
touch /Users/Shared/.com.googlecode.munki.checkandinstallatstartup

# Figures out the computer's local host name - don't use ComputerName as this may contain bad characters
LOCALHOSTNAME=$( scutil --get LocalHostName );

# Checks whether it is a valid IT tag - you can choose your own naming scheme
ITTAGCHECK=`echo $LOCALHOSTNAME | grep -iE '\<IT[0-9]{6}\>'`
if [ $? -ne 0 ]; then
	# Sets the LocalHostName to the serial number if we don't have an IT tag name
	SERIAL=`/usr/sbin/system_profiler SPHardwareDataType | /usr/bin/awk '/Serial\ Number\ \(system\)/ {print $NF}'`
	scutil --set LocalHostName "$SERIAL"
	LOCALHOSTNAME="$SERIAL"
fi

# set the ClientIdentifier to "client-LOCALHOSTNAME
defaults write /Library/Preferences/ManagedInstalls ClientIdentifier "client-$LOCALHOSTNAME"

# Sets the URL to the Munki Repository
defaults write /Library/Preferences/ManagedInstalls SoftwareRepoURL "$MUNKI_REPO_URL"

# Leave this unless you have put your munki-enroll script somewhere unusual
SUBMITURL="$MUNKI_REPO_URL/munki-enroll/enroll.php"

# Application paths
CURL="/usr/bin/curl"

$CURL --max-time 5 --data \
	"hostname=$LOCALHOSTNAME&identifier1=$IDENTIFIER1&identifier2=$IDENTIFIER2&identifier3=$IDENTIFIER3" \
    $SUBMITURL
 	 
exit 0