Last active
August 29, 2015 14:23
-
-
Save grahampugh/088cd7d426df712b3531 to your computer and use it in GitHub Desktop.
Variant of munki-enroll's enrol.php script to allow leveraging of DeployStudio's Computer Information Fields to influence Munki Included Manifests
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
require_once( 'cfpropertylist-1.1.2/CFPropertyList.php' ); | |
// Default catalog | |
$catalog = 'standard'; | |
// Get the varibles passed by the enroll script | |
$identifier1 = $_POST["identifier1"]; | |
$identifier2 = $_POST["identifier2"]; | |
$identifier3 = $_POST["identifier3"]; | |
$identifier4 = $_POST["identifier4"]; | |
$hostname = $_POST["hostname"]; | |
// Ensure we aren't nesting a manifest within itself | |
// Note that this will create a default manifest - it will not honour any options from DS | |
if ( $identifier1 == "client-" . $hostname ) | |
{ | |
$identifier1 = "_cg_ru"; $identifier2 = ""; | |
} | |
// Check if manifest already exists for this machine | |
echo "\n\tMUNKI-ENROLLER. Checking for existing manifests.\n\n"; | |
if ( file_exists( '../manifests/client-' . $hostname ) ) | |
{ | |
echo "\tComputer manifest client-" . $hostname . " already exists.\n"; | |
echo "\tThis will be replaced.\n\n"; | |
} | |
else | |
{ | |
echo "\tComputer manifest does not exist. Will create.\n\n"; | |
} | |
$plist = new CFPropertyList(); | |
$plist->add( $dict = new CFDictionary() ); | |
// Add manifest to production catalog by default | |
$dict->add( 'catalogs', $array = new CFArray() ); | |
$array->add( new CFString( $catalog ) ); | |
// Add parent manifest to included_manifests to achieve waterfall effect | |
$dict->add( 'included_manifests', $array = new CFArray() ); | |
if ( $identifier1 != "" ) | |
{ | |
$array->add( new CFString( $identifier1 ) ); | |
} | |
if ( $identifier2 != "" ) | |
{ | |
$array->add( new CFString( $identifier2 ) ); | |
} | |
if ( $identifier3 != "" ) | |
{ | |
$array->add( new CFString( $identifier3 ) ); | |
} | |
if ( $identifier4 != "" ) | |
{ | |
$array->add( new CFString( $identifier4 ) ); | |
} | |
// Save the newly created plist | |
$plist->saveXML( '../manifests/client-' . $hostname ); | |
chmod( '../manifests/client-' . $hostname, 0775 ); | |
echo "\tNew manifest created: client-" . $hostname . "\n"; | |
echo "\tIncluded Manifest(s): " . $identifier1 . " " . $identifier2 . " " . $identifier3 . " " . $identifier4 . "\n"; | |
?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# The Munki Repo URL | |
MUNKI_REPO_URL="http://your.munki.server" | |
COMPFIELD1=`defaults read /Library/Preferences/com.apple.RemoteDesktop Text1` | |
COMPFIELD2=`defaults read /Library/Preferences/com.apple.RemoteDesktop Text2` | |
COMPFIELD3=`defaults read /Library/Preferences/com.apple.RemoteDesktop Text3` | |
#COMPFIELD1: Zone splits | |
if [ "$COMPFIELD1" = "ZA" ]; then | |
IDENTIFIER1="_cg_za" | |
elif [ "$COMPFIELD1" = "ZB" ]; then | |
IDENTIFIER1="_cg_zb" | |
elif [ "$COMPFIELD1" = "ZC" ]; then | |
IDENTIFIER1="_cg_zc" | |
elif [ "$COMPFIELD1" = "ZD" ]; then | |
IDENTIFIER1="_cg_zd" | |
elif [ "$COMPFIELD1" = "ZE" ]; then | |
IDENTIFIER1="_cg_ze" | |
elif [ "$COMPFIELD1" = "ZF" ]; then | |
IDENTIFIER1="_cg_zf" | |
elif [ "$COMPFIELD1" = "ES" ]; then | |
IDENTIFIER1="_cg_zd_oa_earthsci" | |
else | |
IDENTIFIER1="_cg_ru" | |
fi | |
#COMPFIELD2: AD stuff | |
if [ "$COMPFIELD2" = "AD" ]; then | |
if [ "$IDENTIFIER1" == "_cg_ru" ]; then | |
IDENTIFIER1="_cg_ru_ad" | |
else | |
IDENTIFIER2="_cg_ru_ad" | |
fi | |
elif [ "$COMPFIELD2" = "ADL" ]; then | |
if [ "$IDENTIFIER1" == "_cg_ru" ]; then | |
IDENTIFIER1="_cg_ru_eduroam" | |
else | |
IDENTIFIER2="_cg_ru_eduroam" | |
fi | |
elif [ "$COMPFIELD2" = "AO" ]; then | |
if [ "$IDENTIFIER1" == "_cg_ru" ]; then | |
IDENTIFIER1="_cg_all_optional" | |
else | |
IDENTIFIER2="_cg_all_optional" | |
fi | |
else | |
if [ "$IDENTIFIER1" != "_cg_ru" ]; then | |
IDENTIFIER2="_cg_ru" | |
else | |
IDENTIFIER2="" | |
fi | |
fi | |
#COMPFIELD3: FileVault | |
if [ "$COMPFIELD3" = "FV" ]; then | |
IDENTIFIER3="_cg_encrypt" | |
else | |
IDENTIFIER3="" | |
fi | |
# Output for the benefit of the DeployStudio log | |
echo "Compfield1: $COMPFIELD1" | |
echo "Compfield2: $COMPFIELD2" | |
echo "Compfield3: $COMPFIELD3" | |
echo "Identifer1 is $IDENTIFIER1" | |
echo "Identifer2 is $IDENTIFIER2" | |
echo "Identifer3 is $IDENTIFIER3" | |
# This setting determines whether Munki should handle Apple Software Updates | |
# Set to false if you want Munki to only deal with third party software | |
defaults write /Library/Preferences/ManagedInstalls InstallAppleSoftwareUpdates -bool True | |
# The existence of this file prods Munki to check for and install updates upon startup | |
# If you'd rather your clients waited for an hour or so, comment this out | |
touch /Users/Shared/.com.googlecode.munki.checkandinstallatstartup | |
# Figures out the computer's local host name - don't use ComputerName as this may contain bad characters | |
LOCALHOSTNAME=$( scutil --get LocalHostName ); | |
# Checks whether it is a valid IT tag - you can choose your own naming scheme | |
ITTAGCHECK=`echo $LOCALHOSTNAME | grep -iE '\<IT[0-9]{6}\>'` | |
if [ $? -ne 0 ]; then | |
# Sets the LocalHostName to the serial number if we don't have an IT tag name | |
SERIAL=`/usr/sbin/system_profiler SPHardwareDataType | /usr/bin/awk '/Serial\ Number\ \(system\)/ {print $NF}'` | |
scutil --set LocalHostName "$SERIAL" | |
LOCALHOSTNAME="$SERIAL" | |
fi | |
# set the ClientIdentifier to "client-LOCALHOSTNAME | |
defaults write /Library/Preferences/ManagedInstalls ClientIdentifier "client-$LOCALHOSTNAME" | |
# Sets the URL to the Munki Repository | |
defaults write /Library/Preferences/ManagedInstalls SoftwareRepoURL "$MUNKI_REPO_URL" | |
# Leave this unless you have put your munki-enroll script somewhere unusual | |
SUBMITURL="$MUNKI_REPO_URL/munki-enroll/enroll.php" | |
# Application paths | |
CURL="/usr/bin/curl" | |
$CURL --max-time 5 --data \ | |
"hostname=$LOCALHOSTNAME&identifier1=$IDENTIFIER1&identifier2=$IDENTIFIER2&identifier3=$IDENTIFIER3" \ | |
$SUBMITURL | |
exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment