Skip to content

Instantly share code, notes, and snippets.

@grahampugh

grahampugh/enroll.php

Last active Aug 29, 2015
Embed
What would you like to do?
Variant of munki-enroll's enrol.php script to allow leveraging of DeployStudio's Computer Information Fields to influence Munki Included Manifests
<?php
require_once( 'cfpropertylist-1.1.2/CFPropertyList.php' );
// Default catalog
$catalog = 'standard';
// Get the varibles passed by the enroll script
$identifier1 = $_POST["identifier1"];
$identifier2 = $_POST["identifier2"];
$identifier3 = $_POST["identifier3"];
$identifier4 = $_POST["identifier4"];
$hostname = $_POST["hostname"];
// Ensure we aren't nesting a manifest within itself
// Note that this will create a default manifest - it will not honour any options from DS
if ( $identifier1 == "client-" . $hostname )
{
$identifier1 = "_cg_ru"; $identifier2 = "";
}
// Check if manifest already exists for this machine
echo "\n\tMUNKI-ENROLLER. Checking for existing manifests.\n\n";
if ( file_exists( '../manifests/client-' . $hostname ) )
{
echo "\tComputer manifest client-" . $hostname . " already exists.\n";
echo "\tThis will be replaced.\n\n";
}
else
{
echo "\tComputer manifest does not exist. Will create.\n\n";
}
$plist = new CFPropertyList();
$plist->add( $dict = new CFDictionary() );
// Add manifest to production catalog by default
$dict->add( 'catalogs', $array = new CFArray() );
$array->add( new CFString( $catalog ) );
// Add parent manifest to included_manifests to achieve waterfall effect
$dict->add( 'included_manifests', $array = new CFArray() );
if ( $identifier1 != "" )
{
$array->add( new CFString( $identifier1 ) );
}
if ( $identifier2 != "" )
{
$array->add( new CFString( $identifier2 ) );
}
if ( $identifier3 != "" )
{
$array->add( new CFString( $identifier3 ) );
}
if ( $identifier4 != "" )
{
$array->add( new CFString( $identifier4 ) );
}
// Save the newly created plist
$plist->saveXML( '../manifests/client-' . $hostname );
chmod( '../manifests/client-' . $hostname, 0775 );
echo "\tNew manifest created: client-" . $hostname . "\n";
echo "\tIncluded Manifest(s): " . $identifier1 . " " . $identifier2 . " " . $identifier3 . " " . $identifier4 . "\n";
?>
#!/bin/bash
# The Munki Repo URL
MUNKI_REPO_URL="http://your.munki.server"
COMPFIELD1=`defaults read /Library/Preferences/com.apple.RemoteDesktop Text1`
COMPFIELD2=`defaults read /Library/Preferences/com.apple.RemoteDesktop Text2`
COMPFIELD3=`defaults read /Library/Preferences/com.apple.RemoteDesktop Text3`
#COMPFIELD1: Zone splits
if [ "$COMPFIELD1" = "ZA" ]; then
IDENTIFIER1="_cg_za"
elif [ "$COMPFIELD1" = "ZB" ]; then
IDENTIFIER1="_cg_zb"
elif [ "$COMPFIELD1" = "ZC" ]; then
IDENTIFIER1="_cg_zc"
elif [ "$COMPFIELD1" = "ZD" ]; then
IDENTIFIER1="_cg_zd"
elif [ "$COMPFIELD1" = "ZE" ]; then
IDENTIFIER1="_cg_ze"
elif [ "$COMPFIELD1" = "ZF" ]; then
IDENTIFIER1="_cg_zf"
elif [ "$COMPFIELD1" = "ES" ]; then
IDENTIFIER1="_cg_zd_oa_earthsci"
else
IDENTIFIER1="_cg_ru"
fi
#COMPFIELD2: AD stuff
if [ "$COMPFIELD2" = "AD" ]; then
if [ "$IDENTIFIER1" == "_cg_ru" ]; then
IDENTIFIER1="_cg_ru_ad"
else
IDENTIFIER2="_cg_ru_ad"
fi
elif [ "$COMPFIELD2" = "ADL" ]; then
if [ "$IDENTIFIER1" == "_cg_ru" ]; then
IDENTIFIER1="_cg_ru_eduroam"
else
IDENTIFIER2="_cg_ru_eduroam"
fi
elif [ "$COMPFIELD2" = "AO" ]; then
if [ "$IDENTIFIER1" == "_cg_ru" ]; then
IDENTIFIER1="_cg_all_optional"
else
IDENTIFIER2="_cg_all_optional"
fi
else
if [ "$IDENTIFIER1" != "_cg_ru" ]; then
IDENTIFIER2="_cg_ru"
else
IDENTIFIER2=""
fi
fi
#COMPFIELD3: FileVault
if [ "$COMPFIELD3" = "FV" ]; then
IDENTIFIER3="_cg_encrypt"
else
IDENTIFIER3=""
fi
# Output for the benefit of the DeployStudio log
echo "Compfield1: $COMPFIELD1"
echo "Compfield2: $COMPFIELD2"
echo "Compfield3: $COMPFIELD3"
echo "Identifer1 is $IDENTIFIER1"
echo "Identifer2 is $IDENTIFIER2"
echo "Identifer3 is $IDENTIFIER3"
# This setting determines whether Munki should handle Apple Software Updates
# Set to false if you want Munki to only deal with third party software
defaults write /Library/Preferences/ManagedInstalls InstallAppleSoftwareUpdates -bool True
# The existence of this file prods Munki to check for and install updates upon startup
# If you'd rather your clients waited for an hour or so, comment this out
touch /Users/Shared/.com.googlecode.munki.checkandinstallatstartup
# Figures out the computer's local host name - don't use ComputerName as this may contain bad characters
LOCALHOSTNAME=$( scutil --get LocalHostName );
# Checks whether it is a valid IT tag - you can choose your own naming scheme
ITTAGCHECK=`echo $LOCALHOSTNAME | grep -iE '\<IT[0-9]{6}\>'`
if [ $? -ne 0 ]; then
# Sets the LocalHostName to the serial number if we don't have an IT tag name
SERIAL=`/usr/sbin/system_profiler SPHardwareDataType | /usr/bin/awk '/Serial\ Number\ \(system\)/ {print $NF}'`
scutil --set LocalHostName "$SERIAL"
LOCALHOSTNAME="$SERIAL"
fi
# set the ClientIdentifier to "client-LOCALHOSTNAME
defaults write /Library/Preferences/ManagedInstalls ClientIdentifier "client-$LOCALHOSTNAME"
# Sets the URL to the Munki Repository
defaults write /Library/Preferences/ManagedInstalls SoftwareRepoURL "$MUNKI_REPO_URL"
# Leave this unless you have put your munki-enroll script somewhere unusual
SUBMITURL="$MUNKI_REPO_URL/munki-enroll/enroll.php"
# Application paths
CURL="/usr/bin/curl"
$CURL --max-time 5 --data \
"hostname=$LOCALHOSTNAME&identifier1=$IDENTIFIER1&identifier2=$IDENTIFIER2&identifier3=$IDENTIFIER3" \
$SUBMITURL
exit 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment