To manage 3rd party software, we have picked Munki.
There are 2 modules used to manage Munki in Zentral. The first one is called Munki. It provides the pre/postflight integration with the Munki agent. This is what enables the Munki logs and reports shipping, the collection of inventory data, and the script checks that we have already configured today.
In this section, we are going to concentrate on the other Zentral module: Monolith. Monolith adds a dynamic layer to a Munki repository.
Traditionally, the Munki repository have fixed catalogs (collection of available packages) and manifests (selection of catalogs and packages), that are generated when the Munki repository is updated. To add some flexibility, you can generate a manifest per machine. You can also use conditions. But with Zentral, we wanted to do more. We wanted to integrate our common scoping mechanism: The machine tags. We also wanted to offer sharding to do progressive rollouts of new software in big fleets. So let's have a look at Monolith.
Tip
Go to the Monolith > Manifests view in Zentral, and open the Default manifest.
Notice that we have one catalog, two enrollment packages, and one submanifest.
Open the Required agents submanifest. You should recognize the packages that were installed when you enrolled your test device or VM.
In the Monolith > Repositores section, have a look at the Zentral Cloud repository. This is the repository that we have configured for your test instances. It contains the packages that we are distributing today.
In the Monolith > PkgInfos section, you can see the different versions of the packages that Zentral found in the Munki repository.
This should all seem familiar. At Zentral we are not trying to hide the underlying technologies we use. We just want them to work the way people expect them to, and integrate them fully with the rest of the system.
So, let's go and distribute some extra packages to our macOS clients, and let's to that with … Terraform!
Let's distribute 1Password to our test devices. In the Monolith > PkgInfos view, you can see that the package is called … 1Password. First let's add a submanifest for the applications. We already have a submanifest for the agents, and it doesn't seem like a good fit for 1Password. So, let's create a monolith_apps_sub_manifest.tf file, and add the zentral_monolith_sub_manifest resource:
resource "zentral_monolith_sub_manifest" "apps" {
name = "Mandatory apps"
description = "The mandatory apps for our standard macOS client"
}We also need to add a zentral_monolith_sub_manifest_pkg_info resource to add the package to the submanifest:
resource "zentral_monolith_sub_manifest_pkg_info" "onepassword" {
sub_manifest_id = zentral_monolith_sub_manifest.apps.id
key = "managed_installs"
pkg_info_name = "1Password"
}Tip
Notice that we used onepassword as resource name. It is not possible for a resource name to start with a number.
So, we have a submanifest with the 1Password reference in it. We now need to include this submanifest in our manifest.
In the monolith_manifests.tf file, at the bottom, we will add another zentral_monolith_manifest_sub_manifest resource:
resource "zentral_monolith_manifest_sub_manifest" "default-apps" {
manifest_id = zentral_monolith_manifest.default.id
sub_manifest_id = zentral_monolith_sub_manifest.apps.id
}Tip
Notice that we used default-apps as resource name, and not simply apps. Resource names are unique per resource type. With this naming convention, we are making sure to avoid some collisions in the future when we include the same submanifest in another manifest.
This is it. Commit your changes, make a Pull Request, review the changes and merge the PR to deploy the new configuration in your instance!
Tip
On your test device or VM, open the Managed Software Center and in the Updates panel, click on the Check Again button.
You should see that 1Password will be installed.
You can clik on the Update button to install it.
(This manual steps are Not required. We only used this flow to speed things up!)
In the Zentral inventory, find your machine.
Click on the Events button, and filter by Munki install event type.
You should see the event generated by Zentral.
That's it for the Monolith module. Let's have a look at Osquery now.