graham gilbert

Mac administration and assorted nerdity

Mac Admin & Developer Conference UK

| Comments

I’m very happy to announce that I will be speaking at the first Mac Admin & Developer Conference UK, held in our very own London on Feburary 9th and 10th, 2016. In addition to some fantastic speakers (I have no idea how they let me in), it’s being sponsored by London Apple Admins (who will be meeting next in early September – we are looking for people who would like to give a short 15-20 minute presentation – get in touch if you’re interested).

Running Puppet Server in Docker Part 3: Hiera

| Comments

In the previous two parts, we went over how to get a basic Puppet Server up and running in Docker and how to deploy your modules using r10k. This time we’ll assign some configuration to our nodes using Hiera.

For a full explanation of what Hiera is, see the Puppetlabs documentation, but essentially, you are using a series of directories and files that are named in a particular way, and then specifying which is the most speccific to your node.

Using the Sal API

| Comments

As previously mentioned, Sal now has an API. You might be wondering what you can do with this wonderous API. This is a simple example of using it to automate building packages to enrol Macs into Sal.

The basic workflow of this script is:

  • Use the API to get a list of all Machine Groups in Sal – this will return JSON (a markup language that is easily parsable with languages like Python)
  • Download the Sal postflight scripts
  • Download the latest Facter installer
  • For each machine group, build a package that will install all of the packages and then set the correct Sal preferences.

You can find the script in this Gist. I’m not going to go through the script line by line, but we’ll cover how to configure it.

First off you will need an API key configuring. Log into Sal as a user with Global Admin privelages and choose the ‘person’ menu at the top right and then choose Settings. From the sidebar, choose API keys and then choose to make a new one. Give it a name so you can recognise it – I called this one “PKG Generator”. You will then be given a public key and a private key. Make a note of them, we’ll need them in the next section.

Configuring the script

Edit the variables at the top to match your environment:

# No trailing slash on this one - I was lazy and didn't check for it
SAL_URL = ""
PUBLIC_KEY = "yourpublickeyhere"
PRIVATE_KEY = "yourreallyreallyreallylongprivatekeyhere"
PKG_IDENTIFIER = "com.yourcompany.sal_enrol"
SAL_PKG = ""

There are some caveats with this script:

  • It will spit the packages out in your current directory. Make sure you’ve cd-ed into where you want the packages to be generated.
  • It uses urllib2 to request the information from Sal and to download the packages – this means that there is no verification of the SSL certificates, so make sure you know where you’re connecting to.

All ready to run it?

$ sudo python

And you’ll get a directory full of packages that will get your fleet reporting into Sal.

Munki DND

| Comments

I’ve been wanting to get stuck in with a simple Swift project for a while, but couldn’t think of anything suitable for a first project (Imagr was originally going to be that project, but I don’t think it would ever have been made if I chose Swift), until I saw Dr Graham R Pugh’s Do Not Disturb application. I thought it was an excellent idea that could be made even better by being a manu bar app.

Enter Munki DND – it extends Graham’s idea by allowing the administrator to configure the number of hours the user is allowed to suppress notifications for, as well as living in the menu bar so the user can check how long they’ve got until notifications become active again.

You can grab version 0.0.1 of Munki DND from the Releases page on GitHub.

The Future of Sal

| Comments

As some of you may know, yesterday was my last day at Since I announced I was leaving, I’ve been getting asked this pretty regularly, so I thought I’d answer it here.

My new job uses Munki extensively, and I expect to be using Sal there. As such, development of Sal will continue. I no longer have commit access to the Sal Software organisation, so I’ve forked the project and have set up Sal Open Source as an organisation on GitHub – hopefully this will be the last time anything needs to change. I’ll be moving the preference domain in version 0.4.0 of the client side scripts to com.github.salopensource.sal – once again, this should be the last time things need to change.

So, what else can you expect from Sal in the near future? The next release will have a GUI for managing your plugins, and I’ve started work on a basic API, which should make it easier for people to extend Sal in any language you like. For example, I’ve been working on a way to sign Puppet certificates based on whether it’s a known machine in Sal, with the machine being created via the API if it doesn’t already exist at imaging time (using Imagr, naturally).

It’s exciting times for users of all the projects I’m working on – in addition to these changes, I have some changes planned for Crypt, and of course Imagr is still on the development rollercoaster.