Imagr is a great tool when you’re wanting to deploy machines quickly in your office. But sometimes you will want to deploy machines when you’re in a smaller remote site, or a site where security concerns mean you can’t have servers. Imagr is flexible enough to handle this, and with a little creativity, we can deploy at these sites as easily as we can at our offices with NetBoot. Setup The first thing you are going to want to do it get your Imagr repo onto your own machine. I would recommend having your repo in a central repository - git fat works well, so does putting everything on an S3 bucket and using the aws cli tools to sync it down. We use an S3 bucket, as we can ship read only credentials to the machines that are performing the imaging. This guide will assume you are using S3, but you can substitute that aspect for whichever method you wish to sync your files. ...

When 10.12.2 hit this week, it introduced an awesome new feature - the ability to enable SIP without having to be booted into a Recovery like environment (either Recovery HD or a NetInstall). Unfortunately it merely enables SIP on the next reboot. Fortunately, Munki is pretty good at telling users when they need to reboot, so I wrote the following pkgsinfo file that will check if SIP is enabled, and if it isn’t, will enable it and reboot (fortunately it’s quite a bit easier to do this that it is with other tools. I’ve targeted this update at 10.12.0, because, well, if they’re not updating, I’d like them to. And it’s called ‘Critical Security Update’ so they may actually install it. If you really want them to install it, you can set a force_install_after_date and set it to the past, which will give your users a hour to install it before their machine goes byebye. ...

It’s been a long time since I wrote about Sal here (nearly three years), so with the release of Sal 3.0, it’s time to take another look at it. What is Sal? Sal is a reporting tool for macOS clients that helps you visualise what your clients are up to. It is primarily a reporting tool for Munki, but it can also ingest data from Facter (whether you are using Puppet to manage your Macs or not). It has the concept of business units, so if you wish to separate your clients out (for example, if you wish to give access to some machines to a sub organisation’s IT etc) you are able to do so. That’s the 10000 feet overview, let’s take a look at some of it’s functionality in more detail. The dashboard The first thing you see when you log into Sal is the dashboard. This is where you can get access to a quick overview of your fleet. Each graph, chart, set of buttons is a plugin - this means that each one can be re-ordered and removed - you can even make your own if you need to (more on that another time). Most plugins are clickable - click on the relevant part to show a list of machines it is referring to - and if the plugin supports showing the list (and all of the built in ones do), you can export the list to CSV (since all managers love spreadsheets, right?). ...

Sal 3.0 is a massive upgrade on Sal 2.7, so massive thanks to everyone who has contributed code and bug reports. In particular, big thanks go out to @sheagcraig for his work on the completely rewritten application inventory features. What’s new in Sal 3.0? Inventory Sal’s application inventory tracking has been completely re-written (thanks again Shea), and is much more useful, allowing for greater detail on what is installed, and where across your fleet. ...

I’m delighted to announce that the lovely people at Amsys have asked me to return to speak at MacAD.UK 2017 for it’s second year. This year I will be talking about Airbnb’s transition from a commercial macOS management platform to an entirely open source stack - “Something something commercial, something something open source”. See you all in February!

If you attended my talk in Gothenburg today, thank you! The slides from my primary talk, “0 to Imagr-ing in 45 minutes” are [available here](/images/posts/2016-10-06/0 to Imagr-ing.pdf), and you can find the all of the code I used on GitHub. If for some reason you would like my slides on beer in London (or, VMware is slow at imaging a disk and I needed to fill time), you can [also get them here](/images/posts/2016-10-06/Beer in London.pdf).

Last time, took our first steps to notify our users about updates in a slight nicer way. This time we are going to modify our script so that our users are only bugged once a day, and also not promoted to install 10.11 if they’re already running it. Unfortunately for some, whilst this will be possible if we stuck to using bash, it would drive me insane, so we are switching to Python. Don’t be scared! Python makes a lot of sense once you get your head around it, and you’ll be a much happier mac admin once you leave the 1500 line bash scripts behind. ...

Last time, we took our first look at the fantastic Yo. This time, we’re going to o something useful - we’re going to open an item up in Managed Software Centre. Let’s build our command to show the notification. Note that InstallElCap is the name of the relevant item in Munki. You could for example, replace it with munki://detail-GoogleChrome. $ /Applications/Utilities/yo.app/Contents/MacOS/yo --title "Update Required" --info "Your operating system is out of date. Please upgrade ASAP." --action-btn "More Info" --action-path "munki://detail-InstallElCap" ...

Have you ever wished you could let your users know about something without completely taking over their screen with Munki or jamfhelper? Perhaps something that would respect macOS’ Do Not Disturb settings? Then Shea Craig’s Yo is what you need. The first thing you’re going to need is the Yo installer - you can grab that from https://github.com/sheagcraig/yo/releases. It will drop Yo.app into /Applications/Utilities - but don’t go thinking you can just double click on it. Well, you can but you won’t have much fun with it. Let’s send it a basic notification. Open up Terminal.app and run: ...

Thanks to Mat and everyone else who put so much effort into MacDevOps:YVR - it’s been awesome, and I can’t wait to come back next year. Here are my slides, and I’ll slim down the handout for use in the real world where you don’t have a room full of nerds hammering a single access point shortly and update this post.