In this tutorial I will cover how to setup an Munki environment with client SSL authentication. Hosting the munki data and web server in docker and using a osx machine for populating data using Autopkgr. Most guides out there use Chef or Puppet to push client configuration but I wanted to focus on docker and have the possibility to move between solutions depending on situation and current infrastructure.
In this lab I’m using self-signed certificates but when you plan for a production solution you should go with certificates from an Provider.
During the signing proccess you need to fill in County Code, State, City, Organization, Common Name, Department and e-mail just remember the password as it will be used in the convert process.
Create a lab catalog and clone docker-munki-ssl repo.
Create a Certificate Authority root
Create the Client Key and CSR
Self-sign Client crt
Convert Client Key and crt to PEM
Create the Server Key and CRT
Build the munki container
Create a Data Container:
Start the munki-ssl container
What about data in your repo?
It’s high time to fill your repo with data, in my lab I used smb share to share the munki-data container then I used Autopkgr and MunkiAdmin to fill it.
It will not be covered in this guide but google will help your out.
Munki Client setup
Transfer client-munki.crt.pem and client-munki.key.pem to your client.
The ssh to your client machine and continue the setup.