Tech Talk Live Blog

Using Munki to Manage Mac Software Deployment

Tim McCleary

One of the challenges facing any tech department is keeping up with all of the software that needs to be installed and kept up-to-date on all of the computers that they manage. Some software, such as Adobe Flash Player and Oracle’s Java Runtime Environment are updated frequently to plug security holes. There have been several ways that this has been addressed over the years, but by now, most techs are using a software deployment system to push out software and updates. For the Mac platform, there are a number of options, including Absolute Manage, Casper, FileWave, and others, but all of these require a significant ongoing maintenance fee. However, there is a robust, well-supported, open source solution known as Munki.

Munki consists of two parts: a web-based software repository and a Mac client that checks this repository for updates, then downloads and installs them. It is a system that Google has adapted for their Mac fleet. It is written specifically for the Mac, so it is able to handle the various means of installing/updating software on the Mac. All that is required on the back-end is a simple web server. Munki is well supported by the online Mac community and is updated frequently when additional features are requested.

The Munki repository consists of four parts:

  1. “pkgs” directory with each installer wrapped inside a disk image (.dmg file);
  2. “pkgsinfo” directory with metadata for each installer;
  3. “catalogs” directory with catalogs of available packages (usually there is a production and a testing catalog); and
  4. “manifests” directory with a list of packages to install from a given catalog. The Munki client (also known as “Managed Software Update” to the end user) on each Mac is configured with a specific manifest to use. This allows different sets of software to be installed for the various locations/uses of Macs throughout a district.

The hardest part of getting Munki rolled out is figuring out a way to install the client on all of the Macs. Going forward, it can be part of the initial deployment process or re-imaging process. If you are transitioning from an existing software deployment system, it can be used to install Munki and then Munki can be used to uninstall the old system. It’s also possible to use Apple Remote Desktop or install it one-by-one, but obviously both can be more tedious to use.

However, once you are able to get Munki in place, there is an added advantage to using Munki over other solutions. Another open source solution, known as AutoPKG, can be used to automate the process of downloading software and preparing it for use with Munki. It uses recipes that others have developed to download the most recent version, process it, and then import it into Munki. This is most useful for software that is updated regularly, including Flash Player, Java, Chrome, Firefox, etc. The ultimate goal is to have a system that can detect when updates are available and automatically deploy them out to clients with a minimal amount of manual effort.

The fastest way to get started with Munki is by using a script that someone has developed, known as Munki-in-a-Box. On a Mac with Server (available from Apple through the App Store) installed, it will download and install everything necessary for a basic Munki set up.

For additional information on Munki click here, and information on AutoPKG is available here.

Watch Tim’s complete Tech Talk Live presentation, ​Using Munki to Manage Mac Software Development, here.

Tech Talk Live Blog Comment Guidelines:

One of our main goals at Tech Talk Live is to build a community. It is our hope that this blog can be a forum for discussion around our content. We see commenting as an integral part of this community. It allows everyone to participate, contribute, connect, and share relevant personal experience that adds value to the conversation. Respect counts. We believe you can disagree without being disagreeable. Please refrain from personal attacks, name calling, libel/defamation, hate speech, discriminatory or obscene/profane language, etc. Comments should keep to the topic at hand, and not be promotional or commercial in nature. Please do not link to personal blog posts, websites, or social media accounts that are irrelevant to the conversation. This is considered self-promotion. We welcome links that help further the conversation and reserve the right to delete those we deem unnecessary. The appearance of external links on this site does not constitute official endorsement on behalf of Tech Talk Live or Lancaster-Lebanon Intermediate Unit 13. You are solely responsible for the content that you post – please use your best judgment. We reserve the right to remove posts that do not follow these guidelines.

Leave a Reply

Your email address will not be published. Required fields are marked *


Tech Talk Live is the only conference of its kind in the region specifically designed for IT pros in education.

1020 New Holland Avenue, Lancaster, PA 17601

(717) 606-1770