-
Notifications
You must be signed in to change notification settings - Fork 18
Home
Wade Robson edited this page Aug 2, 2017
·
10 revisions
S3-Auth allows munki clients to connect securely, and directly to a munki repo hosted in S3.
Munki has a feature which enables Mac administrators to use middleware to change munki's HTTP request. S3-Auth uses this feature to create the HTTP headers necessary to authenticate to S3. The Canonical URI is used to create a unique signature for each requested file/resource. The signature provides access to only that resource for a 15 minute window.
What you need:
- An AWS account
- A S3 bucket
- IAM user with limited policy
- Munki version 2.7.0 or higher to use middleware. You can find that here
Copy middleware_s3.py into /usr/local/munki/
sudo curl https://raw.githubusercontent.com/waderobson/s3-auth/master/middleware_s3.py -o /usr/local/munki/middleware_s3.py
Setup your s3-auth preferences.
sudo defaults write /Library/Preferences/ManagedInstalls AccessKey 'AKIAIX2QPWZ7EXAMPLE'
sudo defaults write /Library/Preferences/ManagedInstalls SecretKey 'z5MFJCcEyYBmh2BxbrlZBWNJ4izEXAMPLE'
sudo defaults write /Library/Preferences/ManagedInstalls Region 'us-west-2'
Change your repo to point to your s3 bucket.
sudo defaults write /Library/Preferences/ManagedInstalls SoftwareRepoURL "https://S3_BUCKET_GOES_HERE.s3.amazonaws.com"