MunkiWebadmin on Os X Server 10.8.5

This is mostly a log rather than a tutorial as I just follow the wiki…

but that may help as it is a step by step of what I did.

– MySQL already up and running and installed with brew.
— Create a New database munki_webadmin_stage.db and MySQL user munkiwebadmin so it is done.

– git has to be installed too (either the system one (from Xcode), brew or git installer, your choice). you don’t want to work on text/scripts files without git don’t you? ;)

Install Prerequisites and Stage files

Setup the Virtual Environment

Install Xcode, or at least the Command Line Tools for Xcode if they are available. Make sure to get the right one for your version of OS X. These can be found on Xcode can be found on the Mac App Store. (Specifically you need git, so you might be able to get by with just a git install…)

Install virtualenv.

sudo easy_install virtualenv

Create a new virtual environment.
I choose not to install munkiwebadmin in /Users/Shared but in my dedicated staging DATAS disc.

cd /Volumes/datas/DEPLOYMENT_STAGE/munkiwebadmin_env/
virtualenv munkiwebadmin_env

This will create a virtual Python environment inside a newly created munkiwebadmin_env folder.

 Note: that we created this directory inside /Users/Shared; you can use another location if you’d like.
Go into the newly created directory and activate the virtual environment:

cd munkiwebadmin_env
source bin/activate

Your  should now see something like this:


Install munkiwebadmin and django prerequisites

We must now install some munkiwebadmin prereqs inside of the virtual environment.

Install Django. If your test machine is running Lion or later:

pip install django==1.5.1
pip install mysql-python

for ldap see note below :

pip install python-ldap
pip install django_auth_ldap

sudo easy_install mysql-python

Note from wiki: This guide was tested with Django 1.5.1. MunkiWebAdmin may or may not run successfully with other versions of Django, though Django 1.4.1 should be OK.

Install the django-wsgiserver:

pip install django-wsgiserver==0.8.0beta

Note: This guide was tested with django-wsgiserver 0.8.0beta. MunkiWebAdmin may or may not run successfully with other versions.

 Copy and Configure MunkiWebAdmin

Still working inside the munkiwebadmin_env virtual environment, use git to clone the current MunkiWebAdmin code:

note : I cloned my own gitlab repo here… as I clone everything first in there and then I clone/pull from it.

git clone munkiwebadmin

This clones the current MunkiWebAdmin code into a directory named “munkiwebadmin”.

Make a copy of the — this is a template file; you must copy it to the correct name and edit it.

cd munkiwebadmin


Set ADMINS to an administrative name and email
Set TIME_ZONE to the appropriate timezone
Under INSTALLED_APPS uncomment django_wsgiserver
Set MUNKI_REPO_DIR to the local filesystem path to your munki repo. (In this case, /Volumes/datas/DEPLOYMENT_STAGE/munki_repo)
Make other edits as you feel comfortable
Save and close the file.

(‘someadmin’, ‘moc.n1488119968iamod1488119968ruoy@1488119968nimda1488119968emos1488119968’),

#ROOT_URLCONF = ‘munkiwebadmin.urls’
ROOT_URLCONF = ‘munki_webadmin_stage.urls’

# mysql example
‘default': {
‘ENGINE': ‘django.db.backends.mysql’,
‘NAME': ‘munki_webadmin_stage.db’,
‘USER': ‘munkiwebadmin’,
‘PASSWORD': ‘munki’,
‘HOST': ‘/tmp/mysql.sock’,
‘PORT': ‘33060’,


APPNAME = ‘MunkiWebAdmin’

# MUNKI_REPO_DIR holds the local filesystem path to the Munki repo
MUNKI_REPO_DIR = ‘/Volumes/datas/DEPLOYMENT_STAGE/munki_repo’

# provide the path to the git binary if you want MunkiWeb to add and commit
# manifest edits to a git repo
# if GITPATH is undefined or None MunkiWeb will not attempt to do a git add
# or commit

GIT_PATH = ‘/usr/bin/git’

 Initialize the Database, Create an admin account

Back in Terminal, initialize the database and setup the admin account by following the prompts:

python syncdb

python syncdb
Creating tables …
Installing custom SQL …
Installing indexes …
Installed 0 object(s) from 0 fixture(s)

You just installed Django’s auth system, which means you don’t have any superusers defined.
Would you like to create one now? (yes/no):


You’ll see it also prompt you to create a default admin user.
Do this, and don’t forget the username or password!


Remember the superuser name and password. You’ll need it for initial login to the web app.
Create a non-admin service account and group

It’s not a good idea to run the MunkiWebAdmin webapp as root, and you probably don’t want to run it as an existing user (like yourself). So we will create a dedicated service account for this application.

Create the munkiwebadmin account:

Open System Preferences and go to Users & Groups.
Create a Standard user named munkiwebadmin.
(We’re using the Users & Groups or Accounts preference pane to create the user so that an unused UID and useful defaults will be assigned automatically. If you want to create the user via command-line, feel free, but make sure all the required attributes are populated! The details are not documented here.)

To make sure no one can log in with this account interactively, we will change a few attributes in the user record. Run the following commands in Terminal:

sudo dscl . create /Users/munkiwebadmin home /var/empty
sudo dscl . create /Users/munkiwebadmin passwd *

Now create a munki group and add munkiwebadmin to it.

sudo dseditgroup -o create -n . munki
sudo dseditgroup -o edit -a munkiwebadmin -t user munki

Make sure the munki group (which includes munkiwebadmin) can read and write in our munkiwebadmin_env:

sudo chgrp -R munki /Volumes/datas/DEPLOYMENT_STAGE/munkiwebadmin_env
sudo chmod -R g+rw /Volumes/datas/DEPLOYMENT_STAGE/munkiwebadmin_env

While we are at it, lets give this group read/write access to the munki repo (MunkiWebAdmin will need permissions to modify manifests) (Substitute the path for your Munki repo)

sudo chgrp -R munki /Volumes/datas/DEPLOYMENT_STAGE/munki_repo
sudo chmod -R g+rw /Volumes/datas/DEPLOYMENT_STAGE/munki_repo

Start the web application and test
Switch to the service account we just created:

sudo su
su munkiwebadmin

Start MunkiWebAdmin:

(munkiwebadmin_env)macpro:munki_webadmin_stage localadminoem$ sudo su
sh-3.2# su munkiwebadmin
bash-3.2$ python runwsgiserver port=8000 host=

python runwsgiserver port=8000 host=

You’ll see something like:

Validating models..
0 errors found
July 10, 2013 – 15:02:11
Django version 1.5.1, using settings ‘munkiwebadmin.settings’
cherrypy django_wsgiserver is running at
Quit the server with CONTROL-C.
launching with the following options:
{‘adminserve': ‘Deprecated’,
‘autoreload': True,
‘daemonize': False,
‘host': ‘’,
‘pidfile': None,
‘port': ‘8000’,
‘server_group': ‘www-data’,
‘server_name': ‘localhost’,
‘server_user': ‘www-data’,
‘servestaticdirs': True,
‘ssl_certificate': None,
‘ssl_private_key': None,
‘staticserve': True,
‘threads': 10,
‘workdir': None}

Open your browser  and point to

If all is configured properly, you should be greeted with the MunkiWebAdmin login page.

Login with the username and password you chose earlier.

You should be able to look at catalogs; look at and edit manifests; and access the site admin tools.

Reports and inventory will be empty until your Munki clients are configured to report to the MunkiWebAdmin server process.

( EDIT : see  munki | munkiWebAdmin preflights and postflight scripts and  munki “more than one” preflight / postflight scripts )

Hitting Control-C in the terminal session will end the server process.

To run it persistently we can either use launchd or how  set it up (integrate) in Os X Server.

I then followed the launchDaemons steps to test but choose not to use it as is
and followed steps to integrate it in the web Server of Os X server.
This is not needed at all, but hey! this is another challenge :)

Make sure the plist has owner root, group wheel, and mode 644. as stated and save it to


You can manually start it (instead of waiting for a restart) like so:

sudo launchctl load /Library/LaunchDaemons/com.googlecode.munki.munkiwebadmin.plist

Ok all is working fine.
I stopped it than removed the plist

sudo launchctl unload /Library/LaunchDaemons/com.googlecode.munki.munkiwebadmin.plist

sudo rm -f /Library/LaunchDaemons/com.googlecode.munki.munkiwebadmin.plist


sudo mv /Library/LaunchDaemons/com.googlecode.munki.munkiwebadmin.plist /some/place/like/ your/Desktop.

Next, I followed those steps to integrate nicely in Os X web server via

- Editing the file munkiwebadmin.wsgi


– my settings :




import sys, os, site


os.environ[‘PYTHON_EGG_CACHE’] = ‘/Volumes/DEPLOY_IMAGES/DEPLOYMENT_STAGE/munkiwebadmin_env/munki_webadmin_stage/python-eggs’
# Use site to load the site-packages directory of our virtualenv
site.addsitedir(os.path.join(MUNKIWEBADMIN_ENV_DIR, ‘lib/python2.7/site-packages’))


# Make sure we have the virtualenv and the Django app itself added to our path
sys.path.append(os.path.join(MUNKIWEBADMIN_ENV_DIR, ‘munki_webadmin_stage’))

os.environ[‘DJANGO_SETTINGS_MODULE’] = ‘settings’
#os.environ.setdefault(“DJANGO_SETTINGS_MODULE”, “settings”)
import django.core.handlers.wsgi
application = django.core.handlers.wsgi.WSGIHandler()


Editing the file httpd_munkiwebadmin.conf


WSGIScriptAlias / /Volumes/DEPLOY_IMAGES/DEPLOYMENT_STAGE/munkiwebadmin_env/munki_webadmin_stage/munkiwebadmin.wsgi

#WSGIRestrictStdout Off

# should reflect the
# APPNAME = ‘MunkiWebAdmin’ set in

WSGIDaemonProcess MunkiWebAdmin user=munkiwebadmin group=munki
#WSGIDaemonProcess munki_webadmin_stage user=_www group=_www

#Alias /static/ /Volumes/DEPLOY_IMAGES/DEPLOYMENT_STAGE/munkiwebadmin_env/munki_webadmin_stage/site_static/

<Directory “/Volumes/DEPLOY_IMAGES/DEPLOYMENT_STAGE/munkiwebadmin_env/munki_webadmin_stage”>
WSGIProcessGroup MunkiWebAdmin
WSGIApplicationGroup %{GLOBAL}
Order deny,allow
Allow from all


Editing the webapp file


<?xml version=”1.0″ encoding=”UTF-7″?>
<!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “”>
<plist version=”1.0″>

All should be up and running.

Some notes :

As I did not used the same paths, I had some troubles.
it is important to match names like so:

in the file munkiwebadmin.wsgi, be sure to put the correct paths (mine for example is ‘munki_webadmin_stage’)
I ‘simply’ did a search and replace

The display name key
of the webapp .plist
in /Library/Server/Web/Config/apache2/webapps/com.example.munkiwebadmin.plist

must be the same as
WSGIDaemonProcess MunkiWebAdmin
in /Library/Server/Web/Config/apache2/httpd_munkiwebadmin.conf

should reflect the
APPNAME = ‘MunkiWebAdmin’ set in


Product and graphic designer turned to be a Mac SysAdmin.

Posted in Admin, Deploy, Mac Tagged with: , , , , , , , ,
2 comments on “MunkiWebadmin on Os X Server 10.8.5
  1. PE says:

    Any idea of this is also working under Mavericsks Server? try to get it work but i dont get the Python at Edit Advanced Settings visable.

    • oem oem says:


      Shame on me, I’ve not played yet enough with Mavericks Server, but as you point that out I’ll give it a deeper look and test this out very soon.

1 Pings/Trackbacks for "MunkiWebadmin on Os X Server 10.8.5"
  1. […] : munkiwebadmin autopkg on Os X Server […]

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>