Simian is an enterprise-class Mac OS X software deployment solution. Google App Engine hosted server, with a client powered by the Munki open-source project.
License: Apache License 2.0
I'm trying to get simianauth --debug to work. I believe the issue has to due w/ the CA Issuer is looking for it to use / not commas. According to the guide, I need to change this in etc/simian/common.cfg but I don't have that file. Was there a change?
How does one who had munki installed and running, and then added simian, go back to just munki?
We've been running simian with munkitools 3.0.3.3352 for about a month now and I see this problem during preflight on clients that hasn't done a postflight for a couple of weeks. It seems MunkiDownloadError is gone from munki 3.
Traceback (most recent call last):
File "/usr/local/munki/simian_client.py", line 87, in
sys.exit(main(sys.argv[1:]))
File "/usr/local/munki/simian_client.py", line 73, in main
preflight.RunPreflight(runtype, server_url=server_url)
File "/usr/local/munki/simian/lib/python2.7/site-packages/simian-2.5-py2.7.egg/simian/mac/client/preflight.py", line 392, in RunPreflight
flight_common.RepairClient()
File "/usr/local/munki/simian/lib/python2.7/site-packages/simian-2.5-py2.7.egg/simian/mac/client/flight_common.py", line 891, in RepairClient
except fetch.MunkiDownloadError as e:
AttributeError: 'module' object has no attribute 'MunkiDownloadError'
This issue is being presented as an opportunity for the Github community to make any further suggestions about implementation before an attempt is made to implement a solution.
Work will start on or about July 13
Details from the Simian feature request doc are below:
Problem:
No clear indication if changes in the XML of of Munki Package will also clear a previously uploaded file.
Solution:
Create an “orphan file check” That compares expected package files to existing bucket files and removes any orphans.
This issue is being presented as an opportunity for the Github community to make any further suggestions about implementation before an attempt is made to implement a solution.
Work will start on or about July 13
Details from the Simian feature request doc are below:
Problem:
Crypto signing manifests, catalogs and packages is a desirable but not currently implemented feature.
On a static munki server, the admin has access to their own server and likely trusts the hardware, and it likely may be on customer premises.
Simian is auto generating manifests, auto concat'ing catalogs, etc, there becomes a question of not only where to store both public and private keys, but also how to design the {client,cloud,admin} workflow such that an org running Simian can earn real increased certainty that their fleet only runs legit pkgs.
Solution:
Develop a method of key management that is effective in a cloud computing environment (such as Appengine)
This issue is being presented as an opportunity for the Github community to make any further suggestions about implementation before an attempt is made to implement a solution.
Work will start on or about July 13
Details from the Simian feature request doc are below:
Problem:
Currently, when there is insufficient space to download or install a package, it’s not very noticable by the end user.
The munki client can fail to download a package for a wide number of reasons. Some of these are intermittent, but sometimes particular packages, computers, or networks are problematic.
Packages may be misconfigured (i.e. missing pkginfo installs key) or unexpected machine state may cause packages to repeatedly and perpetually redownload and reinstall, regardless of success.
The simian client does not report all installed .plists in an easy to search way.
Solution:
update the simian client to collect more data about installs / state of a client.
That data should also be made easily available in the web UI
Some of this content should include:
Changing the command to call '/usr/bin/facter' rather than 'facter' to run properly w/o sudo (Facter 2.7+?)
--show-legacy option for Facter 3+
using --external-dir and --custom-dir options for custom facts
Tested on multiple Macs running 10.10 with the package generated by make dmg:
luzifer@knut-workstation01 /V/Simian> sudo installer -pkg simian.pkg -target / -verboseR
installer: Package name is contents
installer: Upgrading at base path /
installer:PHASE:Preparing for installation…
installer:PHASE:Preparing the disk…
installer:PHASE:Preparing contents…
installer:PHASE:Waiting for other installations to complete…
installer:PHASE:Configuring the installation…
installer:STATUS:
installer:%2.229250
installer:PHASE:Validating packages…
installer:%97.750000
installer: The upgrade failed (The Installer encountered an error that caused the installation to fail. Contact the software manufacturer for assistance.)
luzifer@knut-workstation01 /V/Simian [1]>
There are sometimes issues with uploading large blobs (>1GB) to App Engine Blobstore. If Simian supported serving blobs in Google Cloud Storage (aka GCS), then admins would be able to work around Blobstore issues by uploading to GCS directly.
Simian could either ingest from GCS and add to it's Blobstore instance, or just serve directly from GCS:
https://cloud.google.com/appengine/docs/python/blobstore/#Python_Using_the_Blobstore_API_with_Google_Cloud_Storage
Hey, I notice the more recent commits add icons handling, I tried putting an 'icons' directory in the GCS bucket that my ENV points to with BLOBSTORE_GS_BUCKET, but it's still error'ing. I see something about an ICONS_GCS_BUCKET setting in the code, but not sure how to utilize it. Thanks!
Issue
When an admin accesses a manifest with no packages, they get an internal server error (500), instead of a page.
How to replicate
Attempt to access the "view stable" page on an instance that does not have packages yet. You will receive an internal server error.
I wouldn't consider this a high-priority because the problem goes away once you have packages :)
I have a SNI certificate bundle on the appengine side. This requires connecting with the -servername param.
I tried to see if I could make a change with M2Crypto in the client.py code, but it looks like SNI is not a supported M2Crypto option, at least not in the version of the bundled library.
I completed a simian install to AppEngine today and ran into several issues that require updates or fixes:
The AppEngine instructions are not matching the documentation for installing python apps with gcloud.
The steps described here require downloading a legacy launcher. AppEngine now is part of the gcloud app subcommand.
custom domains
If you're using a custom domain with app-engine, the project ID is not the subdomain.
I had to modify src/simian/util/appid_generator.py because it was combining the project ID with a domain part, but the app.yml should match the following:
application: your-gcp-project-id
For reference, I use acme-corp as the Project ID, but my simian install is served from munki.corp.acme.co.
I see this for 10.12 support, could we get an m2crypto egg built for 10.13? I can get it to install by hard-coding the egg it looks for to 10.12 in the postinstall, is there really much different between versions that it needs a per-OS version egg?
Pushing the High Sierra update to my client Macs fails even after setting a force install by date in Simian admin . I get the below log when I attempt to fetch updates. This is only started happening recently as I've been able to do prior Sierra updates. Just FYI, I have disabled automatic updates on the client Macs if it matters.
Command run on client Mac is > sudo managedsoftwareupdate --applesuspkgsonly -vvv
: managedsoftwareupdate is configured to process Apple Software Updates only.
Checking Apple Software Update catalog...
Caching CatalogURL https://cxxxxx.appspot.com/applesus/eyJoZWFkZXIiOiAib3NfdmVyc2lvbj0xMC4xMi42fHRyYWNrPXN0YWJsZSIsICJjb29raWVzIjogIkF1dGgxVG9rZW49TVRRMk1UY3pOVFEwTmpVNU5UQTFPRFk1TURnM056TXlOVGsyTlRFME5UazROalk0TlRVMDsgc2VjdXJlOyBodHRwb25seTsifQ==
Options: {'logging_function': <function display_debug2 at 0x10bbc4d70>, 'ignore_system_proxy': None, 'additional_headers': {'User-Agent': u'managedsoftwareupdate/2.8.2.2855 Darwin/16.7.0 (x86_64) (MacBookPro12,1)'}, 'file': '/tmp/munki_swupd_cache/mirror/apple.sucatalog.download', 'cache_data': {
"last-modified" = "Wed, 01 Nov 2017 07:21:18 GMT";
}, 'url': u'https://cxxxxx.appspot.com/applesus/eyJoZWFkZXIiOiAib3NfdmVyc2lvbj0xMC4xMi42fHRyYWNrPXN0YWJsZSIsICJjb29raWVzIjogIkF1dGgxVG9rZW49TVRRMk1UY3pOVFEwTmpVNU5UQTFPRFk1TURnM056TXlOVGsyTlRFME5UazROalk0TlRVMDsgc2VjdXJlOyBodHRwb25seTsifQ==', 'follow_redirects': True, 'download_only_if_changed': True, 'can_resume': True}
URLSession_task_didReceiveChallenge_completionHandler_
Authentication challenge for Host: csquared-staging.appspot.com Realm: None AuthMethod: NSURLAuthenticationMethodServerTrust
Allowing OS to handle authentication request
Status: 304
Headers: {u'Cache-Control': u'no-cache', u'Server': u'Google Frontend', u'x-cloud-trace-context': u'49a03e3e67afbced7d428b59b24242ef', u'Date': u'Mon, 27 Nov 2017 09:09:39 GMT', u'alt-svc': u'hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"', u'Content-Type': u'text/html; charset=utf-8'}
Item is unchanged on the server.
/tmp/munki_swupd_cache/mirror/apple.sucatalog already exists and is up-to-date.
Downloading available Apple Software Updates...
softwareupdate cmd: ['/usr/local/munki/ptyexec', '/usr/sbin/softwareupdate', '--verbose', '-d', '-a']
Finding available software...
ERROR: softwareupdate error: 100
ERROR: Could not download all available Apple updates.
CheckForSoftwareUpdates result: False
Finishing...
Getting info on currently installed applications...
Performing postflight tasks...
postflight stderr: WARNING:root:facter hostname empty; fetching from sys_config
WARNING:root:Root CA Cert Chain was EMPTY!
WARNING:root:facter hostname empty; fetching from sys_config
Done.
As a user working in a company using Simian / Munki I want to have my applications, especially in a large software catalog, ordered by categories to have a more useful overview which applications are supported by my companies software management.
Currently it is possible to use the commandline option for makepkginfo from the MunkiTools to generate the dictionary item for categories in the managed package:
makepkginfo --category=Tools Alfred_2.dmg | pbcopy
Sadly this is not very useful for simian administrators who are not using the CLI on a daily base as they tend to forget the flag or mistake the category definition. To solve this it would be useful to have a "Category" field in the web interface they can use to specify the category. Additional an auto-completion would be useful for this field to avoid duplicates like "Tool" and "Tools".
Hearing reports of this:
+ [[ -x /usr/bin/easy_install-2.7 ]]
+ /usr/bin/python2.7 /usr/bin/easy_install-2.7 -U virtualenv==13.1.2 setuptools==18.6.1
Searching for virtualenv==13.1.2
Reading https://pypi.python.org/simple/virtualenv/
Couldn't find index page for 'virtualenv' (maybe misspelled?)
Scanning index of all packages (this may take a while)
Reading https://pypi.python.org/simple/
No local packages or download links found for virtualenv==13.1.2
error: Could not find suitable distribution for Requirement.parse('virtualenv==13.1.2')Possibly related to https://mail.python.org/pipermail/distutils-sig/2018-April/032114.html ?
This issue is being presented as an opportunity for the Github community to make any further suggestions about implementation before an attempt is made to implement a solution.
Work will start on or about July 13
Details from the Simian feature request doc are below:
Problem:
Apple SoftwareUpdateServerURL can not be a local file, as of OSX 10.11
This leaves only a public, or otherwise unauthenticated URL as the only working option.
It is NOT recommended to use a public URL, as this provides an attack surface.
Solution:
Use Simian's token system to generate a client specific, and short lived url for apple updates.
This issue is being presented as an opportunity for the Github community to make any further suggestions about implementation before an attempt is made to implement a solution.
Work will start on or about July 13
Details from the Simian feature request doc are below:
Problem:
Tags are currently a bit difficult to manage.
Tagging currently does not respect database constraints (Generating a tagged computer can happen multiple times in a single tag)
Solution:
Create a better hierarchy for tag management.
Revise the tagging data model
For a while now this Simian test has been failing for me. I think it's a DST timezone issue.
I get this output:
Testing settings_datastore_test
...F
======================================================================
FAIL: testSet (settings_datastore_test.DatastoreSettingsTest)
testSet (settings_datastore_test.DatastoreSettingsTest)
----------------------------------------------------------------------
Traceback (most recent call last):
File "src/tests/simian/settings_datastore_test.py", line 98, in testSet
datetime.timedelta(seconds=1), datetime.datetime.now() - stamp)
AssertionError: datetime.timedelta(0, 1) not greater than datetime.timedelta(0, 3600, 3474)
The issue is that the timestamp returned by models.Settings.GetItem('long_name') is an hour in the past. I temporarily fixed it by changing this line to:
datetime.timedelta(seconds=3601), datetime.datetime.now() - stamp)
Docs say to do the configuration first, and run make install but I get this:
192168015100:simian GlennJi$ sudo make install
Password:
/usr/bin/python2.6 -c 'import virtualenv' || \
sudo easy_install-2.6 -U virtualenv==1.10.1
[ -d VE ] || \
/usr/bin/python2.6 /usr/local/bin/virtualenv --no-site-packages VE
[ -f test ] || \
env SIMIAN_CONFIG_PATH="/etc/simian/" \
VE/bin/python setup.py google_test && touch test && \
echo ALL TESTS COMPLETED SUCCESSFULLY
ALL TESTS COMPLETED SUCCESSFULLY
VE/bin/python \
src/simian/util/validate_settings.py etc/simian/ \
src/ ./pyasn1*.egg ./tlslite*.egg
INFO:root:Loading settings
./tlslite-0.3.8-py2.6.egg/tlslite/utils/cryptomath.py:9: DeprecationWarning: the sha module is deprecated; use the hashlib module instead
INFO:root:Looking for required setting server_public_cert_pem
DEBUG:root:_Get(server_public_cert_pem)
DEBUG:root:_GetExternalPem(server_public_cert_pem)
DEBUG:root:_GetExternalConfiguration(server_public_cert.pem)
ERROR:root:Configuration directory not found: etc/simian/ssl
ERROR:root:Configuration not found: server_public_cert.pem
ERROR:root:missing required setting server_public_cert_pem
make: *** [settings_check] Error 1
Configuring certificates is not even mentioned until much later in the docs, so presumably the docs list setup steps in the wrong order?
With a fresh install:
I was able to see the simian UI at the appspot url, while everyone other user in the gsuite domain was getting a 500 error.
As soon as I added someone to the admin ACL, that person was able to access the dashboard but my requests immediately started to return 500 errors. I had to ask them to add me.
While there's a workaround, two issues should be addressed:
Traceback:
auth_domain
Traceback (most recent call last):
File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 1535, in __call__
rv = self.handle_exception(request, response, e)
File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 1529, in __call__
rv = self.router.dispatch(request, response)
File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 1278, in default_dispatcher
return route.handler_adapter(request, response)
File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 1102, in __call__
return handler.dispatch()
File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 572, in dispatch
return self.handle_exception(e, self.app.debug)
File "/base/data/home/apps/p~acme-corp/27ff0fde1ab4.399726129461307711/simian/mac/admin/__init__.py", line 176, in handle_exception
super(AdminHandler, self).handle_exception(exception, debug_mode)
File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 570, in dispatch
return method(*args, **kwargs)
File "/base/data/home/apps/p~acme-corp/27ff0fde1ab4.399726129461307711/simian/mac/admin/summary.py", line 49, in get
self_report_username = auth.DoUserAuthWithSelfReportFallback()
File "/base/data/home/apps/p~acme-corp/27ff0fde1ab4.399726129461307711/simian/mac/common/auth.py", line 175, in DoUserAuthWithSelfReportFallback
if not email.endswith('@' + settings.AUTH_DOMAIN):
File "/base/data/home/apps/p~acme-corp/27ff0fde1ab4.399726129461307711/simian/settings.py", line 372, in __getattr__
return self._Get(str(k).lower())
File "/base/data/home/apps/p~acme-corp/27ff0fde1ab4.399726129461307711/simian/settings.py", line 802, in _Get
raise AttributeError(k)
AttributeError: auth_domain
This issue is being presented as an opportunity for the Github community to make any further suggestions about implementation before an attempt is made to implement a solution.
Work will start on or about July 13
Details from the Simian feature request doc are below:
Problem:
https://groups.google.com/forum/?fromgroups#!topic/simian-discuss/hT8IJjGtUmk
Not only does plist.PackageInfo enforce installer_item_(location|hash), but the admin UI also doesn't allow packages without associated DMGs to be placed into catalogs/manifests, etc.
Workaround:
Upload a dummy DMG.
Solution:
First, we need to make installer_item_* optional, and next we need to create a way for admins to opt to not upload a package DMG and still make the package deployable.
RE: https://groups.google.com/forum/#!topic/simian-discuss/MPgc47amP2o
I figured I should move this conversation over to here since it seems to be a problem in the code.
I've narrowed it down to CacheFacterContents not liking the output of /usr/local/bin/simianfacter
I changed Line 331/332 to:
return_code, stdout, unused_stderr = Exec(
['facter', '-p'], timeout=300, waitfor=0.5)
and we are now pulling in facter facts, however I realize that this bypasses the failsafe of pulling in unspecified settings from simina/settings.cfg
Steps to reproduce:
Appengine SDK: 1.9.38
dev_appserver.py .dev_appserver raises an Import Error:
raise ImportError('No module named %s' % fullname) ImportError: No module named fcntl
It would seem fcntl is not among white listed C modules for appengine?
I've explored sandbox.py to find:
_C_MODULES = frozenset(['cv', 'Crypto', 'lxml', 'numpy', 'PIL'])
Adding the module to the list does not seem to change the result.
I was able to add a few client to Simian w/o issue. Now I'm looking to do a bigger deployment, but how can I make more certificates w/o have to delete all the certs from the app engine, redoing all the private keys, and have to re-do the clients that are currently working. I tried doing the export CA="my password" and then running the command to make the certs, but I got an error about not finding the key. Any help would be greatly appreciated...Thanks again for all your work on Simian!!!!
simian.js:266 Uncaught TypeError: Cannot read property 'add' of undefined
simian.js:258 Uncaught TypeError: Cannot read property 'remove' of undefined
simian.js:261 Uncaught TypeError: Cannot read property 'has' of undefined
simian.js:260 Uncaught TypeError: Cannot read property 'add' of undefined
simian.js:261 Uncaught TypeError: Cannot read property 'has' of undefined
simian.js:262 Uncaught TypeError: Cannot read property 'has' of undefined
simian.js:262 (anonymous function)
simian.js:90 e.Df
simian.js:60 td
simian.js:61 od
simian.js:58 (anonymous function)
Errors came up after deploying the new version from GitHub, menu is not working and dashboard broken because of this.
Please add the M2Crypto egg for 10.14 to the mirror and the lines for including the 10.14 egg in the Makefile.
This issue is being presented as an opportunity for the Github community to make any further suggestions about implementation before an attempt is made to implement a solution.
Work will start on or about July 13
Details from the Simian feature request doc are below:
Problem:
For instances where many (>100) packages are present, identifying packages targeted at a particular track of devices requires a lot of scrolling.
Solution:
Add filtering functionality to the UI to only display packages which are targeted to a set of catalogs and/or manifest.
This error is cropping up on a good number of machines running a relatively recent simian version:
WARNING:root:Root CA Cert Chain was EMPTY!
ERROR:root:Failed to harvest Puppet SSL cert facter specified.
WARNING:root:Root CA Cert Chain was EMPTY!
Traceback (most recent call last):
File "/usr/local/munki/simian_client.py", line 87, in <module>
sys.exit(main(sys.argv[1:]))
File "/usr/local/munki/simian_client.py", line 73, in main
preflight.RunPreflight(runtype, server_url=server_url)
File "/usr/local/munki/simian/lib/python2.7/site-packages/simian-2.5-py2.7.egg/simian/mac/client/preflight.py", line 429, in RunPreflight
flight_common.UpdateAppleSUSCatalog(client)
File "/usr/local/munki/simian/lib/python2.7/site-packages/simian-2.5-py2.7.egg/simian/mac/client/flight_common.py", line 560, in UpdateAppleSUSCatalog
raise base_client.HTTPError
simian.client.client.HTTPErrorAny hints as to why this http response is only failing for a handful of clients? I'm trying to correlate OS versions or other discrepancies, since it seems to be in a routine that is supposed to fetch the applicable SUS catalog.
I had this problem and saw it in a thread on Simian-discuss.
Issue
Pillow added a dependency on a "jpeg" package that has to be installed with brew. This dependency should be integrated into the install or appropriate instructions should be added to the setup instructions.
How to replicate
make test portion.make test, it will fail with error ValueError: jpeg is required unless explicitly disabled using --disable-jpeg, abortingjpeg package using brew.make test, it will work.I'm getting an error 500 when I copy/paste a pkginfo file. Uploading the file works perfectly
Here is the log:
2015-10-15 20:34:48.592 /admin/package 500 261ms 0kb instance=0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36 module=default version=a56a3dc98d87
100.43.220.122 - mholt [15/Oct/2015:20:34:48 -0700] "POST /admin/package HTTP/1.1" 500 225 - "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36" "rlc-simian.appspot.com" ms=261 cpu_ms=53 cpm_usd=0.000025 instance=0 app_engine_release=1.9.27
W 2015-10-15 20:34:48.418
No admins defined! Configure admins in Admin Tools -> ACL Groups.
W 2015-10-15 20:34:48.446
No admins defined! Configure admins in Admin Tools -> ACL Groups.
E 2015-10-15 20:34:48.590
'ascii' codec can't encode character u'\xae' in position 726: ordinal not in range(128)
Traceback (most recent call last):
File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 1535, in __call__
rv = self.handle_exception(request, response, e)
File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 1529, in __call__
rv = self.router.dispatch(request, response)
File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 1278, in default_dispatcher
return route.handler_adapter(request, response)
File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 1102, in __call__
return handler.dispatch()
File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 572, in dispatch
return self.handle_exception(e, self.app.debug)
File "/base/data/home/apps/s~rlc-simian/a56a3dc98d87.387476931731189739/simian/mac/admin/__init__.py", line 153, in handle_exception
super(AdminHandler, self).handle_exception(exception, debug_mode)
File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 570, in dispatch
return method(*args, **kwargs)
File "/base/data/home/apps/s~rlc-simian/a56a3dc98d87.387476931731189739/simian/mac/admin/package.py", line 170, in post
self.UpdatePackageInfoFromPlist(create_new=True)
File "/base/data/home/apps/s~rlc-simian/a56a3dc98d87.387476931731189739/simian/mac/admin/package.py", line 380, in UpdatePackageInfoFromPlist
self.NotifyAdminsOfPackageChangeFromPlist(plist_xml)
File "/base/data/home/apps/s~rlc-simian/a56a3dc98d87.387476931731189739/simian/mac/admin/package.py", line 283, in NotifyAdminsOfPackageChangeFromPlist
main_body = str(plist.GetXml(indent_num=2))
UnicodeEncodeError: 'ascii' codec can't encode character u'\xae' in position 726: ordinal not in range(128)
Here is the plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>_metadata</key>
<dict>
<key>created_by</key>
<string>admin</string>
<key>creation_date</key>
<date>2015-10-16T02:58:46Z</date>
<key>munki_version</key>
<string>2.3.1.2535</string>
<key>os_version</key>
<string>10.10.3</string>
</dict>
<key>autoremove</key>
<false/>
<key>catalogs</key>
<array>
<string>unstable</string>
</array>
<key>description</key>
<string>Adobe® Flash® Player is a cross-platform browser-based application runtime that delivers uncompromised viewing of expressive applications, content, and videos across screens and browsers.</string>
<key>display_name</key>
<string>Adobe Flash Player</string>
<key>installed_size</key>
<integer>17140</integer>
<key>installer_item_hash</key>
<string>b5eca33f72b1b419a7f9754b53cc8780b03e351520f189a43986a9e1f2aa22fa</string>
<key>installer_item_location</key>
<string>AdobeFlashPlayer-19.0.0.207.dmg</string>
<key>installer_item_size</key>
<integer>16364</integer>
<key>minimum_os_version</key>
<string>10.5.0</string>
<key>name</key>
<string>AdobeFlashPlayer</string>
<key>package_path</key>
<string>Install Adobe Flash Player.app/Contents/Resources/Adobe Flash Player.pkg</string>
<key>receipts</key>
<array>
<dict>
<key>installed_size</key>
<integer>17140</integer>
<key>packageid</key>
<string>com.adobe.pkg.FlashPlayer</string>
<key>version</key>
<string>19.0.0.207</string>
</dict>
</array>
<key>unattended_install</key>
<true/>
<key>uninstall_method</key>
<string>removepackages</string>
<key>uninstallable</key>
<true/>
<key>version</key>
<string>19.0.0.207</string>
</dict>
</plist>
This issue is being presented as an opportunity for the Github community to make any further suggestions about implementation before an attempt is made to implement a solution.
Work will start on or about July 13
Details from the Simian feature request doc are below:
Problem:
A major hurtle to small shops using Simian is establishment of a common CA to sign client certificates. While many shops simply use puppet, it would be better to include a CA option on the simian server.
Solution:
Create a solution to perform X509 signing requests.
Constraints:
Immediate traceback with cfacter and simianfacter the moment it hits the new structured fact output:
Traceback (most recent call last):
File "/usr/local/bin/simianfacter", line 102, in <module>
main()
File "/usr/local/bin/simianfacter", line 87, in main
facts = GetFacterFacts()
File "/usr/local/bin/simianfacter", line 69, in GetFacterFacts
(key, unused_sep, value) = line.split(' ', 2)I'm working on a PR, just submitting this in case someone beats me to it with how y'all solved this internally... 😉
The summary page should list all clients (paginated of course) in the same way that clients are listed after using the search functionality (but not filtered).
Currently, it's a pain to browse through all clients - which might be less useful for large organisations but would be very useful for small-medium businesses and also new users finding their way around the UI for the first time.
On some clients, curl is not following the redirect from pypi.python.org to pypi.org for downloading packages during install. Please replace all instances of pypi.python.org with pypi.org to both eliminate these unnecessary redirects and fix the fringe cases they cause.
Issue
I don't see an option to log out of Simian Admin. I have to clear my browser history to logout or change users.
Forgive me if I shouldn't be posing this question here. I see if I use google apps to authorize the users that can log into the Simian itself and I can even stop people from the domain from seeing the page by setting ALLOW_ALL_DOMAIN_USERS_READ_ACCESS to False. But is it possible to keep my Simian install at appspot.com and use google emails to authorize and still restrict which users can even see the Simian page? I'd really would like to only have to pay for Appengine. What are my options?
As per:
https://groups.google.com/d/msg/simian-discuss/cm6SDsBM3dA/HRLpAjyeFgAJ
If the client hostname contains a ' symbol (which is Mac default), preflight barfs:
admin$ sudo /usr/local/munki/preflight --debug
WARNING:root:facter hostname empty; fetching from sys_config
Traceback (most recent call last):
File "/usr/local/munki/simian_client.py", line 87, in
sys.exit(main(sys.argv[1:]))
File "/usr/local/munki/simian_client.py", line 73, in main
preflight.RunPreflight(runtype, server_url=server_url)
File "/usr/local/munki/simian/lib/python2.7/site-packages/simian-2.4-py2.7.egg/simian/mac/client/preflight.py", line 371, in RunPreflight
secure_config, client_id, user_settings, client_exit)
File "/usr/local/munki/simian/lib/python2.7/site-packages/simian-2.4-py2.7.egg/simian/mac/client/preflight.py", line 114, in LoginToServer
client_id_str = flight_common.DictToStr(client_id)
File "/usr/local/munki/simian/lib/python2.7/site-packages/simian-2.4-py2.7.egg/simian/mac/client/flight_common.py", line 530, in DictToStr
value = value.decode('utf-8')
File "/usr/local/munki/simian/lib/python2.7/encodings/utf_8.py", line 16, in decode
return codecs.utf_8_decode(input, errors, True)
UnicodeEncodeError: 'ascii' codec can't encode character u'\u2019' in position 5: ordinal not in range(128)
Running current clone, on OS X 10.11
I may need to post this in the Munki section, but I'm not sure. I have 2 clients functioning. I have updates that are supposed to be forced if they aren't installed but they don't seem to be installing. Is it necessary for the user to open managed software center before you can have an update be installed?
When following the setup tutorials make spits out a whole bunch of stuff onto the filesystem, including the results of unit tests that are specific to the machine.
Adding a .gitignore file to the repo would be a simple way to make sure that files specific to the machine simian is currently being built on are not committed to the repo, but organisations can still use git to manage settings.cfg and other config - using the google/simian repo as an upstream to periodically merge changes from.
The following URL takes me straight to the correct search, combining two steps into one:
https://developer.apple.com/downloads/index.action?name=PackageMaker
Problem:
Managed Software Center.app is present in contents.tar.gz but omitted from the finished finished simian pkg and dmg files. This bug occurs in simian 2.3 and 2.4 builds, when packagemaker is not present in the build environment.
Steps to recreate:
Working with Justin on this he pointed out that pkbuild support was implemented here
Issue
Google users are allowed to specify capitalization of the email login for their accounts (e.g, [email protected]). The usernames for Simian's ACL groups are case-sensitive. This can be a confusing bug if an admin enters users in lowercase, but Google expects capitalization.
How to replicate
[email protected], enter it as [email protected].[email protected] and log back in.Running make dmg on High Sierra fails with:
hdiutil: create failed - no mountable file systems
make: *** [simian-2.5-and-munkitools-3.0.3.3352.dmg] Error 1
This is fixed by specifying HFS+ as the format for the disk image in tgz2dmg.sh on line 172:
hdiutil create -srcfolder "${TMPDIR}/pkg" -layout NONE -volname Simian "$OUT" -fs HFS+
This shouldn't break anything for <= 10.12 AFAIK
Just got the email tonight about some API changes relating to blobstore and was wondering if that is going to affect simian.
Thanks!
Issue
When logged in as a restricted user, trying to open some restricted pages will give a generic error or Internal Server Error (500). Messaging could be improved by returning a page that states the current user is in a group that does not have access to the resource.
How to replicate
When using MFA on Google Apps the appcfg.py command needs to get called with --oauth2 parameter.
--oauth2luzifer@knut-workstation01 ~/g/simian (master ••) [2]> make release
src/simian/util/create_gae_bundle.sh /Users/luzifer/git/simian
sed -i "" "s/^application:.*/application: `PYTHONPATH=. python src/simian/util/appid_generator.py`/" gae_bundle/app.yaml
src/simian/util/link_module.sh PyYAML
src/simian/util/link_module.sh pytz
src/simian/util/link_module.sh tlslite
src/simian/util/link_module.sh pyasn1
src/simian/util/link_module.sh icalendar
VE/bin/python src/simian/util/compile_js.py gae_bundle/simian/mac/admin/js/simian.js
appcfg.py --version=bcfc590c1ec7 update gae_bundle/
02:09 PM Application: mysimian; version: bcfc590c1ec7 (was: 1)
02:09 PM Host: appengine.google.com
Traceback (most recent call last):
File "/usr/local/bin/appcfg.py", line 127, in <module>
run_file(__file__, globals())
File "/usr/local/bin/appcfg.py", line 123, in run_file
execfile(_PATHS.script_file(script_name), globals_)
File "/Applications/GoogleAppEngineLauncher.app/Contents/Resources/GoogleAppEngine-default.bundle/Contents/Resources/google_appengine/google/appengine/tools/appcfg.py", line 5397, in <module>
[...]
--oauth2luzifer@knut-workstation01 ~/g/simian (master ••)> make release
src/simian/util/create_gae_bundle.sh /Users/luzifer/git/simian
sed -i "" "s/^application:.*/application: `PYTHONPATH=. python src/simian/util/appid_generator.py`/" gae_bundle/app.yaml
src/simian/util/link_module.sh PyYAML
src/simian/util/link_module.sh pytz
src/simian/util/link_module.sh tlslite
src/simian/util/link_module.sh pyasn1
src/simian/util/link_module.sh icalendar
VE/bin/python src/simian/util/compile_js.py gae_bundle/simian/mac/admin/js/simian.js
appcfg.py --version=bcfc590c1ec7 --oauth2 update gae_bundle/
02:15 PM Application: mysimian; version: bcfc590c1ec7 (was: 1)
02:15 PM Host: appengine.google.com
02:15 PM
Starting update of app: mysimian, version: bcfc590c1ec7
[...]
From Google Code:
Reported by [email protected], Feb 24, 2014
Just a couple security-related notices for fetching from munkibuilds.org:
https://code.google.com/p/simian/source/browse/trunk/Makefile#116
munkibuilds.org now has a valid SSL cert and can be accessed over HTTPS.
Also, the MD5's of all download DMGs are published at the 'MD5' URL for each build, so you could verify them, for example using 'md5 -q'.
I installed Simian last week to test it, today I was writing up documentation on how I set it up and the Apple Updates page wouldn't load. In the browser I get:
Traceback (most recent call last):
File "/base/data/home/runtimes/python27/python27_lib/versions/1/google/appengine/runtime/wsgi.py", line 267, in Handle
result = handler(dict(self._environ), self._StartResponse)
File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 1529, in __call__
rv = self.router.dispatch(request, response)
File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 1278, in default_dispatcher
return route.handler_adapter(request, response)
File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 1102, in __call__
return handler.dispatch()
File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 570, in dispatch
return method(*args, **kwargs)
File "/base/data/home/apps/e~thefloow-simian/f8bfa254267e.393014033104675667/simian/mac/admin/applesus.py", line 186, in get
self._DisplayMain()
File "/base/data/home/apps/e~thefloow-simian/f8bfa254267e.393014033104675667/simian/mac/admin/applesus.py", line 204, in _DisplayMain
p.testing_promote_date = applesus.GetAutoPromoteDate(common.TESTING, p)
File "/base/data/home/apps/e~thefloow-simian/f8bfa254267e.393014033104675667/simian/mac/common/applesus.py", line 306, in GetAutoPromoteDate
if not settings.APPLE_AUTO_PROMOTE_ENABLED:
File "/base/data/home/apps/e~thefloow-simian/f8bfa254267e.393014033104675667/simian/settings.py", line 382, in __getattr__
return self._Get(str(k).lower())
File "/base/data/home/apps/e~thefloow-simian/f8bfa254267e.393014033104675667/simian/settings.py", line 805, in _Get
item, unused_mtime = self._module.models.Settings.GetItem(k)
File "/base/data/home/apps/e~thefloow-simian/f8bfa254267e.393014033104675667/simian/mac/models/settings.py", line 274, in GetItem
value, mtime = cls.GetSerializedItem(name)
File "/base/data/home/apps/e~thefloow-simian/f8bfa254267e.393014033104675667/simian/mac/models/base.py", line 734, in GetSerializedItem
entity = cls.MemcacheWrappedGet(key)
File "/base/data/home/apps/e~thefloow-simian/f8bfa254267e.393014033104675667/simian/mac/models/base.py", line 141, in MemcacheWrappedGet
cached = memcache.get(memcache_key)
File "/base/data/home/runtimes/python27/python27_lib/versions/1/google/appengine/api/memcache/__init__.py", line 560, in get
results = rpc.get_result()
File "/base/data/home/runtimes/python27/python27_lib/versions/1/google/appengine/api/apiproxy_stub_map.py", line 613, in get_result
return self.__get_result_hook(self)
File "/base/data/home/runtimes/python27/python27_lib/versions/1/google/appengine/api/memcache/__init__.py", line 616, in __get_hook
rpc.check_success()
File "/base/data/home/runtimes/python27/python27_lib/versions/1/google/appengine/api/apiproxy_stub_map.py", line 584, in check_success
self.__stubmap.GetPostCallHooks().Call(self.__service, self.__method,
DeadlineExceededError: The overall deadline for responding to the HTTP request was exceeded.
Looking at this in the AppEngine console, I get the following:
Traceback (most recent call last):
File "/base/data/home/runtimes/python27/python27_lib/versions/1/google/appengine/runtime/wsgi.py", line 267, in Handle
result = handler(dict(self._environ), self._StartResponse)
File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 1529, in __call__
rv = self.router.dispatch(request, response)
File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 1278, in default_dispatcher
return route.handler_adapter(request, response)
File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 1102, in __call__
return handler.dispatch()
File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 570, in dispatch
return method(*args, **kwargs)
File "/base/data/home/apps/e~thefloow-simian/f8bfa254267e.393014033104675667/simian/mac/admin/applesus.py", line 186, in get
self._DisplayMain()
File "/base/data/home/apps/e~thefloow-simian/f8bfa254267e.393014033104675667/simian/mac/admin/applesus.py", line 204, in _DisplayMain
p.testing_promote_date = applesus.GetAutoPromoteDate(common.TESTING, p)
File "/base/data/home/apps/e~thefloow-simian/f8bfa254267e.393014033104675667/simian/mac/common/applesus.py", line 306, in GetAutoPromoteDate
if not settings.APPLE_AUTO_PROMOTE_ENABLED:
File "/base/data/home/apps/e~thefloow-simian/f8bfa254267e.393014033104675667/simian/settings.py", line 382, in __getattr__
return self._Get(str(k).lower())
File "/base/data/home/apps/e~thefloow-simian/f8bfa254267e.393014033104675667/simian/settings.py", line 805, in _Get
item, unused_mtime = self._module.models.Settings.GetItem(k)
File "/base/data/home/apps/e~thefloow-simian/f8bfa254267e.393014033104675667/simian/mac/models/settings.py", line 274, in GetItem
value, mtime = cls.GetSerializedItem(name)
File "/base/data/home/apps/e~thefloow-simian/f8bfa254267e.393014033104675667/simian/mac/models/base.py", line 734, in GetSerializedItem
entity = cls.MemcacheWrappedGet(key)
File "/base/data/home/apps/e~thefloow-simian/f8bfa254267e.393014033104675667/simian/mac/models/base.py", line 141, in MemcacheWrappedGet
cached = memcache.get(memcache_key)
File "/base/data/home/runtimes/python27/python27_lib/versions/1/google/appengine/api/memcache/__init__.py", line 560, in get
results = rpc.get_result()
File "/base/data/home/runtimes/python27/python27_lib/versions/1/google/appengine/api/apiproxy_stub_map.py", line 613, in get_result
return self.__get_result_hook(self)
File "/base/data/home/runtimes/python27/python27_lib/versions/1/google/appengine/api/memcache/__init__.py", line 616, in __get_hook
rpc.check_success()
File "/base/data/home/runtimes/python27/python27_lib/versions/1/google/appengine/api/apiproxy_stub_map.py", line 577, in check_success
self.wait()
File "/base/data/home/runtimes/python27/python27_lib/versions/1/google/appengine/api/apiproxy_stub_map.py", line 556, in wait
assert self.__rpc.state == apiproxy_rpc.RPC.FINISHING, repr(self.state)
DeadlineExceededError: The overall deadline for responding to the HTTP request was exceeded.
On one of the errors I've managed to generate in AppEngine I got the following (none of the others I have seen reported this):
This request caused a new process to be started for your application, and thus caused your application code to be loaded for the first time. This request may thus take longer and use more CPU than a typical request for your application.
I've waited over an hour for this code to finish running, but it still loads the same/similar error.
When I first ran in to this issue, I did try running make release again just in case something was wrong with my deployment, but I get the same issue. I checked I was on the latest branch at the time.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.