{"id":869,"date":"2016-03-30T13:49:44","date_gmt":"2016-03-30T11:49:44","guid":{"rendered":"http:\/\/osxadmin.cz\/?page_id=869"},"modified":"2021-01-29T17:06:31","modified_gmt":"2021-01-29T15:06:31","slug":"sprava-macu-pro-abuco","status":"publish","type":"page","link":"https:\/\/macadmin.cz\/?page_id=869","title":{"rendered":"Spr\u00e1va Mac\u016f pro Abuco"},"content":{"rendered":"\n<p>Pro firmu <a href=\"http:\/\/www.abuco.cz\">Abuco<\/a> jsem navrhl syst\u00e9m hromadn\u00e9 spr\u00e1vy Mac\u016f, kter\u00fd nyn\u00ed vyu\u017e\u00edvaj\u00ed dva jej\u00ed klienti. D\u00edky n\u011bmu jsme schopni snadno p\u0159ipravit nov\u00e9 po\u010d\u00edta\u010de a centralizovan\u011b spravovat software a konfiguraci na nasazen\u00fdch Mac\u00edch.<\/p>\n\n\n\n<p>Na projektu jsme spolupracoval s <a href=\"https:\/\/xmyslivec.cz\/\" data-type=\"URL\" data-id=\"https:\/\/xmyslivec.cz\/\">Vojtou Myslivcem<\/a>, kter\u00fd mi velmi pomohl s konfigurac\u00ed webserveru a zabezpe\u010den\u00ed. Pokud byste hledali Linux sysadmina se zam\u011b\u0159en\u00edm na bezpe\u010dnost, mohu doporu\u010dit.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/macadmin.cz\/wp-content\/uploads\/IMG_1769-1.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"967\" src=\"https:\/\/macadmin.cz\/wp-content\/uploads\/IMG_1769-1-1024x967.jpg\" alt=\"\" class=\"wp-image-1402\" srcset=\"https:\/\/macadmin.cz\/wp-content\/uploads\/IMG_1769-1-1024x967.jpg 1024w, https:\/\/macadmin.cz\/wp-content\/uploads\/IMG_1769-1-300x283.jpg 300w, https:\/\/macadmin.cz\/wp-content\/uploads\/IMG_1769-1-1536x1450.jpg 1536w, https:\/\/macadmin.cz\/wp-content\/uploads\/IMG_1769-1-2048x1934.jpg 2048w\" sizes=\"auto, (max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" \/><\/a><\/figure>\n\n\n\n<p>Technologie se v\u0161ak vyv\u00edj\u00ed, syst\u00e9m dnes vypad\u00e1 podstat\u011b jinak ne\u017e p\u0159ed p\u011bti lety. Pod\u00edv\u00e1m se na oba stavy.<\/p>\n\n\n\n<h1 class=\"wp-block-heading\">Jak je to te\u010f<\/h1>\n\n\n\n<p>Vzd\u00e1lenou spr\u00e1vu Mac\u016f zaji\u0161\u0165uje <a href=\"https:\/\/simplemdm.com\" data-type=\"URL\" data-id=\"https:\/\/simplemdm.com\">SimpleMDM<\/a> propojen\u00e9 s Apple Business Manager. Nov\u00e9 za\u0159\u00edzen\u00ed se zapojuj\u00ed do MDM pomoc\u00ed Automated Device Enrollment. Star\u0161\u00ed za\u0159\u00edzen\u00ed mimo ABM si mus\u00ed vysta\u010dit s klasick\u00fdm Device Enrollment proveden\u00fdm manu\u00e1ln\u011b.<\/p>\n\n\n\n<p>Vedle konfigura\u010dn\u00edch profil\u016f Simple MDM po\u0161le na nov\u011b zapojen\u00e9 Mac instala\u010dn\u00ed bal\u00ed\u010dek s na\u0161\u00ed automatizac\u00ed. Ta zajist\u00ed instalaci <a href=\"https:\/\/www.munki.org\/munki\/\" data-type=\"URL\" data-id=\"https:\/\/www.munki.org\/munki\/\">Munki<\/a> klienta, jeho konfiguraci a n\u00e1slednou instalaci software. U\u017eivatel je o pr\u016fb\u011bhu informov\u00e1n aplikac\u00ed <a href=\"https:\/\/gitlab.com\/Mactroll\/DEPNotify\" data-type=\"URL\" data-id=\"https:\/\/gitlab.com\/Mactroll\/DEPNotify\">DEPnotify<\/a>.<\/p>\n\n\n\n<p>Do budoucna chceme podporovat i User Enrollment pro BYOD za\u0159\u00edzen\u00ed. Dom\u00e9nu klienta jsme federovali mezi ABM a Azure Active Directory, aby u\u017eivatel\u00e9 mohli vyu\u017e\u00edt Microsoft p\u0159ihla\u0161ovac\u00edch \u00fadaj\u016f i pro sv\u00e1 spravovan\u00e9 Apple ID. Synchronizaci \u00fadaj\u016f mezi ABM a AAD zaji\u0161\u0165uje protokol SCIM.<\/p>\n\n\n\n<h1 class=\"wp-block-heading\">Jak to bylo<\/h1>\n\n\n\n<h2 class=\"wp-block-heading\">Nasazen\u00ed Mac\u016f<\/h2>\n\n\n\n<p>K zapojen\u00ed nov\u00fdch i st\u00e1vaj\u00edc\u00edch po\u010d\u00edta\u010d\u016f do na\u0161eho syst\u00e9mu pou\u017e\u00edv\u00e1me n\u00e1stroj <a href=\"http:\/\/www.deploystudio.com\">DeployStudio<\/a>. Ani jeden z klient\u016f nem\u00e1 p\u0159\u00edmo ve firm\u011b serverovou infrastrukturu, na kter\u00e9 by se dalo provozovat DeployStudio v s\u00ed\u0165ov\u00e9m re\u017eimu. Proto jsou v\u0161echny jeho komponenty um\u00edst\u011bny na extern\u00edm disku s macOS.<\/p>\n\n\n\n<p>DeployStudio umo\u017e\u0148uje vytv\u00e1\u0159et automatizovanou posloupnost akc\u00ed &#8211; workflow, ve kter\u00e9 lze nap\u0159\u00edklad:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>instalovat .pkg bal\u00ed\u010dky a spou\u0161t\u011bt skripty p\u0159i dal\u0161\u00edm spu\u0161t\u011bn\u00ed syst\u00e9mu na c\u00edlov\u00e9m Macu,<\/li><li>vytvo\u0159it u\u017eivatele a nastavit jm\u00e9no po\u010d\u00edta\u010de,<\/li><li>obnovit obraz disku, pokud chceme &#8220;\u010dist\u00fd&#8221; po\u010d\u00edta\u010d.<\/li><\/ul>\n\n\n\nngg_shortcode_0_placeholder\n\n\n\n<p>Extern\u00edch disk\u016f pou\u017e\u00edv\u00e1me n\u011bkolik, proto\u017ee podporu p\u0159\u00edmo u klient\u016f \u0159e\u0161\u00ed v\u00edc technik\u016f. Disky je proto t\u0159eba synchronizovat ze stavu ulo\u017een\u00e9m na serveru. Napsal jsem si na to vlastn\u00ed skript pou\u017e\u00edvaj\u00edc\u00ed n\u00e1stroje <a href=\"https:\/\/rsync.samba.org\">rsync<\/a> a <a href=\"https:\/\/git-scm.com\">git<\/a>.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><a href=\"http:\/\/osxadmin.cz\/wp-content\/uploads\/disk_sync2.png\" rel=\"attachment wp-att-877\"><img decoding=\"async\" src=\"https:\/\/macadmin.cz\/wp-content\/uploads\/disk_sync2.png\" alt=\"DeployStudio sync\"\/><\/a><\/figure><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Instalace software a aktualizac\u00ed<\/h2>\n\n\n\n<p>Instalace software prob\u00edh\u00e1 syst\u00e9mem <a href=\"https:\/\/github.com\/munki\/munki\">Munki<\/a>. Klienti stahuj\u00ed instala\u010dn\u00ed soubory z na\u0161eho serveru p\u0159es internet. Spojen\u00ed samoz\u0159ejm\u011b zabezpe\u010duje TLS a autentizace. Skrz Munki dok\u00e1\u017eeme prov\u00e9st <a href=\"https:\/\/github.com\/munki\/createOSXinstallPkg\">upgrade<\/a> macOS nebo p\u0159idat do syst\u00e9mu novou <a href=\"https:\/\/github.com\/munki\/munki\/wiki\/Managing-Printers-With-Munki\">tisk\u00e1rnu<\/a>.<\/p>\n\n\n\n<p>Drtivou v\u011bt\u0161inu program\u016f z\u00edsk\u00e1v\u00e1me pomoc\u00ed automatiza\u010dn\u00edho frameworku <a href=\"https:\/\/github.com\/autopkg\/autopkg\">AutoPkg<\/a>. Ka\u017ed\u00fd den prob\u011bhne kontrola, zda neexistuje nov\u011bj\u0161\u00ed verze n\u011bjak\u00e9ho software. Pokud ano, je sta\u017een a p\u0159id\u00e1n do Munki repozit\u00e1\u0159e. Z na\u0161\u00ed strany tedy sta\u010d\u00ed jej postupn\u011b zp\u0159\u00edstupnit v\u0161em Mac\u016fm vyu\u017e\u00edvaj\u00edc\u00ed syst\u00e9m.<\/p>\n\n\n\nngg_shortcode_1_placeholder\n\n\n\n<p>Abychom udr\u017eeli kontrolu nad Apple aktualizacemi, nastavili jsme v\u0161echny klienty, aby je vyhled\u00e1vali na na\u0161\u00ed replice Apple Software Update serveru. Apple aktualizace z linuxov\u00e9ho serveru poskytuje standardn\u00ed webserver. Synchronizaci a \u00fadr\u017ebu repozit\u00e1\u0159e s aktualizacemi zaji\u0161\u0165uje <a href=\"https:\/\/github.com\/wdas\/reposado\">Reposado<\/a>. Pro ovl\u00e1d\u00e1n\u00ed Reposada pou\u017e\u00edv\u00e1me webovou aplikaci <a href=\"https:\/\/github.com\/jessepeterson\/margarita\">Margarita<\/a>. Skrz jej\u00ed rozhran\u00ed lze snadno naklikat dostupnost aktualizac\u00ed skupin\u00e1m po\u010d\u00edta\u010d\u016f.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img decoding=\"async\" src=\"https:\/\/macadmin.cz\/wp-content\/uploads\/munki880.png\" alt=\"Munki server\"\/><\/figure><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Monitorov\u00e1n\u00ed Mac\u016f<\/h2>\n\n\n\n<p>Sm\u011brem k u\u017eivatel\u016fm chceme b\u00fdt proaktivn\u00ed. P\u0159i ka\u017ed\u00e9m spu\u0161t\u011bn\u00ed Munki klienta jsou zasl\u00e1ny informace webov\u00e9 aplikaci <a href=\"https:\/\/github.com\/munkireport\/munkireport-php\">munkireport-php<\/a>. P\u0159ehled o stavu po\u010d\u00edta\u010d\u016f n\u00e1m umo\u017e\u0148uje \u0159e\u0161it n\u011bkter\u00e9 probl\u00e9my, je\u0161t\u011b ne\u017e si jich u\u017eivatel v\u0161imne.<\/p>\n\n\n\n<p>Munkireport dok\u00e1\u017ee sb\u00edrat celou \u0159adu informac\u00ed. Za zm\u00ednku stoj\u00ed:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>kompletn\u00ed informace o hardware Macu,<\/li><li>ve\u0161ker\u00fd nainstalovan\u00fd software,<\/li><li>Wi-Fi s\u00ed\u0165 a s\u00edla sign\u00e1lu,<\/li><li>pou\u017e\u00edvan\u00e9 tisk\u00e1rny, extern\u00ed displeje a Apple bluetooth p\u0159\u00edslu\u0161enstv\u00ed.<\/li><\/ul>\n\n\n\nngg_shortcode_2_placeholder\n\n\n\n<h3 class=\"wp-block-heading\"><\/h3>\n","protected":false},"excerpt":{"rendered":"<p>Pro firmu Abuco jsem navrhl syst\u00e9m hromadn\u00e9 spr\u00e1vy Mac\u016f, kter\u00fd nyn\u00ed vyu\u017e\u00edvaj\u00ed dva jej\u00ed klienti. D\u00edky n\u011bmu jsme schopni snadno p\u0159ipravit nov\u00e9 po\u010d\u00edta\u010de a centralizovan\u011b spravovat software a konfiguraci na nasazen\u00fdch Mac\u00edch. Na projektu jsme spolupracoval s Vojtou Myslivcem, kter\u00fd mi velmi pomohl s konfigurac\u00ed webserveru a zabezpe\u010den\u00ed. Pokud byste hledali Linux sysadmina se zam\u011b\u0159en\u00edm &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/macadmin.cz\/?page_id=869\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Spr\u00e1va Mac\u016f pro Abuco&#8221;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"parent":644,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"ngg_post_thumbnail":0,"footnotes":""},"class_list":["post-869","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/macadmin.cz\/index.php?rest_route=\/wp\/v2\/pages\/869","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/macadmin.cz\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/macadmin.cz\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/macadmin.cz\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/macadmin.cz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=869"}],"version-history":[{"count":41,"href":"https:\/\/macadmin.cz\/index.php?rest_route=\/wp\/v2\/pages\/869\/revisions"}],"predecessor-version":[{"id":1413,"href":"https:\/\/macadmin.cz\/index.php?rest_route=\/wp\/v2\/pages\/869\/revisions\/1413"}],"up":[{"embeddable":true,"href":"https:\/\/macadmin.cz\/index.php?rest_route=\/wp\/v2\/pages\/644"}],"wp:attachment":[{"href":"https:\/\/macadmin.cz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=869"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}