/B2-Middleware

Securely access a munki repo hosted on Backblaze B2

Primary LanguagePython

What is B2 Middleware?

B2 Middleware enables managed clients to securely access a munki repo from Backblaze's B2 Cloud Storage. B2 offers aggressive pricing for both storage and access.

B2 Middleware uses a private Application Key to get authorization for private B2 resources. Each request includes an expiration date after which the request is no longer valid.

Requirements

Configure a managed client to access the CloudFront munki repo.

  1. Install middleware_b2.py to /usr/local/munki/.

  2. Install b2-root.pem to /usr/local/munki/. This is required for munki embedded python3 compatibility

  3. Set the munki preference SoftwareRepoURL to the following format:

    https://b2/BUCKET_NAME/PATH
    

    This middleware looks specifically for a URL starting with https://b2 to be triggered. The first folder will be your bucket name. If you have your munki repo within a subfolder on this bucket please also provide that as well. The additional path is not needed if your repo is based at the root of your bucket.

  4. Set B2 Middleware preferences for your Account ID, Application Key, and the resource expiration timeout in seconds. If unset expiration will default to 30 minutes.

    sudo defaults write /Library/Preferences/ManagedInstalls B2AccountID -string "ACCOUNT_ID"
    sudo defaults write /Library/Preferences/ManagedInstalls B2ApplicationKey -string "APPLICATION_KEY"
    sudo defaults write /Library/Preferences/ManagedInstalls B2ValidDuration -int 3600
    
  5. Run munki and verify that B2 requests are being made.

    sudo managedsoftwareupdate --checkonly -vvv
    

Build a luggage package to install B2 Middleware

The included luggage makefile can be used to create an installer package for B2 Middleware.

  1. Replace the account_id and application_key on line 4+5 of the postinstall script with the appropriate values from Backblaze B2.
  2. make pkg and install.
  3. Set your SoftwareRepoURL to https://b2/BUCKET_NAME/PATH as stated in step 2 above.

Syncing a local repo with B2

One way you can sync your repo with B2 is with the commandline tool. For example:

b2 sync --excludeRegex '(.*\.DS_Store)|(.*\.git/.*)' --delete /path/to/munki/ https://b2/<B2_BUCKET_GOES_HERE>