-
Notifications
You must be signed in to change notification settings - Fork 64
Client configuration
Sal's client scripts are configured using macOS' standard preferences system under the com.github.salopensource.sal domain. This means that preferences can be set via:
- A profile
- MCX (not recommended for operating systems greater than 10.7)
- in
/Library/Preferences/com.github.salopensource.sal
The following options are available to set for the client side scripts.
| Key | Type | Notes |
|---|---|---|
| ServerURL | String | The URL of your Sal server (required) |
| key | String | The machine group's key (required if you wish to use basic authentication) |
| BasicAuth | Boolean | Whether to use basic authentication on your server. You should have a very good reason to disable this (defaults to true) |
| SyncScripts | Boolean | By default the Sal client will download the scripts it needs to run for your plugins from the server. See External Scripts for more information. (defaults to true) |
| SkipFacts | Array | It is possible to not upload all the data produced by Facter. You may have facts that are duplicates of other information Sal collects, or you don't wish to upload them for security reasons. |
| CACert | String | Path to your sal certificate. Curl on 10.13 requires this for self-signed certificates or uploading the report data will fail. |
| SendOfflineReport | Boolean | By default, Sal will not send reports when it thinks the device has been offline (Munki reports errors about connecting to the Munki repo, and Munki repo is online now). If you wish these errors to be reported because you have an unstable Munki repo, set this to False
|
| SSLClientCertificate | String | Absolute path to the SSL client certificate to use with mutual TLS when connecting to the sal server in PEM format (Requires SSLClientKey to also be defined), in PKCS#12 format, or the name for a certificate in the system or root user keychain. (See curl(1) man page for further details on --cert for advanced format options) |
| SSLClientKey | String | Full path to your sal SSL client key file for mutual TLS |
| MessageBlacklistPatterns | Array of Strings | Regular expressions which will be used to remove messages from a pending submission |
If you have a large fleet, you may wish to distribute the Sal's external scripts (the ones downloaded from the server during the preflight phase) via another mechanism (Munki is a good option!). You can build a package containing these scripts using the sal-pkg-generator script. You should run this on a machine that is already configured as a Sal client, as the script will use that machine's preferences to communicate with the server.
If you need to troubleshoot any issues with Sal Scripts checking in from mac's, you can run /usr/local/sal/bin/sal-submit --debug --verbose in order to get the debug information.
- Brute force protection
- LDAP integration
- Active Directory integration
- API
- Usage reporting
- License Management
- Maintenance
- Search
- Troubleshooting
- SAML
- IAM Authentication for AWS RDS Postgres
- Docker
- Ubuntu 14.04
- Ubuntu 16.04
- RHEL 7
- Kubernetes
- Heroku?