creating a 'com.apple.wifi.managed' profile causes the installer to loop.

[groob]

I've had success using the mobileconfigs for creating various profiles, but when I try to create one to manage the wifi credentials, the profile gets installed each time, causing the wifi to reconnect.

Debug: Executing '/usr/bin/profiles -P -o /var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/d20140717-85034-7ojbsq/profiles76fd2869aa620eab79aa344a43a7b4cc.plist'
Notice: /Stage[main]/Managedmac::Mobileconfigs/Mobileconfig[com.apple.wifi.managed]/content: content changed '-234184370357129213' to '-4492789466839370892'
Debug: Executing '/usr/bin/profiles -I -F /var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/d20140717-85034-ofne00/c02a34201439162b0968b37b33b6eed5.mobileconfig'
Debug: Executing '/usr/bin/profiles -P -o /var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/d20140717-85034-16i9hm/profiles5120282a46a0f365dcc0995f3c0e5661.plist'
Debug: /Stage[main]/Managedmac::Mobileconfigs/Mobileconfig[com.apple.wifi.managed]: The container Class[Managedmac::Mobileconfigs] will propagate my refresh event

here's the relevant subset from hiera:

---
classes:
  - managedmac
managedmac::organization: "MyOrg"
managedmac::mobileconfigs::defaults:
  description:  'Installed by Puppet.'
  organization: 'MyOrg'
managedmac::mobileconfigs::payloads:
  'com.apple.wifi.managed':
    content:
      PayloadType: 'com.apple.wifi.managed'
      AutoJoin: true
      EncryptionType: 'WPA'
      HIDDEN_NETWORK: true
      Interface: 'BuiltInWireless'
      Password: 'MyOrgPassword!'
      SSID_STR: 'MyOrg'
      ProxyType: 'None'
    displayname: 'Managed Mac: WiFi'

[dayglojesus]

Does the profile contain certificates?

[groob]

No. It uses a password only. I was able to successfully implement the WiFi profile using a template previously.

https://github.com/whitby/puppet-module-profile/commit/e76f902ce67fedfdf8c1dca04ae2c59d572c2065

[dayglojesus]

Ah-ha. Okay, this looks like another edge case. Please read the section labeled "Important" to get an idea about what is happening.

http://dayglojesus.github.io/managedmac/types/#Mobileconfig

I am almost positive the cause of this is that the password is being scrubbed from the output of /usr/bin/profiles. If that's the case, then using a template is your best choice at present. Still, that doesn't mean it cannot be addressed. I fixed this problem for the com.apple.DirectoryService.managed Payload Types, so I can probably address this as well.

To check, run sudo puppet resource mobileconfig com.apple.wifi.managed

Review the output of this command -- does the Password key appear as a series of asterisks?

Thanks!

[groob]

Thanks for the explanation. That's likely what it is. I will use the template method in this case.

mobileconfig { 'com.apple.wifi.managed':
  ensure            => 'present',
  content           => [{'AutoJoin' => 'true', 'EncryptionType' => 'WPA', 'HIDDEN_NETWORK' => 'true', 'Interface' => 'BuiltInWireless', 'Password' => '********', 'PayloadType' => 'com.apple.wifi.managed', 'SSID_STR' => 'WhitbySchool'}],
  description       => 'Installed by Puppet.',
  displayname       => 'Managed Mac: WiFi',
  organization      => 'Whitby School',
  removaldisallowed => 'false',
}

[dayglojesus]

Okay. I will see what I can about this. Thanks for the report!!!

[dayglojesus]

@groob I've implemented some large changes to the Mobiileconfig type that should address this issue. Can you please test branch 0.4.2 and let me know if this gets the job done?

Thanks!

[groob]

Looks like the issue was resolved. The profile is being created and is only re-applied when I change the password in my hiera file!

[dayglojesus]

Huzzah! That's what it should do. I have reimplemented how the Mobileconfig perform checking on values in the :content property. I am hoping this will fix this issue and more that creep in -- with the exception of embedded certificates, of course. Thanks for you report!