- MCX is being replaced by profiles. As we move more of our computers to 10.8/10.9, it is no longer necessary to continue this service.
- We could use (virtually) any server to host our Distribution Points.
- Software Update Services only (officially) hosts updates for the same level of the host's operating system or lower. Since our servers are currently at 10.7.5 this obviously creates a problem. We were able to use a kludge to get it to host 10.8.X updates, but this didn't work when 10.9 was released.
Thus this past week I launched my master plan to replace Apple's SUS with Reposado. Below is the process that I used. (Warning: This is the process that I used. I'm sure that there are many other ways to do what I've done.)
Resources used:
- Reposado GitHub site (https://github.com/wdas/reposado)
- Margarita GitHub site (https://github.com/jessepeterson/margarita)
- Bye Bye Apple SUS (http://www.nbalonso.com/bye-bye-apple-sus/)
- Reposado Apple Software Update Server (http://signalboxes.net/mac2linux/reposado-apple-software-update-server/)
- Setting up Reposado and Margarita on Linux – Part 1 (http://macadmincorner.com/setting-up-reposado-and-margarita-on-linux-part-1/)
Preparation:
- Clone (download) Reposado and Margarita repositories.
- Download X-Code command line tools
Process:
Create Reposado working directory:
mkdir /usr/local/reposado
Copy items in reposado-master/code directory to this folder.
Create Reposado repository folders:
mkdir -p /Volumes/Data/reposado/html
mkdir /Volumes/Data/reposado/metadata
Change to the Reposado working directory:
cd /usr/local/reposado
Configure Reposado and answer the questions that come up. (Answers in bold) In this example I’ll be using port 80 to serve updates:
./repoutil --configure
Path to store replicated catalogs and updates [None]: /Volumes/Data/reposado/html
Path to store Reposado metadata [None]: /Volumes/Data/reposado/metadata/
Base URL for your local Software Update Service (Example: http://su.your.org -- leave empty if you are not replicating updates) [None]: http://myupdateserver.com
Clone the Apple Software Update library:
./repo_sync
The initial sync will take a couple of hours. While this is running, you should see it creating files and indexes and downloading the updates into it’s file structure. Since this is going to take a while, we can begin to prep our web server.
Open the Apache2 configuration file (/etc/apache2/httpd.conf) to make sure it’s setup properly:
•Make sure it’s listening on port 80 (around line 50?):
#Listen 12.34.56.78:80
Listen 80
•The rewrite module is enabled: (Uncomment if necessary)
LoadModule rewrite_module libexec/apache2/mod_rewrite.so
•Change the default directory. Comment out the default line and add your new directory so that it looks like below:
Change: Directory "/Library/WebServer/Documents"
to: Directory "/Volumes/Data/reposado"
•Some people have found it necessary to make sure that Overrides are enabled (I haven’t found it necessary, but ymmv)
Change: AllowOverride None
to: AllowOverride All
Close the file and edit the default port 80 configuration (/etc/apache2/sites/0000_any_80_.conf) :
Change the default directory here as well:
DocumentRoot "/Volumes/Data/reposado/html”
(This step is probably not necessary, but this is the combination was required in order for me to get this working.)
Create a .htaccess file in your Reposado repository with the following items (check the Reposado wiki for the latest). This will allow you to point all of your clients to [repositoryURL]/index.sucatalog and not worry about making changes for every operating system:
1: RewriteEngine On
2: Options FollowSymLinks
3: RewriteBase /
4: RewriteCond %{HTTP_USER_AGENT} Darwin/8
5: RewriteRule ^index(.*)\.sucatalog$ content/catalogs/index$1.sucatalog [L]
6: RewriteCond %{HTTP_USER_AGENT} Darwin/9
7: RewriteRule ^index(.*)\.sucatalog$ content/catalogs/others/index-leopard.merged-1$1.sucatalog [L]
8: RewriteCond %{HTTP_USER_AGENT} Darwin/10
9: RewriteRule ^index(.*)\.sucatalog$ content/catalogs/others/index-leopard-snowleopard.merged-1$1.sucatalog [L]
10: RewriteCond %{HTTP_USER_AGENT} Darwin/11
11: RewriteRule ^index(.*)\.sucatalog$ content/catalogs/others/index-lion-snowleopard-leopard.merged-1$1.sucatalog [L]
12: RewriteCond %{HTTP_USER_AGENT} Darwin/12
13: RewriteRule ^index(.*)\.sucatalog$ content/catalogs/others/index-mountainlion-lion-snowleopard-leopard.merged-1$1.sucatalog [L]
14: RewriteCond %{HTTP_USER_AGENT} Darwin/13
15: RewriteRule ^index(.*)\.sucatalog$ content/catalogs/others/index-10.9-mountainlion-lion-snowleopard-leopard.merged-1$1.sucatalog [L]
Let’s start the web server and check to make everything is OK:
sudo apachectl restart
Check the log files for errors:
tail /var/log/apache2/error_log
tail /var/log/apache2/access_log
After the repo_sync has finished. point one or more of your clients to the new repo and test, test, test:
sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL “http://myupdateserver.com/index.sucatalog”
Verify that your entry was done properly:
defaults read /Library/Preferences/com.apple.SoftwareUpdate CatalogURL
http://myupdateserver.com/index.sucatalog
Test your client:
sudo softwareupdate -l
You should see the computer checking similar to below:
Software Update Tool
Copyright 2002-2010 Apple
Software Update found the following new or updated software:
* SecUpdSrvr2014-003Lion-1.0
Security Update 2014-003 (1.0), 180667K [recommended] [restart]
* SecUpdSrvr2014-002Lion-1.0
Security Update 2014-002 (1.0), 173813K [recommended] [restart]
If you see any errors, check your CatalogURL and try again.
At the server, check the log files to ensure that no errors have occurred. I like to go back 50 or 100 lines or so to make sure I’m seeing the beginning of the process:
tail -n50 /var/log/apache2/error_log
tail -n50 /var/log/apache2/access_log
Congratulations!! You now have a functioning update server!
Now let’s schedule it to sync nightly:
Create a plist file (reposync.plist) in the Reposado working directory with the following contents:
1: <?xml version="1.0" encoding="UTF-8"?>
2: <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
3: <plist version="1.0">
4: <dict>
5: <key>Label</key>
6: <string>com.yourcompany.reposync</string>
7: <key>OnDemand</key>
8: <true/>
9: <key>RunAtLoad</key>
10: <false/>
11: <key>Program</key>
12: <string>/PATH/TO/SCRIPT</string>
13: <key>ProgramArguments</key>
14: <array>
15: <string>/usr/local/reposado/repo_sync</string>
16: </array>
17: <key>StartCalendarInterval</key>
18: <dict>
19: <key>Hour</key>
20: <integer>02</integer>
21: <key>Minute</key>
22: <integer>00</integer>
23: </dict>
24: </dict>
25: </plist>
This plist will run repo_sync every night at 2:00 am. Copy it to /Library/LaunchDaemons/com.mycompany.reposync.plist:
cp reposync.plist /Library/LaunchDaemons/com.mycompany.reposync.plist
and launch it:
sudo launchctl load -w /Library/LaunchDaemons/com.mycompany.reposync.plist
Next steps:
- Installing Margarita (https://github.com/jessepeterson/margarita)
- Duplicating this process across all remaining site servers. (Might turn out to be an excuse to start using Puppet (http://puppetlabs.com/) to manage my servers)
- Implement Sean Kaiser’s Multi-Site solution (http://seankaiser.com/blog/2013/05/23/multi-site-reposado/)
- Changing the server configurations to pull from my master repo. (Just an idea, only if bandwidth utilization gets out of hand.)