Home

Previous Entry | Next Entry

Using your own Software Update server

  • Mar. 26th, 2009 at 4:40 PM
osx
This is a way to transparently set up a server to cache software updates on your local network. This doesn't require any modifications (defaults write...) on clients -- it just works. And I didn't find any other similar solution on the internet; not even here! It does require Mac OS X Server, however. Here's how we did it:
  1. Build a Mac OS X Server and call it yoursus. We used a headless Mac mini to do the job.
  2. You must use external DNS servers on this server (so it won't check itself for updates).
  3. Add a record for your server on your internal DNS, so yoursus.yourdomain.com resolves to your SUS's IP.
  4. Start Software Update Server (SUS). It may take some time to cache all updates -- our /usr/share/swupd/html/ folder now has almost 9GB of files in it!
  5. Start Web Service, and add following redirect (Server Admin » Web » Sites » default » Edit » Aliases » URL Aliases and Redirects » Add » Redirect):
    • Pattern: /content/catalogs/index-1.sucatalog
    • Path: http://yoursus.yourdomain.com:8088/index.sucatalog
  6. Add a zone in your internal DNS, called swscan.apple.com, and point the whole subdomain to the IP of your SUS.
  7. Flush your DNS cache on the clients: lookupd -flushcache
Now test your setup. Using Safari, following this link to Apple's catalog on your SUS should show Apple's real catalog (ApplePostURL should start with swquery.apple.com), while the same on other computers in your network should resolve and be forwarded to your SUS, http://yoursus.yourdomain.com:8088/index.sucatalog (ApplePostURL will start with yoursus.yourdomain.com:8088 this time).

Now just run Software Update on the clients, and enjoy the speed of downloads!

The only downside of this setup is the mini complaining in system.log that it has no reverse DNS entry for itself. To be honest, I didn't have much time to think how to set it up without extra hardware; I just happened to have a spare mini for this purpose. Maybe there's a way to have the DNS and SUS running on one server, perhaps via two IP addresses and tweaking of config files. I also didn't test it much with Panther clients; it possibly needs different redirects for that. Comments welcomed. Happy updating!

Warning: I emphasized using internal DNS so you won't propagate Apple's own zone to the outside world.

Keep an eye out for another post coming soon, where I show how to do this in the Terminal. But I find this method a bit safer- if you're running your own Software Update server, its not that hard to also run your own Web and DNS.

Tags:

Comments

( 3 comments — Leave a comment )
[info]nowalmart wrote:
Mar. 26th, 2009 09:05 pm (UTC)
Advantages?
What are the advantages of this method over the normal defaults write com.apple.SoftwareUpdate method?

The only one I can see is if you have a guest machine on the network that you do not want to mess with (although they might still have the old data in their DNS cache), or you have managed machines that leave frequently (although I am not sure you would want users to be able to update their machines from Apple's servers without testing the updates first on a test machine).

| Reply | Thread
[info]overstimnet wrote:
Mar. 26th, 2009 09:23 pm (UTC)
Re: Advantages?
Well, with this method, you don't have to configure each machine separately.
| Reply | Parent | Thread
[info]nowalmart wrote:
Mar. 27th, 2009 04:45 am (UTC)
Re: Advantages?
Good point. I suppose any time I have done roll-outs I have had access to Remote Desktop to push and run scripts for set up like that.
| Reply | Parent | Thread
( 3 comments — Leave a comment )

Advertisement

Tags

View my Tags page