Managing Apple Software Update Server Across Multiple Servers 10.5/10.6/10.7

Standard
UPDATE: For 10.8+ see: Managing Apple Software Update Server Across Multiple Servers 10.8+.

An internal Apple Software Update Server (ASUS) allows administrators to control what software updates client computers download etc.. more information about this service can be found here.

This all works great, but the initial setup requires you to manually tick each update to enable it to be downloaded.

This can be a bit of a pain especially when managing mulitple servers.

The following post advises on how to setup a Master ASUS with other servers Replicating the enabled updates. Saving the Admin time when setting up new servers & allowing central management.

Documentation

Apple has a support document on this here & there is also a post from Apple discussions that advises how to setup a 10.5 ASUS to serve 10.6 updates here.

Setting up Master Apple Software Server

  1. Enable ASUS on the server you wish to use as your Master Apple Software Server & configure as required.
  2. Enable any updates you wish to clients to be able to download.
  3. Test on a client computer.

Easy peasy so far.. nothing out of the norm.

Cascading your Master Apple Software Update Server

  1. Remote onto an OSX Server you with to use as an ASUS replica.
  2. Stop the Software Update Service.
  3. In Terminal, run the following commands. Replace swupdate.example.com with the URL of the server you want to be the Master Software Update Server.
# Backup the original swupd.plist
sudo cp /etc/swupd/swupd.plist /etc/swupd/swupd.plist.bak

# Change the MetaIndexURL to point to your own SUS (replace swupdate.example.com with your SUS's FQDN).
sudo /usr/libexec/PlistBuddy -c 'set metaIndexURL http://swupdate.example.com:8088/catalogs.sucatalog' /etc/swupd/swupd.plist

4. If this server has ran ASUS before, do the following to reset:

sudo rm -rf /private/etc/swupd/com.apple.server.swupdate.plist
sudo rm -rf /private/etc/swupd/com.apple.server.swupdate.plist.previous
sudo rm -rf /private/var/db/swupd/html/content/downloads/*

5. Launch Server Admin & connect to the Replica ASUS, select the Software Update service.
6. Click on the Setting icon then do the following:
7. Tick: “Copy ALL updates from Apple”
8. Tick: “Automatically enable copied updates”
9. Untick: “Delete outdated software updates”
10. Start Software Update Service.
11. All updates enabled on the Master ASUS will now be enabled on all Replica ASUS too.

Replicating 10.6 updates with a 10.5 server

  1. Stop ASUS on the 10.5 replica.
  2. Download http://swscan.apple.com/content/meta/mirror-config-1.plist and copy it to /usr/share/swupd/html/content/meta/mirror-config-1.plist
  3. Change it to look like this: (Replace swupdate.example.com with the URL of the Master Software Update Server).

4. Open Terminal & run the following command:

sudo /usr/libexec/PlistBuddy -c 'set metaIndexURL http://swupdate.example.com:8088/content/meta/mirror-config-1.plist' /etc/swupd/swupd.plist

5. Start ASUS on the replica & wait for it to download the catalog files in /private/var/db/swupd/html.

6. Once the catalog files have appeared, create some symbolic links by doing the following:

ln -s /usr/share/swupd/html/content/catalogs/index.sucatalog
ln -s /usr/share/swupd/html/content/catalogs/others/index-leopard.merged-1.sucatalog
ln -s /usr/share/swupd/html/content/catalogs/others/index-leopard-snowleopard.merged-1.sucatalog

7. 10.6 updates should now start being downloaded.

2 thoughts on “Managing Apple Software Update Server Across Multiple Servers 10.5/10.6/10.7

  1. Hi Mac Mule,

    I hope you can help.
    I have a 10.6.8 server that I have enabled to host 10.7 which will be my master SUS.
    before i have even got to the cascading part i have an issue 🙁

    I have followed the instructions from – http://support.apple.com/kb/ht4771

    The sections I edited swupd.conf looks like below

    ## mod_rewrite section added by serveradmin

    RewriteEngine On
    RewriteCond %{HTTP_USER_AGENT} Darwin/9
    RewriteRule ^/index\.sucatalog$ /index-leopard.merged-1.sucatalog
    RewriteCond %{HTTP_USER_AGENT} Darwin/10
    RewriteRule ^/index\.sucatalog$ /index-leopard-snowleopard.merged-1.sucatalog
    RewriteCond %{HTTP_USER_AGENT} Darwin/11
    RewriteRule ^/index\.sucatalog$ /index-lion-snowleopard-leopard.merged-1.sucatalog

    swupd.plist looks like below:

    PurgeUnused

    autoEnable

    autoMirror

    autoMirrorOnlyNew

    limitBandwidth

    maxDownloadSpeed
    0
    metaIndexURL
    http://swscan.apple.com/content/meta/mirror-config-1.plist
    otherCatalogs

    index-leopard.merged-1.sucatalog
    index-leopard-snowleopard.merged-1.sucatalog
    index-lion-snowleopard-leopard.merged-1.sucatalog

    portToUse
    8088
    updatesDocRoot
    /var/db/swupd/
    valueBandwidth
    0

    When my client connects to the SUS server it gets the following error in console:

    26/06/2012 14:23:28.080 Software Update: Can’t load distribution from http://ukhfhmmac06.local:8088/content/downloads/56/07/041-6215/0ulfdubx0svowmm8oq36wo1yynibgcuxyw/041-6215.English.dist: Error Domain=NSURLErrorDomain Code=-1001 “The request timed out.” UserInfo=0x104427400 {NSUnderlyingError=0x10448d490 “The request timed out.”, NSErrorFailingURLStringKey=http://ukhfhmmac06.local:8088/content/downloads/56/07/041-6215/0ulfdubx0svowmm8oq36wo1yynibgcuxyw/041-6215.English.dist, NSErrorFailingURLKey=http://ukhfhmmac06.local:8088/content/downloads/56/07/041-6215/0ulfdubx0svowmm8oq36wo1yynibgcuxyw/041-6215.English.dist, NSLocalizedDescription=The request timed out.}

    Any ideas?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.