Help

Munki / Casper

ImAMacGuy
Valued Contributor II

Posted on ‎12-04-2012 12:38 PM

I've been struggling to get system patches handled in a more (end) user friendly way for quite a while but usually come across one set back or another. I know many of you are utilizing munki and casper. I saw in the mactech weblink on the munki page that you can setup deferred patch installs -

If there is a user logged in, munki will launch Managed Software Update to notify the user of available updates. (Munki won't notify the user of the same updates more than once a day, however.) The user is then in control - he or she can elect to perform the updates right away, or defer them until later.

Can the admin eventually force the installs if they haven't been completed after X amount of days?
Is there any caveats that you have run into? How does Casper react with this? Can munki run off casper's smart group for softwareupdate > 0? Does it need to or can it handle it on it's own?

0 Kudos
Reply
3 REPLIES 3

roadrunner2348
Contributor

Posted on ‎12-04-2012 01:00 PM

Last I checked munki can't force install system updates if they are being pulled from an update server/apple's update servers. You can manually download the update and import them into munki though, and then you would be able to force it to install. One caveat you may run into is if the client has any munki packages to install it won't allow you to install system updates from an update server until the munki packages are installed.

The only way I can think to have munki run off a smart group is to create a policy that manually runs the managed software update tool. If i remember correctly using the --a switch on managedsoftwareupdates will cause munki to check and download in the background and only interrupt the user when its ready to install the updates.

-Justin

0 Kudos
Reply

gregneagle
Valued Contributor

Posted on ‎12-04-2012 02:21 PM

Munki cannot currently force install updates from an Apple Software Update server; it is on the roadmap to add that capability.

Since Managed Software Update would only appear to tell users about available updates if there are available updates, I'm not sure why it would need to run off a Casper smart group. t can just run on its own.

0 Kudos
Reply

matthew-c
New Contributor III

Posted on ‎12-05-2012 10:23 AM

I use a policy scoped to a smart group with all users who have updates available. The policy writes the two flag files

/private/tmp/com.googlecode.munki.installatlogout
/Users/Shared/.com.googlecode.munki.installatstartup

to disk on logout. It's not quite 'forcing' the updates as you can stop the process if you are quick but very few users cancel the updates on shutdown or startup especially as they can see whats going on from the progress bar. As Greg says apart from that we just leave Managed Software Update to do it's own thing.

0 Kudos
Reply