NetSUS High Sierra update catalog

macbentosh
New Contributor III

I have 4.2.1 installed and I am unable to get updates to be seen by my machines. my suscatalog http://server/content/catalogs/index_CMC.sucatalog doesn't have the updates listed as enabled in the branch. When I search the XML file returned by that address I can not see 10.13.1 update ID 091-14782.
Not sure what I need to do to get High Sierra and Sierra to see the updates. Been banging my head on my keyboard since Monday and any help would be awesome.

17 REPLIES 17

sdagley
Esteemed Contributor II

@macbentosh Look at the version of reposadocommon.py installed on your NetSUS and verify that the list of AppleCatalogURLs includes: 'index-10.13-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-'

macbentosh
New Contributor III

@sdagley I see the updates in the gui and it is checked but when i visit the catalog in the browser and search the XML the update is not listed and softwareupdate -l shows no updates.

def pref(prefname):
    '''Returns a preference.'''
    default_prefs = {
        'AppleCatalogURLs': [
            ('http://swscan.apple.com/content/catalogs/'
             'index.sucatalog'),
            ('http://swscan.apple.com/content/catalogs/'
             'index-1.sucatalog'),
            ('http://swscan.apple.com/content/catalogs/others/'
             'index-leopard.merged-1.sucatalog'),
            ('http://swscan.apple.com/content/catalogs/others/'
             'index-leopard-snowleopard.merged-1.sucatalog'),
            ('http://swscan.apple.com/content/catalogs/others/'
             'index-lion-snowleopard-leopard.merged-1.sucatalog'),
            ('http://swscan.apple.com/content/catalogs/others/'
             'index-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog'),
            ('https://swscan.apple.com/content/catalogs/others/'
             'index-10.9-mountainlion-lion-snowleopard-leopard.merged-1'
             '.sucatalog'),
            ('https://swscan.apple.com/content/catalogs/others/'
             'index-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1'
             '.sucatalog'),
            ('https://swscan.apple.com/content/catalogs/others/'
             'index-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard'
             '.merged-1.sucatalog'),
            ('https://swscan.apple.com/content/catalogs/others/'
             'index-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-'
             'leopard.merged-1.sucatalog'),
            ('https://swscan.apple.com/content/catalogs/others/'
             'index-10.13-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-'
             'leopard.merged-1.sucatalog'),
        ],

Nix4Life
Valued Contributor

@macbentosh I haven't used netsus in a while,but can you check if there are mod_rewrites enabled since you are using the short URL. Again this may not be applicable to netsus. I use docker/reposado and recall a similar issue

L

sdagley
Esteemed Contributor II

@macbentosh When you look at your NetSUS's Dashboard screen, what does it show for Disk Usage in the SUS section? It should be around 439G for an up to date SUS (at least that's what mine is showing).

If you're not seeing around 439G used for your SUS, on the NetSUS's Software Update Server screen is the checkbox reading (note that I'm still on NetSUS 4.1.0 with a hand updated reposado so the wording may be different) "Ensure that computers install software updates from the..." under the label "Store Updates on the NetBoot/SUS/LDAP Proxy Server" enabled? If not, your SUS is downloading just the update catalogs, and not the updates themselves. Enable that checkbox to actually have the updates downloaded.

macbentosh
New Contributor III

@Nix4Life I am using the OVA so I would hope so.
@sdagley checked that box and syncing again. Disk usage was 2GB...Now around 20.

macbentosh
New Contributor III

now at 46GB but all updates have disappeared when I click on a catalog...

sdagley
Esteemed Contributor II

@macbentosh That’s normal, you have to wait for the sync to finish all 439G before the catalog will be available.

macbentosh
New Contributor III

@sdagley sync says that it is not running. 46gb downloaded and nothing in the catalog.

sdagley
Esteemed Contributor II

@macbentosh Something went wrong with the sync then, 46G is nowhere close to what the SUS should have cached. Try a manual sync again if your SUS isn't set for an automatic overnight sync.

macbentosh
New Contributor III

new SUS running from the OVA but...
Finding available software
The certificate for this server is invalid. You might be connecting to a server that is pretending to be “address” which could put your confidential information at risk.

itupshot
Contributor II

@sdagley Could you provide the file system path to the reposadocommon.py file? It would help those of us who are not 100% familiar with this server.

My server's dashboard is showing 395 GB currently. I can't tell if it's still downloading updates. When I click the branch I created, I see the images for installing High Sierra itself listed, but I don't see any updates for High Sierra listed.

None of our machines are currently running High Sierra (they're all on Sierra), but I'd like to start testing the OS in our environment. It'd be nice to have the updates available in this server so I won't have to connect to Apple to get them. If I need to edit this file for the server to download them, that'd be great. Also, it'd be good to know what are the next steps to take after editing the file.

EDIT (04/14/18): I found the file. Do we need it to search all those catalogs? If we leave only the last catalog URL that looks for "index-10.13" (or both "index-10.13," and "index-10.12") wouldn't it still download updates for previous OSes? However, I don't need to download updates from 2005. I only need the last two years.

sdagley
Esteemed Contributor II

@itupshot NetSUS 4.2.1 updated the bundled version of Reposado to include High Sierra updates, so you might want to re-install it to get the other updates as well. Note: I haven't tried this myself, so I'm expecting the installer to work as an update to an existing NetSUS installation, but I've changed employers and not currently running a NetSUS so I can't verify that.

As for the updates from 2005, you'd need a catalog URL for each OS that you intend to support with that SUS. If you don't need earlier versions you might be able to remove the corresponding catalog URLs, but I've never tried that (and am not currently in a position to try it).

itupshot
Contributor II

@sdagley It's OK, I do have v. 4.2.1, and I'm getting the High Sierra updates. I guess it wasn't finished syncing when I checked it.

We don't need over 400 GB of updates, only the last two years. All our client computers are running on macOS Sierra, and we don't own any of the Apple Pro apps, so we don't need to download those either. I understand that the service just syncs everything it finds, but there must be a way to limit it to download only the ones for the OSes we need.

itupshot
Contributor II

OK, so my question is similar to @macbentosh 's original post.

What is the URL that we're supposed to feed to our client machines so they can get updates from the NetSUS server?

According to the documentation in GitHub, you have to use:

http://sus.mycompany.corp/content/catalogs/others/index-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1_<Branch Name>.sucatalog

I tried this by inserting my server's "Branch Name" after the underscore as shown, but I got this from my test computer:

69dfbc538bb74f259b3f80fd6fe51da5

If I try the simple branch URL that shows in the NetSUS Software Update Server page, it only seems to find one update, but not all the security updates. Any ideas?

http://netsus.my.company/content/catalogs/index_Main.sucatalog

sdagley
Esteemed Contributor II

@itupshot Are you trying to use a specific branch, or the one you've designated as the main branch? If the latter you should just need to put the server name/address into a SUS configuration in your JSS (no catalog path or name required). Note that you do not want to end the server name with a / as the JSS is not smart enough to properly remove it when appending the port number and you'll get an unusable URL for your SUS.

el2493
Contributor III

@itupshot , were you able to get this working? I found that in Sierra if I include the _[branch] at the end, it will show available updates. If I do the same thing in High Sierra, I get the same error message as you do in Terminal. I also tried setting it without the branch and got the same error message. I'm also on v4.2.1 of NetSUS, though I just did the update from 4.1.0 less than an hour ago so maybe it takes a while to update (it does show disk usage as 532GB).

Also, to anyone else who might need the path mentioned earlier, it's /var/lib/reposado/reposadolib/reposadocommon.py

el2493
Contributor III

There's definitely some disconnect with the 10.13 setting. If I manually set the SUS Server to on a High Sierra computer to:

http://[netsusurl]/content/catalogs/others/index-10.13-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1_[branch].sucatalog

I get the error message. If I set it to:

http://[netsusurl]/content/catalogs/others/index-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1_[branch].sucatalog

It finds updates (for the wrong branch, but at least it works) and doesn't give the error message. I looked into this further, and when I went to /srv/SUS/html/content/catalogs/others/ on the server, there were no .sucatalogs for 10.13 (there were for all the other OSes). I tried installing the .run file again, but it didn't create the files. Does anyone have any ideas on how I might create these missing files?