Posted on 11-28-2012 05:31 AM
Hi!
A colleague set up a NetSUS server a while ago, and it seemed to work. however, we soon noticed that it worked, but not according to plan. Now it seems that jamf sets the correct SUS: when I'm looking at a computer and do
defaults read /Library/Preferences/com.apple.SoftwareUpdate CatalogURL
I get http://ourserver.foo.bar:80/index.sucatalog, which is correct. Still, when sniffing with
sudo tcpdump -i en0 | grep akamai
I get plenty of hits when running softwareupdate, and nil when grep:ing "ourserver". If I do a
defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL http://ourserver.foo.bar:80/index.sucatalog
and then run
sudo tcpdump -i en0 | grep akamai
I get nil hits, and instead lots of "ourserver". So I'm wondering if the error resides in the way the JSS sets it on the computers. This is a modified screenshot of the script that is run the first time a computer runs every15:
So my question is: can somehow the com.apple.SoftwareUpdate look correct, but still not be used? Should we instead set the server elsewhere? (It is also set to default SUS on all network segments, by the way).
Any advice would be most welcome!
//Martin
Posted on 11-28-2012 06:22 AM
You may want to try editing the /var/root user's path, something like...
defaults write /var/root/Library/Preferences/com.apple.SoftwareUpdate CatalogURL http://your.server/goes/here.sucatalog
c-
Posted on 11-28-2012 06:29 AM
There are two ways to set the SUS server for your users using the built-in JSS settings (not using scripts): via policy and via network segments. If you are trying to set it via policy, like you are showing, you need to also check the "Set Server" checkbox on the Packages tab under Software Update:
You can force it thru your Network Segment setup as well. By going to Settings from the JSS, and then Network Segments, you can edit your network segments to point to specific SUS servers:
I don't have any internal update servers set, but that is where I would set them by segment if I wanted to.
Make sure you are doing one or the other if you want your users to use your internal servers.
Posted on 11-28-2012 07:24 AM
Thank you for the swift replies:
- Yes, we do have "Set Server" checked, as well as "Install All Software Updates"
- We also have SUS set per network segment (it is basically the same, of course)
Again, I didn't set this up, but I'm trying to solve it. I find it very peculiar that com.apple.SoftwareUpdate looks OK when read, but still looks at Apple. When written again, it starts to work. No script is involved doing the defaults write, since that is handled by the Do Software Update policy.
Do you think there might be a problem that we're setting the SUS both in the Policy and the Network Segment?
Posted on 11-28-2012 07:38 AM
One thing that I noticed on 10.8, using Jamf's option to set the software update server appears (to me) to append a space at the end of the path, which caused it to not work for us. We're using the defaults write command on our 10.8 clients rather than using Jamf's built in option for this reason. The built in Jamf option seems to work fine for 10.7 and 10.6.
Posted on 11-28-2012 07:42 AM
Did you also check the box "Set Server System Wide" in the details of your software update server? That would also set /var/root/Library/Preferences/com.apple.SoftwareUpdate, which is used by some processes running as root (i.e. the jamf binary).
Posted on 11-28-2012 07:55 AM
Andrew, that might be it! Perhaps it should be ran as a script at first run instead, and by removing the "set server" checkbox. I'd have top look and see if there is a bug report on the extra space.
Christoph, I don't see that option in NetSUS…
Posted on 11-28-2012 08:20 AM
You will find it in the JSS at the "Settings" tab, then go to "Servers", then "Software Update Servers" and then click on "Edit Server". Besides the server name and it's IP you will find that option, unless your JSS is very old :-)
Posted on 11-29-2012 03:14 AM
Ah yes, Christoph, that is indeed checked. Actually, when I watch the terminal it does look as if there's an extra space when the SUS is set by the JSS, just like Andrew suggested.
Posted on 11-29-2012 07:50 AM
I've done a script that does
defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL http://oursus.foo.bar:80/index.sucatalog
defaults write /var/root/Library/Preferences/com.apple.SoftwareUpdate CatalogURL http://oursus.foo.bar:80/index.sucatalog
on every computer, and at a first glance it seems to look in the right place now. Just like Andrew said, there was an extra space in com.apple.SoftwareUpdate on 10.8 when we had checked Set Server in JSS, easily seen by typing defaults write /Library/Preferences/com.apple.SoftwareUpdate, which would result in
CatalogURL = "http://oursus.foo.bar:80/index.sucatalog "