Software Update Policy

winkelhe
New Contributor

I'm having some weird issues with a casper policy that is suppose to install all software updates and reboot if the update requires it to do so. Here's the output from manually triggering the policy.

capps-2400:~ root# jamf -policy install
Checking for policies triggered by "install"...
Connecting to JAMF Software Server at https://casper:8443/...
Creating lock file for Software Update...
Executing Policy "Software Update"... Installing all Software Updates from CDSOSX003...
2007-02-20 15:06:13.171 softwareupdate631] Loading CatalogURL [http://CDSOSX003:8088/index.sucatalog
Setting Software Update Server to http://CDSOSX003:8088/ for all accounts...
<swu_response>Software Update Tool
Copyright 2002-2005 Apple

Downloading Daylight Saving Time Update
Downloading Daylight Saving Time Update 0..20..40..60..80..100
Expanding Daylight Saving Time Update
Installing Daylight Saving Time Update 0..20..40..60..80..100
Done.

You have installed one or more updates that requires that you restart your
computer. Please restart immediately.
</swu_response>

Reboot is required. Logging results to server for Policy ID 10... Connecting to JAMF Software Server at https://casper:8443/... Rebooting the computer in 5 minutes... Creating Reboot Script... Removing lock file...
sh: -c: line 1: unexpected EOF while looking for matching `"'
sh: -c: line 2: syntax error: unexpected end of file

The updates are installed successfuly and it knows a reboot is required, however it never prompts the reboot message and never reboots. Not sure what the end of file errors are refering to. This happens no matter what reboot option I have selected and on any software update that requires reboot. Any ideas??

4 REPLIES 4

Not applicable

Has anyone set up a policy to run Software Updates when they are available? I was thinking of creating a smart group of all computers that have 1 or more updates available, but it just contains every computer in inventory.

We user our own software update server, so none of the updates get activated until we are sure they are safe, so I'm comfortable with updating my machines automatically if there are updates available.

Has anyone implemented this?

Ryan Harter
UW - Stevens Point
Workstation Developer
715.346.2716
Ryan.Harter at uwsp.edu

ernstcs
Contributor III

Yup. Talks to our own ASUS so we control the updates, we don't include Firmware updates since it requires being physically there. But we also don't set our update server as the default for machines so you can still run Software Updates locally if you have admin to do the Firmware updates from Apples server.

Craig Ernst
Systems Management & Configuration
----------------------------------
University of Wisconsin-Eau Claire
Learning & Technology Services
105 Garfield Ave
Eau Claire, WI 54701
Phone: (715) 836-3639
Fax: (715) 836-6001
----------------------------------
ernstcs at uwec.edu

Not applicable

Our policy is set to run every Friday at 12:30 pm while people are at lunch, and to pull from our internal SUS server. We also have a policy that sets the SUS server every day in case a machine comes on net that has been off for awhile.

As for doing updates locally, I just remove the plist file, run the update, then put the plist back. You just need to remove /Library/ Preferences/com.apple.SoftwareUpdate.plist to the desktop and then put it back. Beats leaving machines set to Apple for the default.

Steve Wood
Director, Information Technology
swood at integerdallas.com

The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201
T 214.758.6813 | F 214.758.6907 | C 940.312.2475

Not applicable

So it looks like the general method is to do a weekly update, not just when it's available. I think I can make that work. Thanks.

Ryan Harter
UW - Stevens Point
Workstation Developer
715.346.2716
Ryan.Harter at uwsp.edu