Skip to main content
Question

SUS Appliance Not Showing Updates

  • February 7, 2012
  • 17 replies
  • 69 views

stevewood
Forum|alt.badge.img+38

I have the new NetBoot/SUS Appliance loaded into our VMWare environment, and have configured it according to the instructions. I let the server sync over night, and I show all of the updates in the catalog through the web admin account. I've created a branch, set it as root, and enabled all of the updates in the branch.

I've used defaults write to set the update server on two different machines that I know have updates waiting (deleted com.apple.SoftwareUpdate and let them list off of Apple's servers):

defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL http://sus.integerdallas.com/index_notebooks.sucatalog

However, when I issue 'softwareupdate -l' I get "No new software available".

Is anyone else seeing this behavior? What am I missing?

Steve

17 replies

stevewood
Forum|alt.badge.img+38
  • Author
  • Hall of Fame
  • February 7, 2012

One other thing, when I visit that URL in a browser I see the XML code that would be normal from a SUS catalog URL. So I know the updates are showing up.

Steve


Forum|alt.badge.img+10
  • New Contributor
  • February 8, 2012

stevewood:

You might want to look over the Reposado documentation at https://github.com/wdas/reposado and/or check out the reposado Google Group.

But specifically to your question -- you are probably pointing your client to the Tiger version of the branch catalog, and therefore are seeing no updates for your (presumably non-Tiger) machine.

See https://github.com/wdas/reposado/blob/master/docs/client_configuration.txt for more info about the various catalogs.

(it's possible that the appliance does more fancy stuff with the catalogs than "generic" Reposado. The current SUS appliance docs are a bit vague on catalog URLs.)


Forum|alt.badge.img+11
  • Valued Contributor
  • February 8, 2012

Check if the URLs in the catalog are correct:
http://sus.integerdallas.com/index_notebooks.sucatalog

I tries to download the file that's in the link but that shows a 404 Not Found. I noticed that the root of the web server is /svr/SUS/html/content/catalogs but downloads is at /svr/SUS/html/content/download so the client can never access the file.

The apache config file /etc/apache2/sites-enabled/000-default is configured with DocumentRoot as /svr/SUS/html/content/catalogs/. This is not going to work.

You could change it to /svr/SUS/html/content/ and point the clients towards http://sus.integerdallas.com/content/index_notebooks.sucatalog


Forum|alt.badge.img+13
  • Employee
  • February 8, 2012

Martin-

Thanks for posting. I will take a look at the issue you found and I will post back with an update.


stevewood
Forum|alt.badge.img+38
  • Author
  • Hall of Fame
  • February 8, 2012

gregneagle:

I tried using the appropriate URL for the machine I'm on (Lion), and that too provided no updates.

What I have noticed is that the catalog has an extra / in the URL for the actual files:

<string>http://10.87.10.65//content/downloads/56/30/zzzz041-3780/mB8LbdZFqSSxG9mBhZVHh8jxzD8nxTJjfR/041-3780.Dutch.dist</string>

See the extra / after the server address. Here's the same line from our Apple SUS:

<string>http://Master.local:8088/content/downloads/56/30/zzzz041-3780/mB8LbdZFqSSxG9mBhZVHh8jxzD8nxTJjfR/041-3780.Dutch.dist</string>

No extra /. I'm not certain if that is the issue or not, and since I do not have Reposado loaded anywhere else (yet), I cannot test. Can anyone confirm if this is intended behavior?

Martin:

I checked the URL in the preferences.plist file, and indeed the URL in there is the IP address of the server and not the FQDN. However, the FQDN does translate to the IP address that is in the preferences.plist file. I tried changing the CatalogURL to the IP address, and still received the same "No updates" message.

Any other ideas?


Forum|alt.badge.img+11
  • Valued Contributor
  • February 8, 2012

Hi Steve,

you could start editing the config files but I suggests to wait until JAMF has fixed this issue. At the moment you can not access the downloads because the root of the site is incorrect.


Forum|alt.badge.img+10
  • New Contributor
  • February 8, 2012

stevewood:

What happens when you attempt to access:
http://10.87.10.65//content/downloads/56/30/zzzz041-3780/mB8LbdZFqSSxG9mBhZVHh8jxzD8nxTJjfR/041-3780.Dutch.dist

or

http://10.87.10.65/content/downloads/56/30/zzzz041-3780/mB8LbdZFqSSxG9mBhZVHh8jxzD8nxTJjfR/041-3780.Dutch.dist

( I think the extra slash is harmless.)

But if Martin is right -- both URLs will result in a 404 and will require a change to the VM to fix.


stevewood
Forum|alt.badge.img+38
  • Author
  • Hall of Fame
  • February 8, 2012

As you expected, it did not work either way. I even tried putting in the FQDN for giggles, with the same result.

Guess we'll have to wait for JAMF to fix this.

Thanks Greg!


Forum|alt.badge.img+11
  • Valued Contributor
  • February 9, 2012

Please notice that JAMF just released NetBoot/SUS Appliance version 1.01


Forum|alt.badge.img+5
  • Contributor
  • February 9, 2012

Is there a way to update without starting from scratch? Once we have a server set up with netboot images, configs, and downloaded and configured update packages it will be very painful to have to wipe the whole appliance and start from scratch to apply an update.


Forum|alt.badge.img+13
  • Employee
  • February 9, 2012

Adam,

This is something that we are thinking about for future updates but was not implemented in this release. In both releases we do have a simple backup page at https://<server_name>/webadmin/backup.php that creates a compressed backup that downloads to your machine. The backup includes all NetBoot images, NetBoot subnet settings, dhcpd settings, webadmin settings, Reposado metadata, and all SUS packages that were synced local to the appliance. This may not be ideal depending on what would all get backed up as this can result in an incredibly large backup file. Restoring that backup on a new appliance would require shell access and an extraction of the backup. Another option we are considering is posting a KB on how to store the data on a drive external to the appliance to allow for easier upgrading.

We are also looking to get the source of this project out so the community can contribute along with JAMF. We will keep everyone posted as we continue on with this project.


Forum|alt.badge.img+5
  • Contributor
  • February 9, 2012

Cool. Some solution along those lines would be great. I like the idea of separate OS and Data/Config volumes.

I also noticed that changing the shell username didn't stick and I think making http://<server_name>/ (which just has a forbidden page) forward to https://<server_name>/ would be good. Thanks for working on this great tool!


Forum|alt.badge.img+1
  • New Contributor
  • February 12, 2012

First, thanks to all involved for their work on both of these projects. Great stuff!

I'm messing around at home with this and I've got the NetBoot piece working well and SUS appears to have gathered all the updates. I created a branch "main" and lazily selected all packages, Automatically Enable New Updates and made it a Root Branch.

In testing with an older Snow Leopard image, using the appliance I'm grabbing iTunes 10.5.3 and Remote Desktop Client Update 3.5.2 I'm setting it up like so: defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL http://netsus01.mydomain.com/content/catalogs/index_main.sucatalog

When I point the same machine to Apple, I get the aforementioned updates plus Safari 5.1.2, Security Update 2012-001 1.1 and Java 6.0.

I also have a vanilla install of Reposado and get all the updates setting it up something like: defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL http://reposado01.mydomain.com/content/catalogs/others/index-leopard-snowleopard.merged-1.sucatalog

Apologies that I haven't spent much time looking at the docs for either project yet. It would seem that I'm missing something on how I'm creating/configuring the branches in the appliance? Again, I've just taken the defaults in Reposado proper and haven't done anything creative, but the updates do match what I receive using Apple directly.

*Edit*

So I should have thought about this a few more moments... I get all the updates from the appliance if I use: defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL http://netsus01.mydomain.com/content/catalogs/others/index-leopard-snowleopard.merged-1.sucatalog

I need to RTFM. Carry on.


Forum|alt.badge.img+8
  • Contributor
  • February 28, 2012

Curtis, were you able to get this working?

I'm having problems getting the updates to show as available to my test clients. I'm running the 1.01 ova file from JAMF and have converted it for VMware Fusion using Rich Trouton's excellent guide. I have our local DNS set up and have synced the updates from Apple and have created two test branches: ictest and classroom.

I have configured the clients so that they are checking the appliance, but every time it comes back with no updates available. I've tried this in Terminal:

softwareupdate -l CatalogURL "http://netsus.our.domain/content/catalogs/index_classroom.sucatalog"

and it returns "No new software available." I pulled that catalog URL from the Branch URL section in the appliance. If I paste that URL in Safari, it returns the expected XML info.

I feel like I'm missing something obvious but don't know what.

Any suggestions? Thanks in advance.


bentoms
Forum|alt.badge.img+35
  • Hall of Fame
  • February 28, 2012

Tom, what do you mean by :

I have our local DNS set up


Forum|alt.badge.img+8
  • Contributor
  • February 29, 2012

Sorry, just meant that we have an entry in DNS so it resolves on the network.


Forum|alt.badge.img+12
  • Contributor
  • February 29, 2012

I've had issues in the past with reposado when permissions aren't correct throughout it's directories. For security reasons, I changed the default umask of my system... so any new files are set 750. Because the _www user cannot read the files it ends up not working.

I highly recommend you validate that everything is readable by others... hopefully this will be helpful to someone.