PDA

View Full Version : How to setup offline software update server




poobah
Jul 22, 2009, 07:34 PM
So, I've got this cluster of macs connected to an Xserve on a private network (no internet access). I also have an Xserve that IS internet connected. What I'd like to do is sneaker-net the software update cache from the internet xserve to the the offline xserve so it can serve those updates to all the other macs it manages.

Anyone know how to make that work? A 'temporary' internet connection cannot be made.

thanks!



manowarwi
Jul 23, 2009, 07:47 AM
I don't know if this would work for you, but one option would be to use the 2nd NIC on the internet connected XServe (or add another card if its already in use) and join that network card to the private network XServes.

Otherwise, the location of the store on the server is /usr/share/swupd/ with the updates themselves residing in the html folder. I'm not sure if simply copying that entire folder will work.

poobah
Jul 24, 2009, 12:31 PM
I don't know if this would work for you, but one option would be to use the 2nd NIC on the internet connected XServe (or add another card if its already in use) and join that network card to the private network XServes.

Otherwise, the location of the store on the server is /usr/share/swupd/ with the updates themselves residing in the html folder. I'm not sure if simply copying that entire folder will work.

The private network cannot be connected to any externally connected machines. :(

I've copied over /usr/share/swupd (all 15ish GB of it), but there must be some other files involved as well. The offline Xserve doesn't "pick up" the existence of the files in /usr/share/swupd

JGruber
Jul 24, 2009, 04:07 PM
On the 'Offline XServe', you need to turn on Software Update Service. Once those 15GB worth of files is copied to the directory, it should pick it up.

You can also setup SUS on the Internet Connected XServe, and in WGM, create a new computer, and put the XServe into that group, and go into Preferences for the Group or Computer, and set the Software Update to your Internet Connected Xserve. (http://xserve.FQDN:8088/index.sucatalog)

That will enable the Offline XServe to receive updates from the other XServe.

You need to repeat the above steps in WGM for each client, but change the SU path to the offline XServe.

No real easy way to do what you want. It's quite complicated actually.

assembled
Jul 24, 2009, 05:59 PM
setup your internet connected server as an apple update server, once it has populated its updates, clone its disks, move the cloned disks to your unconnected network and clone it to another machine.

poobah
Jul 25, 2009, 11:07 AM
Good suggestions, but perhaps I didn't make clear, the stand alone network can never touch the outside world. I can sneaker-net stuff in, that's it.

assembled
Jul 26, 2009, 07:15 PM
Sounds like you've had some security policies written by people that don't understand security...

If you used something like radmind to do before and after snapshots of an update server, that might give you enough information to work out everything that you need to edit, and copy across.

poobah
Aug 18, 2009, 08:34 PM
well, we have to deal with the rules we are given, unfortunately.

shumster441
Feb 24, 2010, 11:31 AM
Did you have any luck in figuring out how to do this? I am trying to do the same thing and have run into the same issue. Any Help would be greatly appreciated.

Thanks

RedTomato
Feb 25, 2010, 06:04 PM
Sorry if this is a bit naive, but what's wrong with

1. downloading the Apple update files on the connected XServe,
2. checking hash or whatever, just to verify,
3. then burning to DVD or USB stick
4. carrying this over to the offline Xserve
5. and running the update package / dmg on each of the the offline macs via the shared folder on the off-line xserve?

I may be wrong, but I think all apple updates are available as download files from their site. Given that you're running a dedicated off-line network, you can't be running very many apps, and probably not feeling the need to update very often.

You could even applescript / automate the process e.g telling each workstation mac to poll the update folder on the offline Xserve, maybe once a week, and run anything it finds there, then you could just dump the update file into the update folder and remove it after a few days.