Sean Kaiser (dot) com

A home for things (work-related & not) that I feel inclined to share with others.

Multi-site Reposado

| Comments

A conundrum

Let’s say you work in an environment where you’re running reposado. Let’s also say that your environment consists of several locations with relatively slow WAN links between them. Additionally, let’s say that some of your users roam between locations, and before they move, they just put their MacBooks (or Airs or Pros) to sleep instead of shutting down (because who shuts their machine down every time they’re not using their machine?)

In an ideal world, you want to point the machine to the reposado server, but you don’t want the machine to download updates over the slow WAN link, and while you could run a reposado server at each location, but by configuring the machine to look at an onsite reposado server, the machine will likely move to another location before softwareupdate checks for updates.

You’re running munki and have it set to install Apple software updates? Awesome. You could set the appropriate CatalogURL in your preflight script, but that means that you have to maintain catalog files on several reposado servers, and who wants to do that? (Ok, you could just clone the master reposado server, including the catalog files to get around that last part.)

But what happens if the user has the ability to install Apple software updates via Software Update from the Apple menu (or by running softwareupdate itself)? Their machine might have their previous location’s CatalogURL set…

What do you do?

Since /Library/Preferences/com.apple.SoftwareUpdate.plist doesn’t allow you to configure a PkgURL like munki does, everything goes to the server that the catalog file defined by CatalogURL goes to. But that’s the problem.

The workaround? You set up redirects on the master reposado server based on the client’s IP address. It seems simple, but I haven’t found any references to anyone else doing this. Interested? Great. Let’s set it up.

The setup

First of all, if you’re going to get this working, you’re going to have to clone your reposado server to a server at your different locations. Just copy the reposado/html/content folder to the other server(s) and set up apache on that server to point to the repsado/html folder as the root folder for the site.

I’m going to assume that you have probably already enabled mod_rewrite to handle the .sucatalog redirects so you can set one CatalogURL regardless of what OS the client machine is running. If you haven’t done that yet, I’ll wait for you to go do it. It’s that awesome. Seriously.

Once you’ve got mod_rewrite enabled and your .htaccess file in place (in reposado/html), you need to configure the redirects for your different locations. Using a tool like Google’s IP address range tool, you can build your regular expression rules. You then copy those regular expressions into your .htaccess file and it looks something like this:

Seems simple, right? It is. It’s just a different way of thinking about things. And it resolves issues related to using different mechanisms to run software update.

(As an alternative, you could probably set up crankd, which is part of the pymacadmin project, to reconfigure your CatalogURL when the machine wakes from sleep or changes networks, but since I haven’t set up crankd yet, I can’t offer any guidance on that.)

Comments