We have finally gotten around to migrating our OSX print and open directory server to OS 10.8. While there is a good amount of documentation for Server 10.6 and 10.7 there are some areas of lacking documentation for Server 10.8.
One area that we found to be very lacking is how to setup clients to check Apple Software Updates from the local server vs directly from apple.
When we were last deploying the OS 10.6 server we were using Software Update Service with a local Cache to help with bandwidth usage because of total available bandwidth was pretty low, but now its just about making the install of updates faster since they can be downloaded and then served across the network at network speed.
Since Apple has so graciously returned Workgroup Manger in OS 10.8 we have decided to deploy the settings with Workgroup Manager preferences.
You can push the settings with profiles or scripts but in our environment we are already using WGM. Our Macs are bound to both AD and the Mac Server’s Open Directory.
(Note Bind to OD then AD, we use Jason Synder’s memory trick “Ode is over 80” to remember the order.
With Server installed on your Mac, go to the “Server” app and scroll down to Software Updates Turn the large button to “on” and you are ready to begin serving updates.
You can see when the updates are downloaded and enabled by selecting the Updates Tab. At first this will be empty since your server is downloading updates. Once they are downloaded they will be enabled (if that is how you have configured the server.)
The next step, telling client machines to look at the server vs apple for updates, was the part that was poorly documented and took some reading and trial and error. All previous documentation here and here and here all fail to communicate where the client setting needs to be directed to download updates from Mountain Lion Server and for Mountain Lion clients.
WGM’s hint says point clients to http://server:8099/index.suscatalog, which doesn’t work. We knew it probably wouldn’t work since there is a merged catalog for various versions of OSX and the WGM hint is from version 10.5. So the quest to figure out the right address.
Thanks to http://www.justinrummel.com/10-8-mountain-lion-server-software-update/ I was able to head down the right path. While Justin Rummel doesn’t say how to use WGM and setup the client, he does explain where 10.8 server saves it config and updates.
So on the 10.8 server, browse to the config at: /library/server/software updates/html and you find the the alias called index-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog
From any network machine go to http://servername:8088/index-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog and you get an XML page of all the enabled updates. If its not the right URL, no XML page.
So now that we know the URL, plug that into workgroup manager, apply the preference to a machine group reboot the client and your updates are served by your local server.
You can test this by turning the service off on the server and go to Software Update on a managed client. It should fail if your client is looking at the server. Additionally you can un-enable the updates on the server and updates should stop displaying for clients.