Welcome to the MacNN Forums.

skelotar · 03:09 PM

After reading this thread:

http://forums.macnn.com/showthread.p...softwareupdate

I thought I found the solution to my distributed osx client software update problem, but there's one hitch....

Here's some background information:

There are X computers running OSX (of course) and they all initially have the same software installed from the start (all disks have been cloned). These systems are on a "secure" network, so all OS and application updates need to be checked and verified for integrity before being installed. This checking and verifying will be done, and once completed, the updates (in .pkg format) will be placed in a directory. Client machines will then check for and install updates periodically from a shell script.

1) How would you go about checking to see what software is currently installed in the system vs. what needs to be installed from the central server. The installer application has logging capabilities, but how can we check (possibly using grep) the install log created by the server computer to the client machines?

**********

I came up with a possible solution, but would like input from the forum to see where the possible problems lie.

1 - Since all the computers are starting @ a central installed application base, we can create null files for the install log on each of the client machines as well as the server. Once an updated is applied to the server, we will create the first log entry from the installer application. When grep is run on the client machine's log file vs. the one on the server it will do some magic and spit out the file that needs to be downloaded and updated, install this update and create its own install log which should be (aside from install time and date) exactly the same as the install log on the server.

Suggestions.....criticisms..

Thanks in advance!

skelotar · Dec 17, 2004, 11:07 AM

I know its a lot of information, but I tried to be as inclusive and informative as possible to avoid any confusion...

Please offer any comments or suggestions

utidjian · Dec 17, 2004, 06:19 PM

Originally posted by skelotar:
After reading this thread:

http://forums.macnn.com/showthread.p...softwareupdate

I thought I found the solution to my distributed osx client software update problem, but there's one hitch....

Here's some background information:

There are X computers running OSX (of course) and they all initially have the same software installed from the start (all disks have been cloned). These systems are on a "secure" network, so all OS and application updates need to be checked and verified for integrity before being installed. This checking and verifying will be done, and once completed, the updates (in .pkg format) will be placed in a directory. Client machines will then check for and install updates periodically from a shell script.

1) How would you go about checking to see what software is currently installed in the system vs. what needs to be installed from the central server. The installer application has logging capabilities, but how can we check (possibly using grep) the install log created by the server computer to the client machines?

**********

I came up with a possible solution, but would like input from the forum to see where the possible problems lie.

1 - Since all the computers are starting @ a central installed application base, we can create null files for the install log on each of the client machines as well as the server. Once an updated is applied to the server, we will create the first log entry from the installer application. When grep is run on the client machine's log file vs. the one on the server it will do some magic and spit out the file that needs to be downloaded and updated, install this update and create its own install log which should be (aside from install time and date) exactly the same as the install log on the server.

I have been working on a more general system for the 100+ Macs running Mac OS X at our site. It is fairly trivial to set up an automated system for "official" updates from Apple via 'softwareupdate'. Even to centralize it so that you download the updates once to the server (or test client), test the updates, then if all is good distribute the updates.

For the more general problem of thrid party software the problem is a bit different. Not neccessarily more difficult.

The simplest way I know of to get a comprehensive of installed software (both Apple and third party) is to use the 'system_profiler' command, thus:

system_profiler | less

will give you a comprehensive list of the entire machine configuration (software, hardware, kernel extensions, etc)

system_profiler SPApplicationsDataType | less

will give you a comprehensive list of all applications installed in human readable format. For example:

Code:
[iwhiz:~] physicsa% system_profiler SPApplicationsDataType | grep -A2 -C1 iCal

    iCal:

      Version: 1.5.2
      Last Modified: 2004-01-27 22:34:57 -0500
      Location: /Applications/iCal.app
      Get Info String: 1.5.2, Copyright 2003 Apple Computer, Inc.

which returns the info for the app iCal (version, modification or install date and location).

For a machine readable and more scriptable output you can get all this in XML format with:

system_profiler -xml SPApplicationsDataType | less

There are some other options to play with in system_profiler such as "detail level", see 'man system_profiler' for more info.

With the expanded project I am working on I want the distribution system to also handle clients that may not be connected all that often, such as laptops and some Macs in offices. I want to be able to look at one daily report and know at a glance how many systems are up to date and how many (and which ones) are not. None of this should require any action from the user. For the most part the users should not even notice. Though being Mac users they DO notice subtle changes in applications so it is a good idea to warn them if and when something is changed... even before it is changed. For the admins it should also be as simple as possible. Currently I have a bunch of scripts that do most everything but... for many people once you show them a terminal and start typing commands their eyes glaze over. I am working on a web based interface for the admin side.

larkost · Dec 18, 2004, 12:14 PM

Why not just use one of the systems that is already out to do this? Apple Remote Desktop and NetOctopus would be two of the obvious candidates. They can both manage large clusters of computers and make sure that software is deployed to the entire cluster, including updates. They can even do things like lock down the computer, and as a bonus ARD allows you to do take control of the remote computer.

utidjian · Dec 18, 2004, 01:37 PM

Originally posted by larkost:
Why not just use one of the systems that is already out to do this? Apple Remote Desktop and NetOctopus would be two of the obvious candidates. They can both manage large clusters of computers and make sure that software is deployed to the entire cluster, including updates. They can even do things like lock down the computer, and as a bonus ARD allows you to do take control of the remote computer.

Well NetOctopus is out, it would cost $5,800+ for us.

I had no idea that ARD 2 had the new capabilities since August!! Thanks for that link. We have ARD 1.2 already and frankly it kinda sucked.

I read the manual for ARD 2 and it still lacks a feature I already have in my setup. It does not seem to handle systems that are occasionally connected (laptops and some desktops in offices). ARD is a "push" based system and I have a "pull" based system.

I am also working on adding my stuff as a webmin modules. Webmin already does much of the stuff that ARD 2 does. (http://www.webmin.com).