Jamf Nation Community

Thanks, so the NetbootSUS is a Reposado solution. But how much hard drive space do I need to allocate to each NetbootSUS? Or are you suggesting I can just point the NetbootSUS to the Apple SUS and it will act like a "proxy" so very little drive space required? Or I suppose I can point the clients to the NetbootSUS which has the software updates already downloaded, and let them get App Store updates just like usual from the Apple Store?

Furthermore, the thing is that it seems each version of OS X e.g. El Capitan is an app so there is no way to stop the users from just installing it from the App Store and breaking their systems. Is that correct? Can we block the install of El Capitan until we have tested it?

You can set up Reposado (NetSUS included) to host the catalog file only (so clients still get the actual package from Apple's CDN) or both the catalog and the packages. If you have a mobile workforce, you likely only want to host the catalog file (which is very small). This way they look at your SUS, see what updates to do, and then actually get the updates from our CDN. If you have everyone "under one roof" you may want to also host the packages, which will save on your bandwidth to the WAN or Internet. In this case you'll need much more room on your SUS for package storage. Been awhile since I've run one, but a full package catalog was in the 40GB range I believe.

You can block OS X installers with Casper. Check out other posts on The Nation to see. (Basically it's restricting the installer app from running.)

Even just for the 10.9 and 10.10 catalogs your looking over 150GB
if you do all the catalogs (10.4+) better budget for 250Gb+

It it was me, i'd be doing catalogs only (that way you can vett the updates before the users get them) and have the clients get the packages from Apple.

If you are concerned about bandwidth the apple caching server might be the go. I haven't tried using reposado to limit the packages the client gets and then seeing if those will be cached by the caching server. I would assume this would work though...

We use Caching Servers, & we ignore updates client side when needed to block updates.

maaaaan.... I was WAY off.

Thanks guys. So for just the catalog information (not the Apple packages themselves) the local SUS will have to be about 150GB for our 10.9 and 10.10 MacBooks alone. Why does metadata like catalog information need so much space? I mean the catalog files would be just text files not large binary data? I will try to create a SUS from the NetbootSUS CentOS 7 run package that JAMF provide rather than rolling out a dedicated Reposado SUS. Does anyone know if I can add the Margarita third-party package to the JAMS SUS to give it a different graphical interface instead of the default one provided by JAMF for their NetbootSUS?

@Hafiz The catalog information is not that large. thats the size of all the packages in the catalogs... roughly
If you choose not to cache the packages on the SUS, then you don't need the huge storage space as they are just text files.

If you're going to the trouble of using the run package on centos, why not just run reposado and margarita?

Look in to docker, it makes running reposado and margarita and netboot super simple

@calumhunter Okay I will look into getting reposado and and margarita working on a CentOS7 test box. Therefore in my test environment (all CentOS 7 VM's running on my macbook) I will have a JSS, a Netboot JAMF server, a JDS and finally a combined reposado and margarita SUS box. So 4 boxes in total. Right now I have just a JSS working with netboot/netinstall from a Mac Mini in a closet so not really an Enterprise class set-up and I am trying to re-architect everything onto CentOS 7 instances internationally.

So guys for just catalog information how much space is needed? We are good on bandwidth here but it is more a case that Infrastructure don't have much available in the way of virtualised hard drive space for the CentOS 7 instances. So I don't think I can bring down all Apple SUS packages locally but want to point the MacBooks to a local non-cached SUS called the "release" branch.

Is there a guide for blocking El Capitan (not finding it so easily)?

Also, does anyone have a good guide for getting a CentOS 7 reposado with margarita working? I see a lot of info about CentOS 6 but nothing in the way of CentOS 7.

Thanks guys - have got it working on Cent OS 7! Reposado with Margarita that is - will publish the how-to so everyone can see how it was done - fairly easily.

Since this should be available to the Macs from anywhere - I am thinking of putting this on AWS. Someone mentioned docker containers - I have no experience of those - but if bundle it up on AWS using CoreOS and with a docker container that should work? Right? Can anyone see any problems with doing that with Repsado with Margarita? I mean perhaps in the way of security risks for our MacBooks? I take it others have done AWS/CoreOS/docker containers for this purpose before?

@Hafiz Been having alot of issue getting Reposado / Margarita setup and working with client systems. Did you by any chance ever get that to write up the how too?

@Matt.Ellis This might be relevant

https://clburlison.com/reposado-guide/

@Matt.Ellis personally used clburlison's guide, all fine.
Pay attention to the rewrite rules on the server, it's the only part where you can get stuck with the clients not getting updates.