Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

Randomizing the Mac OS X Software Update Server

I’ve had a few instances where there was no way to setup round robin DNS or a load balancer and we were looking to alternate between a bunch of software update servers.  In order to do so, I’ve written a quick shell script to do so.  Here it is, in pieces, so it makes sense.

The following is a quick script to pull a URL from a random list of servers:

#!/bin/bash

Sus=”http://swupd.krypted.com:8088

http://sus.krypted.com:8088

http://sus1.krypted.com:8088

http://sus2.krypted.com:8088

http://sus3.krypted.com:8088

http://sus4.krypted.com:8088

http://sus5.krypted.com:8088

http://sus6.krypted.com:8088

http://sus7.krypted.com:8088

http://sus8.krypted.com:8088

http://sus9.krypted.com:8088

http://sus10.krypted.com:8088″

sus=($Sus)

num_sus=${#sus[*]}

echo -n ${sus[$((RANDOM%num_sus))]}

exit 0

This script would simply write to the screen one of the software update servers that we’ve loaded up into an array called sus, chosen using the $RANDOM function.  You can replace the servers in this array with your own and it will simply write to the screen which server it has chosen.  Now to have it actually set the server, replace the line that begins with echo -n with the following line:
defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL ${sus[$((RANDOM%num_sus))]}
For deployment we’ve handled this two different ways.  The first is to have this script run at startup as a login hook (it’s really quick since it doesn’t do much) and let the OS run software updates based on whatever schedule you’ve employed.  The second is to set software updates to only ever run manually and then add a line at the end of the script to run them, which allows you to schedule the task using launchd or run it manually over ARD.  To set the software udpates to run manually, run this command on the target system once (it will persist):
softwareupdate –schedule off
Now, after the script chooses a random software update server, tell it to install all available software updates from that server each time it’s run by adding the following to the end of the script:
softwareupdate -i -a
There is a lot more logic that can be built into it, but this is the basics of assigning a random software update server using a shell script.