Table of Contents

• Table of Contents
  • Prequisits & Requirements
    • Requirements
    • Perquisites
    • Linux Packages
  • Download, Setup and Install
    • Get Software
    • Install Software
    • Setup Database
    • Configure Server Software
    • Configure MacPatch schema & populate default data
    • Start Configured Services
    • Stop Configured Services
  • Server Setup & Configuration
    • First Login
    • Server Configuration
    • Default Patch Group Configuration
    • Client Agent Configuration
  • Download & Add Patch Content

Prequisits & Requirements

root or sudo access will be needed to perform these tasks.

Requirements

• Operating System:
  • macOS
    • Mac OS X 10.15 or higher
  • Linux
    • RHEL 8.x or higher
    • Ubuntu Server 18.04 (No longer being tested)
• Pyhton 3.12 or higher
• RAM: 4 Gig min
• MySQL 8.0.20 or higher

Perquisites

• MySQL installed (must have root password)
• If Installing on Mac OS X, Xcode and command line developer tools need to be installed AND the license agreement needs to have been accepted.
• Python 3.12 installed, if compiling please ensure libffi-devel is installed prior to compiling python.

Linux Packages

The MacPatch server build script will attempt to install a number of required software packages there are a few packages that are recommended that be installed prior to running the build script.

RedHat & CentOS

RedHat & CentOS will require the "Development tools" group install. This group has a number of packages needed to build the MacPatch server.

dnf groupinstall "Development tools"
dnf install epel-release pcre-devel swig

Ubuntu

apt-get install build-essential

Download, Setup and Install

Get Software

    mkdir /opt (If Needed)
    cd /opt
    git clone https://github.com/LLNL/MacPatch.git

Install Software

    cd /opt/MacPatch/Scripts
    sudo ./MPBuildServer.sh

Setup Database

The database setup script only creates the MacPatch database and the account needed to use the database. It also does some basic database configuration. Tuning the MySQL server is out of scope for this document.

The database script is a sql script. This file will need to be run by the MySQL database root account or an account that has the Grant option.

Please edit the file, by setting the correct variable values for your MacPatch environment. On a standard build, only the default database account (mpdbadm) password needs to be set. Please remeber the mysql account name and password as it will be needed during the server setup.

It's strongly recommended that you delete the sql script once run. The file won't be needed again. Or, at the very least, remove the account password that was set.

    cd /opt/MacPatch/Server/conf/scripts/setup
    MPDBSetup.sql (must be run on the MySQL server)

Configure Server Software

    cd /opt/MacPatch/Server/conf/scripts/setup
    sudo ./ServerSetup.py --setup

Configure MacPatch schema & populate default data

    cd /opt/MacPatch/Server/apps/console/mpconsole
    source /opt/MacPatch/Server/env/console/bin/activate
    flask db upgrade head
    /opt/MacPatch/Server/apps/mpsetup.py --populate-db
    deactivate

Note: If "flask db upgrade head" is done using a root shell. Please delete the "/opt/MacPatch/Server/logs/mpconsole.log" file. It will be owned by root and the REST api will not launch.

Start Configured Services

    cd /opt/MacPatch/Server/conf/scripts/setup
    sudo ./ServerSetup.py --service All --action start

Stop Configured Services

    cd /opt/MacPatch/Server/conf/scripts/setup
    sudo ./ServerSetup.py --service All --action stop

--

Server Setup & Configuration

The MacPatch server software has now been installed and should be up and running. The server is almost ready for accepting clients. There are a few more server configuration settings which need to be configured.

First Login

The default user name is “mpadmin” and the password is “*mpadmin*”, Unless it was changed using the “ServerSetup.py” script. You will need to login for the first time with this account to do all of the setup tasks. Once these tasks are completed it’s recommended that this account be disabled. This can be done by editing the siteconfig.json file, which is located in /opt/MacPatch/Server/etc/.

From:

`"users": {
    "admin": {
        "enabled": true,
        "name": "mpadmin",
        "pass": "*mpadmin*"
    }
}`

To:

`"users": {
    "admin": {
        "enabled": false,
        "name": "mpadmin",
        "pass": "*mpadmin*"
    }
}`

Server Configuration

Each MacPatch server needs to be added to the environment. The master server is always added automatically.

It is recommended that you login and verify the master server settings. It is common during install that the master server address will be added as localhost or 127.0.0.1. Please make sure that the correct hostname or IP address is set and that "active" is enabled.

• Go to “Admin -> Server -> MacPatch Servers”
• Double Click the row with your server or single click the row and click the “Pencil” button.

Default Patch Group Configuration

A default patch group will be created during install. The name of the default patch group is “Default”. You may use it or create a new one.

To edit the contents for the patch group simply click the “Pencil” icon next to the group name. To add patches click the check boxes to add or subtract patches from the group. When done click the “Save” icon. (Important Step)

• Go to “Patches -> Patch Groups”
• Double Click the row with your server or single click the row and click the “Pencil” button.

Client Agent Configuration

A default agent configuration is added during the install. Please verify the client agent configuration before the client agent is uploaded.

Recommended

• Go to “Admin -> Client Agents -> Configure”
• Set the following 3 properties to be enforced
  • MPServerAddress
  • MPServerPort
  • MPServerSSL
• Verify the “PatchGroup” setting. If you have changed it set it before you upload the client agent.
• Click the save button
• Click the icon in the “Default” column for the default configuration. (Important Step)
• Set MPServerAllowSelfSigned to 1 if your in a test environment and not using a valid SSL vertificate.

Only the default agent configuration will get added to the client agent upon upload.

--

Download & Add Patch Content

Apple Updates

Apple patch content will download eventually on it’s own cycle, but for the first time it’s recommended to download it manually.

The Apple Software Update content settings are stored in a json file (/opt/MacPatch/Server/etc/patchloader.json). By default, Apple patches for 10.9 through 10.12 will be processed and supported.

Run the following command via the Terminal on the Master MacPatch server.

Linux

# sudo -u www-data /opt/MacPatch/Server/conf/scripts/MPSUSPatchSync.py

Mac

# sudo -u _appserver /opt/MacPatch/Server/conf/scripts/MPSUSPatchSync.py

Custom Updates

To create your own custom patch content please read the "Custom Patch Content" docs.

To use "AutoPkg" to add patch content please read the "AutoPkg patch content" docs.