krypted.com

Tiny Deathstars of Foulness

The NetBoot service allows administrators of Apple computers to leverage images hosted on a server to boot computers to a central location and put a new image on them, upgrade them and perform automations based on upgrades and images. Since the very first versions of OS X, the service has been called NetBoot and so the name remains at the command line, but is listed as NetInstall in the Server app. In the Server app, Apple provides a number of options surrounding the NetInstall service, based on Automator-style which we’ll explore further in this article. The first step to configuring the NetInstall service is to decide what you want the service to do. There are three options available in System Image Utility (available under the Tools menu of the Server app in OS X Server):
  • Create a NetBoot Image: Allows Macs to boot over the network to a disk image hosted on a server.
  • Create a NetInstall Image: Leverage NetBoot as a boot disk so that an image hosted on a server can be used to run a macOS installer.
  • Create a NetRestore Image: Leverage NetBoot as a boot disk so that you can restore a computer that has been configured over a network. Use this option to restore an image that has been prepared.
For the purposes of this example, we’re going to use a macOS Sierra (10.12) installer running Server 5.2 to boot a Mac over the network. The first step in doing so is to create a Network Disk Image (in this case 10.12), or the 10.9 installation media (which is the Install macOS Sierra bundle for this example). Before setting it up, download the Install macOS Sierra installer app into the /Applications directory from the App Store. Create An Image To then set up the NetBoot disk image (you can’t start the NetInstall service until you give it an image to serve), often referred to as the NetBoot set, open the Server app and then click on System Image Utility from the Tools menu of OS X. screen-shot-2016-09-29-at-11-03-03-pm When System Image Utility opens, click on the Install macOS Sierra entry in the list of available sources and click Next. screen-shot-2016-09-29-at-11-03-49-pm Then, in the list of options, click on NetBoot Image and then click on the Next button. screen-shot-2016-09-29-at-11-04-09-pm At the License Agreement screen, click Agree. screen-shot-2016-09-29-at-11-04-35-pm Then provide an account name, short name and password in the Image Settings screen. Also choose the language of the user and select if you want the account to log in automatically. Once provided, click Next. screen-shot-2016-09-29-at-11-04-58-pm Next, select any profiles, packages or post-install scripts to run on the NetBoot image once created. Here, you can use a profile to deploy a printer, bind to Active Directory, or use a package to install software. Post-install scripts allow you to do pretty much anything you’d like to a system, provided it’s allowed by SIP. screen-shot-2016-09-29-at-11-05-14-pm At the System Configuration screen, choose how you’d like systems to receive names. Here, you can provide a name as a base for computers to get a computer name or you can use a file to deploy names. In most cases, you should also check the box for “Match to client after install.” Click Next once you’ve selected how this should occur. screen-shot-2016-09-29-at-11-05-36-pm At the Directory Servers screen, click on the plus sign if you’d like to bind the system to a particular directory server. screen-shot-2016-09-29-at-11-06-09-pm In this example, we’re binding to ad.krypted.com. Also provide an account with access to bind to where you’re binding. In this case, we’re using the built-in admin account for Active Directory. Click Add once you’ve provided the appropriate directory server and credentials. screen-shot-2016-09-29-at-11-06-31-pm At the Image Settings screen, provide a name for the image, as well as how the index number for the image is created. Note that each image should have a unique image index, so unless you’re storing your image on multiple servers, it’s best left at the defaults. Click Next. screen-shot-2016-09-29-at-11-06-45-pm At the Supported Computer Models screen, you can choose which models of computer you don’t wish to support for this image. We’re not doing that here, but it’s useful, for example, if you’d like to preclude desktops from an image. screen-shot-2016-09-29-at-11-06-58-pm At the Filter Clients By MAC Address, you can choose to explicitly allow or deny given MAC addresses for computers. We’re not going to do that as part of this workflow, so just click Next (unless of course you’d like to do that). screen-shot-2016-09-29-at-11-07-12-pm Then, when prompted, select a location to store the Disk Image, provide any tags to be applied to the files that comprise the image and click on Save. screen-shot-2016-09-29-at-11-07-50-pm The computer will then start creating the NetBoot set. Setup The NetInstall Service Once finished, it’s time to set up the NetInstall service in macOS Server. To get started, go back to the Server app. screen-shot-2016-09-29-at-11-08-25-pm First, define which disk will host NetBoot Images. To do so, click on the Edit Storage Settings button. At the Storage Settings overlay, select the volume that Images will be hosted as well as the volume that Client Data will be hosted. The Image is what you are creating and the Client Data is dynamic data stored in images. screen-shot-2016-09-29-at-11-08-58-pm If you only have one disk, as in this example, click on “Images & Client Data” for that disk. Then click on the OK button. Once you’ve selected a disk to store your image, we need to copy the disk image into the Library/NetBoot/NetBootSP0 folder of the disk used for images. screen-shot-2016-09-29-at-11-13-40-pm Once in the appropriate folder, click on the Edit button for Network Interfaces and select the appropriate network interface you wish to serve images over, and click OK. Refresh the Server app (Command-R) and provided the image was created and moved into the /Library/NetBoot/NetBootSP0 directory of a volume set to host images, the image will appear in the images list, with a green indicator light. screen-shot-2016-10-01-at-9-37-13-pm The green indicator light means the image is being served over the network. Double-click on an image. screen-shot-2016-10-01-at-9-39-03-pm At the image settings screen, you can select NFS over the default HTTP protocol for “Make available over”.Note, you can also restrict access to the image to certain models of Apple computers and/or certain MAC addresses by using the “Image is visible to” and “Restrict access to this images” options respectively. Additionally, use the Make this image available for diskless booting option to allow computers without hard drives to boot to the image. screen-shot-2016-10-01-at-9-39-24-pm Click on the OK button. Click on the image and then click on the cog-wheel icon. Click on “Use as Default Boot Image” to set an image to be the default images computers boot to when booting to NetBoot. Now, it’s as easy as clicking on the ON button. Do so to start the service. screen-shot-2016-10-01-at-9-37-19-pm Once started, open a Terminal window. Here, let’s get a status of the service using the serveradmin fullstatus option (along with the service name, which is still netboot from the command line): sudo serveradmin fullstatus netboot The output of which shows the various components, logs and states of components: netboot:state = "RUNNING" netboot:stateTFTP = "RUNNING" netboot:readWriteSettingsVersion = 1 netboot:netBootConnectionsArray = _empty_array netboot:logPaths:netBootLog = "/var/log/system.log" netboot:dhcpLeasesArray = _empty_array netboot:stateDHCP = "STOPPED" netboot:stateHTTP = "RUNNING" netboot:serviceCanStart = 1 netboot:timeOfSnapshot = "2016-09-27 02:07:32 +0000" netboot:stateNFS = "STOPPED" netboot:stateImageArray:_array_index:0:_array_index:0 = 1 netboot:stateImageArray:_array_index:0:_array_index:1 = 0 netboot:stateImageArray:_array_index:0:_array_index:2 = 0 netboot:stateImageArray:_array_index:0:_array_index:3 = 1 netboot:stateImageArray:_array_index:0:_array_index:4 = 2 netboot:stateImageArray:_array_index:1:_array_index:0 = 0 netboot:stateImageArray:_array_index:1:_array_index:1 = 0 netboot:stateImageArray:_array_index:1:_array_index:2 = 0 netboot:stateImageArray:_array_index:1:_array_index:3 = 0 netboot:stateImageArray:_array_index:1:_array_index:4 = 2 netboot:stateImageArray:_array_index:2:_array_index:0 = 0 netboot:stateImageArray:_array_index:2:_array_index:1 = 0 netboot:stateImageArray:_array_index:2:_array_index:2 = 0 netboot:stateImageArray:_array_index:2:_array_index:3 = 0 netboot:stateImageArray:_array_index:2:_array_index:4 = 2 netboot:stateImageArray:_array_index:3:_array_index:0 = 0 netboot:stateImageArray:_array_index:3:_array_index:1 = 0 netboot:stateImageArray:_array_index:3:_array_index:2 = 0 netboot:stateImageArray:_array_index:3:_array_index:3 = 0 netboot:stateImageArray:_array_index:3:_array_index:4 = 2 netboot:servicePortsRestrictionInfo = _empty_array netboot:netBootClientsArray = _empty_array netboot:servicePortsAreRestricted = "NO" netboot:setStateVersion = 1 netboot:startedTime = "2016-09-27 02:06:53 +0000" netboot:stateAFP = "STOPPED" And to start the service when not running: sudo serveradmin start netboot There are also a number of settings available at the command line that are not in the graphical interface. For example, to allow writing to the NetBoot share: sudo serveradmin settings netboot:netBootStorageRecordsArray:_array_index:0:readOnlyShare = no Or to get more verbose logs: sudo serveradmin settings netboot:logging_level = "HIGH" To stop the service: sudo serveradmin stop netboot In the beginning of this article, I mentioned that ways to configure NetInstall images. I’ll cover NetInstall and NetRestore in later articles as they tend to be more involved workflow-wise than copying a volume into a Network Disk Image. But to end this one, many an old-school admin might wonder where all the settings went that used to be in the GUI. Well, serveradmin still maintains a lot of the older stuff. To see a list of all available settings, run serveradmin with the settings verb and then netboot: sudo serveradmin settings netboot If there was a feature you want to use (e.g. maximum users), you should see it in the resultant list: netboot:netBootFiltersRecordsArray = _empty_array netboot:netBootStorageRecordsArray:_array_index:0:sharepoint = yes netboot:netBootStorageRecordsArray:_array_index:0:clients = yes netboot:netBootStorageRecordsArray:_array_index:0:volType = "hfs" netboot:netBootStorageRecordsArray:_array_index:0:okToDeleteSharepoint = no netboot:netBootStorageRecordsArray:_array_index:0:readOnlyShare = no netboot:netBootStorageRecordsArray:_array_index:0:path = "/" netboot:netBootStorageRecordsArray:_array_index:0:okToDeleteClients = yes netboot:netBootStorageRecordsArray:_array_index:0:volName = "Macintosh HD" netboot:netBootPortsRecordsArray:_array_index:0:deviceAtIndex = "en5" netboot:netBootPortsRecordsArray:_array_index:0:nameAtIndex = "USB 10/100/1000 LAN" netboot:netBootPortsRecordsArray:_array_index:0:isEnabledAtIndex = yes netboot:logging_level = "MEDIUM" netboot:filterEnabled = no netboot:netBootImagesRecordsArray:_array_index:0:RootPath = "NetBoot.dmg" netboot:netBootImagesRecordsArray:_array_index:0:IsInstall = no netboot:netBootImagesRecordsArray:_array_index:0:Kind = "1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:0 = "MacBookAir6,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:1 = "MacBookAir5,2" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:2 = "MacBookAir7,2" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:3 = "MacBookAir2,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:4 = "MacBookAir5,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:5 = "MacBookAir4,2" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:6 = "MacBookAir4,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:7 = "MacBookAir6,2" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:8 = "MacBookAir7,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:9 = "MacBookAir3,2" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:10 = "MacBookAir3,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:11 = "MacBookPro5,2" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:12 = "MacBookPro9,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:13 = "MacBookPro6,2" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:14 = "MacBookPro6,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:15 = "MacBookPro8,3" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:16 = "MacBookPro11,3" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:17 = "MacBookPro7,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:18 = "MacBookPro11,2" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:19 = "MacBookPro10,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:20 = "MacBookPro12,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:21 = "MacBookPro11,4" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:22 = "MacBookPro11,5" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:23 = "MacBookPro3,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:24 = "MacBookPro4,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:25 = "MacBookPro8,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:26 = "MacBookPro10,2" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:27 = "MacBookPro5,3" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:28 = "MacBookPro5,5" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:29 = "MacBookPro5,4" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:30 = "MacBookPro5,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:31 = "MacBookPro9,2" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:32 = "MacBookPro11,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:33 = "MacBookPro8,2" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:34 = "iMac14,2" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:35 = "iMac9,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:36 = "iMac7,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:37 = "iMac12,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:38 = "iMac11,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:39 = "iMac14,4" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:40 = "iMac11,3" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:41 = "iMac13,2" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:42 = "iMac15,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:43 = "iMac12,2" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:44 = "iMac8,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:45 = "iMac10,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:46 = "iMac13,3" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:47 = "iMac14,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:48 = "iMac14,3" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:49 = "iMac13,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:50 = "iMac11,2" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:51 = "Macmini5,3" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:52 = "Macmini5,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:53 = "Macmini4,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:54 = "Macmini5,2" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:55 = "Macmini3,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:56 = "Macmini6,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:57 = "Macmini6,2" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:58 = "Macmini7,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:59 = "MacBook8,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:60 = "MacBook7,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:61 = "MacBook5,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:62 = "MacBook6,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:63 = "MacBook5,2" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:64 = "MacPro3,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:65 = "MacPro5,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:66 = "MacPro4,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:67 = "MacPro6,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:68 = "Xserve3,1" netboot:netBootImagesRecordsArray:_array_index:0:Description = "NetBoot of OS X 10.11 (15A178w) Install (9.12 GB)." netboot:netBootImagesRecordsArray:_array_index:0:Name = "NetBoot of Install OS X 10.11 El Capitan" netboot:netBootImagesRecordsArray:_array_index:0:imageType = "netboot" netboot:netBootImagesRecordsArray:_array_index:0:Index = 3089 netboot:netBootImagesRecordsArray:_array_index:0:osVersion = "10.11" netboot:netBootImagesRecordsArray:_array_index:0:BackwardCompatible = no netboot:netBootImagesRecordsArray:_array_index:0:SupportsDiskless = no netboot:netBootImagesRecordsArray:_array_index:0:EnabledSystemIdentifiers = _empty_array netboot:netBootImagesRecordsArray:_array_index:0:Language = "Default" netboot:netBootImagesRecordsArray:_array_index:0:BootFile = "booter" netboot:netBootImagesRecordsArray:_array_index:0:IsDefault = no netboot:netBootImagesRecordsArray:_array_index:0:Type = "HTTP" netboot:netBootImagesRecordsArray:_array_index:0:Architectures = "4" netboot:netBootImagesRecordsArray:_array_index:0:IsEnabled = yes netboot:netBootImagesRecordsArray:_array_index:0:pathToImage = "/Library/NetBoot/NetBootSP0/NetBoot of Install macOS 10.12 Sierra.nbi/NBImageInfo.plist" netboot:afpUsersMax = "50" Boot to Your NetBoot Image Next, you’ll want to have a computer boot to the NetBoot image you just created. Once upon a time, you would use the bless command to select a path to an image that you wanted to boot to in order to do so. Or you’d just boot holding down the N key and let the system pick an image. As of OS X 10.11, due to SIP restrictions, you’ll use the csrutil command to set a NetBoot address, continuing into macOS 10.12. To do so, run csrutil followed by the netboot option and then the add verb, followed by an address. In the following example, we’ll set the system to boot to the NetBoot server at 10.0.0.10: csrutil netboot add 10.0.0.10 Once you’ve finished any NetBoot workflows, use the remove verb to remove that address: csrutil netboot remove 10.0.0.10 And to list any available NetBoot servers, use the list verb: csrutil netboot list Overall, all of this usually takes me a good 10 minutes of work, plus maybe up to half an hour of waiting for an image to create. You can use NetBoot to remotely boot systems, or NetInstall to remotely install systems. There are lots of articles out there (including here) on how to make sure clients can access these images over a network client, so I won’t rehash.

October 19th, 2016

Posted In: Mac OS X Server

Tags: , , , , , ,