Tiny Deathstars of Foulness

The NetBoot service has allowed administrators of Mac OS X computers to leverage images hosted on a server to boot computers to a central location since OS X was first introduced by Apple. Since the very first versions of OS X, the service has been called NetBoot. In the Server app, Apple has added a number of options surrounding the NetBoot service. It is now called NetInstall.

The first step to configuring the NetBoot service is to decide what you want the NetBoot service to do. There are three options:

  • Create a NetBoot Image: Allows Macs to boot over the network to a disk image hosted on a server.
  • Create a NetInstall Image: Leverage NetBoot as a boot disk so that an image hosted on a server can be used to run an OS X installer.
  • Create a NetRestore Image: Leverage NetBoot as a boot disk so that you can restore a computer that has been configured over a network. Use this option to restore an image that has been prepared.

For the purposes of this example, we’re going to use an OS X Mountain Lion installer to boot an OS X computer over the network. The first step in doing so is to create a Network Disk Image. Before setting it up, download the Install OS X Mountain Lion installer app into the /Applications directory from the App Store.

To then set up the NetBoot disk image, often referred to as the NetBoot set, open the Server app and then click on System Image Utility from the Tools menu of OS X.

When System Image Utility opens, click on the Install OS X Mountain Lion entry in the list of available sources. Then, in the list of options, click on NetBoot Image and then click on the Continue button.

At the Image Settings screen, enter the name the NetBoot set will have in the Network Disk field. Then, enter a description of what is on the NetBoot set in the Description field. If the image will be served from multiple servers, check the box for “Image will be served from more than one server.”

Then provide an account name, short name and password in the Image Settings screen. Once provided, click Create to generate the Network Disk Image.

When prompted, click on the Agree button to accept the licensing agreement.

Then, when prompted, select a location to store the Disk Image and click on Save.

The computer will then start creating the NetBoot set. Once finished, it’s time to set up the NetInstall service in OS X Mountain Lion Server. To get started, go back to the Server app.

First, define which disk will host NetBoot Images. To do so, click on the Edit Storage Settings button. At the Storage Settings overlay, select the volume that Images will be hosted as well as the volume that Client Data will be hosted. The Image is what you are creating and the Client Data is dynamic data stored in images.

If you only have one disk, as in this example, click on “Images & Client Data” for that disk. Then click on the OK button.

Once you’ve selected a disk to store your image, we need to copy the disk image into the Library/NetBoot/NetBootSP0 folder of the disk used for images. Once in the appropriate folder, click on the Edit button for the Enable NetInstall on: field

Check the box for the interface you want to serve images over (if you only have one then it’s pretty obvious which interface this will be. Click on the OK button to save your settings. Then, click on the Images tab.

Each server can host multiple images. The Images tab displays a list of NetBoot images stored in the Library/NetBoot/NetBootSP0 directory. By default, images have a red indicator light. This means they’re not being served over any specific protocol yet. Double-click on an image.

At the image settings screen, check the box for “Make available over” and for many environments, select NFS as the protocol. Note, you can also restrict access to the image to certain models of Apple computers and/or certain MAC addresses by using the “Image is visible to” and “Restrict access to this images” options respectively.

Additionally, use the Make this image available for diskless booting option to allow computers without hard drives to boot to the image.

Click on the Done button and the image will appear as green in the list of images. Click on the image and then click on the cog-wheel icon. Click on “Use as Default Boot Image” to set an image to be the default images computers boot to when booting to NetBoot.

Now, it’s as easy as clicking on the ON button. Do so to start the service.

Once started, open a Terminal window. Here, let’s get a status of the service using the serveradmin fullstatus option (along with the service name, which is still netboot from the command line):

sudo serveradmin fullstatus netboot

The output of which shows the various components, logs and states of components:

netboot:state = "RUNNING"
netboot:stateTFTP = "RUNNING"
netboot:readWriteSettingsVersion = 1
netboot:netBootConnectionsArray = _empty_array
netboot:logPaths:netBootLog = "/var/log/system.log"
netboot:dhcpLeasesArray = _empty_array
netboot:stateDHCP = "STOPPED"
netboot:stateHTTP = "STOPPED"
netboot:serviceCanStart = 1
netboot:timeOfSnapshot = "2012-08-09 03:59:45 +0000"
netboot:stateNFS = "RUNNING"
netboot:stateImageArray:_array_index:0:_array_index:0 = 0
netboot:stateImageArray:_array_index:0:_array_index:1 = 0
netboot:stateImageArray:_array_index:0:_array_index:2 = 0
netboot:stateImageArray:_array_index:0:_array_index:3 = 0
netboot:stateImageArray:_array_index:0:_array_index:4 = 2
netboot:stateImageArray:_array_index:1:_array_index:0 = 1
netboot:stateImageArray:_array_index:1:_array_index:1 = 1
netboot:stateImageArray:_array_index:1:_array_index:2 = 1
netboot:stateImageArray:_array_index:1:_array_index:3 = 0
netboot:stateImageArray:_array_index:1:_array_index:4 = 2
netboot:stateImageArray:_array_index:2:_array_index:0 = 0
netboot:stateImageArray:_array_index:2:_array_index:1 = 0
netboot:stateImageArray:_array_index:2:_array_index:2 = 0
netboot:stateImageArray:_array_index:2:_array_index:3 = 0
netboot:stateImageArray:_array_index:2:_array_index:4 = 2
netboot:stateImageArray:_array_index:3:_array_index:0 = 0
netboot:stateImageArray:_array_index:3:_array_index:1 = 0
netboot:stateImageArray:_array_index:3:_array_index:2 = 0
netboot:stateImageArray:_array_index:3:_array_index:3 = 0
netboot:stateImageArray:_array_index:3:_array_index:4 = 2
netboot:servicePortsRestrictionInfo = _empty_array
netboot:netBootClientsArray = _empty_array
netboot:servicePortsAreRestricted = "NO"
netboot:setStateVersion = 1
netboot:startedTime = "2012-08-09 03:58:01 +0000"
netboot:stateAFP = "RUNNING"

And to start the service when not running:

sudo serveradmin start netboot

There are also a number of settings available at the command line that are not in the graphical interface. For example, to allow writing to the NetBoot share:

sudo serveradmin settings netboot:netBootStorageRecordsArray:_array_index:0:readOnlyShare = no

Or to get more verbose logs:

sudo serveradmin settings netboot:logging_level = "HIGH"

And last but not least, to stop the service:

sudo serveradmin stop netboot

In the beginning of this article, I mentioned that ways to configure NetInstall images. I’ll cover NetInstall and NetRestore in later articles as they tend to be more involved workflow-wise than copying a volume into a Network Disk Image.

August 9th, 2012

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , , , , , ,

  • Great article but there is one little thing I would like to add. With OS X Server 1.x it was already possible to netboot Mac OS 9 clients. The PowerMac G3 had a 4 Port 100MBit PCI Ethernet card which made it possible to boot up quite a few bondy blue iMacs.

    • Diskutant

      Did you try to boot OS 9 clients with a Server using Mountain Lion?
      I’m trying to get it running but had no luck so far. 🙁

      • I haven’t tried. I’ll look around the lab and see if I have any hardware that can run OS 9 and if so, I’ll try and figure it out…

  • I’m having trouble with SIU because it says that it cannot find valid sources despite the fact that I have current 10.7.4 and 10.8 installers in my /Applications folder. My server is RAIDed and has no Recovery partition. I found this article:

    My question… Is there any way around this? I kinda need both SIU and the RAIDed drive… (do other admins *not* RAID their servers?)….

    • I haven’t found a way around it. With RAID you don’t end up getting a Recovery Disk, which SIU now requires. Not my favorite thing. One thing that is nice though, you can run SIU from any machine and then just move the assets into NetBoot/the appropriate location on the filesystem as needed, which I think is what most of us do who also RAID drives. There are other issues with RAIDs as well. I should write a top 10 list on that, or something…

  • Jim

    I wonder if I can throw this out to the community and maybe get some advice.

    We have moved our NetBoot service to a newly minted Mountain Lion Mini. Everything works great on the local subnet but when moved to the data center I cannot netboot across subnets. We’ve setup the necessary IP helper address on all our switches and I can see the netboot images in the GUI when the machine is booted from the local hard drive. But it fails to see the images on startup with the Option key pressed. And fails to boot to the default image when N is pressed at boot. Any advice would be appreciated.

    • If you manually run bless will it boot to the NetBoot server?

  • Andy Boutte

    I have a new ML server setup (no migrated) with several NetBoots which are all bootable and working fine. None of them are working in diskless mode though. They all have the checkbox checked for enabling diskless and I can see the shadow file being created.

    I have set logging to HIGH but not seeing anything obviously in the logs. Is there anything else you can think of to look at to troubleshoot this issue?

    • I had an issue like this recently and it was with the permissions on the NetBootClients0 directory. Not sure if that will help with what you’re running into or now. But my issue was similar.

      Good luck!

  • Jake Baranski

    I can’t seem to get clients to detect my NetBoot server at all. I’ve been simplifying my network configuration down and down to make sure it’s not that. Now I have the server and client on the same subnet and I still can’t get it going. I can’t run the bless command because the client computer’s drive is completely blank currently. Do I still need to add DHCP helper if they are both plugged into the same router/switch? Is there another way I can test to see if the NetBoot server is actually broadcasting/reachable?


    • I would enable DHCP on the server temporarily and plug directly into it. If you boot holding down the option key you should then see the NetBoot set provided the client gets an IP, etc. You can also boot to an optical volume to verify you’re getting an IP if you don’t have a recovery volume.

      Good luck!

      • Jake Baranski

        I’ll give that a try. Some more information from the logs below:

        Sep 28 13:57:50 bootpd[7516]: server name
        Sep 28 13:57:50 bootpd[7516]: no available interfaces
        Sep 28 13:57:50 jbar-mac-pro[1] ([7516]): Exited with code: 2

  • Jake Baranski

    Another update. I hooked up the client to the server with a crossover cable and enabled DHCP. The NetBoot set popped up on the client and I selected it. However it just sat there for a lot time before rebooting and upon looking at the logs it just repeated the same 4 actions over and over.

    Sep 28 14:22:15 COMPUTER-NAME.DOMAIN.COM bootpd[8905]: BSDP INFORM [en0] 1,40:6c:8f:12:1c:21 arch=i386 sysid=MacBookPro9,1
    Sep 28 14:22:15 COMPUTER-NAME.DOMAIN.COM bootpd[8905]: NetBoot: [1,40:6c:8f:12:1c:21] BSDP ACK[LIST] sent pktsize 323
    Sep 28 14:22:15 COMPUTER-NAME.DOMAIN.COM bootpd[8905]: DHCP INFORM [en0]: 1,40:6c:8f:12:1c:21
    Sep 28 14:22:15 COMPUTER-NAME.DOMAIN.COM bootpd[8905]: ACK sent pktsize 300

    • That means it can’t find the gateway used in the DHCP lease. Set the gateway to the servers IP and it should fix that error. If it works, it’s almost definitely network infrastructure, btw.

  • Jake Baranski

    Thanks for your prompt replies! I finally got our network guys to set up DHCP on the subnet the real server was on and was able to image on the same subnet. Still having trouble on different subnets (even after blessing) but I’ll save that for another day.