Tag Archives: NetBoot

Mac OS X Server

Use NetInstall In Mavericks Server for System Imaging

The NetBoot service allows administrators of OS X computers to leverage images hosted on a server to boot computers to a central location and put a new image on them, upgrade them and perform automations based on upgrades and images. Since the very first versions of OS X, the service has been called NetBoot. In the Server app, Apple provides a number of options surrounding the NetInstall service, based on Automator-style actions, now calling the service NetInstall.

The first step to configuring the NetInstall service is to decide what you want the service to do. There are three options available in System Image Utility (available under the Tools menu of the Server app in OS X Server):

  • Create a NetBoot Image: Allows Macs to boot over the network to a disk image hosted on a server.
  • Create a NetInstall Image: Leverage NetBoot as a boot disk so that an image hosted on a server can be used to run an OS X installer.
  • Create a NetRestore Image: Leverage NetBoot as a boot disk so that you can restore a computer that has been configured over a network. Use this option to restore an image that has been prepared.

For the purposes of this example, we’re going to use an OS X Mavericks (10.9) installer running Server 3 to boot an OS X computer over the network. The first step in doing so is to create a Network Disk Image of 10.9, or the 10.9 installation media (which is the Install OS X Mavericks bundle for this example). Before setting it up, download the Install OS X Mavericks installer app into the /Applications directory from the App Store.

To then set up the NetBoot disk image (you can’t start the NetInstall service until you give it an image to serve), often referred to as the NetBoot set, open the Server app and then click on System Image Utility from the Tools menu of OS X.

Screen Shot 2013-10-07 at 1.29.50 PMWhen System Image Utility opens, click on the Install OS X Mountain Lion entry in the list of available sources. Then, in the list of options, click on NetBoot Image and then click on the Continue button.

Screen Shot 2013-10-07 at 1.30.19 PMAt the Image Settings screen, enter the name the NetBoot set will have in the Network Disk field. Then, enter a description of what is on the NetBoot set in the Description field. If the image will be served from multiple servers, check the box for “Image will be served from more than one server.”

Then provide an account name, short name and password in the Image Settings screen. Once provided, click Create to generate the Network Disk Image.

Screen Shot 2013-10-07 at 1.31.17 PMWhen prompted, click on the Agree button to accept the licensing agreement.

Screen Shot 2013-10-07 at 1.32.04 PMThen, when prompted, select a location to store the Disk Image, provide any tags to be applied to the files that comprise the image and click on Save.Screen Shot 2013-10-07 at 1.32.58 PMThe computer will then start creating the NetBoot set. Once finished, it’s time to set up the NetInstall service in OS X Mountain Lion Server. To get started, go back to the Server app.Screen Shot 2013-10-07 at 1.33.23 PMFirst, define which disk will host NetBoot Images. To do so, click on the Edit Storage Settings button. At the Storage Settings overlay, select the volume that Images will be hosted as well as the volume that Client Data will be hosted. The Image is what you are creating and the Client Data is dynamic data stored in images.

Screen Shot 2013-10-07 at 1.34.01 PMIf you only have one disk, as in this example, click on “Images & Client Data” for that disk. Then click on the OK button. Once you’ve selected a disk to store your image, we need to copy the disk image into the Library/NetBoot/NetBootSP0 folder of the disk used for images. Once in the appropriate folder, click on the Edit button for the Enable NetInstall on: field

Screen Shot 2013-10-07 at 1.38.36 PM

Check the box for the interface you want to serve images over (if you only have one then it’s pretty obvious which interface this will be. Click on the OK button to save your settings. Then, click on the Images tab.

Screen Shot 2013-10-07 at 1.57.25 PMEach server can host multiple images. The Images tab displays a list of NetBoot images stored in the Library/NetBoot/NetBootSP0 directory. By default, images have a red indicator light. This means they’re not being served over any specific protocol yet. Double-click on an image.

Screen Shot 2013-10-07 at 1.57.56 PMAt the image settings screen, check the box for “Make available over” and for many environments, select NFS as the protocol. Note, you can also restrict access to the image to certain models of Apple computers and/or certain MAC addresses by using the “Image is visible to” and “Restrict access to this images” options respectively. Additionally, use the Make this image available for diskless booting option to allow computers without hard drives to boot to the image.

Screen Shot 2013-10-07 at 1.58.57 PM

Click on the Done button and the image will appear as green in the list of images. Click on the image and then click on the cog-wheel icon. Click on “Use as Default Boot Image” to set an image to be the default images computers boot to when booting to NetBoot. Now, it’s as easy as clicking on the ON button. Do so to start the service.

Screen Shot 2013-10-07 at 1.59.32 PMOnce started, open a Terminal window. Here, let’s get a status of the service using the serveradmin fullstatus option (along with the service name, which is still netboot from the command line):

sudo serveradmin fullstatus netboot

The output of which shows the various components, logs and states of components:

netboot:state = "RUNNING"
netboot:stateTFTP = "RUNNING"
netboot:readWriteSettingsVersion = 1
netboot:netBootConnectionsArray = _empty_array
netboot:logPaths:netBootLog = "/var/log/system.log"
netboot:dhcpLeasesArray = _empty_array
netboot:stateDHCP = "STOPPED"
netboot:stateHTTP = "RUNNING"
netboot:serviceCanStart = 0
netboot:timeOfSnapshot = "2013-10-07 18:39:33 +0000"
netboot:stateNFS = "RUNNING"
netboot:stateImageArray:_array_index:0:_array_index:0 = 0
netboot:stateImageArray:_array_index:0:_array_index:1 = 0
netboot:stateImageArray:_array_index:0:_array_index:2 = 0
netboot:stateImageArray:_array_index:0:_array_index:3 = 0
netboot:stateImageArray:_array_index:0:_array_index:4 = 2
netboot:stateImageArray:_array_index:1:_array_index:0 = 0
netboot:stateImageArray:_array_index:1:_array_index:1 = 0
netboot:stateImageArray:_array_index:1:_array_index:2 = 0
netboot:stateImageArray:_array_index:1:_array_index:3 = 0
netboot:stateImageArray:_array_index:1:_array_index:4 = 2
netboot:stateImageArray:_array_index:2:_array_index:0 = 0
netboot:stateImageArray:_array_index:2:_array_index:1 = 0
netboot:stateImageArray:_array_index:2:_array_index:2 = 0
netboot:stateImageArray:_array_index:2:_array_index:3 = 0
netboot:stateImageArray:_array_index:2:_array_index:4 = 2
netboot:stateImageArray:_array_index:3:_array_index:0 = 0
netboot:stateImageArray:_array_index:3:_array_index:1 = 0
netboot:stateImageArray:_array_index:3:_array_index:2 = 0
netboot:stateImageArray:_array_index:3:_array_index:3 = 0
netboot:stateImageArray:_array_index:3:_array_index:4 = 2
netboot:servicePortsRestrictionInfo = _empty_array
netboot:netBootClientsArray = _empty_array
netboot:servicePortsAreRestricted = "NO"
netboot:setStateVersion = 1
netboot:startedTime = ""
netboot:stateAFP = "RUNNING"

And to start the service when not running:

sudo serveradmin start netboot

There are also a number of settings available at the command line that are not in the graphical interface. For example, to allow writing to the NetBoot share:

sudo serveradmin settings netboot:netBootStorageRecordsArray:_array_index:0:readOnlyShare = no

Or to get more verbose logs:

sudo serveradmin settings netboot:logging_level = "HIGH"

To stop the service:

sudo serveradmin stop netboot

In the beginning of this article, I mentioned that ways to configure NetInstall images. I’ll cover NetInstall and NetRestore in later articles as they tend to be more involved workflow-wise than copying a volume into a Network Disk Image. But to end this one, many an old-school admin might wonder where all the settings went that used to be in the GUI. Well, serveradmin still maintains a lot of the older stuff. To see a list of all available settings, run serveradmin with the settings verb and then netboot:

sudo serveradmin settings netboot

If there was a feature you want to use (e.g. maximum users), you should see it in the resultant list:

netboot:netBootFiltersRecordsArray = _empty_array
netboot:netBootStorageRecordsArray:_array_index:0:sharepoint = yes
netboot:netBootStorageRecordsArray:_array_index:0:clients = yes
netboot:netBootStorageRecordsArray:_array_index:0:volType = "hfs"
netboot:netBootStorageRecordsArray:_array_index:0:okToDeleteSharepoint = no
netboot:netBootStorageRecordsArray:_array_index:0:readOnlyShare = no
netboot:netBootStorageRecordsArray:_array_index:0:path = "/"
netboot:netBootStorageRecordsArray:_array_index:0:okToDeleteClients = yes
netboot:netBootStorageRecordsArray:_array_index:0:volName = "Mav"
netboot:netBootStorageRecordsArray:_array_index:1:sharepoint = yes
netboot:netBootStorageRecordsArray:_array_index:1:clients = yes
netboot:netBootStorageRecordsArray:_array_index:1:volType = "hfs"
netboot:netBootStorageRecordsArray:_array_index:1:okToDeleteSharepoint = yes
netboot:netBootStorageRecordsArray:_array_index:1:readOnlyShare = no
netboot:netBootStorageRecordsArray:_array_index:1:path = "/Volumes/Base_Image"
netboot:netBootStorageRecordsArray:_array_index:1:okToDeleteClients = yes
netboot:netBootStorageRecordsArray:_array_index:1:volName = "Base_Image"
netboot:netBootStorageRecordsArray:_array_index:2:sharepoint = yes
netboot:netBootStorageRecordsArray:_array_index:2:clients = yes
netboot:netBootStorageRecordsArray:_array_index:2:volType = "hfs"
netboot:netBootStorageRecordsArray:_array_index:2:okToDeleteSharepoint = yes
netboot:netBootStorageRecordsArray:_array_index:2:readOnlyShare = no
netboot:netBootStorageRecordsArray:_array_index:2:path = "/Volumes/New Volume 1"
netboot:netBootStorageRecordsArray:_array_index:2:okToDeleteClients = yes
netboot:netBootStorageRecordsArray:_array_index:2:volName = "New Volume"
netboot:netBootPortsRecordsArray:_array_index:0:deviceAtIndex = "en3"
netboot:netBootPortsRecordsArray:_array_index:0:isEnabledAtIndex = yes
netboot:netBootPortsRecordsArray:_array_index:0:nameAtIndex = "Thunderbolt Ethernet"
netboot:logging_level = "MEDIUM"
netboot:filterEnabled = no
netboot:netBootImagesRecordsArray:_array_index:0:imageType = "netboot"
netboot:netBootImagesRecordsArray:_array_index:0:IsInstall = no
netboot:netBootImagesRecordsArray:_array_index:0:Kind = "1"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:0 = "iMac10,1"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:1 = "iMac11,1"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:2 = "iMac11,2"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:3 = "iMac11,3"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:4 = "iMac12,1"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:5 = "iMac12,2"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:6 = "iMac13,1"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:7 = "iMac13,2"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:8 = "iMac13,3"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:9 = "iMac7,1"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:10 = "iMac8,1"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:11 = "iMac9,1"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:12 = "Mac-031B6874CF7F642A"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:13 = "Mac-27ADBB7B4CEE8E61"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:14 = "Mac-50619A408DB004DA"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:15 = "Mac-77EB7D7DAF985301"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:16 = "MacBook5,1"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:17 = "MacBook5,2"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:18 = "MacBook6,1"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:19 = "MacBook7,1"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:20 = "MacBookAir2,1"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:21 = "MacBookAir3,1"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:22 = "MacBookAir3,2"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:23 = "MacBookAir4,1"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:24 = "MacBookAir4,2"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:25 = "MacBookAir5,1"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:26 = "MacBookAir5,2"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:27 = "MacBookAir6,1"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:28 = "MacBookAir6,2"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:29 = "MacBookPro10,1"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:30 = "MacBookPro10,2"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:31 = "MacBookPro3,1"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:32 = "MacBookPro4,1"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:33 = "MacBookPro5,1"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:34 = "MacBookPro5,2"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:35 = "MacBookPro5,3"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:36 = "MacBookPro5,4"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:37 = "MacBookPro5,5"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:38 = "MacBookPro6,1"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:39 = "MacBookPro6,2"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:40 = "MacBookPro7,1"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:41 = "MacBookPro8,1"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:42 = "MacBookPro8,2"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:43 = "MacBookPro8,3"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:44 = "MacBookPro9,1"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:45 = "MacBookPro9,2"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:46 = "Macmini3,1"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:47 = "Macmini4,1"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:48 = "Macmini5,1"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:49 = "Macmini5,2"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:50 = "Macmini5,3"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:51 = "Macmini6,1"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:52 = "Macmini6,2"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:53 = "MacPro3,1"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:54 = "MacPro4,1"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:55 = "MacPro5,1"
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:56 = "Xserve3,1"
netboot:netBootImagesRecordsArray:_array_index:0:Description = "NetBoot of OS X 10.9 (13A598) Install (7.14 GB)."
netboot:netBootImagesRecordsArray:_array_index:0:Name = "NetBoot of Install OS X Mavericks"
netboot:netBootImagesRecordsArray:_array_index:0:pathToImage = "/Library/NetBoot/NetBootSP0/NetBoot of Install OS X Mavericks.nbi/NBImageInfo.plist"
netboot:netBootImagesRecordsArray:_array_index:0:Index = 1280
netboot:netBootImagesRecordsArray:_array_index:0:osVersion = "10.9"
netboot:netBootImagesRecordsArray:_array_index:0:BackwardCompatible = no
netboot:netBootImagesRecordsArray:_array_index:0:SupportsDiskless = no
netboot:netBootImagesRecordsArray:_array_index:0:EnabledSystemIdentifiers = _empty_array
netboot:netBootImagesRecordsArray:_array_index:0:Language = "Default"
netboot:netBootImagesRecordsArray:_array_index:0:BootFile = "booter"
netboot:netBootImagesRecordsArray:_array_index:0:IsDefault = no
netboot:netBootImagesRecordsArray:_array_index:0:Type = "HTTP"
netboot:netBootImagesRecordsArray:_array_index:0:Architectures = "4"
netboot:netBootImagesRecordsArray:_array_index:0:IsEnabled = yes
netboot:netBootImagesRecordsArray:_array_index:0:RootPath = "NetBoot.dmg"
netboot:afpUsersMax = "50"

Mac OS X Mac OS X Server

10 Features I Miss From Mountain Lion & Mountain Lion Server

Apple’s not going to slow down innovation just to make me happy. I get that. But what have I noticed most about the differences between Mountain Lion and Mountain Lion Server and their predecessors, and maybe what to do to get some of them back?

  1. Podcast Producer: I am going to just put it out there. I liked Podcast Producer. I hope it shows back up in the future, even though I’m controlling my expectations. As someone who deals with a lot of video, there are a number of features that were really helpful to me, with or without Xgrid. I’ve replaced the command line aspects with tools such as ffmpeg, which we used in addition to at times, but some of the ways that pcastaction did things were really elegant comparably. On the graphical side, much of the functionality is available in the various sites that produce video streams and of course, there’s always YouTube. Either way, in regards to Mountain Lion Server, this represents one of the most substantial changes for those of us that deal with video.
  2. DHCP: I know, I know… I wrote an article on how to keep using DHCP. That doesn’t mean that the lack of GUI options is any less irritating. Every time I manually edit a config file that should have a GUI front-end it makes me ornery. Not that I’m not always ornery, but that’s not the point here…
  3. RSS: This is more of a client thing. But Mail.app and Safari used to give me the ability to quickly and easily look at RSS feeds and handled them in a way that was very streamlined with my experience across the rest of the operating system. I am now using more and more Google Reader along with tools like Reeder, but I liked the fact that everything I needed for RSS madness was installed on even the test systems I used
  4. X11: I know, I know… Use XQuartz. It was nice having it built in though…
  5. Web Sharing: I guess the answer here is to just buy OS X Server. You can still fire up the LaunchDaemon and use Apache, but it’s a bit of a challenge. And the version in Server isn’t identical to Apache in Mountain Lion. There are two ways I’ve handled this. The first is to install Mountain Lion Server and then use the command `webpromotion demote` to switch the Apache configuration back to that of a client computer. The second is to fire up the LaunchDaemon directly using launchctl. If you’d like, there are also a number of free and/or 3rd party web servers, such as MAMP.
  6. Negative Mode: Well, I covered this already, and while the keystroke was gone, the feature never was – but here’s how to fix. Also, @sacrilicious turned me on to nocturne, which is pretty cool as well!
  7. iCal, Address Book and NetBoot: Actually, they’re now called Calendar, Contacts and NetInstall respectively. But still there. I actually like the renaming a lot, so I guess I don’t really miss any of them.
  8. Radius: OK, it’s there. Just command line only (unless you’re using an Apple AirPort). Maybe I should write an article about radius…
  9. The Server command line options: Actually, they just moved to a relative path to /Applications/Server.app/Contents/ServerRoot, as I mentioned here.
  10. Server Admin: I was going to say FTP, then I remembered it’s back. And then I remembered I never missed it in the first place. But dropping the remainder of the GUI tools for servers represents a bit of a challenge, mostly in figuring out how to do a few of the minor things, like enabling Server Side File Tracking, etc.
Mac OS X Mac OS X Server Mac Security Mass Deployment

Installing and Managing NetBoot Services in OS X Mountain Lion Server

The NetBoot service has allowed administrators of Mac OS X computers to leverage images hosted on a server to boot computers to a central location since OS X was first introduced by Apple. Since the very first versions of OS X, the service has been called NetBoot. In the Server app, Apple has added a number of options surrounding the NetBoot service. It is now called NetInstall.

The first step to configuring the NetBoot service is to decide what you want the NetBoot service to do. There are three options:

  • Create a NetBoot Image: Allows Macs to boot over the network to a disk image hosted on a server.
  • Create a NetInstall Image: Leverage NetBoot as a boot disk so that an image hosted on a server can be used to run an OS X installer.
  • Create a NetRestore Image: Leverage NetBoot as a boot disk so that you can restore a computer that has been configured over a network. Use this option to restore an image that has been prepared.

For the purposes of this example, we’re going to use an OS X Mountain Lion installer to boot an OS X computer over the network. The first step in doing so is to create a Network Disk Image. Before setting it up, download the Install OS X Mountain Lion installer app into the /Applications directory from the App Store.

To then set up the NetBoot disk image, often referred to as the NetBoot set, open the Server app and then click on System Image Utility from the Tools menu of OS X.

When System Image Utility opens, click on the Install OS X Mountain Lion entry in the list of available sources. Then, in the list of options, click on NetBoot Image and then click on the Continue button.

At the Image Settings screen, enter the name the NetBoot set will have in the Network Disk field. Then, enter a description of what is on the NetBoot set in the Description field. If the image will be served from multiple servers, check the box for “Image will be served from more than one server.”

Then provide an account name, short name and password in the Image Settings screen. Once provided, click Create to generate the Network Disk Image.

When prompted, click on the Agree button to accept the licensing agreement.

Then, when prompted, select a location to store the Disk Image and click on Save.

The computer will then start creating the NetBoot set. Once finished, it’s time to set up the NetInstall service in OS X Mountain Lion Server. To get started, go back to the Server app.

First, define which disk will host NetBoot Images. To do so, click on the Edit Storage Settings button. At the Storage Settings overlay, select the volume that Images will be hosted as well as the volume that Client Data will be hosted. The Image is what you are creating and the Client Data is dynamic data stored in images.

If you only have one disk, as in this example, click on “Images & Client Data” for that disk. Then click on the OK button.

Once you’ve selected a disk to store your image, we need to copy the disk image into the Library/NetBoot/NetBootSP0 folder of the disk used for images. Once in the appropriate folder, click on the Edit button for the Enable NetInstall on: field

Check the box for the interface you want to serve images over (if you only have one then it’s pretty obvious which interface this will be. Click on the OK button to save your settings. Then, click on the Images tab.

Each server can host multiple images. The Images tab displays a list of NetBoot images stored in the Library/NetBoot/NetBootSP0 directory. By default, images have a red indicator light. This means they’re not being served over any specific protocol yet. Double-click on an image.

At the image settings screen, check the box for “Make available over” and for many environments, select NFS as the protocol. Note, you can also restrict access to the image to certain models of Apple computers and/or certain MAC addresses by using the “Image is visible to” and “Restrict access to this images” options respectively.

Additionally, use the Make this image available for diskless booting option to allow computers without hard drives to boot to the image.

Click on the Done button and the image will appear as green in the list of images. Click on the image and then click on the cog-wheel icon. Click on “Use as Default Boot Image” to set an image to be the default images computers boot to when booting to NetBoot.

Now, it’s as easy as clicking on the ON button. Do so to start the service.

Once started, open a Terminal window. Here, let’s get a status of the service using the serveradmin fullstatus option (along with the service name, which is still netboot from the command line):

sudo serveradmin fullstatus netboot

The output of which shows the various components, logs and states of components:

netboot:state = "RUNNING"
netboot:stateTFTP = "RUNNING"
netboot:readWriteSettingsVersion = 1
netboot:netBootConnectionsArray = _empty_array
netboot:logPaths:netBootLog = "/var/log/system.log"
netboot:dhcpLeasesArray = _empty_array
netboot:stateDHCP = "STOPPED"
netboot:stateHTTP = "STOPPED"
netboot:serviceCanStart = 1
netboot:timeOfSnapshot = "2012-08-09 03:59:45 +0000"
netboot:stateNFS = "RUNNING"
netboot:stateImageArray:_array_index:0:_array_index:0 = 0
netboot:stateImageArray:_array_index:0:_array_index:1 = 0
netboot:stateImageArray:_array_index:0:_array_index:2 = 0
netboot:stateImageArray:_array_index:0:_array_index:3 = 0
netboot:stateImageArray:_array_index:0:_array_index:4 = 2
netboot:stateImageArray:_array_index:1:_array_index:0 = 1
netboot:stateImageArray:_array_index:1:_array_index:1 = 1
netboot:stateImageArray:_array_index:1:_array_index:2 = 1
netboot:stateImageArray:_array_index:1:_array_index:3 = 0
netboot:stateImageArray:_array_index:1:_array_index:4 = 2
netboot:stateImageArray:_array_index:2:_array_index:0 = 0
netboot:stateImageArray:_array_index:2:_array_index:1 = 0
netboot:stateImageArray:_array_index:2:_array_index:2 = 0
netboot:stateImageArray:_array_index:2:_array_index:3 = 0
netboot:stateImageArray:_array_index:2:_array_index:4 = 2
netboot:stateImageArray:_array_index:3:_array_index:0 = 0
netboot:stateImageArray:_array_index:3:_array_index:1 = 0
netboot:stateImageArray:_array_index:3:_array_index:2 = 0
netboot:stateImageArray:_array_index:3:_array_index:3 = 0
netboot:stateImageArray:_array_index:3:_array_index:4 = 2
netboot:servicePortsRestrictionInfo = _empty_array
netboot:netBootClientsArray = _empty_array
netboot:servicePortsAreRestricted = "NO"
netboot:setStateVersion = 1
netboot:startedTime = "2012-08-09 03:58:01 +0000"
netboot:stateAFP = "RUNNING"

And to start the service when not running:

sudo serveradmin start netboot

There are also a number of settings available at the command line that are not in the graphical interface. For example, to allow writing to the NetBoot share:

sudo serveradmin settings netboot:netBootStorageRecordsArray:_array_index:0:readOnlyShare = no

Or to get more verbose logs:

sudo serveradmin settings netboot:logging_level = "HIGH"

And last but not least, to stop the service:

sudo serveradmin stop netboot

In the beginning of this article, I mentioned that ways to configure NetInstall images. I’ll cover NetInstall and NetRestore in later articles as they tend to be more involved workflow-wise than copying a volume into a Network Disk Image.

Mac OS X Server

Changes in Mountain Lion Server

Mountain Lion Server is now available on the OS X App Store and as with the last few updates there are some things missing that you might be expecting and depending on. First up, three major services are gone: Podcast Producer, RADIUS and dhcp. You can still do dhcp as you always did with OS X client as those features work on OS X Server, but the more granular controls available in OS X Server are now gone. The biggest impact of dhcp is probably in testing NetBoot services when there are network issues and you need to prove to network admins that it’s the network and not your server…

I had written an article before about FTP still being in OS X Server from the command line, but now it’s back in the GUI, which should make many an administrator happy. NAT is also gone from the GUI, but natd and natutil are still available from the command line. Might as well just use the Sharing System Preference pane for such things though… Server Admin is now gone (long live Server Admin!) and Workgroup Manager is now a download to be performed and installed following installation. Support for Managed Preferences is gone, even though most manifests technically still work.

Many services also got some pretty nice updates. These include:

  • Calendar – There are a few updates on the client side, but not on the server side. Most notably, the option to publish calendars is now gone. If you used that, it’s time to get used to manually exporting, copying to a share and then distributing links. This is going to likely cause more use of the Calendar server itself, to some degree. Also, it’s not iCal or iCal Server, it’s now Calendar and Calendar server. Seems to me that this isn’t obviously an Apple-centric naming structure as with most other things they do, but sometimes you’re gonna’ have that…
  • Contacts – Nope, it’s not called Address Book server, it’s the Contacts service. Same with the client side application.
  • DNS – DNS management is moved into the Server application. You can also now restrict who you do lookups for in the GUI. Under the hood very little changes.
  • File Sharing – Nothing really changes with file sharing, except the wiki integration described in the Wiki section in a little bit.
  • Firewall – The firewall option is gone, as is the ipfilter at the command line, but pf is easy to configure from the command line.
  • FTP – It’s a quick and easy single share solution from the GUI. Using the sharing command there’s still tons available to administrators.
  • Mail – Authentication mechanisms and domains are in the GUI, but very little changes otherwise.
  • Messages – The service name has changed from iChat to Messages in the GUI but is still jabber from the command line. The big change with this service is that the client side is now able to leverage iCloud to instant message mobile devices as well. Therefore, the text messaging component is client-side and has no impact on the jabber service itself.
  • NetInstall – The “NetInstall” service is NetBoot. It can host NetRestore or NetInstall images, but the heavy lifting for that stuff is done in System Image Utility. And the output of the SIU commands are now more scriptable through the automator command line interface. The NetInstall screen is now in Server app and is a good port from Server Admin in that it’s similar in look and feel to the NetBoot screen in Server Admin. A feature that isn’t in the GUI is diskless NetBoot, which is fine because I documented how to do it when I realized it would be an issue for a few customers.
  • Open Directory – Given that Server Admin is gone, something had to happen with Open Directory. The Open Directory screens have been moved to Server app where it’s fast to setup and tear down Open Directory. Open Directory based Users and Groups are also created through the Server App, although Workgroup Manager can be downloaded and used still. Immediately following upgrades, the add and remove users buttons are gone for previously stand-alone hosts. Also the Manage Network Accounts option is now gone from Server app, replaced with the traditional ON button supplied by Apple for other services.
  • Profile Manager – This deserves its own post, which is in the queue, but suffice it to say that while you can’t tell when looking in Server app, there are a number of upgrades to Profile Manager.
  • Software Update – Management of the service is moved from Server Admin to Server app. There are now fewer options in the GUI, but the same in the command line. Cascading is a little different.
  • Time Machine – Time Machine server is the same… The versions option from the Time Machine Server preference pane is gone and the layout is a little changed, but the server component is identical in functionality as well as look and feel.
  • VPN – Unless you add another supported VPN protocol there’s not much to do after fixing most issues in 10.7.4. Except fixing the last issue with search bases, seemingly resolved as it’s working for me pretty well.
  • Websites – There are more options in the GUI for new sites. The default site appears twice (once for 80 and once for 443), but there are more options, such as the Web App functionality that comes with a default Python “Hello World” app. Also the server is still called web from the serveradmin command line, but is now called Websites through the GUI.
  • Wiki – The wiki has themes again, although they’re just color schemes. And you can create your own custom banners and upload, which brings back two of the most common feature requests from people that hack the look and feel of the wiki in versions previous to Lion. But the most substantial aspect of the Wiki to change to me is the document management options, available to users in WebDAV or through the portal. This allows for a very mobile-friendly file management tool. Blogs and wikis for the most part stay the same and have a very clean upgrade process from Lion. The command line tools also feature some new options for indexing, etc., which many will find helpful.
  • Xsan – cvadmin, cvlabel, cvversions, etc are now stored in /System/Library/Filesystems/acfs.fs/Contents/bin/ and Xsan has its own entry in the Server app. Despite hearing people question its future, I’ve never seen as many questions flying around about how to do things with Xsan than I do now. Storage sales are up, monkey chatter on the web is up, deployments are being booked and Xsan looks here to stay. The Server app only really shows you a status of things, but the Xsan Admin app is now embedded in the Server app and available through the Server app Tools directory.

Configuring Websites in Server app

The Alerts options are much more robust in Mountain Lion than they were previously. You  can now get alerts on a myriad of things, incuding certs, disks, space, storage quotas, virus detection, network changes and software updates.

Configuring Alerts in Mountain Lion Server

The Server commands also moved and in fact the whole file and folder structure mostly fit nicely inside of the Server app. There are certain things that haven’t been dealt with in this regard such as NetBoot’s library, but for the most part Apple is getting Server to the point where it’s very self-contained. The ramification of which is that upgrades for future releases (and from Lion to Mountain Lion for that matter) are much simpler. Simply downloading a new version informs administrators that the app has been replaced and is good to go, service data in tact. In real world, this has been a little hit or miss but should prove to make our lives much easier in the future.

Reducing scope, aligning with better development practices and all the work to merge all of the remaining services into Server app are huge undertakings. I would fully expect no further support or updates to Workgroup Manager, no more testing of managed preferences in deference to profiles and a few other culture shifts that still need to shake themselves out. Most of us are going to seem underwhelmed (if that’s a word, no it’s not ’cause I looked it up -> awesome video below –> ’cause affection has 2 fs, especially when you’re dealin’ with me). But here’s the thing, with an incremental update, you’re not going to get massive changes. Instead we will get slow and steady updates hopefully continuing to build faster towards a better end goal. What’s important is that the foundation is actually better now, given changes to other parts of OS X and so Server is likely now better positioned than ever for great new features in subsequent releases.

Oh, and did I forget to mention that Xgrid is gone. I guess no one really noticed anyway…

Mac OS X Server Mass Deployment

Allow Diskless NetBoot From the Command Line

Client systems don’t have to have drives. Nor should they, in certain circumstances. Therefore, diskless NetBoot has been a part of OS X since the early beginnings. And it’s great provided you have the Server Admin application handy. But if you want to enable/control diskless NetBoot without Server Admin then you’re going to need to use the command line.

Each of your NetBoot images will be stored in an array, which can be seen by running the serveradmin command, along with the settings option and then the net boot service, as follows:

serveradmin settings netboot

Locate the netBootImagesRecordsArray, which shows the images that are served up on the server. Find the appropriate one (most people tend to only have one) and then make sure that the SupportsDiskless option is set to yes.

serveradmin settings netboot:netBootImagesRecordsArray:_array_index:0:SupportsDiskless = yes

You can also set DisabledSystemIdentifiers, EnabledSystemIdentifiers, Type (type of file share), pathToImage, Architecture and use IsEnabled to enable and disable images programatically. This allows administrators to programmatically control NetBoot and therefore build custom imaging workflows that, for example, update the NetBoot set for NetRestore at the time of generating the NetRestore NetBoot set. It would also come in handy if any of these features were ever removed from the GUI…

public speaking

MacTech InDepth In New York

I have been added as a speaker at MacTech InDepth in New York. If you haven’t signed up yet, and you work with Mac OS X Server then you should really check out the sessions that have been planned:

  • The Elephant in the Room: The New Lion OS X is out, now what? There are a lot of differences to contend with between Lion and Snow Leopard. Now with the new Mountain Lion update, what changes can we expect to see? We discuss the differences in advanced services, GUI simplicity, and Apache management GUI’s. We help you understand the updates in the new OS and make the transition easier. We go over the new updates of Lion over the Snow Leopard server.
  • Setting solid foundations: To truly grasp the power of Lion, you need to set up solid foundations. We go over minimum requirements for internet DNS, and tackle router tricks. We discuss open directory and what it was used for.
  • Mobile Device Management 101: Apple’s IPCU/Apple Configurator: Mobile Device Management is vital to businesses, large or small. We have an extensive overview of profile manager and how you can use mobile device management on OS X. For those still using Snow Leopard, we go over your options and discuss the possibility of using third parties as a solution.
  • DNS, Ahh, run away, run away: In this session, we tackle DNS and break it down and show how simple it is to work with. We go over how DNS works and cover different components such as internet DNS and internal DNS.
  • Administering a Server with just Server.app: We show you how to use server.app and control administrative programs. For the services, we go over Address Book, iCal, iChat, and Mail.
  • Web Administration of OS X Server : Web Admin on Lion Server versus Snow Leopard is covered, dealing with the differences and how to use each system effectively. On Lion server, we cover using FTP without a GUI.
  • Going old school, using the old tools: After getting used to Snow Leopard we go over the major differences between Snow and Lion and how you can handle the transition. We go over server admin and what is still left in the program and why it has been left.
  • Deployment Part I: Tools & Concepts: In tools and concepts we learn that there aren’t stark differences between Lion server and Snow Leopard. NetBoot, NetRestore and third party tools are covered; we talk about how NetBoot works and what the differences between NetBoot and NetRestore are. Along with this we cover Network configuration requirements and using software update server.
  • Deployment Part II: DeployStudio: DeployStudio is covered in-depth; we cover creation techniques and management techniques.

Overall, this represents a nice, fast way to update your skills to allow for managing Lion Server and to get up to speed with those new to the platform. One thing I like about the session list is that it goes beyond the stock server implementation and looks at DeployStudio, MDM and other important topics not purely server oriented. I hope to see you all there!

These vagabond shoes, are longing to stray
Right through the very heart of it – New York, New York

Football Mac OS X Mac OS X Server Mac Security Mass Deployment Time Machine

2012 Penn State MacAdmins Conference

Don’t let the theft of the Paternoville sign fool ya’, State College is as safe as ever. That is, until a bunch of Mac guys descend on the Nittany Lion Shrine. Yes, it’s that time of the year again when Mac guys from around the world (and yes, all of the speakers are male) descend upon Pennsylvania State University from throughout the Big 10 and beyond to discuss the Penn State mascot, the Nittany Lion. Actually, it’s a mountain lion, so we can’t discuss it quite yet at that point, but we can talk about a slightly bigger cat: Lion.

Lion deployment, scripted tools, Munki, InstaDMG, Puppet, migrations, “postPC,” PSU Blast, Dual Boot, NetBoot, reboot (just threw that in there because it sounded like it fit, but I’m sure much rebooting will be done anyway) and even iOS. Oh, and don’t forget lecture capture, launchd, monitoring, scripting, Boot Camp via BitTorrent (wait, what?), Damn Logs, Subversion (long live git), IPv6 (long live IPv4), DeployStudio (long live the French), Reposado (long live the mouse), Luggage, Casper (long live Minnesota!), ARD (long live the friggin’ App Store), troubleshooting, FileVault (long live Howard Hughes’ legacy), Tivoli (long live that 1984 video), Munki (crap, I already said that) and even iPad (which runs iOS I think).

Overall, the lineup is superb and looking at it, I am honored to be giving a session on Lion Server amidst all the cool stuff going on around me. I’m very impressed with the number and level of speakers and very excited to be a part of it. I’m also excited to be participating with Allister Banks, a cohort from 318, who will be giving talks on InstaDMG and Munki. Overall, it is sure to be a great conference and I look forward to hopefully seeing you all there if I don’t get arrested at the airport for wearing University of Minnesota socks.

Speaking of the Big 10. Did you know there are 12 teams in the Big 10? Did you know the Big East now has teams in Idaho and California? Did you know that the Big 12 has 10 teams? Did you know that the Pac 12 has 4 teams in 3 states that don’t touch the Pacific ocean? What does all this mean? No, it does not mean that we will discuss basic arithmetic and geography at the conference; however, we might show off some apps that can help the math professors at the member institutions of these higher education conferences teach these basic subjects a bit better. Disclaimer: I went to the University of Georgia and am required by having done so to poke fun at other conferences whenever it is possible. Having said that: how many Georgia programmers does it take to change a light bulb?


They can’t, it’s a hardware problem! OK, terrible joke. So here’s a picture of the Georgia mascot chomping down on an opposing (Auburn) player.

Seems like I’m going through football season withdrawals all of a sudden… Point of all this, go to the conference. It’s sure to be a hoot, and I’m sure there will be plenty of talk about football, er, I mean Mountain Lions, er, wait, I mean Mac OS X and iOS!

Mac OS X Mac OS X Server Mass Deployment Network Infrastructure

Use ARD to Restart to NetBoot Server

It’s summer! And at many schools that means that the kids are gone and it’s time to start imaging again. And imaging means a lot of rebooting holding down the N key. But wait, you have ARD access into all those computers. And you have automated imaging tools. This means you can image the whole school from the comfort of your cabin out by the lake. Just use ARD and a little automation and you’ll be fishing in no time!

If you haven’t used the bless command to restart a client to NetBoot server then you’re missing out. The bless command is used to set the boot drive that a system will use. It comes with a nifty –netboot option. Define the –server and (assuming you have one nbi) you can reset the boot drive by sending a “Unix command” through ARD:

bless --netboot --server bsdp://192.168.210.9; restart

I added the restart for posterity. This is something everyone with an automated imaging environment really needs to put into their ARD command templates! Now, that all works fantastic in a vanilla environment. But in more complex environments you will need potentially more complex incantations of these commands. Well, Mike Bombich wrote all this up awhile back and so I’ll defer to his article on nvram and bless here to guide you through any custom settings you’ll need. It’s a quick read and really helpful. What else are you gonna’ do while you’re fishing anyway… BTW, if you have more than three beers, please put the MacBook down. And if you don’t, at least close both terminal and ARD. And email. And iChat. Actually, just close the machine now…

Mac OS X Mac OS X Server Mass Deployment Unix Windows XP

DHCP Leases Expanded

DHCP provides IP addresses to clients. DHCP is critical to a number of Mac OS X Server technologies, most notably with NetBoot. In doing so, communications are comprised of 4 steps: Discovery, Offer, Acceptance, and Acknowledgment. In the Discovery step, a computer that needs an IP address sends a broadcast request to the environment. These typically remain local, although most routers will allow for configuring the gateway in such a way that UDP traffic is forwarded on to other subnets. The request also includes all of the options that the client will need, with options being anything beyond an IP address, each potential option with a numerical identifier per this list (defined in various RFPs).

In the second step, any DHCP servers that received the request will issue an offer, which includes a number of DHCP options, such as a subnet mask (option 1), a gateway (option 3), DNS servers (option 6), amount of time a lease is valid for (option 51), the IP of the DHCP server making the offer (option 54). For example, WINS is two options, 44 & 46 (server and type respectively) that can be provided to clients as is LDAP (option 95). Available options are determined based on any reservations that may have been filed. For example, if an IP address has been reserved for a specific MAC address then the IP will always be the IP reserved.

Because environments can have multiple DHCP servers the Transaction ID will determine which offer to accept. The servers that issued an offer will hold the IP address from the offer until they receive the response that another offer is being accepted and then move those back into their pool of available IP addresses. In step 3, Acceptance, the DHCP client will notify the server whose lease it accepts in the form of a DHCP Request, and those whose lease it will pass on. The Acceptance is actually a request for the IP address that is being held for the MAC address in question.

Based on the Acceptance, the options are then applied in an acknowledgement sent back to the client from the server that it indeed has the IP address and all of the pertinent options required. All of this typically happens in under a second and therefore, you plug in your computer and it gets an IP address; unless you’re running wireshark to look at what’s happening beneath the scene you typically just assume that that’s all there is to it… The most powerful part of DHCP though is in the options, which shows that great thought was given to the protocol when it was conceived. These extensions provide for anything from NTP servers to SMTP servers provided that the client and the server support the implementation.

Mac OS X Mac OS X Server Mass Deployment

Bootp Relaying & Troubleshooting NetBoot

I’ve seen a couple of posts on groups recently with people asking why they’re unable to NetBoot clients. Personally, I always verify that clients are able to obtain a DHCP lease and that the NetBoot server shows up in the Startup Disk System Preference pane. Provided those two things work then you will usually be able to NetBoot. Both of these can be verified when booted from an installer or an installed system (checking both never hurt anyone).

Next, break out your crossover cable (well, many a Mac doesn’t need one any more). If you can NetBoot when connected directly to a server then you’re usually looking at an infrastructure issue, be it routing and subnets or switching. Make sure the server can serve up DHCP though, since clients are required to get DHCP leases to NetBoot.

If you can’t NetBoot when connected directly to the server then I usually look at the image. If you manually restore an image to the client system will it boot a client? This often points us in the direction of looking at some kind of problem with the build train of the client being newer than the image, a MAC or machine type filter, etc. This same question can often be answered by using an older machine that you know is either part of the MAC or machine type filters. If the client can boot with the image restored to it and no other clients can boot NetBoot, even when connected directly to the server (or on a flat switching & routing topology) then make sure that DHCP is on.

Those are the most basic steps. But what if you’ve got multiple subnets? Then the bless command may very well be your friend. Not very scalable? Well, then look at configuring bootp relays. Bootpd is built into every Mac. Simply open up the /etc/bootp.plist and look for the keys to enable a relay (relay_enabled and then relay_ip_list, which is actually an array). Configure those as needed and launchctl to start bootpd. Still having problems, launchctl to stop and unload bootpd and then use /usr/libexec/bootpd -dv to start bootpd again. This gives you lots and lots of logs. Find the client in the DHCP table, figure out the DHCP and watch the conversations from the client. No conversation, you’re still not finding the NetBoot server. If there is a conversation then the problem will manifest itself in the verbose output for bootpd.

There’s bound to be tons of other things, but I would wager that the steps above help me in 99% of the cases I’ve seen, so I hope they’ll help you too.  Happy NetBooting!