Configuring DeployStudio 101: Part 2
Hi All, and welcome back to our series on configuring DeployStudio. Last time, we went over where you can find out information on DeployStudio and running the install on our Mac Server.
This ‘part 2’ looks to cover the configuration of the DeployStudio Repository and server. ‘Part 3’ should cover the configuration of the Netboot service and building of the DeployStudio NetBoot set. These should leave you with a fully functioning DeployStudio solution.
The usual Disclaimer:
While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.
OS Used: OS X Yosemite (10.10.5)
DeployStudio Used: 1.6.16
I will often be using “DS” as shorthand for “DeployStudio” throughout this series.
I will also be using “Repo” as shorthand for “Repository” throughout this series.
Step-By-Step: The Repo File Share
In a similar way to Casper (and I believe SCCM), DS utilises a network file share to host and access the data it uses during the imaging process. This is referred to as the DS Repository or DS Repo for short. I’ve seen some admins try to configure this as the same location as the NetBoot image store (more on that next time), but I would highly suggest treating it as every other kind of file share. Personally, I’ll create a “File Shares” directory on the non-boot / data volume of the server, which is what I’ll do for our example.
- In the Finder GUI, navigate to the root of your non-boot / data drive.
2. Create a new folder here called “File_Shares”. This will be used to host the server shares. My personal preference is to use underscores (“_”) in place of spaces in folders that system services or automation solutions may use, to minimise any risk if the related solution may have a bug!
3. Inside this folder, create another new one called “DS_Repo”
4. Now launch your Server.app from the dock or the Applications folder (“/Applications/Server.app”).
5. Once loaded, go to the “Users” section of the Server.app.
6. Click the plus (“+”) symbol to start the new account creation.
7. Enter “DS Repo Access” for the Full name (automatically filling in the Account Name with “dsrepoaccess”) and enter the desired password. This account will have read and write access to the DS Repo so should have a secure password. Do not click the “Allow user to administer this server” box, its not needed. Set the Home Folder option to “None – Services Only” and click “Create”.
8. Once created, go to the “File Sharing” section of the Server.app
9. By default, your log in account’s home folder is automatically configured for sharing.
10. I tend to remove this, simply by clicking the name, and clicking the minus (“-“) button, followed by the “Remove” button in the pop up window.
11. Now we’ll add our DS Repo folder to the file sharing. Click the plus (“+”) symbol.
12. In the Finder window, navigate to the “DS_Repo” folder we created in step 3.
13. Once found, select (not open!) the folder, and click the “Choose” button.
14. This will add the DS_Repo folder to the “Shared Folders” list in Server.app.
15. We now need to edit user access to the share. Select the share in the “Shared Folders” window and click the pencil icon (or double-click the share).
16. This will open the share settings page and show the default permissions assigned to the folder.
17. Optionally, you can disable SMB access to the share by un-ticking the “Share Over: SMB” box. I also set the primary group (in the example this is “Guests”) and everyone permissions to “No Access”. This is done by clicking the “Read Only” drop down menus next to each user and selecting “No Access”.
18. We now need to add our new “DS Repo Access” user to the Permissions list. In the same Window, click the plus (“+”) symbol.
19. This will add a new (blank) user to the top of the list. Click in the new box and start typing the first three letters of the user.
20. A dropdown box will list any user’s that match your text entry. Click on the “dsrepoaccess” user to add them to the list. Confirm the user has “Read & Write” access.
21. Once complete, click “OK”.
22. Right, the share’s been added and permissioned, the next step is enabling file sharing! Click the “OFF” slider in the top right to turn the service on.
23. And that’s it; you’ve successfully enabled and configured the DS Repo File Share!
Phew, that was a fair few steps (and a lot of work to post!). What next? Let’s get that DS Server Service configured, and up and running.
You can also quit the Server.app as we have no use for it for the remainder of part 2.
Step-By-Step: Configuring DeployStudio
24. Navigate to the “DeployStudio Assistant” shortcut, located in the Utilities folder (“/Applications/Utilities/DeployStudio Assistant”). Double click this to launch it.
25. A new window will pop up. The first thing it’ll do is complain that the DeployStudioServer is not running on this computer. As this is going to be our DS server, we kind of need it working! Click “Start”.
26. Once started, you’ll get another pop-up. Click “OK” to dismiss this.
27. And finally, you’ll be dumped into the DS Assistant wizard selection screen. As you can probably guess from the title of this blog, ensure “Set up a DeployStudio Server” is selected in the radio buttons, and click “Continue”.
28. The first screen will ask you for the address of the DS server to configure and fill in the default protocol (HTTP) and port (60080). These can be changed as part of this wizard. You’ll also be asked for a username and password. I’d suggest using the local admin details for now. Enter these and click “Continue”. Please Note: In the past we have had issues where a system proxy on the server has blocked the use of the DeployStudio Admin. Remember to add the server itself (typically via DNS name and / or IP) to the exclusions list in the relevant “Network” area of System Preferences.
29. Once connected, you’ll be asked if you’re setting up a master or replica DS server. As this is our first one, it will certainly be a master. Ensure the “a master” radio button is selected and click “Continue”.
30. Next Question: Do you want to setup a local folder or a network sharepoint for the DS Repo. If you want to host your Repo on a file share (as pair this guide) you should select “a network sharepoint” and click “Continue”. The second option is if you wish to serve the DS files from an externally attached Hard Drive.
31. Next Question: Where is this network sharepoint? Fill in the network protocol, server name and share name in the “URL” box. For example, my “demo-server.local” hosting a share called “DS_Repo” over AFP would be entered as “afp://demo-server.local/DS_Repo”.
Please Note: Ensure to use the Fully Qualified Domain Name for the server that the client devices can resolve. E.g. If your Mac server is ‘macserver.internal.amsys.co.uk’ then use this for the server address. You can also use an IP address if the client devices cannot resolve the DNS name, just be aware that you will need to re-run this wizard should that IP address change.
Also Note: you only need to enter the first letter of the protocol and the assistant will autofill the rest (e.g. enter “a” and it will autofill “afp://”).
32. Remember our “dsrepoaccess” user? Fill in its username and password in the “User” and “Password” boxes. Don’t worry about the other boxes for now and click “Continue”.
33. Next Question: Email notifications! You may enable this if you wish and select what kind of emails you wish to receive. This would prove handy if you’re having trouble catching the error message when running deployments. For this demo, we’ll not bother. Click “Continue”.
34. More Questions!! This time about the server connections. For this blog, we will leave these at their defaults (“No SSL encryption”, “Any”, “60080” and unticked). Click Continue.
a. The first options allow you to pick an SSL certificate to use to encrypt the DS encryption using HTTPS. This is recommended in a production environment, but is not required.b. The second and third options (“Interface”) allow you to modify the networking interface and port number DS uses for its communication. This is recommended if you have another service running on the default port and interface.
c. The last option (“Reject unknown computers”) will block any and all connection attempts from computers not already in the DS database. This option is useful for certain scenarios (say, to stop a user netbooting their personal device and running a workflow that wipes the internal Hard Drive) but sometimes causes more administration frustration then it prevents.
35. Another question (we’re nearly there)! This time regarding controlling who has permission to run the setup assistant (what we’re running), the DS Administration application (we’ll hopefully cover that in a later blog) and the imaging runtimes. This should be a group that the DS server itself can read the membership of. For this blog we will leave these blank (any user in the directories the server can read is allowed access to each application) but for production it is highly recommended that these be configured.
36. Next one, Multicasting! I’ve got to be honest, I haven’t yet had this work correctly and typically don’t bother anymore. It requires a fair bit of tweaking on both the DS server side and the networking side (so would require buttering up your networking tech), time that could be spent imaging Macs! However, if you can get it working correctly, this will both speed up your imaging, and reduce the network traffic it uses. For this blog, leave this as-is and click “Continue”.
37. We’re so close! Now, how do we want to identify our Mac devices individually? You can select either Hardware Serial Number or MAC Address. I would highly recommend using the first option, as this should be truly unique per Mac. With many Macs lacking an Ethernet interface and the use of USB to Ethernet and Thunderbolt to Ethernet adapters, many different Macs can actually have the ‘same’ MAC address as far as DS is concerned, so using the Serial Number is a better bet. Select this and click “Continue”.
38. Finally! Here you’ll have a screen asking if you wish to update the DS server with these settings. Click “Continue”.
39. Once saved, you’ll get a confirmation message. Click “OK” and quit the DS Assistant.
40. Right, all done. You can re-run the assistant as many times as required, however you may need to re-enter some details so make sure your documentation is up to scratch!
And that’s pretty much it. Congratulations you now have your DS server up and running.
Next time, we look at configuring a NetBoot set to work with your DS server, and how to configure the NetBoot service.
As always, if you have any questions, queries or comments, let us know below and I’ll try to respond to and delve into as many as I can. I’m especially eager to hear any feedback on this new series.