DeployStudio 101 – Part 3 – NetBoot – NetInstall
This ‘part 3’ should cover the configuration of the NetInstall service and building of the DeployStudio NetBoot set. This should leave you with a fully functioning DeployStudio solution.
The usual Disclaimer:
While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.
OS Used: OS X Yosemite (10.10.5)
DeployStudio Used: 1.6.16
I will often be using “DS” as shorthand for “DeployStudio” throughout this series.
I will also be using “Repo” as shorthand for “Repository” throughout this series.
The NetInstall Service
So you’ve now got your DS server operational, can log in through the DS Admin application and can run the DS Runtime application locally and run workflows. But what if you want to restore your AutoDMG image to an entire classroom? Using one (or many) external imaging drives is a bit long and labour intensive. What we need is a network based boot image to use to image these devices in one big go (much like MDT)! For this, you will need the NetInstall service.
Step-By-Step: NetInstall Storage
1. On your Mac server, open up your Server.app either from the Dock or from the Applications folder.
2. The NetInstall service is under the “Advanced” section of the Server.app. Click the “Show” label next to the section to show these.
3. Once expanded, click the “NetInstall” service. This is where you can configure NetInstall and NetBoot images (previously called the “NetBoot” service).
4. The next step is to configure the storage location for both the NetBoot / NetInstall images, and the cache data that clients will write and read whilst the internal Hard Drives are imaging. Click the “Edit Storage Settings…” button.
5. You will see a dropdown window appear, showing a list of connected volumes that can be used. I would highly recommend keeping both the image and client data off the server boot drive as these can grow large, as well as requiring a lot of I/O that may slow the server down, as well as affect the imaging speed. I would also recommend using a faster internal drive, or an external hard drive connected over Thunderbolt. This will ensure the fastest possible speeds for imaging.
In this example, I’ll be using the “Data HD” drive. Click the drop down menu next to this and select “Images & Client Data”.
6. Once done, click “OK”.
7. You’ll not see any change in the main NetInstall window, however on your chosen storage volume, two new directories will be created:
- “/Volumes/Data HD/Library/NetBoot/NetBootClients0”
- “/Volumes/Data HD/Library/NetBoot/NetBootSP0”
8. The “NetBootClients0” directory is where a client device’s cache data is stored and will usually look after itself without any maintenance.
9. The “NetBootSP0” directory is where the NetBoot / NetInstall images should be copied (the entire “.nbi” folder).
Although going out of fashion with some Mac Admins, there is still reasonable use cases for NetBoot images. The typical gotchas are:
- You should build a NetBoot / NetInstall image from an OS that is from each of the devices you are going to be NetBooting. This is because often Apple will build and ship a modified OS (even with the same revision number) for a specific piece of hardware. Failure to use the correct OS can result in the device not booting to your NetBoot / NetInstall image, or even miscellaneous crashes and strange behaviour.
- If this is not possible (or highly impractical) then the other option is to build your NetBoot image from a device running an OS with the highest / latest OS build number. This will only work if Apple has released a unified OS build (which sometimes can take multiple OS updates). The OS build number can be checked through the System Profiler application in the Utilities folder.
- To further reduce the risk of hardware specific items being carried over to your NetBoot image, many Mac admins recommend building them from a Virtual Mac OS image. To complete this using my steps below, simply install the DS server tools into a VM and don’t bother starting the DS Server service.
Another point to Mac is the difference between NetBoot and NetInstall images:
- A NetBoot image is a full OS, ideal for diagnostic use and required for some solutions (such as the Casper Imaging solution).
- A NetInstall image is a highly cut down OS, typically missing a number of applications, features and frameworks. As it’s small and light, this is what DS creates when using the DS tools to build the image.
There is also a NetRestore image that I actually haven’t seen used in production, that is best thought of as a DS-light but lacks a lot of the DS features.
Step-By-Step: NetInstall Storage
10. Once again, fire up the DeployStudio Assistant application from the Utilities folder.
11. Select the “Create a DeployStudio NetBoot set” option. Click “Continue”.
12. You’ll see a summary page explaining what the wizard will do and some advice. Have a read of this, then click “Continue”.
13. All of the next options should be fine at their defaults.
a. “Source base system” – This will allow you to use other source volumes other than the boot drive. For this example, we will just use the boot drive. Leave this as “Current Boot Volume”.b. “System name” – This is the name of the NetInstall set. Change this as you wish but by default it’ll be ‘[DeployStudioRuntime]-[OS Version]’, e.g. “DSR-10105”.
c. “Unique identifier” – This number is the index number for the NetBoot image. If you are not using this same NetBoot image on multiple servers, it’ll need a unique number across all your NetBoot servers, between 1 and 4094. If you will copy this image onto multiple servers (for load balancing), you will need a number unique between different images, and between 4095 and 65535.
d. “Protocol” – This is the protocol used to mount the NetBoot OS volume. By default this is NFS on Macs. You shouldn’t need to change this.
e. “Language” – The language of the image. By default, this will be the same as the source OS and so I’d suggest not changing it.
f. “Network time server” – As the name implies, it’s the NTP server address for the image. Change if you wish but it shouldn’t cause an issue.
g. Once finished, click “Continue”.
14. Next page will ask about how you want the image’s DS Runtime application to connect to the DS Server. To ensure that the solution will work across subnets, I’d suggest not using the first “Bonjour” option and instead opting for the second “Specific Servers” option.
15. In the “Preferred” server box, fill in the address of the DS server (this is sometimes pre-filled if the Assistant detects the DS Server). Don’t forget to change the protocol (from HTTP to HTTPS) and the port number if you changed them whilst setting up the server. If you are running a replica DS Server, I’d suggest adding that server’s address in the “Alternative” box. If the first server cannot be contacted by the Runtime, this second one will be tried. If you are not running a replica server, I’d suggest putting the IP address of the DS Server in this second box, in case the image should have an issue resolving the DNS.
16. The last option is to disable version mismatch alerts. If you were to update the DS solution on the DS Server and not recreate the NetBoot image, when the device tried to connect to the DS server, it will complain that the Server is newer than the image. Often this will also stop you from proceeding with the imaging. I would always recommend keeping your DS server and NetInstall DS Runtime versions the same but this is not always practical. In light of this, I’d suggest ticking the “Disable mismatch alerts” box. Click “Continue”.
17. Now you’ll be asked to set a large number of authentication and energy saver related preferences for the NetBoot image. The first two boxes allow you to pre-fill the details for the Runtime connection to the DS Server. If you don’t fill these in, the imaging engineer will need to enter a username and password to view and run the workflows you have created. The environment and specific requirements would dictate if this can be filled in or left empty.
18. The next section can be used to specify an ARD user account. This will allow you ARD access to the NetBooted clients whilst they are imaging, handy for remotely checking on the progress. Extra benefit, if you use the same credentials you use to ARD to your deployed Macs, you can use your existing ARD saved computers without having to change any details! Fill these in as appropriate.
19. The next option (“Display Runtime log window by default”) is to do with when the Mac is running the workflows, the log file can be shown behind the main workflow item to ideally show you what’s happening and allowing you to easily troubleshoot any issues you may have. I’d recommend enabling this.
20. The last two options are related to the timeout on display sleep, and how long to wait, post-workflow, before rebooting the device. Set these as you wish and click “Continue”.
21. Here you’ll get another screen with more options. The first two (“Python” and “Ruby”), when ticked, will add the required modules for these languages into the NetBoot Image. You would use these if you had a Python or Ruby script that ran whilst a Mac was NetBooted. If you have these scripts running on the ‘postponed’ setting, this is not required.
22. The next few options are as follows:
a. “Custom TCP stack settings (if performance is disappointing)” – To be honest I’ve not used this option so can’t really comment on it.b. “Disable wireless support (faster boot)” – You can actually NetBoot Macs over wireless, but this is extremely slow and temperamental. I’d suggest leaving this ticked.
c. “Use SMB1 protocol by default (recommended, 10.9 only)” – This is something brought in as OS X Mavericks had issues with SMB shares. This option forced the NetBooted system to use SMB 1, which is much slower but more reliable in Mavericks. If you are using SMB to host your DS Repo, I’d suggest testing with this option on and off to see if it causes issues, either with reliability, or performance.
d. “Custom title” – This allows you to have a custom title for the DS Runtime window.
23. The last option, “Background image”, allows you to use a custom background image during the imaging process (but not for the deployed Mac). To set this, simple drag a PNG file onto the current image. Once complete, click “Continue”.
24. And finally, the last screen is asking where you’d like to save the NetBoot image folder (.nbi). I suggest leave this as the user’s desktop, and click “Continue”. Alternatively, if you are running this on the server itself (not something I’d tend to recommend), then you can save this direct to the NetBootSP0 folder (in this example “/Volumes/Data HD/Library/NetBootSP0”). If so, skip steps 28-30 below.
25. You’ll need to enter your local admin username and password to proceed. Do this and click “OK”.
26. This will now start running. You will see a new folder with the DS icon appear in your destination folder (set during step 24) with the same name you gave the NBI (in step13b.). Wait for this to finish. Depending on the speed of the drive the NBI is pulling from, this can take anywhere between 15 to 90 minutes.
27. Once it’s finished, you’ll be told so! Click “OK” and quit the DS Assistant application.
Extra Point on Creating DS NetBoot Images
As with most Mac Admin tasks and solutions, there are multiple methods to achieve the same goal. If you find yourself creating too many DS NetBoot sets and are looking to automate it, have a look at a script by Per OIofsson (creator of AutoDMG). It’ll take a number of options and an unbooted AutoDMG image and spit out a DS NBI set for you:
Step-By-Step: Configuring the NetInstall Service
So now we’ve got our completed ‘.nbi’ folder (or NetInstall image) on the desktop of our server. Let’s get it in the right place and get the service running!
28. Open a new Finder window and navigate to the NetBootSP0 folder (in this example “/Volumes/Data HD/Library/NetBootSP0”).
29. Drag the new ‘.nbi’ folder from the desktop, into this folder.
30. Wait for this to complete fully!
31. Close the Finder window and launch the Server.app, from either your Dock, or the Applications folder.
32. Go to the NetInstall service.
33. Here you’ll see our new NetBoot image. If it hasn’t turned itself on, turn on the NetInstall service using the
‘off / on’ switch in the top right corner.
34. To view some of the specific settings for this NetBoot image, either double click the image name, or select the image, then click the ‘action menu’ cog, followed by “Edit Image Settings…”
35. Here you can modify the protocol used to mount the NetBoot image, restrict the visibility of the image by model, MAC address and serial number, as well as change the image index. If you make any changes, click “OK” to save them and close the window.
36. The changes should apply automatically, but if you have reason to believe they haven’t, you can stop and start the service using the off / on switch again.
37. Lastly, you can set this specific image to be the default NetBoot image served from this server by selecting the image, then click the ‘action menu’ cog, followed by “Set as Default Boot Image”
38. That’s it. Your DS NetBoot image should now be operational and you should be able to NetBoot Macs, have them connect to you DS Server and perform workflow actions!
Ok, so you’ve followed the instructions above and you can’t NetBoot your devices, what’s the reason? Let me chuck some common issues and fixes at you.
My NetBoot set cannot be seen by devices on another Subnet?
This is a common one. The processes involved with NetBooting are based on / are DHCP and so, being a broadcast packet, these will not traverse subnets. You have three main options:
- Have a NetBoot server on each subnet – A lot of work and harder to maintain but possibly the only option directly within your grasp.
- Use the ‘bless’ command to target a NetBoot server, skipping all the discover bit – A bit more effort as you need to get each device booted to an OS, to run a command, to then image the device for deployment. Also this will get even more trickier in El Capitan (OS X 10.11)
- Sweet talk your Networking team to configure IP Helper statements on the switches in question.
Personally, the last option is the best option as it minimises the duplication of servers and therefore maintenance, but tends to be harder to get implemented. This is primarily because if your NetBoot server gets the full DHCP service operational, the IP helper would allow it to dish out IP addresses across all subnets with the IP helper.
An example of this configuration would be:
If your server is on VLAN 10 with IP address 172.16.10.100 and your client is on VLAN 20:
description Server VLAN
ip address 172.16.10.1
description Client VLAN
ip address 172.16.20.1
ip helper-address 172.16.10.100
I would suggest consulting your network equipment manuals to confirm this is correct for your equipment.
My Macs refuse to NetBoot?
There are two main possibilities that may cause this issue:
- OS version Vs hardware
- Networking Ports
OS Version Vs Hardware
As mentioned earlier in this blog, you will need to double check that the hardware you have didn’t ship with a newer build number for it’s OS, than what your NetBoot image is. If this is the case, you will need to rebuild your NetBoot image with the newer OS.
As you can imagine, there are a number of ports used for communication during the NetBoot process that shouldn’t be blocked. These typically are:
- UDP 67, 68 (bootpd / DHCP)*
- UDP 69 (tftpd / TFTP)*
- TCP 548 (AFP)
- TCP/UDP 2049 (NFS)
- TCP/UDP 111 (RPC)
- TCP/UDP 600-1023 (NetInfo)
- TCP 80 (HTTP)
Ports marked with a * are required, with the rest being required only depending on your exact configuration (source)
And that’s pretty much it. Congratulations you now have your DS server up and running and be able to use the NetInstall process to image your client devices.
I’ve currently got no further blogs planned for DeployStudio but plenty of possible ideas. Let me know if this is something you’d all be interested in!
As always, if you have any questions, queries or comments, let us know below and I’ll try to respond to and delve into as many as I can. Thanks again!