Issues with 2011 Macs and netboot.

[BartronParticipant]

[QUOTE][u]Quote by: airlocksniffer[/u][p]We actually got this to work. What we found is that the newer firmware cannot get an IP address while netbooting when the DHCP server is on another subnet and falls back to the internal drive. We fired up an old HP server for DHCP and put it, the lion server and client on the same subnet and it works fine. I need to test whether or not I can netboot when the client is on one subnet and the dhcp/lion server are on another. [/p][/QUOTE]

On a class b or class c?

Either way that would mean we would need something like an extra 10 tftp servers to service all locations not on the same subnet as the dhcp server.

Gives me something to test though, thanks for the info.

[airlocksnifferParticipant]

[QUOTE]Quote by: Bartron

On a class b or class c?

[/QUOTE]

Class C.

[csumbParticipant]

[QUOTE][u]Quote by: Bartron[/u][p][QUOTE][u]Quote by: airlocksniffer[/u][p]We actually got this to work. What we found is that the newer firmware cannot get an IP address while netbooting when the DHCP server is on another subnet and falls back to the internal drive. We fired up an old HP server for DHCP and put it, the lion server and client on the same subnet and it works fine. I need to test whether or not I can netboot when the client is on one subnet and the dhcp/lion server are on another. [/p][/QUOTE]

On a class b or class c?

Either way that would mean we would need something like an extra 10 tftp servers to service all locations not on the same subnet as the dhcp server.

Gives me something to test though, thanks for the info.[/p][/QUOTE]

ewww, going to scrounge up a box and try testing as well. If it does work thats not remotely scaleable for us but would be good to know that somehow when our core is handing off the DHCP traffic its dropping something that mac is expecting

[BartronParticipant]

[QUOTE][u]Quote by: csumb[/u]
ewww, going to scrounge up a box and try testing as well. If it does work thats not remotely scaleable for us but would be good to know that somehow when our core is handing off the DHCP traffic its dropping something that mac is expecting[/p][/QUOTE]

yeah. How’s limiting to a class C useful in any environment (outside a classroom). doesn’t make sense.

I have a mini so I’m going to run up a copy of OS X server as well and stick that on various subnets, run up wireshark and see what happens. I’m only in it for my own curiosity at this stage though.

Anyone would think Apple didn’t give a flying F about the enterprise market 😉

[gersteina1Participant]

Has anyone made any progress with this issue? We’re facing the same thing now – our DeployStudio image works fine (made from a MacBook Air that’s 3 weeks old, so it’s 10.7.3 based), but when we started getting ready for our changeover to Casper, the net booting stopped.

I believe our problem is related to the multiple subnets – I have a test NetBoot server at my desk and I can net boot affected machines when they’re in the same subnet, but the second I change to the (very much working in every other way) Netboot server in our data center, I just get the Apple logo, then the globe, then the “no” symbol, all in rapid succession. This is from the same NetBoot set that works on my test server.

[zmbarkerParticipant]

Bartron – I was wondering if you would provide me with the scripts and any other files that you created for your in-house deployments.  I read your posts from Feb and April and for the last month I have been trying to figure out how to duplicate your shell scripts and dmg solution.  I know this dmg/scripting solution is actually is the best solution for my environment the work servers are all MS server 2008.

[BartronParticipant]

Been away for a while and theres some new posts here 🙂

ok, here’s what I have going right now and it seems to work pretty well. Works as a network based install or can be made to be standalone.

Firstly go and get Packages from WhiteBox (free – http://s.sudre.free.fr/Software/Packages/about.html). I’ve fount it to be really easy to use, much more than package maker.

Next you want to write a script for the application you want to install. Some apps are just drag and drop from a DMG, some will be a .pkg or .mpkg.

For the drag and drop style apps I get the dmg into /tmp (one of two ways, will expand on later), mount it and copy the .app to /Applications
For example, for Firefox I script the folowing:

hdiutil attach -nobrowse /tmp/Firefox_16.0.1.dmg
cp -Rf /Volumes/Firefox/Firefox.app/ /Applications/Firefox.app
hdiutil eject /Volumes/Firefox
rm /tmp/Firefox_16.0.1.dmg


Then in Packages I create a payload for firefox and either include the DMG to deposit into /tmp or create a pre-flight script to download from a server via http. This lets me create either a small, lightweight installer that downloads everything else or create a big fat installer that includes all the files I need. The other cool thing about this way is I can create payloads that always get installed and payloads that are optional.

The script for a .pkg (or .mpkg) is similar. e.g. for installing Flash (required for my workplace)
hdiutil attach -nobrowse /tmp/install_flash_player_osx.dmg
installer -pkg /Volumes/Flash\ Player/Install\ Adobe\ Flash\ Player.app/Contents/Resources/Adobe\ Flash\ Player.pkg -target / -verboseR
hdiutil eject /Volumes/Flash\ Player/
rm /tmp/install_flash_player_osx.dmg

(for flass I also do the following
# ensure flash is set to auto update
mkdir /Library/Application\ Support/Macromedia
flashCfgFile="/Library/Application Support/Macromedia/mms.cfg"
echo "AutoUpdateDisable=0" > "$flashCfgFile"
echo "SilentAutoUpdateEnable=1" >> "$flashCfgFile"

# run flash auto update in the background
/Library/Application\ Support/Adobe/Flash\ Player\ Install\ Manager/fpsaud &

)

I code an individual install script for each app and setting and get installer to run them.

The I build to a flat .pkg which can either be downloaded from a server or put on a USB key. (pro tip, get yourself a developer certificate and you can tell Packages to sign the .pkg when you build it. Then you can leave gatekeeper setting alone)

One important thing to remember is the order in which Installer executes a .pkg. There is the payload, pre-install and post install scripts. Installer will first execute all the pre-install scripts. It will then copy the payloads and then execute the post-install scripts. So, if you have 10 payloads it will execute the pre-install scripts for all the payloads before copying the payloads to wherever you want them. Also the “time remaining” is calculated from running the pre-install scripts and copying the payloads. Once installer reaches the post-install scripts the time remaining skips to “about 1 minute” and will stay there until it finishes, regardless how long it actually takes.

so my setup is this:
pre-install – either download the app to install or otherwise prepare any necessary folders
payload – if present, dump to /tmp or in the case of things like default user profiles and company wallpapers to wherever they need to go
post-install – install the app and cleanup.

This is all probably way out of scope for what installer was designed to do but I don’t really care. It works for us and lets me provide a professional looking installer that takes a vanilla OS X install and turns it into a system ready to roll out.

I also do other stuff as part of the install like download and run a small app I wrote that re-names the computer and joins it to the domain (among other things). All up it takes about 15 minutes to complete about 1.8GB of installs (10 minutes of that is just Office 2011).

I’m not sure how much more detail I can go in to without getting into stuff specific to my organisation but that’s the basic gist of it. Takes be about half a day to go through all my payloads (about 23) and make sure all apps and settings are up to date and repositories have the latest versions, then I can forget about it for another month or two.

[BartronParticipant]

Update:

changing my apple class to the folowing appears to have worked:

class “Applei386” {
match if substring (option vendor-class-identifier, 0, 14) = “AAPLBSDPC/i386”;
if (substring(option vendor-class-identifier, 0, 14) = “AAPLBSDPC/i386”){
option dhcp-parameter-request-list 1,3,17,43,60;
filename “mac107-test/booter”;
if (option dhcp-message-type = 1) {
option vendor-class-identifier “AAPLBSDPC/i386”;
option vendor-encapsulated-options 08:04:81:00:00:67;
}
option root-path “http://foo.com/Resources/Images/stdimages/mac/NetRestoreTest.nbi/NetInstall.dmg”;
}
if (option dhcp-message-type = 8) {
option vendor-class-identifier “AAPLBSDPC”;
if (substring(option vendor-encapsulated-options, 0, 3) = 01:01:01) {
option dhcp-parameter-request-list 1,3,17,43,60;
filename “mac107-test/booter”;
option vendor-encapsulated-options
01:01:01:
09:0c:81:00:00:01:07:6e:65:74:62:6f:6f:74;
option root-path “http://foo.com/Resources/Images/stdimages/mac/NetRestoreTest.nbi/NetInstall.dmg”;
} else {
option dhcp-parameter-request-list 1,3,17,43,60;
filename “mac107-test/booter”;
option vendor-encapsulated-options
01:01:02:
08:04:81:00:00:01;
option root-path “http://foo.com/Resources/Images/stdimages/mac/NetRestoreTest.nbi/NetInstall.dmg”;
}
}
}

I get a kernel panic but at least it’s a panic from a kernel it’s downloaded. I haven’t updated the nbi for quite a while so I’m going to create a current netboot set and see how that goes.

Our process has moved on to not include netbooting but getting it working is always a bonus.

[Author]

Posts