[thegooch49]

Hi, I actually got this figured out in my image. I modified my instaDMG script to enable root. There are a couple mechanisms here. First, instaDMG installs the password hashes in a temporary spot on the HD. I put them here:

/var/db/shadow/hash/RootHash
/var/db/shadow/hash/TempHash

When the instaDMG script runs at bootup, it creates a user called locadmin. It then adds locadmin to be an admin. It then enables root with the dsenableroot command (see below). It uses the locadmin password that is in the script in plain text. Once that is done, I overwrite the hash for both locadmin AND root with my custom hash form the temporary locations (see above).

Although the locadmin password is in plain text in this script, it’s immediately overwritten with the hash containing my real password. So my actual password is never hanging around as plain text. This has worked wonderfully for me.

[code]#Make the account
/usr/bin/dscl . -create Users/locadmin
/usr/bin/dscl . -create Users/locadmin home /Users/locadmin
/usr/bin/dscl . -create Users/locadmin shell /bin/bash
/usr/bin/dscl . -create Users/locadmin uid 501
/usr/bin/dscl . -create Users/locadmin gid 501
/usr/bin/dscl . -create Users/locadmin realname “Local Admin”
/usr/bin/dscl . -create Groups/locadmin
/usr/bin/dscl . -create Groups/locadmin gid 501
/usr/bin/dscl . -passwd Users/locadmin “temppass”

#Make this useful! Add locadmin to the admin group
/usr/bin/dscl . -append /Groups/admin GroupMembership locadmin

#Enable root, using the bogus password before it’s changed
/usr/sbin/dsenableroot -u locadmin -p temppass -r bork

#Force GUID upon locadmin account
#This allows a hash file to be put in /var/db/shadow/hash
/usr/bin/dscl . -create Users/locadmin generateduid 000F740-88B5-4F3D-9AFC-86S61CBD1495

#Move the hash to set the password for the locadmin
cp /var/db/shadow/hash/TempHash /var/db/shadow/hash/000F740-88B5-4F3D-9AFC-86S61CBD1495

#Move the hash to set the password for the root account
cp /var/db/shadow/hash/RootHash /var/db/shadow/hash/FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000000[/code]

[thegooch49]

Thanks Patrick, I’ll look into ‘post actions’. We actually use cfengine do distribute files, but its used for configuration mostly. It’s not really suitable to use to push out apps.

[thegooch49]

Thanks for the help Rusty. I think I’ll give this a shot, and I’ll post what works here.

It seems like this would be helpful to you as well. You said you have 5 images that you use (with varying apps) for your macbooks. If the latest firefox comes out, that is 5 images for you to update. It would be quicker to bundle firefox into a package, and just install that package targeting your images. The alternative would be to put the new firefox into the instaDMG file tree, and re-compile 5 images.

Anyway, I’m going to write a script and if things work well, I’ll post it here.

[thegooch49]

Hmmm….I hear what you guys are saying. Thanks for the input. I think I’ll be updating the images for application point updates, like an updated Firefox or Adium. I can totally see how running an Apple system update might stomp over custom updates. It doesn’t really seem worth the time to re-run instaDMG for a minor point upgrade for one of these apps. At the same time, I want the image that I deploy to have the latest application updates on it.

This is kinda deviating from my initial question, but are you guys all truly able to use one image? For all hardware? I love that you can simply just run instaDMG overnight, but can still consume some time. Maybe I have engineered something wrong along the way. I am not able to have a universal image between all hardware. I have a PPC image, and an Intel image for one. Why? There are a couple of apps that are not yet universal. The 2 that I have are MacPorts and Acrobat Reader. If I install the Intel version of MacPorts, it will not run on a PPC and vice versa. Same with Acrobat Reader. These 2 apps made me split my images so that I now have PPC and Intel images. I’m sure I could engineer some way to install those 2 applications after the fact so it’s truly a universal image, but that would just take up more time AFTER I’ve imaged the system. MacPorts for 1 takes some time to sync it’s index files. I then use it to install cfengine. I would then have to install Acrobat Reader, and update it. This would take significant time post image, and I would rather do it during the image creation (resulting in 2 diffn’t images).

To split things even further, we just got a MacBook air. The 10.5.2 ASR image I made off of my 10.5.2 retail DVD didn’t work on this system. I had to run instaDMG on the MB Air, using it’s system restore CDs. This gives me a 3rd image. When Firefox 2.0.0.18 comes out, I don’t necessarily want to re-compile and run instaDMG on 3 different systems to update my image. Sure, it runs overnight and is painless, but it’s still time consuming.

I would love some advice.

Thanks a bunch for the help!

[thegooch49]

[quote][i]Some good news. I’m able to run InstaDMG on the MacBook Air disks from a Mac Mini. This allows me to skip about a dozen Apple Updates I had to apply when using the retail disk. I am also able to boot from the build on a MacBook. I’ll take the build around and try to boot it on a variety of systems to see how it performs.[/i][/quote]

What was the trick to make this work? I tried to image using Air disks on a Mac Pro, and it was no go. Did you modify your instaDMG script?

[thegooch49]

I made a slight modification after finding that my if statement wasn’t working. The code below does the trick.

[code]
# Install the Developer Tools
# If disk 2 is mounted, it will install off of that.
# If it’s running off of the Retail DVD, it will nstall from there.
install_DevTools() {
/bin/echo $CREATE_DATE >> $LOG_FILE
/bin/echo $CREATE_DATE >> $PKG_LOG
/bin/echo “Beginning Installation of Developer Tools” >> $LOG_FILE
/bin/echo “Beginning Installation of Developer Tools” >> $PKG_LOG
if [ -d /Volumes/Mac\ OS\ X\ Install\ Disc\ 2/Xcode\ Tools/]
then
/usr/sbin/installer -verbose -pkg “/Volumes/Mac OS X Install Disc 2/Xcode Tools/XcodeTools.mpkg” -target $CURRENT_IMAGE_MOUNT -lang en >> $LOG_FILE
else
/usr/sbin/installer -verbose -pkg “$CURRENT_OS_INSTALL_MOUNT/Optional Installs/Xcode Tools/XcodeTools.mpkg” -target $CURRENT_IMAGE_MOUNT -lang en >> $LOG_FILE
fi
}
[/code]

[thegooch49]

[quote]
mdspidle wrote:

I’m curious to find out what commands you are using to set some of the items you mentioned. ie NTP, SSH, etc. I’ve captured the files and created a package for some things but other won’t stick. Looking for an alternative to set things like, Bluetooth prefs, Sharing prefs, Software Update prefs etc.

[/quote]

Response:

Have you run systemsetup? It’s new to 10.5 client. I believe that it was in 10.4 server, but I’m not exactly sure. These are the commands that I use, but there are many more. Run systemsetup -help for a full list. It’s pretty brilliant, and works perfectly with instaDMG.

systemsetup -setnetworktimeserver ntp1.mydomain.com
systemsetup -setusingnetworktime on
systemsetup -setremotelogin on
systemsetup -setcomputersleep Never
systemsetup -setdisplaysleep 30
systemsetup -setharddisksleep Never

[thegooch49]

Hi, there is no reason why it wouldn’t work in the instauser script. I just seperate my instauser and postinstall script. My instauser script is static, and never changes. I use a post install script to run stuff that is constantly changing (list of administrators, etc).

[thegooch49]

Hi, great tip! I actually made another function for the developer tools. The line you posted works fine if you are running this off of a retail DVD. It wouldn’t work with the 2 disk system restore disks. This function quickly checks which type of install is running, and installs it off of the DVD if it’s retail, and disk 2 if it’s system restore disks.

[code]# Install the Developer Tools
# If disk 2 is mounted, it will install off of that.
# If it’s running off of the Retail DVD, it will nstall from there.
install_DevTools() {
/bin/echo $CREATE_DATE >> $LOG_FILE
/bin/echo $CREATE_DATE >> $PKG_LOG
/bin/echo “Beginning Installation of Developer Tools” >> $LOG_FILE
/bin/echo “Beginning Installation of Developer Tools” >> $PKG_LOG
if [ -d /Volumes/Mac\ OS\ X\ Install\ Disc\ 2/Xcode\ Tools/XcodeTools.mpkg ]
then
/usr/sbin/installer -verbose -pkg “/Volumes/Mac OS X Install Disc 2/Xcode Tools/XcodeTools.mpkg” -target $CURRENT_IMAGE_MOUNT -lang en >> $LOG_FILE
else
/usr/sbin/installer -verbose -pkg “$CURRENT_OS_INSTALL_MOUNT/Optional Installs/Xcode Tools/XcodeTools.mpkg” -target $CURRENT_IMAGE_MOUNT -lang en >> $LOG_FILE
fi
}
[/code]

I then added install_DevTools after install_system where the functions are called. This worked great for me.

[thegooch49]

Hello, I used logGen and pkgGen, and created my own package for these. It works fine to my knowledge, I haven’t had any problems yet. If you need some guidance, there is a link below that will help.

http://blog.irisink.com/?p=106

[thegooch49]

I ran my instadmg script with all my custom packages from the 8-core mac, and it worked like a charm! Good to know that creating images w/ a system restore disk, might be best done on the class of machine that you are targeting.

[thegooch49]

Hi, I had one more discovery along these lines. I got a new 8-core mac, which came with 10.5.1 on the grey system restore CDs. I imaged the disks, and ran my instaDMG script from my older, 4-core MacPro. The terminal output the following error:

installer: Error – This software cannot be installed on this computer.

The script eventually exited, and I was left with a 1GB image in the ASR_output folder. It’s basically all of my custom packages (applications), with a very bare /System folder. I’m going to re-run this on the 8-core mac, since it appears that the installer is hardware specific. Also note that I successfully compiled a good ASR image from a new iMac that had 10.5.0 on my MacPro.

[thegooch49]

Hello, my previous problem can be ignored. I re-compiled my image a 2nd time, and things worked fine.

[thegooch49]

Hello, I have a post-install script that is placed during image creation. It’s in /Library/StartupItems, same as the instauser script. It’s just a 1 line kickstart, that turns it on for the pre-configured user that is setup by instauser. This works great for me.

#Configure ARD
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -users YOURUSER -privs -all -restart -agent -menu

[thegooch49]

Hello, the first script is a modified instauser script. It runs lots of dscl commands. It also enables root, sets the login screen to be username/password (instead of list). The second script is a post install script. It just sets some defualts. It modifies the postfix config file, adds about 10 users to the admin group, connects to our LDAP directory, sets a login hook, configures ARD with kickstart, sets NTP, turns on SSH, Configures energy settings, sleeep, etc.

These are the exact same scripts (put in place by a package) that are used successfully with the 10.5 retail DVD. I just can’t figure out why they don’t run at startup when I created the image off of the imac system restore disks.

Any ideas?

[Author]

Posts