Macguru

More software!

Archive for March, 2008

Netbooting Macs across subnets

with one comment

So, I was recently asked if we Netboot are machines.  The answer to that is yes and we have been since the days of 10.0.  The main reason for moving to Netbooting computers is the convenience of not having to be at that physical spot to reimage a computer. The other main reason is that it is fast and very cool.

So, how is this achieved one might ask.  First off, let’s list the tools that you will need for such an endeavor.

TOOLS:

  • OS X Server running the Netboot daemon
  • OS X Server hosting the disc images for Netboot –> this is usually the same machine as your netboot server
  • A file server to handle the images that get deployed, i.e. Lab images or Faculty images
    • This for us is a separate OS X Server with the images on a AFP share.  These can be SMB or even NFS.
  • Bombich: http://www.bombich.com
    • NetRestore
      • This application is used to apply your “models” to the client computer”
    • NetRestore Helper
      • This application is used to create your “model” image and also your Netboot Install image that your computers will boot from over the network
    • NetBoot across subnets or NBA
      • This is the tool used to build the shell script you will need to run on your client computers to get them to NetBoot accross the subnets  –> or you can just look below.  I already have the script that is need for both. 🙂
  • Apple Remote Desktop
    • This one is optional, but really a requirement if you want total automation, or at least automation from your office desktop.

THE MAGIC:

So, here is how all of this works.  First off let’s explain a bit about how to get started.

First thing you do is setup your back end infrastructure to support your new NetBoot environment.  Setup your OS X server and turn on the NetBoot feature.

Now setup your File Server (recommended that this is a different machine then your NetBoot box) and create a user that has read only access to your “image” directory.  i.e. Create a share point to hold your “Model” images that you create using NetRestore helper.

Okay, now go to your latest and greatest machine you have in your department and download and launch NetRestore Helper.  Once started select the “Create NetInstall Set” tab.  Give your image a name, recommended that it does not contain any spaces.  Mine is called NetBoot_Intel. Image ID can be 101 or something of that short.  Description is not required but you can put something in there if your desire.  Leave the Protocol set to NFS.

Now click on the “Advance Settings” and you will see a new window.  Here is were the true magic lies. You can turn on ARD under NetBoot.  Yes, you can remote control a netbooting machine.  COOL STUFF!!!!  Anyways, check the boxes next to “Enable Screen Sharing” and “Enable SSH”. The SSH one is up to you.  Then fill in the Username and Password field for the account that is going to get created.  I recommend this be the same local user that you use for Remote management and as a back door to your systems.

Okay, hit the “Okay” button and click the “Save NetInstall-Restore set” button.  NetRestore Helper will now create the desired NetBoot disc image on your desktop.

Once the image is created you can modify NetRestore’s settings by launching the application right from the disc image.  I will not get into this here.  The settings are pretty much self explanatory.  If you are wondering though, I do not use the local settings feature.  I actually build my settings on the fly using a MYSQL database, shell, and PHP scripts.

Well now you have your NetInstall disc image.  What need to do next is copy the disc image to your NetBoot server.  The NetBoot folder is usually located in /Library/NetBoot/.  Inside you will see multiple folders.  Put your disc image inside the NetBootSPO folder.  The NetBoot side of things is now set.  You may need to restart the NetBoot server for the new disc image to work.

Now, from here you can use NetRestore to create your “Model image” and then upload that to the your file server share.  I will post more detail about this later.

Now, how do we get these machines to NetBoot.  If the machine is located in the same subnet as the NetBoot Server then you will see the option to Boot to your server in the Startup Disk utility.  To boot machines off subnet, you need to install the following script and then run it.  This is where Apple Remote Desktop comes in handy.  You can just actually run this script right from the “Run Unix Command” without installing it.  Please make sure you change the variables to match your environment.

— Begin Script —

### Global Variables ###
server="ENTER YOUR SERVER'S IP"
sharepoint="NetBootSP0"

### Fuctions ###

reimage () {

# Determine Arch value and point to proper netboot image
archtech=`arch`
if [ "`arch`" == "ppc" ] ; then
setName="PPCNetboot.nbi"
imageName="NetInstall-Restore.dmg"
else
setName="DeployV4.nbi"
imageName="DeployStudioRuntime.sparseimage"
fi

protocol="nfs"
simple="false"
nextboot=""

if [ $simple == true ]; then
if [ "`arch`" == "ppc" ]; then
/usr/sbin/nvram boot-device="enet:${server}" boot-args="" boot-file=""
else
/usr/sbin/bless --netboot --server "bsdp://${server}" $nextboot
fi
else
if [ "`arch`" == "ppc" ]; then
/usr/sbin/nvram boot-args="rp=${protocol}:${server}:/private/tftpboot/NetBoot/${sharepoint}:${setName}/${imageName}" boot-file="enet:${server},NetBoot\\${sharepoint}\\${setName}\\mach.macosx" boot-device="enet:${server},NetBoot\\${sharepoint}\\${setName}\\booter"
else
/usr/sbin/bless --netboot --booter "tftp://${server}/NetBoot/${sharepoint}/${setName}/i386/booter" --kernel "tftp://${server}/NetBoot/${sharepoint}/${setName}/i386/mach.macosx" --options "rp=${protocol}:${server}:/private/tftpboot/NetBoot/${sharepoint}:${setName}/${imageName}" $nextboot
fi
fi
reboot
}

reimage

— End of Script —

So, there you have it.  NetBoot is cool and very helpful when working on computers remotely.

Written by rrhpph

March 25th, 2008 at 6:27 am

Posted in General

Unlocking a folder via terminal

without comments

Always a useful command to have when working on someone’s machine. To remove a “Lock” from a user’s folder run the following command.

sudo chflags nouchg --pathtoFolder--

This certainly came in handy for me today.

Written by rrhpph

March 5th, 2008 at 11:30 am

Posted in Uncategorized