First-run / post-imaging script help

stevehahn
Contributor

I am sure the answer to this is completely obvious and I am just missing it for some reason.

The bug with using Casper Imaging over NetBoot with a JDS master DP is really beating me up, so for the group of Macs I've got that are frequently re-imaged, I've changed to a different workflow that I actually like better:

  • NetBoot the Mac and use Casper Imaging only to lay down a base OS image
  • Run a script on first boot that kicks off a policy to install packages and do all the other "stuff" that is needed

I've set up the policy and manually kicked it off after reimaging, but I cannot for the life of me figure out where to put the FirstRun script. Here on JAMFNation I see numerous mentions of FirstRun scripts and a lot of cool ideas on other things that can be done with them. But what is the right way to automatically trigger the script after imaging completes and the Mac reboots?

2 ACCEPTED SOLUTIONS

jhalvorson
Valued Contributor

You'll find a good example of the use of LaunchDaemons and first boot script from @rtrouton https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/first_boot/10.9

The plist file goes into /Library/LaunchDaemons

View solution in original post

CasperSally
Valued Contributor II

I found this pretty helpful too. John Kitzmiller is a JAMF employee

https://github.com/kitzy/MacDeploymentScripts/tree/master/postimagingconfig

View solution in original post

11 REPLIES 11

stevewood
Honored Contributor II
Honored Contributor II

@stevehahn I don't know that there is a "right way" to do this. As is generally the case in the Mac admin world, there's about 9 different ways to do something. The way that I handle this is to use a LaunchDaemon to kick off the script.

I create a package file that contains my post imaging script (placed in a hidden folder structure) and a LaunchDaemon that is set to RunAtLoad. I add that package to Casper Admin, set it to install after restart, and then place that in the configuration Casper Imaging uses. NOTE: I do not use Casper to re-image machines. If I need to re-image a machine I will boot it off of an external drive and run the Mavericks installer, then I will NetBoot and run Casper Imaging. I am in the process of changing this to use Casper since it is easier that way.

After initial reboot, my post imaging package is installed on the machine and the machine is restarted. After the second restart, my LaunchDaemon kicks in and runs my script, which installs all my software and does all of the other magic things. The last lines of the script remove the LaunchDaemon and restart the machine.

Hope that helps. If you want to see any of the script or the LaunchDaemon, just let me know.

rtrouton
Release Candidate Programs Tester

@stevehahn,

I've built an installer package-based tool to help with this kind of situation. I have a post on it here:

http://derflounder.wordpress.com/2014/04/17/first-boot-package-install-revisited/

jhalvorson
Valued Contributor

You'll find a good example of the use of LaunchDaemons and first boot script from @rtrouton https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/first_boot/10.9

The plist file goes into /Library/LaunchDaemons

CasperSally
Valued Contributor II

I found this pretty helpful too. John Kitzmiller is a JAMF employee

https://github.com/kitzy/MacDeploymentScripts/tree/master/postimagingconfig

stevehahn
Contributor

Thanks everyone! I actually took some pieces from both John Kitzmiller and @rtrouton firstrun scripts, and packaged the resulting Franken-script up with a LaunchDaemon. Works great!

stevehahn
Contributor

One other question... what's the slickest workflow for doing this on brand new Macs? I know a lot of folks are deploying new Macs directly to users out of the box with instructions for self-enrolling in the JSS, but I don't see that happening here. As far as I can tell we're looking at either:

  • NetBoot the brand new Mac and *just* install the FirstRun package, without laying down a new OS, or
  • A technician starts up the new Mac and enrolls, then the FirstRun package is deployed through Casper Remote or through a post enrollment trigger.

psliequ
Contributor III

Netbooting and applying a minimal configuration has less margin for error and is the preferred way to do it of the two you mentioned imo. If the machines are 'brand' new you will of course have to consider making a new Netboot set to support them.

Also, depending on the hardware you're supporting you should consider target mode imaging which would allow you to install your materials over thunderbolt/firewire to machines that you put into target disk mode. You have to do it consecutively vs. being able to Netboot machines in parallel, but I often find that in the time it takes to Netboot one machine you can do two peer to peer over thunderbolt. This approach can be impractical if you prefer an unattended imaging process but is wonderful if you're in a time crunch.

GabeShack
Valued Contributor III

So I'm trying to mod this so that it calls a custom policy trigger at first boot as well as calling the jamf helper before the login window (all after I've installed 10.9.5 from self service).

So Far I'm looking at this as ```

!/bin/sh

Lock down the login window

/usr/sbin/jamf launchJAMFHelper -path '/Library/Application Support/JAMF/bin/jamfHelper.app'

sudo jamf policy -trigger FinishUpgrade
```

But how do I call this with a launch daemon? I need to create a plist file that calls this script at reboot correct? Also how do I keep this from running directly after the 10.9.5 installer reboots the system (or is this not an issue?).

Gabe Shackney
Princeton Public Schools

Gabe Shackney
Princeton Public Schools

Chris
Valued Contributor

You could use @rtrouton 's amazing First Boot Package Install Generatorhttp://derflounder.wordpress.com/2014/10/19/first-boot-package-install-generator-app/ for that
and create your Mavericks installer with https://github.com/munki/createOSXinstallPkg to include your First Boot Package installer

wmateo
Contributor

@gshackney I think that first boot package install is overkill. As from my experience, I simply check the box on packages I need installed after imaging in Casper Admin and I havent seen any issues so far. As for triggering this script, you can create a Launch Daemon to call script, package it, add to your config.

bentoms
Release Candidate Programs Tester

@gshackney, if you're installing via a policy.. You should be able to trigger a policy that sets the settings as you need.

I'd probably write a dummy receipt, then do a recon before the policy completes.

Then have a smart group scoped to that dummy receipt & a policy to run at startup for things like iCloud etc.