Posted on 07-31-2014 08:33 AM
I'm looking for a best practice on imaging systems as automated as possible. The goal is to take any Mac (all recent hardware), do a netboot which deploys a fully updated OS X image over the network, and then have packages and policies apply after that as well as FV2 encrypt the disk.
So far I believe a rough outline of these steps is the following:
1) Create a minimal Base OS:
https://jamfnation.jamfsoftware.com/article.html?id=313
2) Use composer to build a DMG to capture the OS (from another partition)
http://resources.jamfsoftware.com/documents/products/documentation/Casper-Suite-9.32-Administrators-Guide.pdf (Page 151)
3) Use netinstall image creator to select the DMG
https://jamfnation.jamfsoftware.com/article.html?id=307
https://jamfnation.jamfsoftware.com/viewProduct.html?id=13&view=info
4) Create Configuration
http://resources.jamfsoftware.com/documents/products/documentation/Casper-Suite-9.32-Administrators-Guide.pdf (Page 321)
I have not yet run through this process, but will be adding all of the individual steps to a master build document next week to see how it works. One downside i see to this is whenever Apple releases an update like 10.9.3, 10.9.4, etc, then I need to manually run through the steps to create and test a new minimal base OS, as well as potentially create and test a new NetInstall image. I'd like to automate those creation steps as well, and have heard about AutoDMG, but I'm unsure how to create the main admin account, rename the computer, activate SSH/ARD, and configure automatic logon to meet the requirements of the minimal base OS.
Any tips on the above process
Posted on 07-31-2014 10:16 AM
I use AutoDMG to create a never booted OS which I deploy, then use a script to configure the basics such as...
create local admin
#!/bin/sh
. /etc/rc.common
dscl . create /Users/admin_name
dscl . create /Users/admin_name RealName "Desktop Support"
dscl . create /Users/admin_name picture "/Library/User Pictures/Fun/Medal.tif"
dscl . passwd /Users/admin_name password
dscl . create /Users/admin_name UniqueID 501
dscl . create /Users/admin_name PrimaryGroupID 80
dscl . create /Users/admin_name UserShell /bin/bash
dscl . create /Users/admin_name NFSHomeDirectory /Users/admin_name
cp -R /System/Library/User Template/English.lproj /Users/admin_name
chown -R CMCTech:staff /Users/admin_name
rename computer - let Casper Imaging handle this
activate SSH
systemsetup -setremotelogin on
I don't configure auto login but am sure this can be scripted as well...
Posted on 07-31-2014 10:58 AM
Just a small piece of advice - if you stick with vanilla OS installers and run software updates as a post-image process, that will make your life easier in terms of keeping up with an OS image.
Posted on 07-31-2014 11:07 AM
Jason,
I think you really have to start with a list of all your dependencies, FV2, machine names, antivirus, authentication......
For example full automated FV2 is very hard and may not be possible ....
https://jamfnation.jamfsoftware.com/discussion.html?id=7090
https://jamfnation.jamfsoftware.com/discussion.html?id=9902
I would also look very long and hard about "imaging the OS" unless there is a very very crazy dependency I don't think there is a reason to reinstall the OS.
Take a look at this thread...https://jamfnation.jamfsoftware.com/discussion.html?id=11217
Take the time to do planning, in fact I would over plan... then think about it over the weekend before you started : )
Good Luck!!
C
Posted on 07-31-2014 11:26 AM
I would echo @JPDyson in that you should stick to a very basic OS for deploying to your machines. You can also use AutoDMG to create a basic OS installation that has all current updates rolled into the image.
I wasn't clear on what you were looking for, if you were looking for simply an automated deployment process, or if you were wanting to create the NetBoot/NetInstall sets automatically too. I'll give you how I handle re-deployment of machines that come in.
Configuration in Casper Admin that has a 10.9.4 OS DMG built using AutoDMG and a FirstBoot package that drops a LaunchDaemon and a script to run. The FirstBoot package is set to install at restart so that the LaunchDaemon will run after the next restart.
The FirstBoot script configures preferences and settings like time zone, etc, and it installs all of the software (yes, even the CS 6 Suite). I posted this script a few months ago in this thread: https://jamfnation.jamfsoftware.com/discussion.html?id=10491#respond
If you leverage Pre-Stage and Autorun you can basically automate a lot of your workflow. By entering your machines into Pre-Stage you can basically take a brand new machine out of the box, plug it in, NetBoot it, and have Casper take over from there. Same thing with Autorun, except it is for machines already in Casper. NetBoot the machine and it can re-image (you'll want your AutoRun to point to a "re-image" configuration).
As far as getting your admin user on the machine, you have three options, as I see it (I'm sure there's more): 1) set it in the configuration in Casper Admin, 2) set it in the FirstBoot script using "jamf createAccount", or 3) use CreateUserPkg (available in Mac App Store) to create a PKG file that will create your user.
Hope that helps a little.