- Jamf Nation Community
- Products
- Jamf Pro
- Imaging workflow
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Imaging workflow
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-29-2010 02:14 PM
Hello All. I'm new to the casper suite and am realizing that it would be great to see/hear some real word examples how some of you are handling it's use. It's a great framework, but gives you a lot of "ways to skin the cat". Unfortunately it's one of those things that you get better at the more you are familiar with/do it - and I'd like to start well and improve from there. I essentially have a "Base" configuration and a couple of configurations that build upon the base. All of the clients live in the same building and are on the same network. in the same building. I'm trying to figure out the easiest way to create a workflow that accomplishes the following goals.
Here are my goals.
Simple: Make it easy to create and maintain. packages have always done this for me.
Speed: Make it quick from a "face time" perspective. It's OK if the imaging takes a bit longer if I don't have to babysit the process
Accuracy: Automate as much as possible to reduce decision making/human error.
Flexibility: Allow for exceptions to the rules.
Hopefully this will provide me with a workflow that automates as much as possible and makes it easy for me or anyone else on the team to re-image a machine and have it come as close as possible back to the pre-existing state.
My method has always been to
1. create an "OS" image, with just a local admin, ssh and ARD turned on and
2. all non-firmware or machine specific updates at that point applied. Then from there,
3. Lay packages over the OS to install apps and sometimes change certain other settings. I used to do it with a for loop and installer that pointed to my own "repository"
4. Manually apply updates specific to the computer group (I had a folder for production and a folder for
5. handle exceptions
Now I have the casper suite to use and would like to start off well without having to go back and re-architect things as I discover a better way.
Essentially I have 3 configurations. An "OS" with nothing but the OS, a "Base" install with CS4, Office, plugins, etc, and then configuration extensions of the "Base" - "Production" and "Design" that get auxillary apps on top of what is installed.
Workflow:
1. Image machine and choose "Base"
2. Let machine restart
3. Install post install apps (things that don't work during imaging stage such as sophos - perhaps cache during#1 and "install all cached packages").
4. Install Configuration extensions (this is a production machine vs Design machine)
5. Individual Exceptions (by hand? With policy?)
#1 - Seems easy enough. No real change there
#2 - Same as before
#3 - Handled through every 15 policy or is there a better way? Perhaps a custom trigger and script? What are you all doing?
#4 - How to define a computer's role? I would think that either creating a static group OR using the "department" field might be easiest. Can I pull in an OD computer group?
#5 - It seems that installing the little plugins, apps, etc using policies scoped to individual computers could handle this, but that seems messy and the policy list would seemingly grow long???
Questions: After imaging, will the machine pickup policies that are scheduled to "run once" a second time? Foe example lets say that I want machines to install Firefox 3.6.3 after imaging and not during. I create a smart group searching for machines that don't have Firefox 3.6.3 and scope the policy (set to run once with a trigger of [what is best here] to that smart group. After a machine is re-imaged, it should show again in the "No Firefox" smart group and I would assume the policy would run on the machine again?
There are a lot more questions and perhaps many better ways of accomplishing this, but it would be great to start here. I know that this has been covered, but it would be great to start some discussion on this with some additional detail.
Tom Larkin replied in an earlier thread with his workflow, but I'd love to build on this with more specifics and/or alternative methods that people are using. Here's what he posted with some comments of mine inline.
There are many ways to accomplish the same goal. I don't put any user accounts in my image. I do all of that post image shell scripts. For my deployment I do following, in basic terms: 1) create one master image, with all default apps that every Mac should have period, compiled via instaDMG support in Casper 7
Easy enough. Like the Base I described.
2) Package all extra specific packages for users, groups, departments and so forth
I try to package all apps individually. Seems like he is doing the same.
3) Create smart configurations based off my base compiled and add in the packages needed.
How are you identifying the different groups/departments/etc? An attribute on the machine?
4) Image the client with an asr script to allow the compiled as a base
I am using the JAMF netboot image. Seems to work well.
5) after imaging all specific packages (student, teacher, admin, etc) get applied
How are these triggered?
6) unit reboots, gets proper bind script (depending on location) and post image script which adds client side settings and configures and creates local admin accounts
I end up binding my machine in during the jamf imaging step where my "base" is installed.
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-30-2010 06:20 AM
Aaron,
Like you said, there are many different ways to do what you want to accomplish and Jamf merely provides the tools to you and you decide what to do. I am an avid scripter, so I love to have a base pristine image, and do all my post configurations via shell scripts. That way I can easily maintain a script for any modifications and always leave the image in it's pristine state. I work in academia, so my work flow for imaging goes like this, in a quick outline:
1) Pristine image created with Casper Admin and instaDMG support of 10.5.8 all updates
2) I package up every application for students, teachers, and optional apps along with special apps like for particular departments
3) Compile my base pristine image along with every app that will be standard on every Mac in every building
4) use post image shell scripts to pull down specific packages for smart configurations, like student, teacher, admin, graphic design, etc
So, I have one base image, and then several smart configurations based on that base image. I had to go about it a different way since compiled configurations do not allow smart configurations to be added to them. So, Sam from Jamf helped me figure out a work flow that allowed this. I use a preimage script that actually block copies my compiled image, then smart configurations kick in after and install building specific packages, student specific, teacher specific and so forth. I did this because I have limited HD space on my servers (but not for long, got some bigger ones on order now) and I only wanted to maintain 1 image. It works great, minus this issue with flat packages not being able to be installed via instaDMG, but I will have SUS services running soon that will remedy that temporarily. Here is a link where I documented how to do this, in case you are interested in using a similar method:
http://tlarkin.com/tech/using-compiled-image-your-parent-configuration-casper
-Tom
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-30-2010 09:20 AM
Wow, did my message really have HUGE formatting like that?
Tom,
I love the script approach to things, but I my self am not an "avid" scripter. I can often use and modify simple scripts, but lack practice and skill in the actual writing more than simple scripts. I was asking if the jamf folks if they had some sample setups, but other than the resource kit, there don't seem to be many semi-detailed examples and setups such as you provided. It's nice to see your setup. The screenshots actually help to get an idea of your environment and how you have it organized. I'm going to keep thinking and testing today and see where I get.
I'd also love to have others jump in with a "here's what I have and how I do it". Or if someone could throw up a casperosxhints.com site...
Anyone?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-30-2010 10:35 AM
I can/will share all my scripts if you like. I can toss them in a folder and zip them and you can use whatever you want. I try to post stuff on my site but don't always have time to post everything I write.
