macOS High Sierra Upgrade methods/options

bpavlov
Honored Contributor

I updated my OS script to support High Sierra. It also adds FV authenticated restarts. I hope to potentially add another big feature in the future, but that's it for now.

https://babodee.wordpress.com/2017/09/26/update-to-macos-upgrade-script/

I know I'm not the only one who is working on this. Feel free to share your upgrade methods and/or scripts to upgrade to macOS High Sierra. Curious to see what others are coming up with.

Here are links to other methods used for Sierra:
https://github.com/kc9wwh/macOSUpgrade

https://github.com/ToplessBanana/tutorials/tree/master/HOW-TO-self-service-macOS-upgrades

And a huge discussion for Sierra where a few other methods are discussed:

https://www.jamf.com/jamf-nation/discussions/22731/in-place-macos-sierra-upgrade-script

74 REPLIES 74

hkabik
Valued Contributor

So if you don't set the --converttoapfs YES but the machine supports APFS it will convert on it's own? No user input?

bpavlov
Honored Contributor

@hkabik That is correct. The installer app will determine on its own whether the hardware/drive supports APFS and upgrade accordingly. They must do this for good reason so its probably not a good idea to enforce it on every upgrade.

@rtrouton has a good write up on it: https://derflounder.wordpress.com/2017/09/26/using-the-macos-high-sierra-os-installers-startosinstal...

hkabik
Valued Contributor

Well that solves that. I thought I was going to need essentially two deployments... one for SSD with YES and one for spinners/fusion with NO. already setup my EA's and everything lol.

jwojda
Valued Contributor II

never mind, package on the server didn't work. 🙂

mrorrer
New Contributor II

If I have the installer in Applications folder and use ARD to push this command as root High Sierra installs fine. I upload the same script to Jamf and put in Self service to run and it fails. Any ideas why?

/Applications/Install macOS High Sierra.app/Contents/Resources/startosinstall --applicationpath “/Applications/Install macOS High Sierra.app” --nointeraction

ThijsX
Valued Contributor

@mrorrrer can you specify the error exit code's from the policy log?

dtommey
New Contributor III

@mrorrer I found that Self Service would cause it startosinstall to fail. I managed to get it working by killing Self Service in the script that calls startosinstall. Below is an example that should work.

#!/bin/sh

/Applications/Install macOS High Sierra.app/Contents/Resources/startosinstall --applicationpath “/Applications/Install macOS High Sierra.app” --nointeraction

killall "Self Service"

mrorrer
New Contributor II

After some research and failed attempts i got it to work with this. Thank you very much for your help!

#!/bin/bash

/Applications/Install macOS High Sierra.app/Contents/Resources/startosinstall --applicationpath "/Applications/Install macOS High Sierra.app" --volume $1 --rebootdelay 1 --nointeraction

killall "Self Service"

phons
New Contributor

I've been trying to use OS_Upgrade script to install High Sierra and have run into a couple of issues:

  1. If the "Install macOS High Sierra.app" already exists in the desired location, it will try to trigger the policy to download and it will fail. If you delete the app, the policy download will trigger and it will proceed.
  2. It gets to Step 2. Says it is in progress, but then never restarts. The Policy logs never show anything since it never fails, but nothing ever happens.

bpavlov
Honored Contributor

@phons I tried to reproduce the issue but I can't seem to. I've heard of someone else reporting the same thing as well so you're not alone. Hit me up on the MacAdmins Slack if you get a chance. I'm @bp

phons
New Contributor

I found the problems and a solution to each:

  1. I was originally using /Users/Shared. When I switched to /Applications/ The download issue went away

  2. I realized I was using the stub Install macOS High Sierra instead of the full download. When I started using that, it worked fine in the upgrade.

Thanks for all the work on the script, going to make my life a lot easier as we update to High Sierra.

tcandela
Valued Contributor

I am using the following method https://github.com/kc9wwh/macOSUpgrade

I have a custom event that places 10.13.1 in /Applications

but since the drive is encrypted the authenticated restart does not happen, I have to do the initial encryption login and then the upgrade to High Sierra begins.

I thought authenticated restarts was working after 10.12.4. ??

LiveOakBankIT
New Contributor

@tcandela just comment out the 521 to 525 lines

dilan
New Contributor III

My apologies in advance for any ignorance here. I have a pretty simple need to upgrade High Sierra. I uploaded the installer straight to my distro and then created a policy to have it install the OS over the top of a Sierra machine. Everything works fine but for some reason the installer keeps getting triggered in my policy over and over. It happens every 30 min. or so with recurring check-in I believe (this is one of the triggers). Does anyone know why this is happening? As stated, High Sierra gets installed fine but the policy keeps running repeatedly.

shibao_si
New Contributor II

@dilan you may have set the Execution Frequency to ongoing , set to once per computer

dilan
New Contributor III

@shibao_si thanks for the suggestion but the policy is set to once per computer. The odd thing is the machine will get to the login screen and then restart back into the installer after a while.

fneidhardt
New Contributor III

So I have been testing this script for about a month, with some really great success. Now I am running into an exit code, that I am not sure what it could mean.

In some of my failed updates, I am seeing an exit code of 19. Others I know how to address, but this I can't seem to understand this code.

Has anyone come across this before?

Thank you,

daniel_ross
Contributor II

Just started pushing out his method to 679 macs worldwide in our company!

Thanks @bpavlov for the amazing work on this. The JAMF Helper screens are perfect to for our team to communicate what is happening machine wise.

PatCMP
New Contributor III

This method https://github.com/kc9wwh/macOSUpgrade is working perfectly!

Great work kc9wwh!

mconners
Valued Contributor

Hello @bpavlov thank you for your work on this, it is really appreciated.

Have you or others attempted to run this again on a Mac that is already on High Sierra? Have you incorporated the new erase install command into the script? With Apple moving away from NetBoot, I was modifying the script slightly to incorporate this into our workflow. However, we are running into issues on a Mac that is already on high Sierra. I was hoping we could simply run again on an existing high Sierra Mac to essentially act as a NetBoot imaging situation.

Anyone else have a workflow for existing High Sierra Macs?

bpavlov
Honored Contributor

@mconners I have not tested this against a re-install but it should work. I did not restrict doing re-installs. However, I did not add any ability to do an erase using the new --erase command in startosinstall. You could potentially modify the script to do that though. I'm not sure if and when I'd get to do something like that.

mconners
Valued Contributor

Thank you @bpavlov I think there might be an issue when running this on an existing APFS volume, especially when it comes to the disk space check. Right now, it is failing to on the free 15 GB space, but I know very well there is more than that available. Could it be the partitioning for APFS changes something to the local drive. Outside of the formatting for APFS, is there something magical happening invisibly and the script is seeing this partition and not the main partition?

315fdda35bde490d82ff0258990b2ccc

bpavlov
Honored Contributor

@mconners The formatting of the data must have changed in 10.13 APFS volumes. Thanks for making me aware of that. I'll look into that. Can't promise any fixes anytime soon though.

mconners
Valued Contributor

@bpavlov I am not so certain now. I believe this has more to do with the status check for the available space than the actual formatting of the APFS volumes. A couple of other techs by me have been trying to modify your script a bit for allowing us to incorporate the erase install command. So far, we aren't quite there.

The formatting as mentioned above is related to the minorOS:

Check if free space > 15GB

osMinor=$( /usr/bin/sw_vers -productVersion | awk -F. {'print $2'} )
if [[ $osMinor -ge 12 ]]; then

This mention of 12, seems to be Sierra, 10.12.X. I believe this is why it is failing the space requirement. As I am not a scripter, I could be way off.

Anyhow, the bottom line for us is to find a way to use the new erase install command without the startosinstall command for 10.13.4 and higher. So far, nothing seems to be working.

bpavlov
Honored Contributor

@mconners Which script are you looking at? I’m starting to think you might be looking at someone else’s script.

mconners
Valued Contributor

Good morning @bpavlov you are correct, it isn't your script and I apologize for that. Too many things with High Sierra and trying to sort them all out. The script I was referring to above was in your original post at the top of this discussion and I inadvertently thought of you, my apologies for that oversight. It was the second link you had referenced.

bpavlov
Honored Contributor

@mconners No worries. I believe that script is maintained by @Rosko Maybe he can provide some assistance.

sbirdsley
Contributor

How is everyone managing the Firmware Update portion of updating to 10.13 in general or when using the script created by @Rosko mentioned above

I know I have seen online and tested early with High Sierras release this script to extract and create a Firmware package.

Does this method work still? @Rosko does it work with your script workflow or do you have any guidance managing this portion to avoid system/install issues?

Wasn't sure if the Firmware updates are for specific year/model systems to support APFS or if this is really even required for most 2012 or newer systems?

bpavlov
Honored Contributor

@sbirdsley If you are updating your Macs with the macOS 10.13 installer app then it should be updating the firmware for you. Is there a particular scenario you're facing where firmware is not being updated?

Rosko
Contributor II

@sbirdsley as @bpavlov pointed out my workflow will handle the APFS conversion, firmware update and OS update all in "one" fell swoop as it is using Apple's installer. Have you seen otherwise?

sbirdsley
Contributor

@Rosko thanks for the quick reply on confirming this and the great work in this script. I just wanted to make sure this update method was handling this portion (Firmware updates) as I had a recent "alpha" install attempt to our production environment fail and the machine was no longer bootable, HD not being listed with option boot, couldn't see it in other boot methods (usb/NetBoot). I ended up having to replace the SSD in the system which was a 2013 MBP.

Didn't know if something happened during the upgrade process that caused this or if this was a weird one off or some other hardware issue, just made me nervous. I see you updated your script recently so going to update my workflow with this version.

Will be testing more this week on a few different models and see how things go. Right now the major hurdle with 10.13.4 is issues with DisplayLink that is prevent us from rolling this out fully to all our users, and the need to update or JSS to support Kernel Extensions

jonathandykerma
New Contributor II

@Rosko Trying to test this script in a VM. Everything is working aside from the FileVault authenticated reboot. I noticed though that the FileVault authenticated reboot does not work even if I manually run the .app installer. Are there settings that need to be changed within VMWare Fusion for the authenticated reboot to work when testing in a VM?

Edit: Nevermind I believe this has something to do with trying to use the startosinstall command (or installer.app) from an different account that is FileVault enabled.

J_Martinez
New Contributor III

Hello,

I have a bit of an odd issue. It looks like the script runs and prompts for the authenticated restart credentials, but after that, it does not run the installer. Logs don't show any exit codes or errors. d03d7b88d5514a86bcf322b7104c8933

Not sure where to start to troubleshoot. Help would be greatly appreciated!

Thanks,
Jose

sbirdsley
Contributor

@BreakingZeus What do you have variable/paramter #5 (OS version) set to in your script within your install policy?

J_Martinez
New Contributor III

Apologies for the late response. I have that parameter currently set to macOS High Sierra. I wasn't sure if this was just a version number of the name of the OS.

sbirdsley
Contributor

@BreakingZeus You want to set it to the version number

See my example

aba7d39ef258440aa2543a4e1a47567c

afarnsworth
Contributor

We personally are using something created by Josh Roskos at Jamf that has worked beautifully for us.

https://github.com/kc9wwh/macOSUpgrade

sbirdsley
Contributor

@afarnsworth Correct, that is the item we are discussing

spraguga
Contributor

I'm using the macOSupgrade script with 10.13.4 but it just puts my test Mac into a download loop. It will download the High Sierra installer to the Applications folder. Then the installer is deleted and downloaded again and again. Any ideas?

Also my High Sierra install is packaged as a DMG to go to the Applications folder. Maybe it needs to be an install package?