ML & Self Service

ImAMacGuy
Valued Contributor II

I know everybody is busy getting their JSS updated and prepping the ML images and stuff, I was wondering if anybody was planning on using SS for upgrading their 10.7 to 10.8? I was hoping to do this for ours, since about 20% of our systems are already on 10.7 and I'm not planning any major backend changes like we did for 10.6 --> 10.7

Any lessons learned from those that did the SS to deploy 10.7?

Any how-to guides you've found to accomplish this task?

9 REPLIES 9

gregp
Contributor

We used Self Service for Leopard -> Snow Leopard and that went very well.

Hope to be doing the same for Snow Leopard -> Mtn Lion here in a couple of months. (Skipping Lion altogether).

There are two parts to our scheme:

One is an AppleScript that the user gets from Self Service. It confirms if they really want to, and if so, it runs the bless command to a secondary NetBoot server and reboots. Self Service downloads it to their desktop, then they have to double-click on it and answer a question in the window.

The second part, was to create a special NBI. It logs in automatically as root and fires up an AppleScript confirming if the user really wants to continue. If so, then it runs Casper Imaging. All workstations had their autorun data set accordingly.

I put this special NBI on a secondary NetBoot server, so we could keep our primary active for our install guys to do regular imaging of new machines.

The process continues- Casper Imaging ran, rebooted, ran post-install tasks, bound to AD (we have a script for that, don't use Casper's), rebooted and ready for the user to login & do stuff.

The users were responsible for backing up their data. Gave them a location on a server to upload their data.

Something has happened here in the past few months and machines that were able to netboot to our secondary servers (using the bless command), don't seem to willing to do that anymore. Never needed the IP helper stuff added to the routers for that secondary server (actually have 3 others besides our primary official one). The routers have the IP helper for the primary. Interestingly, an old MBP2,2 boots fine today, but newer ones are having none of it, including a MBP5,2 & iMac9,1 that were happy as can be netbooting a while back.

bbass
Contributor

I did a little testing of this yesterday. It's our goal to push out Mountain Lion through Self Service. This was bare bones testing but it seemed to work just fine.

First, we used Greg Neagle's createOSXinstallPkg tool. See:

http://managingosx.wordpress.com/2012/07/25/son-of-installlion-pkg/

It's dead simple to create a pkg installer that you then add to Casper Admin.

From there I created an "Install Mountain Lion" Self Service policy. The trick here was in how the reboot is handled. For this to work, I used the following options in the policy:

Reboot - Set options to NOT reboot

Advanced - Add '/sbin/reboot' to the "Run Command" field.

This was necessary due to the fact that using the "Reboot" section would not work properly. When the machine restarted, it would go straight to the login screen and the ML installer would be ignored.

Again, this is bare bones and needs to be fleshed out a little but it worked over several tries yesterday.

Hope that helps.

ImAMacGuy
Valued Contributor II

@bbass that looks to be working, had to create a new image that incl java, but the create an AppleID screen still comes up. Also I need to figure out how to run a script after the install... but so far it's promising!

Matt
Valued Contributor

Great work guys! Looks promising!

ImAMacGuy
Valued Contributor II

I watched the MacSysAdmin presentation on the lion version of this, and they used a firstboot to run their script... So I tried to use casper, created a non-flat package of just a postflight with my Firstboot script. Compiled the pkg and added to the ML installer thing, but when I went to test, it failed.

Is Composer able to create a firstboot pkg file?

ImAMacGuy
Valued Contributor II

Tried a different method, cached a dummy pkg on the drive and set a smart group to run off that. However, it seems that the machine didn't realize that it was there until I manually ran recon. Even then it only seemed to do half the stuff..
for instance, it adjusted the time servers and the dns search fields, but didn't set the screen saver password to on, but did set the energy saver times.

*sigh*

ImAMacGuy
Valued Contributor II

So i'm a little discouraged...

When I fresh install a 10.7.4 box... everythigns fine...
then I self service to 10.8 everythings fine..

When I started having people test it on their boxes...

I had 1 x hose their system and got the multi-language screen of death
1 x completed but wiped all our local admin accounts (incl the JSS account)
and 1 x work fine.

33% success rate :(

If it were teh same issue every time then I'd know what to look at, but they are 3 vastly different issues..

nessts
Valued Contributor II

thats why my upgrade policy is a fresh install. of course, i have userdata partition with data on it, and 2 os partitions, thus making that type of situation much more usable. Not saying its always the right thing to do install fresh and not count on an upgrade working, but for a bunch of toasters, it gets all the toasters the same, and its usually a stable methodology.

ImAMacGuy
Valued Contributor II

@nessts typically that's ours too, but with apple's new os a year mindset a nuke and pave is difficult to undertake, 95% of our population is on laptops, and i figured if no major changes are happening, system wise, then why not allow just an upgrade..