NetInstall for 10.13

Look
Valued Contributor III

Hello All,
I am trying to create a NetInstall image to install 10.13 (with a pkg to automatically enroll in Casper included).
For some reason this is not working, I think it's because our Netboot server is not running Server 5.4 and macOS 10.13.
Does anyone know if this is a specific requirement for this to work? I am building the NetInstall on another machine running 10.13 so I dont think it's the NBI itself that's the problem, unfortunately we don't currently have a test environment so just wanted to confirm it was going to solve the issue before going down the upgrading the production environment route.

22 REPLIES 22

eDooku
New Contributor III

I have tested this a bit, and sadly, I can't get a 10.13 NetInstall image (made using AutoNBI) to boot successfully. It boots up to the Crash Reporter, even when hosted by Server 5.4 on a macOS 10.13 system. Seems to me the tool makers still haven't found out what to do to make it work...

The most likely way forward seems to be Internet Recovery and DEP...

mschroder
Valued Contributor

Hi,

I usually have the same process as you, that is built the image on a node with the same OS, and ship it to the server that usually runs an older OS. But I usually wait for the .1 release before building the image, so I have not even tested 10.13 yet. Perhaps I should...

cdev
Contributor II

Our NetInstall server is still running 10.12.6 and my NetInstall 10.13 images are working. I have found limitations with the number of custom packages and some of the automated tasks not executing properly. This seems to be a bug in 10.13 NetInstall images specifically… The bigger issue I often encounter are incorrect permissions with the NetInstall images themselves (chmod -R 775 seems to fix it).

nkuhl30
Contributor

I can't get it to work but for a different reason. When trying to NetInstall 10.13 on any of our 2012 MacBook Pros (MacBookPro9,2) we get an error stating that the machine needs a firmware update first. But there is no firmware updates available for this model. The only way to get 10.13 to install is by performing a direct upgrade which takes twice as long as a NetInstall.

DanJ_LRSFC
Contributor III

My understanding is you can only image a machine with 10.13 if it's already previously been upgraded to 10.13, as the 10.13 upgrade process connects to the Internet and downloads a machine specific firmware update.

dmohs
Contributor

Affirming the statement by DanJ_LRSFC, Apple article HT208020 states, "Apple doesn't recommend or support monolithic system imaging when upgrading or updating macOS."

musat
Contributor II

True, imaging won't work unless the system is already at 10.12, but a NetInstall "should" work to get a system to 10.13. The only question I'd have is whether the network segment that the MacBook Pro is booting on has the right Internet access to be able to access the Apple server hosting the firmware updates.

mschroder
Valued Contributor

Hi,

I ran a test today and my 10.13 NetInstall image worked fine, served from a 10.12.6 Mac with Server 5.3.1.

Procedure:
- download the Install High Sierra app on a node running 10.12.6
- tar up the app
- transfer tar file to node running 10.13 and Server 5.4
- built image using the automator
- transfer image and other contents of .nbi folder to our NI servers

I am not sure whether the progress bar worked when the client was netbooting. I lost patience, went to another node to check the server logs. Concluded it should be OK, went back to netbooting client and it had indeed started from the 10.13 netinstaller.

The new image appears to have extra functionality for wifi.

Hope this helps.

Look
Valued Contributor III

Thanks for the feedback guys, interesting, I didn't know that it needed internet access for this (to get the model specific firmware update). I'll try giving a device internet access before imaging and see if that helps.

Look
Valued Contributor III

OK I have got it working after building the NBI on a 10.13 machine with server installed (although it's possible any 10.13 machine may work).
The issue appears to be as @cdev stated some of the automated options just don't work and cause the process to crash, the two I was trying to use were.
- Automatically image to a named storage device (this results in a gray screen and never progresses).
- Adding a pkg to be installed after (this resulted in the the installer copying down, but after reboot to begin installation erroring out about a missing mpkg), this is particularly annoying as I was wanting to use it to enroll into the JSS. I am going to try a few other ways to do this and see how it goes, I might also test whether scripts work just to see.
If you just create a pure vanilla net install it seems to work fine, it's worth noting that we have the Apple IP ranges opened up so it's entirely possible that it is reaching out to the internet at some point in the process (i.e. for firmware etc...), it's also worth noting the machines I was testing on had already had 10.13 previously, but I will be testing on a few machines that have never been there at some point.

Look
Valued Contributor III

Also @eirikw Just to clear up, I think your confusing NetBoot with NetInstall, NetInstall is the Apple method using System Image Utility to make and network based installer from the Install macOS High Sierra.app if Apple are doing their job properly you would hope it would be an accepted method for deployment, although it still clearly needs some work.

Nix4Life
Valued Contributor

Currently not testing 10.13 yet like you guys are, but has anyone tried this method posted by Rich here, seems to allow for additional pkgs. I know the iMagr guys are looking at this

gregneagle
Valued Contributor

Some relevant bugs:

http://www.openradar.me/radar?id=5017510902497280
http://www.openradar.me/radar?id=4975377810194432

and several people have reported issues with automation options in 10.13's NetInstall. It does seem to be broken.

Note you do not need Server to use System Image Utility to make NetInstall images; you just need a copy of "Install macOS High Sierra.app" sitting in /Applications on a 10.13 machine. You can then use /System/Library/CoreServices/Applications/System Image Utility.app.

-Greg

Look
Valued Contributor III

@gregneagle Interesting, that first Radar, the error message is exactly what I was getting and I narrowed it down to having a script inside the pkg (which I created using composer). I have replaced it with a pkg that only places files on the system and that works fine, except of course due to the second issue it doesn't restart and load the LaunchDaemons I need, are you sure one of your additional pkgs doesn't have scripting that could be causing the issue?

mschroder
Valued Contributor

@gregneagle Thanks for the openradar links. Seems I am very lucky, since the number of packages I add to my NII just went down to one. And another thank you for the hint concerning SIU. I guess it comes from the 10.6 or 10.7 times that I still assume SIU requires Server.app. I will have to look at /System/Library/CoreServices/Applications/ from time to time to check which goodies live there. It is also nicer to start Directory Utility directly instead of first authenticating in System Preferences, start DU from there and authenticate again. But I digress...

CasperSally
Valued Contributor II

Here's an openradar that mentions the inability to do automated netinstall in 10.13. I put in apple enterprise case as well.

http://www.openradar.me/35384457

Nix4Life
Valued Contributor

A work around I am using is iMagr w/ 10.13.2 installer(startosinstall). The additional packages must have a product identifier. I have tested with pycreateuser,munki,quickadd,payload free(script). info on custom netinstall

CasperSally
Valued Contributor II

@Nix4Life I have seen a few of your posts and plan to look at iMagr next. Are you able to automate it to wipe the drive and start the install of 10.13.x? I was hoping to not do much with extra packages as we are fortunate enough to be in the US and can leverage DEP at which point I wanted the Jamf pro server to take over sending out the necessary packages.

As an aside, Jamf should be making better use of startosinstall similar to iMagr & munki, or maybe they should go back to supporting the NetInstall creator (this would rely on netinstall working though, which right now it isn't on Apple's end). They have a large (paying) customer base that is looking for what's the next best practice with imaging dead. Internet recovery isn't reliable on our network and in scale isn't a great solution, nor are external drives.

gachowski
Valued Contributor II

Automated Netinstall with Apple tools hasn't worked since 12.4 or maybe even earlier, and with the T2 Chip and the new iMac Pro not supporting Netboot, it's not a big or unreasonable guess that it's going away...

C

Nix4Life
Valued Contributor

One quick comment. Thank you @CasperSally and @Look , I look forward your posts and how you lay things out in a clear manner.

@CasperSally Yes you can automate the wipe of the drive with iMagr: APFS>APFS,HFS+>APFS,but in not APFS>HFS+ in my testing. Once you netboot the Netintsall.nbi (created by iMagr using Autonbi) and choose the workflow Its 100% touchless. The plan is as you mentioned to pass thing onto DEP,but for now they go to an in-house server Also looking at jamJAR. I like to keep current with JAMF as well as JAMF and... .

CasperSally
Valued Contributor II

@Nix4Life I look forward to your posts! If you wouldn't mind sharing your config plist for imagr, i'd appreciate it. I thought mine was set up properly, but it's failing validation. I tried pinging you in slack, as well, if that's easier.

Nix4Life
Valued Contributor

@CasperSally sent DM on slack, but I'll post it here also. if you choose to use the included password ( you should change it ) it's temp. This was the base I started with,then included the other items:quickadd,payload free,etc

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>password</key>
  <string>777c534fd04b2cc000819eaf0a63bfa135a62b42777ea4650c2743ca297b3ac6d33c001c664485c7cb3cd3a08475cd80c434be670c01f16d61218f7f9fe0bde5</string>
  <key>workflows</key>
    <array>
        <dict>
            <key>components</key>
            <array>
             <dict>
                <key>type</key>
                <string>eraseVolume</string>
                <key>name</key>
                <string>Macintosh HD</string>
                <key>format</key>
                <string>APFS</string>
            </dict>
            <dict>
                <key>first_boot</key>
                <true/>
                <key>type</key>
                <string>package</string>
                <key>url</key>
                <string>http://10.19.1.14/munki_repo/imagr/packages/admintest.pkg</string>
            </dict>
            <dict>
                <key>first_boot</key>
                <true/>
                <key>type</key>
                <string>package</string>
                <key>url</key>
                <string>http://10.19.1.14/munki_repo/imagr/packages/skipapplesetupassistant.pkg</string>
            </dict>
                <dict>
                <key>first_boot</key>
                <true/>
                <key>type</key>
                <string>package</string>
                <key>url</key>
                <string>http://10.19.1.14/munki_repo/imagr/packages/munkitools_app_usage.pkg</string>
            </dict>
            <dict>
                <key>first_boot</key>
                <true/>
                <key>type</key>
                <string>package</string>
                <key>url</key>
                <string>http://10.19.1.14/munki_repo/imagr/packages/munkitools_app.pkg</string>
            </dict>
            <dict>
                <key>first_boot</key>
                <true/>
                <key>type</key>
                <string>package</string>
                <key>url</key>
                <string>http://10.19.1.14/munki_repo/imagr/packages/munkitools_core.pkg</string>
            </dict>
            <dict>
                <key>first_boot</key>
                <true/>
                <key>type</key>
                <string>package</string>
                <key>url</key>
                <string>http://10.19.1.14/munki_repo/imagr/packages/munkitools_launchd.pkg</string>
            </dict>
            <dict>
                <key>type</key>
                <string>startosinstall</string>
                <key>url</key>
                <string>http://10.19.1.14/munki_repo/imagr/installers/HighSierra.dmg</string>
            </dict>   
            </array>
            <key>description</key>
            <string>Erases Drive and Installs High Sierra</string>
            <key>name</key>
            <string>Install High Sierra</string>
        </dict>
      </array> 
      </dict>
</plist>