Posted on 10-07-2021 01:47 AM
Currently if we want to wipe and reinstall macOS we have two options: we can either use Internet Recovery to reinstall it from over the internet, or we can use a USB stick prepared using createinstallmedia.
This is fine if we just need to wipe and reinstall a single Mac, but when it comes to whole classrooms full of Macs, this approach presents some problems:
Our organisation currently has a moratorium on buying new Macs, so all our Macs are still older Intel Macs which are capable of NetBooting/NetInstalling. However, we just updated to macOS Catalina over the summer, and found that System Image Utility and the UI tools for NetBoot/NetInstall are gone.
While Apple does provide a document https://developer.apple.com/support/downloads/macOS-Server-Service-Migration-Guide.pdf which describes how we can make use of the underlying macOS components to provide the NetInstall service, with System Image Utility gone we don't currently have a way to create a NetInstall image for Catalina.
Is there a third-party app which can create a Catalina NetInstall image? Or alternatively, is there another macOS Catalina deployment method which doesn't involve having hundreds of USB sticks or maxing out our internet connection?
Posted on 10-07-2021 01:58 AM
You could upload a pkg installer which installs the "Install macOS Catalina.app" to your Jamf Distribution server and deploy it Jamf Pro. Then you can run the `startosinstall --eraseinstall` command on the running system, either initiated from Self Service or as a scheduled policy. You can also run this _without_ the `--eraseinstall` when you just want to upgrade, but in education labs, most go the erase and install.
Posted on 10-07-2021 02:28 AM
That's fine if the Mac is booting up OK and working at normal speed and has plenty of disk space available. Is there no other solution that would be bootable rather than needing the Mac to be able to boot into its previously installed OS?
Posted on 10-07-2021 04:35 AM
I get the frustration. NetBoot/NetInstall was a really useful tool, especially for classroom/lab style deployments. But, Apple has decided not to continue making this available as a deployment option. The time window where community feedback might have had even chance to sway them has long passed. We can gripe about that and reminisce about all the awesome tools and workflows that were, and I will join you in doing that over a beverage of your choice, if we ever meet, but aside from bringing a bit of closure, it is pointless.
System Image Utility was broken in High Sierra and discontinued with Catalina, no hardware introduced since 2018 supports NetInstall. There is no bringing it back anymore.
You have a choice now: you can put your effort into patching together something that is similar to your old workflow, but which you know will be useless when you ever get new hardware (or have to upgrade to even newer versions of macOS). Or, you can put together a new workflow now, that will be useful with new hardware and newer versions of macOS, too.
You have the advantage of looking at how all the other admins have navigated this change, which was forced on us by Apple.
From what I have seen and done, these are the best options:
- use the `startosinstall` command to automate wipe and install workflow. While these are slow and involve installing the multi-gigabyte Install macOS application, you can get to a point where they are fully automated, including re-enrollment in your MDM/Munki
- use Internet Recovery and/or USB sticks to recover those devices where the automation has failed
- Yes, you need two tools/workflows to replace what you could do with just NetInstall. That's how it is.
- look into Twocanoes MDS when you require more complex installation workflows, they provide some wonderful tooling https://twocanoes.com/products/mac/mac-deploy-stick/
- you can build these workflows to not just work with Catalina, but also with Big Sur and Monterey, Intel T2 Macs and Apple Silicon Macs. Even though you may only be thinking about Catalina right now, you can already prepare for upcoming macOS and hardware.
- Monterey will bring "erase" workflows with the "Erase all Contents and Settings" command that can be sent from Jamf and run much faster than `startosinstall --eraseinstall`. When you build your workflows around `startosinstall --eraseinstall` now, you will be prepared to leverage EaCS in the future.
Posted on 10-07-2021 06:05 AM
I've read some stuff that suggests Internet Recovery can make use of a Content Caching server, any idea if this is accurate? As this would allow us to do Internet Recovery only using our internal network bandwidth rather than maxing out our internet connection.
Posted on 10-07-2021 06:35 AM
This is true for some of the resources, but not all of them. The Internet Recovery system itself will _not_ be cached, but then the resources that the installation process downloads are.
Posted on 10-07-2021 05:46 AM
Have you tried Apple's own Mac Provisioner 3.0 tool?
If you're only looking to deal with Catalina it supports using an AutoDMG created image as a block level restore image so an SSD equipped Intel Mac can be re-imaged in <10 minutes. As with Twocanoes MDS the Mac Provisioner re-image tool runs while booted into Recovery Mode, so you don't have to change the Startup Security settings on T2 Macs, but it does need to have a working Recovery partition. It does work with Big Sur, at least with 11.5, but since AutoDMG doesn't support Big Sur (or vice versa depending on how you look at it) the block restore feature doesn't work. And of you have a Mac on Big Sur you can't use it to downgrade to Catalina.
Posted on 10-07-2021 06:08 AM
This is very interesting and I had no idea this existed. I'm not sure I understand what the advantage is over a USB stick created with createinstallmedia though. Thanks to dataJAR Professional Services we do have an Automated Device Enrolment workflow for after the OS is installed (though it would be great if they could come up with some sort of content caching for their Auto-Update solution) so it's really just the OS installation itself I'm looking at at the moment.
10-07-2021 07:02 AM - edited 10-07-2021 07:04 AM
@DanJ_LRSFC Why Apple doesn't promote Apple Configurator is a mystery to me as well, but with M1 Macs being easily re-imageable via Apple Configurator 2 there's not much use for it on new machines and Apple's support attitude for older hardware and macOS versions is pretty much ¯\_(ツ)_/¯
The advantage of Mac Provisioner over a macOS installer stick created by `createinstallmedia`, at least for Catalina, is when using an AutoDMG created restore image Mac Provisioner can do a block restore to a fully patched version of macOS Catalina in <10 minutes. It does require a USB drive that can support >100MB/s though, so bargain basement drives generally aren't going to work.
Note that Apple has stated that at some point using `startosinstall` will no longer be supported while booted into Recovery Mode, possibly in Monterey, but if you're only worried about Catalina...
Posted on 10-12-2021 12:37 AM
I looked a bit further into how the process of creating an .nbi set actually worked, but it seems like the core of it is... just a bunch of Bash scripts? Which on older macOS versions can be found at /System/Library/PrivateFrameworks/SIUFoundation.framework/XPCServices/com.apple.SIUAgent.xpc/Contents/Resources.
Which leads me to the following questions:
We've got no plans to buy any new Mac hardware, so we just need a solution that will last until we can eventually retire our existing Mac hardware.