Re: Reinstall a clean macOS with one button

dgreening
Valued Contributor II

This is in regard to the Jamf Blog post Reinstall a clean macOS with one button.

While this functionality does appear to be extremely handy, it has become clear to me that Apple did not see fit to test this workflow with FileVault enabled Macs (big surprise!). While the Self Service policy based wipe/reinstall does indeed wipe and re-install, after ~4 run-throughs (10.13.5 to 10.13.5) on a FV enabled Mac, the OS comes up with 8 partitions (one APFS called Macintosh HD, one HFS+ called Macintosh HD, and others numbered 2-7, all HFS+) post Setup Assistant.

Would some of you FileVault users try to replicate this and report back? The steps carried out are as listed in the blog post, aside from the installer being placed into /Users/Shared (it is our existing "upgrade in place" package).

03b6db87096a4e4991b47e0f22973512

28 REPLIES 28

hkabik
Valued Contributor

I've seen similar. It works by creating a new volume and installing the OS to that volume then deleting the old one. So if the process fails you end up with extra Volumes (which are easy enough to delete).

I have alot of trouble with the command running specifically on 10.3.5 FV2ed machines with non-admin users. I'd say 1/4 or 1/5 attempts fails. The error code is almost always just "The Helper Tool Crashed" so I can never really see what went wrong. It just seems to work when it feels like and fail when it doesn't.

gachowski
Valued Contributor II

: )

I only tested this on a non-FV machine and it did work.. lets open those tickets with Apple !!!

C

PatCMP
New Contributor III

Working fine here with 10.13.5 and FV enabled, but they are admins so its not the exact same environment, but FV enabled and local admin works fine.

dgreening
Valued Contributor II

Interesting. I'll need to test again. I wiped/reprovisioned the test Mac 4-5 times and ended up with the same thing.

Strannik
New Contributor III

I've tried to upgrade MacBook from 10.12.6 to 10.3.5 using instructions in the blog. But when I clicked the Install button in the Self Service the policy ran, but nothing happened.
Here is the log:
"[STEP 1 of 4]
Executing Policy Update Mac OS to High Sierra
[STEP 2 of 4]
[STEP 3 of 4]
Running command "/Applications/Install macOS High Sierra.app/Contents/Resources/startosinstall" ‑‑applicationpath "/Applications/Install macOS High Sierra.app" ‑‑agreetolicense &...
Result of command:
Usage: startosinstall
Arguments
--applicationpath, a path to copy of the OS installer application to start the install with.
--license, prints the user license agreement only.
--agreetolicense, agree to license the license you printed with --license.
--rebootdelay, how long to delay the reboot at the end of preparing. This delay is in seconds and has a maximum of 300 (5 minutes).
--pidtosignal, Specify a PID to which to send SIGUSR1 upon completion of the prepare phase. To bypass "rebootdelay" send SIGUSR1 back to startosinstall.
--converttoapfs, specify either YES or NO on if you wish to convert to APFS.
--installpackage, the path of a package (built with productbuild(1)) to install after the OS installation is complete; this option can be specified multiple times.
--eraseinstall, Erase all volumes and install to a new one. Optionally specify the name of the new volume with --newvolumename.
--newvolumename, the name of the volume to be created with --eraseinstall.
--usage, prints this message.
Example: startosinstall --converttoapfs YES
[STEP 4 of 4]"

Looks like the command doesn't work properly. It is copied and pasted from the blog exactly. Does someone know what's wrong?
The same command runs in Terminal fine and does update MacOS.

mbezzo
Contributor III

@Strannik I saw this too - there's a return character in there. I had to take it to a text editor and strip out extra characters to get it to work. Alternatively you can just manually retype it. Took me a few tries to figure out what was going on... :)

Also, FWIW, I'm having better luck running the command as a small script instead of as part of the Files and Processes payload:

#!/bin/bash

# Start Erase and Reinstall process as its own process so Self Service can quit successfully (Requires macOS 10.13.4 Installer or greater)
/Applications/Install macOS High Sierra.app/Contents/Resources/startosinstall --agreetolicense --eraseinstall --newvolumename "Macintosh HD" &

exit 0

Good luck!

mbezzo
Contributor III

Just to add a bit more to this, I've now wiped/reinstalled twice on a Mac that was file vaulted and I'm not seeing additional any additional partitions/volumes showing up. I'm using macOS 10.13.5.

Strannik
New Contributor III

Thank You mbezzo, you were right - copying & pasting the entire string changed hyphens to something else. Instead of Hex 2D they turned into E2:80:91. Retyping hyphens has fixed the problem.
And to add to discussion - after successfully updating encrypted MacBook to 10.13.5 the partition map didn't change for me.

mbezzo
Contributor III

@Strannik Ahhh, yep, that'll definitely do it! Glad you got it figured out!

easyedc
Valued Contributor II

FWIW, I threw a API call to delete the existing computer entry from my JAMF Pro in order to free up the DEP enrollment and to start with a clean history (if that's something that you're into). Just my 2¢

#!/bin/sh
#  Nuke & Pave - kick-off script.sh
#
#  Created by Ed Corfman on 7/09/18.
#
# Get serial to delete workstation from JAMF
#
serial=$( /usr/sbin/system_profiler SPHardwareDataType | /usr/bin/awk '/Serial Number (system)/ {print $NF}' )
#
# Pass the Serial to the API URL to delete the existing entry from JAMF
#
curl -kvX DELETE -u JAMFSERVICEACCOUNT:JAMFSERVICEACCONTPASSWORD https://myjamf.jamfserver.com:8443/JSSResource/computers/serialnumber/$serial
#
# Kick off the erase and install
#
"/Library/Application Support/Humana/macOS Installer for nuke and pave/Install macOS High Sierra.app/Contents/Resources/startosinstall" --eraseinstall --newvolumename "Macintosh HD" --agreetolicense &

donmontalvo
Esteemed Contributor III

@mbezzo Works fine on High Sierra and <redacted> on an iMac Pro:

/Applications/Install macOS High Sierra.app/Contents/Resources/startosinstall --agreetolicense --eraseinstall
/Applications/Install macOS <redacted>.app/Contents/Resources/startosinstall --agreetolicense --eraseinstall

We run the above without either nohup or & since the installer is local and the computer reboots to wipe/reinstall in just a few minutes.

No need to rename the boot drive to Macintosh HD since Apple does that by default...guessing if you want to name it something else...

--
https://donmontalvo.com

mbezzo
Contributor III

Thanks @donmontalvo for the info on the drive name. Totally makes sense!

Thanks,
Matt

FutureFacinLuke
Contributor II

Hi,

Does anyone have the syntax for passing the Volume Name/Computer Name?
In our env volume name, computer name and local host name. When we we're using DeployStudio this would be done as part of the image process then later applied to the rest using scutil.

Does this look correct?

/Applications/Install macOS Mojave.app/Contents/Resources/startosinstall --agreetolicense --nointeraction --eraseinstall --newvolumename $name

or should I use a Parameter e.g. $4=$name as below

/Applications/Install macOS Mojave.app/Contents/Resources/startosinstall --agreetolicense --nointeraction --eraseinstall --newvolumename $4

Am I better running this as a script or are JAMF parameters (e.g. $name) usable in Files and Processes/Execute a Command?

tjhall
Contributor III

@Initialised This works for me but I bundle the script as an app ; --newvolumename "Mac HD"

FutureFacinLuke
Contributor II

@tjhall thanks, What I am trying to do is have the Volume name stay the same, is there an option to not change it?

Alternatively how do I make the script grab the AD Name/JSS ID/Serial/Boot Volume Name and put it as the newvolumename name

FutureFacinLuke
Contributor II

I just tried

<snip> --newvolumename NO

lets see what happens!

FutureFacinLuke
Contributor II

cf27580558bf49cb9d9c25d5ef8583c8

That didn't work!

FutureFacinLuke
Contributor II

trying

<snip> --newvolumename "$0"

tomhastings
Contributor II

If you want to have the hard drive name stay the same, remove "--newvolumename" from the command.
I think it is a good idea to reset it to Macintosh HD after seeing so many drives named ".", "bhsdglgdsga", "nrovbn8" "(", etc. So it is nice to force a reset to factory.

Curious as to why you would want to name the hard drive that way instead of just naming the share what you specified. Are you basing smart groups, policies, etc. based off of the hard drive name? Always nice to learn different ways of doing things.

tjhall
Contributor III

I agree about reseting the name on rebuild. Not saying that changing the name of the HD happens a lot but it's another step in the process of making sure everything is the same after rebuild.

Although, I thought leaving out --newvolumename during the -eraseinstall option means that it will default to 'Macintosh HD"?
We rename it to Mac HD since it's an easy way to check that it's been built by IT.

FutureFacinLuke
Contributor II

@tjhall leaving out --newvolumename defaults it to Macintosh HD so not great

@tomhastings when we did thin image followed by app deployment with deploy studio we used a script to set the Boot Volumename, Localhost an the name assigned to DeployStudio (DS_COMPUTERNAME) which is based on our Asset number for the Macs. If I can keep the HDD names on EraseInstall I can (almost fully) automate my Lab deployments by applying VolumeName to the Localhost before binding to AD.

Our current process for binding to AD is an App built in Automator that requests the Name as manual input, Applying it on the EraseInstall allows it to pass through in a similar way to how we used DS_COMPUTERNAME

It may be a bit of a moot point as most of our estate are Fusion so didn't end up on APFS during the High Sierra update (at the time this was causing problems) so I used --converttoapfs NO so I'd either have to run the Mojave Update to convert to APFS then Eraseinstall at which point it becomes easier to have my Techs do Internet Recovery, Format the APFS with Correct VolumeName.

Maybe I could just use:

$VolName = scutil --get ComputerName
<snip> --newvolumename $VolName

Rather than trying to pass a JAMF variable.

donmontalvo
Esteemed Contributor III

Meant to follow up, if the computer is wired (so it can talk to Apple without having to select/connect to a Wi-Fi network), it should reboot and complete the install...if not, might add "&& reboot".

/Applications/Install macOS Catalina.app/Contents/Resources/startosinstall --agreetolicense --eraseinstall && reboot
--
https://donmontalvo.com

tcandela
Valued Contributor II

are computers that are still running macOS 10.10 thru 10.12 able to use a one touch Self Service policy to upgrade to either 10.13/10.14/10.15?

so if i want to have a self service policy do an in place upgrade from 10.10/10.11/ or 10.12 to at least 10.13 or 10.14 can i use 2 commands below in a script and have a self service policy run that script to get this upgrade?

sudo /usr/sbin/softwareupdate --fetch-full-installer --full-installer-version 10.13.6 or 10.14.6

/Applications/Install macOS Catalina.app/Contents/Resources/startosinstall' --agreetolicense --forcequitapps

i'm getting these commands from the following ARTICLE

sdagley
Esteemed Contributor II

@tcandela The --fetch-full-installer option only works for the version of softwareupdate in macOS Catalina. You need to follow the instructions for building the workflow to get the Catalina installer app onto the Macs you want to upgrade.

tcandela
Valued Contributor II

I don't want to upgrade to Catalina. We have some software that will not be compatible if we do. So I want to at least get people that are still running 1010 to 12 at least up to 13 or 14.
@tomhastings

The article shows that I could fetch full installer for previous operating systems using the command

sdagley
Esteemed Contributor II

@tcandela You misread the article. The --fetch-full-installer command did not exist in softwareupdate until Catalina, so you can't use it in older version of macOS

tcandela
Valued Contributor II

@sdagley I had a feeling that was the case; so if i want to run this command it would have to be on a mac running Catalina? but it will put the installer for 10.13.6 or 10.14.6 on the mac running Catalina? then i can grab that installer and use on other computers?

sudo /usr/sbin/softwareupdate --fetch-full-installer --full-installer-version 10.13.6 or 10.14.6

does the startosinstall command exist for earlier macOS? '/Applications/Install macOS Catalina.app/Contents/Resources/startosinstall' ‑‑usage

sdagley
Esteemed Contributor II

@tcandela startosinstall is available in the 10.13 and 10.14 installers. BTW, I am a fan of the macOSUpgrade script for upgrades as it does a bit of error checking before attempting the upgrade.