Upgrade to Mojave

ekarazhov
New Contributor III

Hello guys, i know this question have been asked and answered. I have been reading a lot of posts on here and there is no universal step by step instructions that i could find. People are saying that some times script is not working, or the results are not consistent in the environment. I am new to all of this. I have been tasked to upgrade some of the devices that still on High Sierra to Mojave and it needs to be done via self service.
I don't want to assume that those devices have Mojave cached, therefore i think i would need to create a package that would get pushed to Application Folder ( I am trying to find out how to do that, so far no luck)
Second i know for a fact that users do not have admin rights, so this needs to be taking in to consideration when doing upgrade. I know there are multiple links to a script that is about a page long on GitHub and there are one liners commands that can perform the upgrade. Given my scenario which route should i take? Long Script or one liner? Any Step by Step or video instructions out there that i can follow in order to achieve what i need. Any help with that would be great! Thank you.

1 ACCEPTED SOLUTION

gabester
Contributor III

@taugust04 I understand why it doesn't work, but I'm frustrated and disappointed with Apple that they haven't engineered a solution to benefit those of us who support their desktop hardware and doesn't require multiple reboots. In other words, either have a way to do this or provide a DMG for the currently supported OSes that gets everything up-to-date in one swoop.

Alternately, Jamf's solutions ought to anticipate these gaps on Apple's part and provide us good practice solutions that don't necessitate a bunch of smart groups and policies. I wouldn't be complaining if, say, patch management handled this out of the box.

FWIW I posted in a similar thread about the results and am hopeful that someone has come up with a better way.

View solution in original post

5 REPLIES 5

ICTMuttenz
Contributor

Hello

we had las yeart the same situation. we was still on sierra and we wanted to upgrade the system to mojave. so we did first a packges of mojave in pkg with composer and then via installed with this script:

/Applications/Install macOS Mojave.app/Contents/Resources/startosinstall --agreetolicense --nointeraction

after that we run this script to clear anything. we clear the mac every year:

#!/bin/sh

#Download the osx packages
jamf policy -event install-os

APIUSER="username"  ## Change to your API user account with delete computer privileges
APIPASS="password"  ## Change to the password of the above API account

JSSURL=$(defaults read /Library/Preferences/com.jamfsoftware.jamf.plist jss_url | sed 's|/$||')

UUID=$(ioreg -rd1 -c IOPlatformExpertDevice | awk -F" '/IOPlatformUUID/{print $4}')

curl -su "${APIUSER}:${APIPASS}" "${JSSURL}/JSSResource/computers/udid/${UUID}" -X DELETE


/Applications/Install macOS Mojave.app/Contents/Resources/startosinstall --agreetolicense --eraseinstall --newvolumename "Macintosh HD" --nointeraction

you can run this via policy or jamf remote.

so i hope this help you.

gabester
Contributor III

Similar to @ICTMuttenz except:

  1. I use the DMG as downloaded by installinstallmacos.py
  2. My DMG is my installation package, so its content gets copied to /Install macOS Mojave.app, then use a post-install script to move it /Install macOS Mojave.app to /Applications... (I should really post that script sometime, it's handy for DMG-drag-to-/Applications-to-install applications.)
  3. Then I run a script similar to the above, referenced in many other places and not modified. It usually works.

Note that I make ample use of smart groups to determine whether the DMG has been cached or if the /Applications/Install macOS Mojave.app is present to enable users to run different Mojave installers. Even successfully forced systems to upgrade, although that can ruin a user's next couple of hours.

What I really want to know is why when reimaging a Mac with a USB stick, I've got a script:

#!/bin/sh
# mojaveinstall.sh to be used to wipe and reinstall Macs
echo "unmounting internal"
diskutil unmountDisk disk0
echo "erasing internal"
diskutil partitionDisk disk0 GPT APFS "Macintosh HD" 0g
echo "beginning OS install with custom package"
if [ -f '/Volumes/Image Volume/mojaveinstall.sh'  ]; then
    echo "Installing Mojave from Booted USB Image Volume"
/Volumes/Image Volume/Install macOS Mojave.app/Contents/Resources/startosinstall --agreetolicense --volume /Volumes/Macintosh HD --installpackage /Volumes/Image Volume/custompackage.pkg --installpackage /Volumes/Image Volume/SecUpd2019-002Mojave_18G2022.pkg
elif [ -f '/Volumes/Install macOS Mojave/mojaveinstall.sh' ]; then
    echo "Installing Mojave from USB Install macOS Mojave"
/Volumes/Install macOS Mojave/Install macOS Mojave.app/Contents/Resources/startosinstall --agreetolicense --volume /Volumes/Macintosh HD --installpackage /Volumes/Install macOS Mojave/cmecerts.pkg --installpackage /Volumes/Install macOS Mojave/SecUpd2019-002Mojave_18G2022.pkg
fi

I was really hoping to be able to slipstream to the latest Mojave install rather than installing the latest security update after the fact. Instead, I get an error on reboot: macOS could not be installed on your computer. ERROR_ABA5BBB51F Quit the installer to restart your computer and try again.

Looking in the logs it looks like it tries and fails to find /Library/Preferences/com.apple.ViewBridge.plist

Needless to say this script is successful if I only run the custompackage.pkg and not the Security Update. Only running the Security Update also fails. Isn't this something that should "just work" ;-) Note that I now append the build number onto OS update packages because you never know when Apple's going to have another QC issue and need to rerelease one with the same name (hopefully they update the build!)

taugust04
Valued Contributor

@Sterritt: Yeah it's not going to allow you to install that security update until the system has rebooted for the macOS Mojave install. There's a number of reasons why, including post-install tasks that only get launched after reboot to finish the install, and firmware update payloads that also require restarts to complete installation for both the macOS install and security update.

It might be easier to just have that security update install after reboot. You could have the macOS installer install a package with a script that creates a launchd job to run the softwareupdate command line tool at first reboot, and then deletes itself after the fact after the software updates complete.

Personally I handle this with Jamf policy. After a machine installs an upgrade, it runs a recon at reboot, which detects the upgrade install has completed (based on .pkg is installed and what the OS version is), and then triggers a policy that runs software update. There's a number of ways you could do this with the clever use of smart groups and policies.

gabester
Contributor III

@taugust04 I understand why it doesn't work, but I'm frustrated and disappointed with Apple that they haven't engineered a solution to benefit those of us who support their desktop hardware and doesn't require multiple reboots. In other words, either have a way to do this or provide a DMG for the currently supported OSes that gets everything up-to-date in one swoop.

Alternately, Jamf's solutions ought to anticipate these gaps on Apple's part and provide us good practice solutions that don't necessitate a bunch of smart groups and policies. I wouldn't be complaining if, say, patch management handled this out of the box.

FWIW I posted in a similar thread about the results and am hopeful that someone has come up with a better way.

Kyuubi
Contributor

Guys, loved the posts. My only real question is can this be done without the user at all? No Self Service. My leadership wants a completely automated OS upgrade. Is that possible?