- Jamf Nation Community
- Products
- Jamf Pro
- Using Compiled Configurations as a Parent Configur...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Using Compiled Configurations as a Parent Configuration for Smart Configs
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-13-2011 11:00 AM
I know that sounds like a mouthful and it is. Basically, this is my work flow, for a complete modular and efficient method of imaging with the Casper Suite. This method is different because Casper has a feature called 'Package Priority' that doesn't like Compiled Configurations being used as the parent configuration for your smart configurations.
So, my work flow is basically like this in a nutshell:
-Create a pristine, never been booted OS X image (InstaDMG)
-Drop that fully updated image into Casper Admin
-Add all packages that every Mac in my enterprise needs standard
-Create work flow of imaging process by imaging via asr script
-Create smart configurations based on locations and groups and apply individual packages (modular)
So, first I create the OS X image via InstaDMG. This is done following the instructions in the documentation. Then running the instaUp2Date python script afterward to automatically update my OS image. It will use the catalog file to grab the files from Apple's site, then splice them in. I can go into greater deal into using InstaDMG if there is a demand for it in another thread.
Then, once you have your up to date, pristine, never been booted OS X image you can drop it into Casper. Casper Admin will detect it is in fact an OS image. I then use the Casper Admin GUI to start tossing in my standard apps. Here is a screen shot of one of my configurations:
This is a compile of what is standard on all Macs district wide at my work. So This gets laid down on every single Mac, but I also want to do modular on top of this, so I don't actually create a configuration for this, just keep it as a compiled image in Casper Admin.
Next I will make a Smart Configuration, and this is where I want this configuration to deploy certain packages to certain groups of computers, but still use that compiled configuration as my parent image. Here is an example:
Now as you can see there is no image file at all in this configuration. However, there is a script that runs before imaging that actually does the imaging process itself. There are some packages that are student computer specific here. Like the mobile filter client, the tracking/theft software client and so forth. These are standard apps that go on every student machine but no one else. So I can still block copy my compiled image, but also use smart groups to give my configurations a very modular approach.
Here is the script (Sam Johnson from JAMF contributed a lot to this process - so everyone give him a high five when you see him next):
#!/bin/bash
#Define the target - $1 to automatically get this from Casper, can replace with /usr/sbin/bless --getboot
target="$1"
#Automatically acquire the dev entry
devEntry=$(/usr/sbin/diskutil info "$target" | /usr/bin/grep "Device Node" | /usr/bin/awk '{print $3}')
echo "The dev entry for the disk to be restored: $devEntry"
#Acquire the original volume label
originalName=$(/usr/sbin/diskutil info "$target" | /usr/bin/grep "Volume Name" | /usr/bin/grep -o '[^:]*$' | /usr/bin/tr -s " " | /usr/bin/sed 's/^[ ]//g')
echo "The disk name: $originalName will be retained upon restoring."
#Unmount the disk to prepare it for ASR
/usr/sbin/diskutil unmount $devEntry
#Perform the ASR copy
echo "Initiating restore process and waiting for connection..."
/usr/sbin/asr restore --source "/Volumes/CasperShare/CompiledConfigurations/10.6.8_base_compiled.dmg" -target "$devEntry" -erase -noprompt -timeout 0 -puppetstrings -noverify --verbose
#Mount the disk again
/usr/sbin/diskutil mount $devEntry
#Rename the disk to ensure that it's named with it's original name
/usr/sbin/diskutil rename $devEntry "$originalName"
exit 0So, this script is actually the parent item in all smart configs and the smart configs are based off of this. This way I only ever have to maintain and compile one image period. In a very, "Lord of the Rings," sort of sense I have created one master modular image to rule them all.
Now I can get down to the building level. Each building has it's own Open Directory Replica. Authentication is distributed among replicas in different buildings across our whole district. So for this I create the bind object in the JSS and add it to the smart group based on the parent group with the script and student specific packages:
This is basically how I have automated like 25% of my job. Build the work flow, update when need, replicate out and all any tech ever has to do is just hit a button. Casper takes care of everything else behind the scenes.
Let me know your thoughts and questions.
Thanks,
Tom
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-13-2011 01:00 PM
Awesome info Tom, thank you for sharing. Going to kick this around in my noggin' for a bit. :)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-14-2011 11:37 AM
I have switched my entire work flow to this and I don't ever want to go back. It is completely modular with one image for all smart configs, which is also compiled.
