Wow, I never even knew about this product. So cool! How did this not make it into the Casper Administrator Guide? This could save me so much time over the horror that is System Image Utility. Thanks for the update @nick!

@clifhirtle Hopefully it'll be in the next manual...it was part of the <redacted> Beta, but it was leaked here so JAMF released it. :)

Ah ha! Now it all makes sense. Foiled by JAMFdaction! Thanks for clarification Don.

@donmontalvo @clifhirtle - Just to clarify a bit, the CNIC is a tool that a small group of JAMFs saw the need for and made a collaborative effort to release.

It's not a part of JAMF's core product line, and is released in an Open Source fashion much like the NetSUS appliance. We'll continue to contribute to it, but we also look forward to community contributions like we've had with the NetSUS appliance.

While it likely won't make it into the Casper Suite Administrator's Guide, we do have a KB article that we posted yesterday with a procedure that outlines how to use the CNIC.

I hope this clarifies things a bit.

@nick apologies for mis-speaking, I was going off @Orleck's post.

Nice to see JAMF jumping on this, very much appreciated. :)

Don

@nick @Orleck any of you know how how does netinstall handle the admin account and Cert install? I was prompted for a Cert and tried to install but I am not sure how it handles the admin/root account? I dont recall setting a password when I created NBI using this tool and now its prompting me for one. I am a little hungover, so excuse me if I am missing the obvious lol

@wmateo - If you specify a JSS URL when creating the NetInstall image, CNIC will import the JSS Built-In CA certificate in an attempt to create trust in the NetInstall image. If your JSS is hosted using a tomcat web server certificate that is not issued from the JSS Built-In CA, or is not trusted in the Apple System Roots, you'll need to manually add it to the keychain of the NetInstall image using a command like:

/usr/bin/security add-trusted-cert -r trustRoot -k '/Volumes/Install/Library/Keychains/System.keychain' -i '/Volumes/Install/Library/Security/Trust Settings/Admin.plist' -o '/Volumes/Install/Library/Security/Trust Settings/Admin.plist' /path/to/ca.cer

I am having great luck with CNIC 4.0 + 10.9.4. The resulting NBI boots/shutsdown fast and I have not noticed any issues yet.

Thanks for bringing back this tool!

This tool is awesome. Spent a week trying to hack the standard Apple RestoreHD to include Casper Imaging. CNIC does it in about 15m, customizes prefs, and lets me build right off the existing universal restore drive I already have.

Kudos @nick and the JAMF team for putting this together. Already saved me hours of setup time in getting network-based imaging up and running!

Posted elsewhere, but guess I'll post here too..

Any hope of using the new NetInstall Creator and still get a netboot image that offers a script to wipe FV2 enabled drives (see @jarednichols post here https://jamfnation.jamfsoftware.com/discussion.html?id=5763).

We stick that in the dock and the techs rely on it.

Very glad CNIC came back. Makes building those netboot images so much faster. One thing that's missing is in the old version, when you quit Casper Imaging, you had a control panel of sorts with access to Terminal, Disk Utility, Safari, etc. Now if I quit Casper Imaging, I don't even get a Finder and have to hard shutdown the machine. That was handy for manually wiping a drive, getting into the JSS for a last minute change to a config, etc.

@CasperSally][/url Good point on locked FileVault volumes. I get a XML parse error and bail out to Terminal when I use this on a vaulted Mac. You can certainly manually wipe the drive from Terminal at the point, but in my test I found the internal drive defaulted to /dev/disk20, which could make it hard to anticipate the correct drive number.

If the drive number does prove to be consistent, you could probably just run the correct Terminal commands on your test image before creating the base image, capture it with JNIC, then just have your techs arrow-up in Terminal to run the correct "nuke + pave" command. Not elegant by any means, but appears a temp workaround here.

Ideally, we'd have a pop-up menu that @johnnasset mentions from earlier versions. Perhaps even customizable menus via various RecoveryHD hacks out there. Given open-sourced status of project, anyone feel like hacking towards JNIC 4.1?

http://hints.macworld.com/article.php?story=20110717190509986
http://forums.macrumors.com/showthread.php?p=19200594#post19200594

Finally got a chance to try out the new tool. Works great - thanks, @nick & team. If I could wipe FV drives with it we'd be golden, going to have to keep around separate netboot for that only I'm afraid.

Another note for those looking to try the NetInstall Creator... if you try to run a before script to wipe/combine existing partitions - it fails every time.

This is the script we were running
diskutil partitionDisk /dev/disk0 1 JHFS+ "Macintosh HD" 100%

This is the error we get
Started erase on disk0
Unmounting disk
Error: -69888: Couldn't unmount disk

Same script works fine with Netboot. If anyone knows a way to accomplish same thing with NetInstall, would love to know how.

Here's what I use to grab the FileVault encrypted drive number. It will only grab the last Core Storage device, as that is likely the one that is FileVault encrypted. I bundle this with an "are you sure?" script, so I don't know how comfortable I would be blowing away the drive without a confirmation. It's never picked wrong for me, but it's good to keep in mind.

diskident="$(diskutil cs list | awk '/disk[0-9]s/ { print $NF }' | cut -c 1-5 | tail -n 1)"

if [ $(echo "${diskident}" | grep -c 'disk') -eq '0' ]; then

    echo "No FileVault Encrypted Drives. Use Disk Utility instead."

    exit 1

fi

@CasperSally - The main reason that script is failing on a NetInstall image and is working fine in a NetBoot image is that NetInstall uses RAM disks for temp space rather than a connection back to the NetBoot server.

This allows more clients to be booted to the NetBoot server simultaneously and makes for a better user experience of using a NetInstall image. It also means that the actual hard disks are typically mounted at a much higher disk identifier, such as /dev/disk20 rather than /dev/disk0.

Scripts run at the "before" priority can still function, but the script you mention would need to be modified slightly to account for the RAM disks that are mounted before the physical hard drive(s).

@nick maybe I am missing a step here, but I am trying to create image, and getting a consistent error:

7/15/14 12:17:06.067 PM Casper NetInstall Image Creator[41857]: Error 0 4096 for command /usr/bin/defaults write /Library/NetBoot/NetBootSP0/CASPER_NETBOOT/NBImageInfo Architectures -array i386

have you seen this before?

@activitymonitor can you please tell me what the required frameworks are to get casper imaging to launch in a deploy studio net boot set?

Thanks

hey @timjd4
have you tried the new version 4.0 of the casper netinstall creator?
https://jamfnation.jamfsoftware.com/viewProduct.html?id=13&view=info

@calumhunter, I have but it spat out an 8gb NBI whereas the Deploystudio NBI is <3gb and boots much faster.

@wmateo - I have not, but if you attempt to manually run the command listed in the error message, does it work properly? Another thing to try might be a name without an underscore, thought I don't think that would be an issue.

@timjd4

I have never taken the time to figure it out, so I just rsync the whole folder. Still half the size of a traditional netboot image.

I tried this CNIC tool today and it worked well. The only thing really was missing was as @johnnasset said it would be great if you could quit imaging and go to a a control panel of sorts with access to Terminal, Disk Utility, Recon, Casper Remote etc.

The image is different from others we have done in the past using System Image Utility. Those come up in Netboot as a Diskless Netboot image. Where with this one Diskless is not checked and says it's a NetInstall.

I have been going around these posts about netinstall and netboot, and think my brain is melting from it...Netinstall is different to netboot right? So do I use casper netinstall creator to make an image to netboot my macs from to then install a new OS or add loads of packages, or is it as System Image Utility says, it contains an image that just gets dumped on the machine? I am totally confused! :$

NetBoot is just a bootable OS, diskless or not. Log in and you have access to the Desktop.

NetInstall is just booting into OS X Installer.

NetRestore is for dropping images you already created, block copy, onto a target drive.

Looks like JAMF's NetInstall Creator substitutes Casper Imaging for OS X Installer.

I used Mike Bombich's NetRestore application for years, until Apple hired him and rolled it into OS X Server. I had to experiment with all three types listed above to figure out how NetRestore fit into things. :)

HTH
Don