timo.schaffner

Q: Edit or Update NetRestore Image

Hi Everybody

 

I am assistant Head of IT of a medium business, we are running around 80-90 macs here, pretty much all are up to date or running atleast Yosemite.

 

As of now, we are setting up new machines using a Carbon Copy Cloner Image we did a while back, from which we can boot from and then copy it to the local disk of the computer. We do this over USB. So we connect the clone, which is just a simple SSD, over USB to the new Mac, boot the image containing a ton of Software and settings and then copy that with the also in the image preinstalled Carbon Copy Cloner to the local disc.
This works like a charm, and when we need to update the clone, we simply connect it over USB to any Mac and then run updates and software installs or change settings, and once we're done we just shut it down, and it's ready to be cloned.

 

Now we wan't to change to NetRestore for that. I have managed to test different scenarios by using the System Image Utility, by just creating a NetRestore image and deploying that over NetInstall. This works very good, but the big problem here is that if we need to update that image, or change a setting, we need to completely write a new image every time, and this is time consuming as we always need to connect the SSD Clone to a mac and then write the new image from that mac and copy it to our deployment machine. So my question is, and i am sure other people have asked that question before, but i haven't really found an answer so far: Can you somehow boot into the NetRestore image, without restoring it, OR, can you create a NetBoot Image, boot into that, update that NetBoot image, and then CONVERT the NetBoot image into a NetRestore image? In my Opinion, that would make the most sense, so we can always choose to NetBoot into the NetBoot image, change and update stuff, and then just convert that into a NetRestore image which gets copied to the machine.

 

I know that there is Deploy Studio, but **** i haven't been able to figure out a single simple thing on that app, it's beyond complicated...

 

Thanks for your answers, maybe someone knows the best way to handle that!

 

Cheers

iMac, OS X El Capitan (10.11), Profilemanager, Netinstall, NetBoot

Posted on Jan 6, 2016 5:41 AM

Close

Q: Edit or Update NetRestore Image

  • All replies
  • Helpful answers

Page 1 Next
  • by Strontium90,Helpful

    Strontium90 Strontium90 Jan 7, 2016 3:19 PM in response to timo.schaffner
    Level 5 (4,077 points)
    Servers Enterprise
    Jan 7, 2016 3:19 PM in response to timo.schaffner

    I will throw my thoughts into the arena.

     

    NetInstall is a great technology for a handful of very specific situations.  As you have discovered, it is not remarkably flexible when it comes to creating images.  If you are using traditionally hard drives to create or capture images, you best do it overnight.  If you are subnet'ed you have hoops to jump through.  If you want to make a lot of changes... well you need a lot of time.

     

    However, for environments that have stable images or that need to frequently reimage devices (labs, schools, test gear, etc), NetRestore is a great technology, allowing rapid reset of the device with few requirements.  After all, when setup up well, simply hold down the N key and walk away.

     

    But those are not your needs.

     

    You can create a blended solution.  You can create a master NetRestore image that is everything you need up to a certain date.  Then you can create a Package-Only image that can include all your patches and updates.  This is far easier to create and recreate than an entire OS image.  The workflow would go like this.  Day 1, you snap your ultimate image.  Day 2, a new Flash Player and Firefox are released so you create a Package Only image containing theses two updates.  Day 3 you have a few machines to image/re-image.  So you NetBoot the first time to the NetRestore image, laying down that perfect OS you built.  Then, once the machine is running, you net boot to the Package-Only image and apply the additional patches.

     

    This blended model still has holes.  Take the Late 2015 iMacs for example.  They can only boot 10.11.1 or higher.  If you created a master image that was 10.11.0, you would not be able to clone it to the iMacs.  This is similar with the latest Mac Book Pros.  Then require 10.10.5 or hight.  A 10.10.3 master image, while it can be cloned to the machine, can not boot it.  Oh, and then there is the firmware that Apple keeps hiding in the OS updates.  If you are monolithically cloning, there is a good chance you are not getting the required firmware on the devices.  There are ways around this, but nothing provided by Apple.

     

    Now, at 80 to 90 Macs, you are a candidate for JAMF.  JAMF is a tool that can supplant many of Apple's tools and many of your manual processes.  In addition, you might want to look at the Device Enrollment Program (DEP) from Apple, especially if you are treating devices like BYOD systems, pushing the IT responsibility onto the end user.  If you go the JAMF route, simply use on enrollment policies to deliver your software and settings stack.  Basically, you enroll the device and then the menu of items are delivered to it.  Your job is to keep that menu up to date.  The devices will then follow the script, getting everything you want to deliver in the proper order.

     

    There is also AutoDMG.  I have not touched on this in a long time but it could be what you are looking for to keep a master image up to date.  You would still need to periodically capture this to a NetRestore image.

     

    And finally, realize there is nothing "wrong" with what you are doing.  If it is working for you, then why break it?  There is something very elegant about cloning a machine to another and it working.  Doing this in large scale is magically ("Wait, you prepared all 100 devices in a day?")  However, be aware that some items should not be cloned, such as caches, logs, local KDC, sleep images, saved app state, etc.  Prior to cloning, you should prep the master (or clean up the clone before boot) to purge the extra items.

     

    Hope this helps in the thought process.  Not really answering or sending you in one direction.  More giving you additional options to look into.

     

    Reid

    Apple Consultants Network

    "El Capitan Server – Foundation Services"

    "El Capitan Server – Control & Collaboration"

    "El Capitan Server – Advanced Services"

    :: Exclusively available in Apple's iBooks Store

  • by timo.schaffner,

    timo.schaffner timo.schaffner Jan 7, 2016 2:02 PM in response to Strontium90
    Level 1 (18 points)
    Servers Enterprise
    Jan 7, 2016 2:02 PM in response to Strontium90

    Hi

     

    Thank you for your great answer! It helps alot to get some insight into how others think and handle that stuff, as sometimes i can't see the forest for all the trees.

    It worked until now, and it is still working, but we wanted to change it so that it is more simple to keep the master image up to date, and to deploy it more easily, without having the hassle to always look for the SSD laying around somewhere in our mess. And also backing up the master image would be much easier if it's online somewhere.

     

    I will have a look at AutoDMG, it seems that this is a powerful tool, but i haven't had much insight, yet. It is absolutely ok to have to manually keep the clone up to date from time to time, but as of right now it is a time intensive task. We also want to start to include trust profiles, general enrollment profiles and Open Directory services for user logins, and all of that makes that even more complicated. And all of this works nicely when included in the NetRestore imaging process, as it then enrolls the new devices, even if nothing is set inside the master image. But this will be the next step somewhen down the road.

     

    I haven't used the package only Images, these seem nice... Maybe you can use a thin image, a never booted image, and then add packages into that image? I have read much about that, in theory it works, but when used, many many packages don't install properly, and half of our apps is not available as pkg installers but are just simple .app files, which just have to be copied...

     

    Also, what role does Deploystudio play in this game? I am asking myself if i should take the days or weeks to get through the 5000 page documentation, or if i am just wasting my time, because it's not for me? Do you have experience? What you described above is pretty much how i feel about my situation, we don't need to restore many devices at a time, but one by one, maybe one new device every second day, something like that... But we also work with the Adobe Collection, and they update their stuff like 5 times a day, it's freaking impossible to keep the master image up to date..

     

    What i dream about to have in the future, is to have 3 clones, one for each of our main departements, so i connect a new machine, use option at boot, choose the NetRestore clone for the department the computer is going to be used, and then just install that clone. On the first boot, it asks for a user and password which automatically connects to our OpenDirectory server and then downloads all of that users profiles, installs his mail automatically and downloads all of his user settings and personal files. We are not so far away from that, we have figured out Profile Manager and Profiles and Open Directory accounts and all that stuff, but what is missing is a good, solid image to restore from over NetBoot.

     

    Thanks again for your response, if you have more to tell, i am very thankful!

     

    Cheers

  • by cdhw,Helpful

    cdhw cdhw Jan 7, 2016 3:19 PM in response to timo.schaffner
    Level 4 (2,653 points)
    Servers Enterprise
    Jan 7, 2016 3:19 PM in response to timo.schaffner

    What i dream about to have in the future, is to have 3 clones, one for each of our main departements, so i connect a new machine, use option at boot, choose the NetRestore clone for the department the computer is going to be used, and then just install that clone. On the first boot, it asks for a user and password which automatically connects to our OpenDirectory server and then downloads all of that users profiles, installs his mail automatically and downloads all of his user settings and personal files. We are not so far away from that, we have figured out Profile Manager and Profiles and Open Directory accounts and all that stuff, but what is missing is a good, solid image to restore from over NetBoot.

     

    DeployStudio is what you want. There aren't '5000 pages' of documentation (more's the pity). The Quick Install Guide:

     

         http://www.deploystudio.com/get.php?fp=Extras/Quick_Install_Guide.pdf

     

    is a training presentation that will get you started in fewer than 50 simple slides and there's a really good set of Users forums to get further help as you need it.

     

         http://www.deploystudio.com/Forums/index.php

     

    You've already spent longer typing posts for this thread than it would have taken you to set up a working system.

     

    C.

  • by timo.schaffner,

    timo.schaffner timo.schaffner Jan 7, 2016 3:42 PM in response to cdhw
    Level 1 (18 points)
    Servers Enterprise
    Jan 7, 2016 3:42 PM in response to cdhw

    Thanks alot for the links.

     

    The problem i have is that i have been that far already in the past. I took this quickstart quide, installed everything and got it up and running. I understand the process of creating NetBoot images, but actually it is more complicated using DeployStudio than it is using System Image Utility, and i haven't found the benefit of using Deploy Studio yet, and i haven't found out how i can easily update an image after i created it... Creating an image from a mounted drive ist not the problem, i can do that using SIU, i don't need Deploy Studio. But then to understand how stuff works beyond that, such as updating, i think you really have to go deep into that stuff, and that's what i didn't take the time, yet. But it should be possible to update the master easily through Deploy Studio, right?

     

    Thanks again!

     

    Cheers

  • by cdhw,

    cdhw cdhw Jan 7, 2016 3:55 PM in response to timo.schaffner
    Level 4 (2,653 points)
    Servers Enterprise
    Jan 7, 2016 3:55 PM in response to timo.schaffner

    Some further thoughts about using DeployStudio while I'm drinking my coffee:

     

    One extreme is a 'clone' of a fully configured Mac, known as a 'thick image' in the trade. It is very easy to do but it is very slow and inefficient to maintain and update the cloned images. The other extreme is to image as close to a raw OS X install as possible and then use the DeployStudio repository and workflow items to copy your third-party applications into /Apps, install packages, bind to directories, time servers, run scripts, etc.

     

    What most people seem to do is to start 'thick' while they get the hang of things and then gradually move towards the thin end of the spectrum.


    Personally I install a clean version of OS X, run through the Apple setup routine and and create an admin account install Xcode and it's tools (because they are difficult to deal with) and then image. Everything else is done with Profile Manager, DeployStudio repository and its workflow items.

     

    C.



  • by cdhw,

    cdhw cdhw Jan 7, 2016 4:07 PM in response to timo.schaffner
    Level 4 (2,653 points)
    Servers Enterprise
    Jan 7, 2016 4:07 PM in response to timo.schaffner

    Your mistake is to try editing master images. It's near impossible to get right in non-trivial cases and the edit-test cycle is measured in hours. Create a base image for the version of OS X you want to use and then leave it alone until the next version of OS X comes out when you update your master machine and rebuild your base image from it. Deploystudio has workflow item that will download apply all available updates to the image for you.

     

    You also need to keep clear the distinction between (a) the netboot image (NBI), which is just used to boot machines with DS runs and (b) the master image, which is what DS copies onto the hard-drive while the Mac is netbooted. You only need to update (a) when you get new hardware that won't boot with your current NBI.

     

    C.

  • by timo.schaffner,

    timo.schaffner timo.schaffner Jan 8, 2016 3:15 AM in response to timo.schaffner
    Level 1 (18 points)
    Servers Enterprise
    Jan 8, 2016 3:15 AM in response to timo.schaffner

    The problem i have with deploy studio right now is that i seem to completely be missing the point.

     

    I have created the deploy studio, it is running. I have managed to connect it to a repository which is a remote server, as it couldnt connect to the local share mount because you can't mount a shared local folder on El Capitan. Alright, i then created a NetBoot image using the DeployStudio Assistant, using a clean El Capitan installer. Now i copied that to the NetBoot Image folder, and i can boot off that.
    But what now? I can copy Images to the Deploy Studio repository, but i have to create these images before, right? How do i create them? I am completely missing what the difference between images, deploy studio images and netboot images are, i don't understand what copies what onto what and restores what image where!? The mac is booting from that NetBoot image i did over the Deploy Studio Assistant, and it's just showing me a Terminal... Great... But what now? Inside DeployStudio Admin it shows that new mac, and do i now have to run a Workflow over Deploy Studio Admin on that machine? How can i include workflows inside the Deploy Studio Image? I actually just want to press a button and the mac should be set up, now it seems that i have to boot it, go to deploy studio admin, choose a workflow, then run that workflow and so on, but it should happen automatically...

  • by timo.schaffner,

    timo.schaffner timo.schaffner Jan 8, 2016 4:10 AM in response to timo.schaffner
    Level 1 (18 points)
    Servers Enterprise
    Jan 8, 2016 4:10 AM in response to timo.schaffner

    The problem in my case was that once the Client machine booted, it only gave me the terminal but no Deploy Studio runtime to choose my workflows. That's why it threw me off the tracks. I am checking this now.

     

    I think for any further questions i will post in the Deploy Studio forums, as i think this is the wrong place here.

     

    But i want to thank you very much for your ideas and insight on your approaches. I think it will be helpful to others aswell.

     

    Cheers

  • by cdhw,

    cdhw cdhw Jan 8, 2016 5:33 AM in response to timo.schaffner
    Level 4 (2,653 points)
    Servers Enterprise
    Jan 8, 2016 5:33 AM in response to timo.schaffner

    Your road map is roughly as follows:

     

         1. Set up DS server using 'DS Assistant'

         2. Use DS Assistant create a netboot image (NBI) that includes the necessary 'DS Runtime' app

         3. Set up a client Mac exactly as you want the 'Master Image' to be.

         4. Shutdown the client Mac and reboot from the NBI image you create at step 2.

         5. DS Runtime should be one of the options along with Disk Utility, Terminal etc.

         6. Connect to the DS Server you set up in Step 1.

         7. Select the 'Create a master from a volume' workflow from the list of possibilities.

     

    Now wait (ca an hour is typical for a simple image) while the image is processed and added to the DS repository. Once this has happened it will become available within DS Admin for you to include in workflows and start cloning the client, etc.

     

    C.

  • by timo.schaffner,

    timo.schaffner timo.schaffner Jan 8, 2016 6:19 AM in response to cdhw
    Level 1 (18 points)
    Servers Enterprise
    Jan 8, 2016 6:19 AM in response to cdhw

    Or i can do it as following?

     

    1. Install DS Server.
    2. Create NetBoot image containing the Runtime.
    3. Set up the Master image which i have on an external Drive by booting into it and changing stuff.
    4. Mount that external drive regularly on any mac and use the disk utility to convert it into an image.
    5. Copy that image to the repository for DS and then use it in workflows.

     

    Right?

  • by cdhw,

    cdhw cdhw Jan 8, 2016 7:05 AM in response to timo.schaffner
    Level 4 (2,653 points)
    Servers Enterprise
    Jan 8, 2016 7:05 AM in response to timo.schaffner

    The best IT advice I was ever given was from a guy, now long-retired, who said 'I work hard not to change default settings unless I absolutely have to, I like to know that if my system isn't working a lot of other people are having the same problem.'

     

    The advantage of my proposed workflow is that it is DS end-to-end therefore if there is a problem you can get advice from the DS forum and the DS developers. The disadvantage of your workflow, which might or might not work reliably, is that it is not DS from end-to-end so if there is a problem you're on your own.

     

    C.

  • by timo.schaffner,

    timo.schaffner timo.schaffner Jan 8, 2016 7:26 AM in response to cdhw
    Level 1 (18 points)
    Servers Enterprise
    Jan 8, 2016 7:26 AM in response to cdhw

    I feel stupid because right now is the first time i get what you wrote in your previous post, with the 7 steps for making the image. This actually makes sense now, but, for that to work i would have to have a single mac dedicated to run the image on, correct? Or if i have 3 images for different departments, i would need 3 dedicated macs, if i am really really lazy and don't want to boot into seperate partitions. And also, if our IT office is in a different building than our server room, how would i manage this over ARD? As i think of it right now, it could even work if i... Set the startup disc to the Deploy Studio Boot image..

     

    Ok i think i know how i am going to do this:

    1. Have one machine with a disk with 3 partitions, each with its own thick system
    2. Have one Deploy Studio Runtime NetBoot image
    3. Boot the machine in one of the 3 partitions and then over ARD and System Settings i can later choose which partition/image to boot to

    4. Once i need a new Master from one of the partitions, i boot into DSR NetBoot over System Settings

    5. Choose the workflow for new Master image creation and choose the partition i need to create a new master from.

     

    On a side note: does it automatically replace the master from existing Deploy Studio workflows, or do i have to re-add it inside the workflow? Can i create a master that has the same filename as existing master images?

     

    And for everyone asking, i tried it using disk utility to create a read only image from a mounted disk, all i had to do was to add ".hfs" before the ".dmg" and Deploy Studio correctly added the image to the list and i was able to restore from it just fine. In case anyone every needs to know.

     

    Cheers

  • by cdhw,

    cdhw cdhw Jan 8, 2016 8:12 AM in response to timo.schaffner
    Level 4 (2,653 points)
    Servers Enterprise
    Jan 8, 2016 8:12 AM in response to timo.schaffner

    You can have just one 'master' Mac with the disk split into several partitions bootable partitions:

     

         /Volumes/Macintosh HD

         /Volumes/Sales HD

         /Volumes/Accounts HD

     

    etc. These only need to be < 100 GB each for a basic clean install of OS X so you can have half-a-dozen or more on a single 1TB drive. Get the Sales and Accounts setups as you want them then reboot from Macintosh HD and use DS Runtime to convert 'Sales HD' and 'Accounts HD' to images and upload to the repository.

     

    With workflows a useful feature is that workflows can be nested. So, I have a 'Install Base OS X' workflow, which I invoke within other workflows , e.g. 'Setup Fusion iMac', 'Setup HDD iMac' after formatting and partitioning the drives in differing manners. So, if I want to try a new base image I only have to change it in only one place, i.e. the 'Install Base OS X' workflow. If you know about IT you should recognise this as me applying a DRY (Don't repeat yourself) strategy.

     

    C.

     

    Edit: It looks like you've basically figured out the above strategy for yourself. I just didn't read your earlier reply properly for some reason.

  • by timo.schaffner,

    timo.schaffner timo.schaffner Jan 8, 2016 8:10 AM in response to cdhw
    Level 1 (18 points)
    Servers Enterprise
    Jan 8, 2016 8:10 AM in response to cdhw

    Yes i understand what you mean, but that means that you actually have to set the new image inside the workflow, correct? It doesn't really matter in our situation, as we only need one image for one workflow, so i have to change it anways, we are not using the same image for multiple workflows.

Page 1 Next