Enterprise Deployment of Mac OS X 10.9 Mavericks

Intro

This post is almost identical to the 10.8 post from last year, with some additional clarifications and with the commands updated with the new paths.  It is intended to give a high-level overview (with an emphasis on Netboot and OS image creation) of enterprise deployment of OS X 10.9 Mavericks, using Netboot and Deploy Studio. There are 5 main phases to setting-up your deployment:

  1. Planning
  2. Server
  3. Infrastructure
  4. Image Creation
  5. Testing

Now, to break down each:

Planning the deployment

Do you have a server with a gigabit lan connection and sufficient space to host your files?  You will need at least one netboot image, at least one OS image, and packages for any software you want installed.  You’ll need at least 10GB at the minimum, and it can easily run around 50GB if you install a lot of software.

Ensure that DNS (forward and reverse) is fully functional for your domain, and the server.

Do you have a single LAN, or a WAN connected by routers?  If you are imaging clients across a WAN connection, you will need to configure the router to redirect certain broadcast traffic, so you need a router that supports this functionality.

Lastly, you will need to download the OS X 10.9 client OS via the app store, and verify that all of your hardware meets the requirements, which are largely the same as 10.8.  You can find the details on Apple’s support page.

Server installation and configuration

I recommend placing your imaging DB on a separate disk from your hard drive for performance and stability.

You will need to configure Netboot on the server using Server Admin.  Given the number of potential server OS versions and configurations, Netboot is beyond the scope of this post; the Netboot config itself is fairly trivial.

Create an admin user, let’s call him “deploystudioadmin”, for use with Deploy Studio.

Configure a folder on the imaging disk called “DeployStudio” and create an AFP share with the following permissions:

  • deploystudioadmin : read and write
  • staff : read and write
  • others : read only

Now download and install Deploy Studio.  You can get the latest version (at the time of writing it was 1.6.2) from http://deploystudio.com/Home.html.  Run the DeployStudio Assistant, and install it to the folder you created earlier.  Make sure the service is started.  You should see it running, with the URL noted, in your server preferences panel.

Configure your infrastructure

If your server and clients are all on a single subnet, you can skip this section.  Otherwise, read on.  If you have to cross a WAN link, your clients are not going to see the server by default.  That is because the traffic used to locate the netboot server is broadcast traffic, which is not forwarded between LANs.  So, we will have to configure the router with an “IP Helper”.  It may be called something different, depending on vendor, but the purpose is the same.  What you will do, is configure the subnet with the clients with the address of the server on the other subnet as an IP helper address.  That way, the necessary netboot/dhcp traffic will get sent to the server, and it will respond to your clients, as if they were all on the same subnet.

Create your netboot and OS images

First you are going to create a netboot image using DeployStudio Assistant, which will take about 30 min.  To do this, you need to install DeployStudio on the newest client you have on your network.  This will ensure you have the latest hardware support in your image.  However, you aren’t going to start the server.

  1. Instead, launch the DeployStudio Assistant from Utilities
  2. “Ignore” the warning about the server not running
  3. Select the option to create a DeployStudio Netboot set (or alternatively a bootable drive if you opt not to netboot).
  4. Do NOT “Enable Netboot service” on your client (this is NOT the netboot server), just hit continue.
  5. The system name just lets you identify the file later, so give it something that helps you remember where/when/how it was created.  The unique ID has to be unique among your netboot images.  You can check the list of images in Server Administrator (Open Server Admin > Netboot > Settings > Images) if in doubt.
  6. I recommend configuring the “specific server” you have installed DS on using the format http://host.domain:60080.
  7. Use the login and password you created earlier for the server, or that of a network account with the requisite permissions, as I do.  Create a ARD/VNC user login if desired so you can remotely view and control machines you are imaging during the initial workflow.
  8. Configure the rest of the options as you see fit.  I mostly accept the defaults, and add a spiffy custom title.
  9. If you are netbooting, rather than using thumbdrives, then after DeployStudio Assistant finishes doing its thing, you need to copy the resulting .nbi file to the server, to the netboot share (generally /Library/NetBoot/NetBootSP0 on the netboot drive), and enable the image using Server Admin (Open Server Admin > Netboot > Settings > Images > Enable the new image).

Next, create the OS image.  This part will take ~2 hours, most of which is spent waiting.  Again, you should be using the newest client you have to perform this step.  First, you need an install source for Mavericks.  You can get this by downloading it from the App Store.  When it runs, quit, and then copy the “Install OS X Mavericks.app” file from /Applications/ to your desktop.  Now that you have a copy safely stashed away (the original download disappears after use) you can run the app and install Mavericks.  The following steps (particularly the install command) can only be completed from within 10.9.  So, after the install completes (~45 min), you can use the following terminal commands to create the image:

#Create a sparse image to contain your new OS

hdiutil create -size 300g -type SPARSE -fs HFS+J ~/Desktop/mavericks.sparseimage

#Mount the image so that you can actually use it

hdiutil attach ~/Desktop/mavericks.sparseimage

#CRITICAL step: Select the disk in Disk Utility and click “info” to verify the disk # before editing and running the following command.  If you are using a system with only one physical disk, and you don’t have anything else mounted, then this will probably end in disk1 instead of disk#.  Performing this operation (you are erasing/formatting the disk) on the wrong disk would be very BAD:

diskutil eraseDisk "Journaled HFS+" mavericksinstall GPTFormat /dev/disk# <—change this last field

#Mount the install image from within the Install OS X Mavericks.app file

hdiutil attach ~/Desktop/Install\ OS\ X\ Mavericks.app/Contents/SharedSupport/InstallESD.dmg

#”Install” OS X Mavericks to your sparse image file.  This will probably only take 15 min.  May as well go get some coffee.

sudo installer -pkg /Volumes/OS\ X\ Install\ ESD/Packages/OSInstall.mpkg -target /Volumes/mavericksinstall/ -lang en -verbose

#Eject the sparse image

hdiutil eject /Volumes/mavericksinstall/

#At this point I’ve been trained to copy the sparse image to another volume and back to “clean” it.  I’ll admit that I don’t fully understand the rationale (or the sparse image file system) and so I don’t know that this actually helps, or is still necessary, but I don’t know that it doesn’t, so I have always done it.  So, just copy the mavericks.sparseimage file to an external drive or server share at this point, and then back to the desktop.

#Mount the sparse image once it is back on your desktop

hdiutil attach ~/Desktop/mavericks.sparseimage

#Use it to create an install DMG (that is the letter “O” in the following command, not the number “0”).  This too will take a little while.  But, at this point you are just about done!

sudo hdiutil create -format UDZO -srcfolder /Volumes/mavericksinstall/ ~/Desktop/Mavericks.hfs.dmg

Now you can copy that install dmg file to /DeployStudio/Masters/HFS/ on the imaging drive of your server.  Open DeployStudioAdmin on the server and verify that it shows up in the Masters.

Testing/Deployment

Create a workflow in Deploystudio containing a “restore” component, at a minimum, to test your new image.  For now, leave “automate” unchecked.  Select HFS as the image type, and the image file name from the drop-down.  Configure the desired options (also leave multicast unchecked for now) and save your workflow.  Boot your client to the deploystudio server (hold down the option key when you power the client on, and select the netboot image you created earlier), and if eveything looks good you’ll be surfing in no time.  Enjoy!

Advertisements

~ by Jay P Morgan on November 14, 2013.

2 Responses to “Enterprise Deployment of Mac OS X 10.9 Mavericks”

  1. Hey man, nice stuff. Make life easier with AutoDMG. Also make sure to touch /var/db/.AppleSetupDone in your DS imaging workflow. Netbooting across subnets will require the long from bsdp command. booter, kernel cache, tftp, and sparse image all must be specified in the script. What about directory services with dsconfigad, ARD Admin system account, Application Layer Firewall provisioning? Just a few things to think about. 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s