DeployStudio

for Mac Deployment

Rob Freiburger
A detailed overview of DeployStudio, how it fits into the Intel environment, how to do common tasks, and detailed configuration of DeployStudio servers.

Property of Rob Freiburger

Table of Contents
References ................................................................................................................................. 2 Overview .................................................................................................................................... 3 The Components of DeployStudio ..................................................................................... 3 DeployStudio in the Intel Environment ........................................................................... 4 Common Tasks for Master Server ..................................................................................... 5 Booting a Mac to the DeployStudio Server ............................................................................... 5 Deploying the IT Master Image to a Mac ................................................................................... 5 Reimaging Lab Macs ........................................................................................................................ 5 Cloning a Macs Disk to the Masters Repository .................................................................... 5 Securely Wiping a Macs Disk ....................................................................................................... 5 DeployStudio Administration ............................................................................................. 6 Creating a New IT Master Image .................................................................................................. 6 Adding a Retail Image to the Masters Repository ................................................................. 6 Creating a New NetBoot Image ..................................................................................................... 7 Setting New NetBoot Image as Default NetBoot Image ........................................................ 7 Adding a Mac as a Lab Mac ............................................................................................................. 8 Removing a Lab Mac ........................................................................................................................ 8 Setting a Specific Mac to Run a Specific Workflow ................................................................ 8 Master Server Configuration ............................................................................................... 9 CS Remote Logistics Mac Imaging Replica Server Configuration .......................... 10 Appendix A: Script for Enabling NetBoot Server on 10.6 Client ............................ 11

References
http://web.me.com/driley/web/deploystudio.html Especially DeployStudio_Guide.pdf http://www.deploystudio.com http://www.afp548.com/article.php?story=20110201151411464 http://www.macgeekery.com/hacks/hardware/make_any_mac_a_netboot_s erver

Overview

DeployStudio is a free and open source project to automate the process of imaging and deploying Macs in a networked environment. It uses Apples NetBoot and NetRestore capabilities to allow a Mac to be imaged and deployed with an Ethernet connection only. The home page is at deploystudio.com. Capabilities of DeployStudio include: Cloning, imaging, and deploying of Macs and PCs (using Windows or Linux) Fully-automated workflows (including meta-workflows) Master and replica DeployStudio installations Configurable disk wiping and multi-partitioning Bash, Perl, and Python script execution (Ruby can also be enabled) Unique workflow execution based on Ethernet MAC address Group-based access rights granularity Advanced configuration of OS X installations including: o Add accounts (can be admin and/or hidden) o Set time zone and time server o Set localization of Mac o Recreate preferences based on specific hardware o Set OS X to install all Apple Software Updates on first boot (update server can be defined) o Package installation after imaging or on first boot o Enable Apple Remote Desktop agent o Firmware security enabling/disabling o Active Directory/Open Directory binding

The Components of DeployStudio

Every component is installed to /Applications/Utilities by default. DeployStudio components can be installed on a non-server Mac and be used to access and manage a DeployStudio server. Manage workflows, master images, packages, etc. Admin Configure specific computers Monitor active deployments Assistant Runtime Setup and configure DeployStudio Create configurable NetBoot image Connects to network repositories Display and run workflows for a specific group End user friendly interface

DeployStudio in the Intel Environment

There are several considerations for DeployStudio to successfully work with the Intel Global Business Network. Intels large private network presents several unique challenges to software like DeployStudio. Eliminate Network-based Dependencies DeployStudio cannot function without a network, but IP addresses and subnets can change at a moments notice. Servers using DHCP are asking for trouble. As of the writing of this document, this is a known flaw of the DeployStudio environment. Also IPv6 was not considered at all when implementing DeployStudio at Intel. That will be an inevitable problem. Recommendations for improvement: Request and assign static IPs for each DeployStudio server. For at least the master DeployStudio server, request and assign an Intel subdomain (for example, deploystudio.intel.com). Whenever Possible, Use OS X Server It is possible to setup a DeployStudio server using the OS X client, but it requires multiple Terminal commands, configuration file hacking, and no guarantee the server will continue to work correctly after an Apple software update is installed. OS X Server provides the needed capabilities out-of-the-box with easy GUI-based configuration, plus the server is much easier to remotely manage using Apples Server Admin Tools. Minimize Synchronization and Bandwidth By default, DeployStudio replica servers will synchronize with the master server once a day. Multiple replicas can hit the master server simultaneously and impact the masters performance as well as network bandwidth. On average, this is not a problem as nothing changes on the master. However when a new build is released or workflows are added, this can create significant trouble. Take care to configure each replica server to synchronize with the master at different times. If a new build is needed, allow time for the new build to propagate to replicas before setting it as the default build image. Minimize NetBoot Images Its possible to serve multiple NetBoot images on a single server, but it only adds confusion. Each DeployStudio server has a unique NetBoot image. It is supposedly possible to use one NetBoot image across multiple servers, but it involves networking knowledge and hacking of the NetBoot image. It should be easy to create two NetBoot images: one for the master server and one for the replica servers. This is in place as the master server uses different authentication credentials than the replica servers.

Common Tasks for Master Server

These tasks are oriented for the master server residing inside the Mac Lab. Due to their configuration replica servers do not have the same capabilities as the master server. These directions assume the Mac is connected to the same subnet as the master server.

Booting a Mac to the DeployStudio Server

1. 2. 3. 4. Power on the Mac. Immediately hold the N key. When the Apple logo disappears, you may release the N key. The Mac will load DeployStudio Runtime, automatically login, and present a menu of options.

Deploying the IT Master Image to a Mac

1. Follow Booting a Mac to the DeployStudio Server. 2. Click Build System then click Play. 3. DeployStudio will automatically rebuild the Mac with the IT master image.

Reimaging Lab Macs

1. 2. 3. 4. 5. 6. When done with a lab Mac, open System Preferences. Click Startup Disk. If necessary, click the lockbox and authenticate. Select the DeployStudio NetBoot image. Click Restart. DeployStudio will reimage the Mac as described in Deploying the IT Master Image to a Mac, but it will also add a hidden MacAdmin account and enable Apple Remote Desktop.

Cloning a Macs Disk to the Masters Repository

Note: the cloned image will be transferred to replicas within a day. 1. Follow Booting a Mac to the DeployStudio Server. 2. Choose Backup System then click the Play button. 3. Select the Macs disk and name the backup. 4. If other options are necessary, select them. Once done, click the Play button. 5. DeployStudio will clone the disk and shutdown the Mac once completed. 6. Allow DeployStudio 30 minutes to convert the image for deployment.

Securely Wiping a Macs Disk

Note: once the wipe has completed, data is not recoverable. 1. Follow Booting a Mac to the DeployStudio Server. 2. Choose Wipe Drive then click the Play button. 3. DeployStudio will automatically erase the Macs disk with a single pass of random characters and shutdown the Mac once completed.

DeployStudio Administration

To manage and modify how DeployStudio works, you can either install the DeployStudio software on your Mac or connect to the DeployStudio server with screen sharing.

Creating a New IT Master Image

It is common for Apple to install a newer build of OS X on the newest Macs than what is available for older Macs with all updates installed (ex. 10J3250 vs. 10J869). It is likely the newer build will work on older Macs as well, so only one image is needed to deploy to all supported Macs. 1. First, unpack the new Mac and reinstall OS X with as few optional installs as necessary (usually X11 and Additional Fonts only). 2. Configure it with the Replicant account and enable Auto Proxy Discovery in System Preferences. 3. Install all Apple Software Updates and restart if necessary. 4. Launch Disk Utility, repair permissions, and verify the disk. 5. Follow Cloning a Macs Disk to the Masters Repository. 6. Allow 30 minutes for DeployStudio to convert the image. 7. Launch DeployStudio Admin and connect to the Master Server. 8. Click Workflows then click the Mac Lab Machine Imaging workflow. 9. Select the second step, Restore Task. It has a disk icon with a red arrow pointing towards the disk. 10. Change the image to the cloned disk image. 11. Click the Save button in the bottom-right of the window. At this point you may test the build against designated lab machines to verify the build against current and older Macs. If no problems are experienced, you may change the image on the Build System workflow. 1. Back in DeployStudio Admin, click Workflows then click the Build System workflow. 2. Select the second step, Restore Task. It has a disk icon with a red arrow pointing towards the disk. 3. Change the image to the cloned disk image. 4. Click the Save button in the bottom-right of the window. 5. Click Masters then click the former IT master image to select it. 6. Click the Minus (-) button to delete the former IT master image. Changes will be synchronized to replica servers within a day.

Adding a Retail Image to the Masters Repository

Follow Cloning a Macs Disk to the Masters Repository.

Creating a New NetBoot Image

1. Perform these instructions on the very latest Mac available. Ideally this is performed on the same Mac used in Creating a New IT Master Image. 2. Install ALL Apple software updates available. 3. Install the DeployStudio software on the Mac. Use the same version of DeployStudio that is installed on the master server. 4. Launch DeployStudio Assistant. 5. A prompt about DeployStudioServer not running may appear. Click Ignore. 6. Click Create a DeployStudio NetBoot set and click the Continue button. 7. Click Continue. 8. A screen about enabling NetBoot service may appear. Click Continue. 9. The general settings screen will appear. The options may be left to their defaults if desired. Click Continue once done. 10. The service discovery screen will appear. For the master server, click Connect to specific servers and specify the servers address. For replicas, click Use Bonjour protocol to discover available servers. Click Continue. 11. The authentication screen will appear. Enter the appropriate authentication credentials for the master server or the replica servers. Options may be adjusted or left to their defaults. For replica servers, unchecking Display Runtime log window by default is recommended. Click Continue. 12. The advanced options screen will appear. This screen may be left in its default settings. Options are self-explanatory. Click Continue. 13. The destination screen will appear. If you are connected to a DeployStudio servers AFP share, you may save the image directly on the server. Click Continue. 14. DeployStudio Assistant will create a configured NetBoot set. It will take about ten minutes to complete.

Setting New NetBoot Image as Default NetBoot Image

For DeployStudio servers with 10.6 Server installed: 1. Connect to the server via AFP. 2. Transfer the NetBoot image to a known location on a share. 3. Connect to the server via screen sharing. 4. Move NetBoot image from location to /Library/NetBoot/NetBootSP0. 5. Launch Server Admin.app (either from client Mac or directly on server). 6. Connect to DeployStudio server and click the NetBoot service. 7. Click the Settings tab then click the Images tab. 8. Click the radio button next to the new NetBoot image to set it as default. 9. The old NetBoot image may be removed. 10. Stop and restart the NetBoot service. For DeployStudio servers with 10.6 Client installed: 1. Connect to the server via AFP and mount the NetBootSP0 share. 2. Transfer the NetBoot image to the NetBootSP0 share. 3. Connect to the server via SSH.

4. Execute these commands:

5. The old NetBoot image may be removed. 6. Restart the server.

sudo chown -R root:admin /Library/NetBoot/NetBoot* sudo chmod R 775 /Library/NetBoot/NetBoot*

Adding a Mac as a Lab Mac

1. 2. 3. 4.

Record the MAC address of the Macs Ethernet connection. Launch DeployStudio Admin and connect to the master server. Click the arrow next to Computers to expand it. Click the Lab Macs group then click the Plus (+) button on the bottom-center of the window. 5. Enter the recorded MAC address and click Add. 1. 2. 3. 4. 1. 2. 3. 4. 5. 6. 7. 8. 9. Launch DeployStudio Admin and connect to the master server. Click the arrow next to Computers to expand it. Click the Lab Macs group then click the Mac to be removed. Click the Minus (-) button on the bottom-center of the window. Record the MAC address of the Macs Ethernet connection. Launch DeployStudio Admin and connect to the master server. Click Computers. Click the Plus (+) button on the bottom-center of the window. Enter the recorded MAC address, click Add, and click Close. Find the entered MAC address in the listing of the top pane and click it. Click the Automation tab on the bottom pane. Change Start workflow automatically to desired workflow. If workflow should only be run once, click Reset default workflow after a successful execution.

Removing a Lab Mac

Setting a Specific Mac to Run a Specific Workflow

Master Server Configuration

The DeployStudio Master server resides in the Mac Lab. Network Configuration IP: ------------ DeployStudio Address: http:// ------------:60080 All other network configuration handled by DHCP. Hardware Configuration ------------ Software Configuration Mac OS X Server 10.5.8 DeployStudio 1.0rc126-3 Accounts Username: ------------ Shortname: ------------ Role: Admin Password: ------------ Username: ------------ Shortname: ------------ Role: Admin Password: ------------ Enabled Services AFP File Sharing o Public share: NetBootClients0 (Required for NetBoot service; read only) SSH Apple Remote Desktop Management NetBoot (NFS) Open Directory (master role; required for DeployStudio) Power Time Schedule As a part of Intels initiative to conserve energy, the master server is configured to automatically start up and shut down. It is always running during regular business hours. Start up or wake: weekdays at 5:50 AM Pacific Time Shut down: every day at 5 PM Pacific Time

Mac Imaging Replica Server Configuration

The replica server sits on a shelf in ------------. Network Configuration All handled by DHCP Hardware Configuration ------------ Software Configuration Mac OS X 10.6.7 DeployStudio 1.0rc126-3 Accounts Username: ------------ Shortname: ------------ Role: Admin Password: ------------ Username: ------------ Shortname: ------------ Role: Standard Password: ------------ Enabled Services AFP File Sharing o Public share: NetBootClients0 (Required for NetBoot service; read only) o Public share: NetBootSP0 (Required for NetBoot service; read only) o Public share: DeployStudio (Required for DeployStudio; MacAdmin read/write; DeployStudio/guest read only) SSH Apple Remote Desktop Management NetBoot (NFS; service can only be disabled by command line) Master Server Synchronization Rsync from Master DeployStudio Share every day at 6 AM Pacific Time. Sync everything except defined Computer items. One-way sync; all data on replica DeployStudio share is always overwritten.

Appendix A: Script for Enabling NetBoot Server on 10.6 Client

Script was obtained from a website and reviewed before execution. In case if website is no longer available, the script is printed here.

#!/bin/bash #This script sets up netbooting on a Leopard (Client) machine. # START WITH SOME SANITY CHECKS # ----------------------------# Make sure only root can run our script if [ "$(id -u)" != "0" ]; then echo "You must run this script as the root user. \"sudo $0\")" exit 1 fi;

(Try

# check that this is Mac OS X Leopard (Client) if [[ "`sw_vers -productName`" != "Mac OS X" ]] || [[ "`sw_vers productVersion`" < "10.6" ]]; then echo "The script is designed to be run on Mac OS X Snow Leopard, on a non-server version." exit 2 fi; echo "Make sure Internet Sharing is turned OFF Before continuing! (System Preferences > Sharing) You may also need to disable "Back to My Mac". Press Enter to continue." read junk echo "PLEASE NOTE: THIS SCRIPT WILL OVERWRITE YOUR TFTPD AND BOOTPD PLIST FILES!!! If you have made any changes to these files, you may need to make them again, otherwise other programs may not function properly. Backups will be made (named tftp.plist.back and bootpd.plist.back, saved in their respective directories). If you don't know what these files are, then you probably don't need to worry about it. Press Enter to continue." read junk # CREATE DIRECTORIES AND SIMLINKS NEEDED FOR NETBOOTING # -----------------------------------------------------

mkdir mkdir chown chmod

-p /Library/NetBoot/NetBootSP0 /Library/NetBoot/NetBootClients0 root:admin /Library/NetBoot/NetBoot* 775 /Library/NetBoot/NetBoot*

cd /Library/NetBoot ln -s NetBootSP0 /Library/NetBoot/.sharepoint ln -s NetBootClients0 /Library/NetBoot/.clients # EXPORT NETBOOTING FOLDERS OVER NFS (NETWORK FILE SYSTEM) # -------------------------------------------------------echo "/Library/NetBoot/NetBootSP0 -ro" >> /etc/exports # Note that as soon as the file changes, the OS restarts the NFS daemon # CREATE DIRECTORIES AND SIMLINKS NEEDED FOR NETBOOTING # ----------------------------------------------------ln -s /Library/NetBoot /private/tftpboot/NetBoot # SET UP BSDP (BOOT SERVICE DISCOVERY PROTOCOL) # --------------------------------------------if [ -e "/etc/bootpd.plist" ] then cp /etc/bootpd.plist /etc/bootpd.plist.back fi # Create the /etc/bootpd.plist file. # This file below is based on information from the bootpd man page. echo '<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>bootp_enabled</key> <string>en0</string> <key>netboot_enabled</key> <string>en0</string> <key>old_netboot_enabled</key> <string>en0</string> </dict> </plist>' > /etc/bootpd.plist defaults write /System/Library/LaunchDaemons/bootps Disabled 0 launchctl load -F /System/Library/LaunchDaemons/bootps.plist

# SETUP TFTPD (Trivial File Transfer Protocol) #--------------------------------------------if [ -e /System/Library/LaunchDaemons/tftp.plist ] then cp /System/Library/LaunchDaemons/tftp.plist /System/Library/LaunchDaemons/tftp.plist.back fi echo '<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Disabled</key> <false/> <key>Label</key> <string>com.apple.tftpd</string> <key>ProgramArguments</key> <array> <string>/usr/libexec/tftpd</string> <string>-i</string> <string>/private/tftpboot</string> </array> <key>inetdCompatibility</key> <dict> <key>Wait</key> <true/> </dict> <key>InitGroups</key> <true/> <key>Sockets</key> <dict> <key>Listeners</key> <dict> <key>SockServiceName</key> <string>tftp</string> <key>SockType</key> <string>dgram</string> </dict> </dict> </dict> </plist>' > /System/Library/LaunchDaemons/tftp.plist launchctl load -F /System/Library/LaunchDaemons/tftp.plist # WE ARE FINISHED # --------------echo " NetBoot setup script complete. Please make sure to add the NetBootSP0 and NetBootClients0 folders to your Shared Folders (System Preferences > Sharing > File Sharing)."