Skip to main content
Jamf Nation, hosted by Jamf, is the largest Apple IT management community in the world. Dialog with your fellow IT professionals, gain insight about Apple device deployments, share best practices and bounce ideas off each other. Join the conversation.

Imaging using NetBoot and a JDS Instance

Disclaimer: This article is no longer being updated. The Jamf Distribution Server was discontinued at the end of 2017.

Overview

This article explains the optimal configuration for Casper Imaging while using NetBoot in an environment where packages used in the imaging process are hosted on a JDS instance.  
Note: Imaging using NetBoot and a JDS instance uses unnecessary bandwidth over the WebDAV protocol.
The createDP.py script enables the AFP service on your JDS instance and creates a distribution point in the JSS. This AFP distribution point should be utilized whenever imaging computers with Casper Imaging using NetBoot.

Versions Affected

Casper Suite v9.0 - v9.63

Note: If you are upgrading a JDS instance to v9.64 or later, use the following instructions. Installing a new JDS instance with the Casper Suite v9.64 or later automatically creates an AFP share on your JDS instance.

Requirements

To image using NetBoot and a JDS instance, you need createDP.py

Procedure

  1. Open the createDP.py script in a text editor.
  2. Enter text for the jss_url, jss_username, jss_password, and jds_dns_address variables.
  3. Save the createDP.py script.
  4. Open Terminal.
  5. Run the following command: sudo python /path/to/createDP.py

The python script will create an AFP share, a distribution point in the JSS, and a package monitor that will create links in the AFP share for any package replicated to the JDS instance.

Like Comment
Order by:
SOLVED Posted: by kenglish

This script would only work if the JDS is running on MacOS, correct?

Like
JAMFBadge
SOLVED Posted: by nick

Katie \- correct \- the script is currently designed to work with a JDS running OS X.

Like
SOLVED Posted: by winningham.2

@nick So, is there a solution for your JDS Linux product in version 9.3 or later?

Like
SOLVED Posted: by Josh.Smith

Yes a similar article for a Linux JDS would be very helpful.

Like
SOLVED Posted: by MarkPetersonURMC

Bump for Linux JDS solution/article!

Like
SOLVED Posted: by gskibum

I'm not understanding the point of this script. Doesn't it just make an AFP share point as described in the Casper Suite Administrator Guide? Does it do something more?

Like
SOLVED Posted: by wmateo

@gskibum yes but it looks like it will also monitor the JDS and copy packages over that are replicated from the master.

Like
SOLVED Posted: by winningham.2

Reference https://jamfnation.jamfsoftware.com/discussion.html?id=10819 for more information on this long-standing defect.

Like
SOLVED Posted: by franton

Ok i'm now in the situation where our attempt to replace legacy hardware just failed ... 8 out of 8 mac minis suffered hard drive failures. What's the latest on this as we're now planning to go entirely VM.

Like
SOLVED Posted: by mibrodt

Yeah, for Linux we had to create a separate SMB share and replicate manually. We are switching to using a Mac running AFP because SMB also has issues deploying CC as well.

Like
SOLVED Posted: by jbutler47

Having issues with the script, entering in JSS_URL for example ( https://jss.mycomany.com:8443/ ) I get the following error:

File "createDP.py", line 98 jss_url = “https://jss.mycompany.com:8443/” ^
SyntaxError: invalid syntax

Tried combos of the URL, no dice. Any suggestions?

Thanks.

Like
SOLVED Posted: by Eigger

Hi J,

Check your text editor settings. If you are using TextEdit, go to preferences, select plain text, and to be safe, in the options below, uncheck everything, ex. uncheck Smart Quotes. On your example above, it looks like Smart Quotes are applied.

Like
SOLVED Posted: by jbutler47

reginald,

went back to text wrangler, much better now. thanks.

Noticed on first run the following error at the end, though looked to be bypassed. On second run, no error.

First Run:

system2:Desktop admin$ sudo python createDP.py
Password:
Creating AFP Users... Last user ID: 502 Creating AFP Read User with ID: 503... Password: lQpCY22xXXXXXXXXXXXXXXXXXX0 Creating AFP Write User with ID: 504...
Creating AFP Share... Assigning permissions... Starting AFP...
Creating links for existing packages...
Creating Package Monitor... Creating LaunchDaemon... Loading LaunchDaemon...
launchctl: Error unloading: com.jamfsoftware.jds.packageMonitor
Creating Distribution Point...

Second Run:

system2:Desktop admin$ sudo python createDP.py
Creating AFP Users... AFP users already exist.
Creating AFP Share... Assigning permissions... Starting AFP...
Creating links for existing packages...
Creating Package Monitor... Creating LaunchDaemon... Loading LaunchDaemon...
system2:Desktop admin$

Will note this thread if errors arise.

Thanks again, most excellent.

Like
SOLVED Posted: by Leal

Is there a solution for a JDS running on a Linux box?

the error I get is 'could not find an existing configuration to modify' the same process works just when in target mode.

Like
SOLVED Posted: by winningham.2

bump

Like
SOLVED Posted: by bstrube

I am relatively new to JAMF so I am a little confused with this script. Our school district is set up so our JSS is on a Windows 2008 Server, our Main DP is on a OS X 10.9.5 Server and we have 22 JDSes (one root and 21 child) that are also on OS X 10.9.5 Server.

First off, would I have to run this script on all of my 22 JDSes and what type of impact would this have on our JSS?

Second, why the package monitor? Does this create symbolic links to the packages in the CasperShare folder?

I cannot implement this until I understand how it works and will impact our JSS and JDSes. We have over 1000 mobile devices and 7500 computers in our JSS. I think you can understand my apprehension to do this until I know how this impacts our JSS.

I appreciate any more insight into this. Thank you.

Like
SOLVED Posted: by winningham.2

Does the included python script require File Share Distribution Points permissions or are JDS permissions enough to get this going?

Like
JAMFBadge
SOLVED Posted: by nick

Tim,

The script does require API credentials with File Share Distribution Points permissions to be able to create a Distribution Point in the JSS.

Nick

Like
SOLVED Posted: by phillip.chen

Can someone please help I am running the script on my Apple server and get the following:

os1:\~ administrator$ sudo python createDP.py Password:
Creating AFP Users... Last user ID: 507 Creating AFP Read User with ID: 508... Password: (notshowing) Creating AFP Write User with ID: 509...
Creating AFP Share... Assigning permissions... Starting AFP...
Creating links for existing packages...
Creating Package Monitor... Creating LaunchDaemon... Loading LaunchDaemon...
Creating Distribution Point... Unexpected error submitting XML: (<class 'urllib2.URLError'>, URLError(SSLError(1, '_ssl.c:504: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol'),), <traceback object at 0x1017fdea8>)

I've tried to see if anyone had this issue and it doesn't look like it. Anybody know what to do to resolve this? Thank you in advance =].

Like
SOLVED Posted: by justinrummel

I don't know python very well, but there error is "submitting XML" so I'm guessing around lines 222-227: https://github.com/jamf/createDP/blob/master/createDP.py#L222-227

Wondering if HTTPSHandler ( https://docs.python.org/2/library/urllib2.html#urllib2.build_opener ) is now needed since TLS is a better practice vs. SSL.

Like
SOLVED Posted: by bstrube

I used this script when my JSS was at 9.52 and it worked fine. After 9.6 the script will give the error that you mention because it now uses TLS instead of SSL. I worked with JAMF on this issue and the workaround is to manually go into the JSS and create the File Distribution Point with the same name as the share on your JDS.

I tried with the randomized password and it did not like it. I had to put in a password for each user. So if you created your users with a randomized user like I did, I had to go into the local users on the JDS and reset the password and make sure I put the same password in for the File Distribution Point that I created.

They are sending this script over to the developer who created it to get the change made so a workaround is not necessary. Hope this helps.

Like
SOLVED Posted: by RobertHammen

@brock.walters This one needs to get fixed, too. Not sure if this is you or someone else. The DS errors, the error creating the LaunchDaemon, and the SSL issues with Casper Suite 9.6 and later:

Creating AFP Users... Last user ID: 501 Creating AFP Read User with ID: 502... Password: <snipped> Creating AFP Write User with ID: 503...
Creating AFP Share... Assigning permissions...
<dscl_cmd> DS Error: -14009 (eDSUnknownNodeName)
<dscl_cmd> DS Error: -14009 (eDSUnknownNodeName) Starting AFP...
Creating links for existing packages...
Creating Package Monitor... Creating LaunchDaemon... Loading LaunchDaemon...
/Library/LaunchDaemons/com.jamfsoftware.jds.packageMonitor.plist: Could not find specified service
Creating Distribution Point... Unexpected error submitting XML: (<class 'urllib2.URLError'>, URLError(SSLError(1, '_ssl.c:507: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure'),), <traceback object at 0x105a39368>)

Like
SOLVED Posted: by bentoms

@hanna.kaiser, please update the affected versions.

As this is still needed with 9.64, with this being the fix for the JDS imaging defect.

Like
SOLVED Posted: by jgodfrey

Is there a solution for a JDS running on a Linux box?

Like
SOLVED Posted: by were.wulff

@jgodfrey

The Linux version of this workaround can be found in this KB.

Thanks!
Amanda Wulff
JAMF Software Support

Like
JAMFBadge
SOLVED Posted: by nick

@RobertHammen @brock.walters @bstrube @justinrummel @phillip.chen
Updated createDP.py today.
Here are the major changes:
- Fixed issues assigning AFP permissions on OS X Yosemite
- Suppressed errors that would be displayed if package monitor was already enabled
- Updated for TLS support over SSL since the JSS requires TLS due to the
POODLE vulnerability.

Like
SOLVED Posted: by phillip.chen

Sweet thank you @nick !

Like
SOLVED Posted: by Eigger

You rock Sir! I have a little request about the script, is there a line we can change to change the location of the "Shared Item" folder creation. This is going to be very beneficial to some people who has a small SSD as the primary volume but have tons of space in their RAID volume.

Like
SOLVED Posted: by dannyd

Is this still needed on v9.64? Running on OSX 10.10.2

thx

Like
JAMFBadge
SOLVED Posted: by nick

@dannyd \- we added a note to the KB article to clarify this yesterday... The short answer is that if you are performing a fresh install of a JDS on OS X using 9.64, this script is not needed.

@reginald.santos \- Although this would be fairly easy to do in the script, there is no need to worry about items that are stored in the /Shared Items path using disk space since we are creating hard links to the files themselves in /Library/JDS/shares/CasperShare. The links still take some space, but it is negligible (4K or so).

Like
SOLVED Posted: by dannyd

WOW! THX for a SPEEDY reply !! Newbie on using casper. Working late to put things together. Your help is very much appreciated!!!! THX

Like
SOLVED Posted: by wmateo

@amanda.wulff @nick I am about to deploy a JDS infrastructrure for a client. They want to Netboot over JDS. Do I still need to run this script? will be upgrading JSS to 9.72 on RedHat

Like
SOLVED Posted: by bentoms

@wmateo you mean, you want to image via NetBoot from a JDS DP?

Then yes, the share is still needed.

Like
SOLVED Posted: by wmateo

They are on version 9.62 but I saw release notes where post 9.64 this is done automatically and script is not needed. Thanks for checking in @bentoms

Like
SOLVED Posted: by aragin

How do you find your jds_dns_address?

Like
SOLVED Posted: by bstrube

I have used the createdp script to create a CasperShareAFP share point on my JDS. It works fine, except that it does not track the changes to the CasperShare . Now my folders are not synced up because we have deleted packages from CasperShare and they still show up in the CasperShareAFP folder. How do I use rsync to make make sure these stay in sync?

Locations of the folders:

CasperShare - /Library/JDS/shares/CasperShare
CasperShareAFP - /Shared Items/CasperShareAFP

Any help is appreciated.

Like