Jamf Nation Community

lynnaj · ‎04-14-2017

I have been making steady progress in using JAMF to manage about 500 macs in labs and classrooms at Williams College. I hope to move to JAMF imaging this summer to re-prep these computers for the Fall semester so I've been testing various aspects of this process. I have a base OS image with a post-imaging script that configures the system and installs needed software which I can run manually without error. I have also set this up for a target computer to image automatically when it manually netboots to the JAMF netboot image. All runs well without errors and I am happy with the result.

What is still alluding me, however, is how to remotely netboot a group of targeted computers so they automatically begin imaging with this configuration. I understand that, perhaps, the future direction of Mac file systems is leading away from disk imaging but for this summer I don't see a workable alternative to updating all these macs with a new OS and new versions of hundreds of applications with all their disparate settings.

I've done some searching on this forum for these questions but I'm not finding answers. I apologize therefore, if these have been extensively covered in the past and I have missed those answers.

I am presently testing with: Mac OS 10.12.4 Image
JSS 9.97.1482356336
JAMF netboot image created with version 9.92 on Mac 10.11

A couple of specific questions:
Using JAMF tools, how have you added your netboot server(s) to the trusted server list on each computer? In the past, using DeployStudio, I had a script to run the csrutil command in the netboot image as each computer was imaged after coming out of the box. This allowed me to subsequently use the Bless command to bless a netboot server and reboot. I moved that script to JAMF but it doesn't seem to be working when a mac is booted to the JAMF netboot image. For reference see: https://support.apple.com/en-us/HT205054

How do you take one "Autorun - Image Automatically" configuration for one computer and apply it to large numbers of other computers? I know I can set up "Configurations" but I'm somehow missing the piece where I can apply that as an automatically running image process so that as soon as a group of target macs boots to the JAMF netboot image they begin to run the applied configuration.

How often do you recreate your your JAMF Netboot image? I used to update my DeployStudio server once per and recreate the netboot image for that at the same time. Rarely did I ever have to update that NBI during the year. However, it seems that with JAMF the server software updates much more often. Are you recreating your NBI every time you update your JSS? Do you always use an NBI taken from the same target OS that you will be imaging?

Thanks in advance for any and all responses!
- Lynna Jackson
Williams College

Brad_G · ‎04-14-2017

It looks like you have a good grasp of the need for csrutil and how it applies (still working to get some here to understand it's purpose). I'm curious how you were able to incorporate it into your netboot set in DS. I'd love to find that kind of answer for my current set of .nbi's that we use.

If you do a search to find a group of computers, there's an "Actions" button on the lower right in the JSS. Follow that and you will get to an option of "Edit Autorun Data". You can set the appropriate configuration and set it to image automatically. This will give you the hands off approach you're looking for.

I only update the .nbi when it's necessary for new hardware support. I still have a few 10.9 type .nbi sets that I use for special purpose. If it's not compressed the NetBoot.dmg can be mounted and you can just swap out a newer version of Casper Imaging without recreating the entire .nbi.

blackholemac · ‎04-14-2017

I don't have an answer for the NetBoot part off the top of my head period...wish I did. We do all of our imaging on campus period. Not a great method, but I haven't really wanted to get into the off campus part of imaging.

Copying autorun data/prestaging is actually fairly easy. If you are reimaging existing machines, you can do an advanced search and do a mass action at the bottom right of the results to edit or delete the autorun data to some degree.

If you are imaging new machines, you can use the 'Prestage Imaging' on the left side of the main JSS window. This doesn't do DEP style prestaging...this is where I would effectively set the auto run data on machines not yet in the JSS.

Finally on the frequency of rebuilding the NetBoot set, the answer is whenever I need to...I use AutoCasperNBI to build it quickly if I realize that a new one is needed. [https://macmule.com/projects/autocaspernbi/](link URL)

m_donovan · ‎04-14-2017

Just to add to the conversation. We do all of our imaging through Netboot with each campus/site (53 of them) having a mac mini running macOS server as a file distribution point. We don't have to deal with csrutil at all from within the Netboot environment. In fact from within the Netboot environment we use a winclone created package to setup our dual boot staff machines. I use AutoCasperNBI to build my NBI's and only really have to change when Apple changes things in the machine architecture. I am very interested the prestage imaging piece that @blackholemac mentioned. I have really wanted to dig into it some but have had other priorities eat away my time.

blackholemac · ‎04-14-2017

They taught me in CCA class, pre-stage imaging is nothing more than auto run imaging data for machines that are not in the database yet ... when you image a new Mac, the JSS should already know what to do when you launch Casper Imaging. One of the very few differences I can think of between auto run data and pre-stage imaging is that you can even define a list of computer names to assign to your devices .

Jamf Nation Community

Remote Netboot and Imaging Questions