Netboot Services Jason Healy, Director of Networks and Systems Last Updated Nov 07, 2009
Contents 1 Netboot Services 5 1.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.2 Configuring Netboot Services . . . . . . . . . . . . . . . . . . . . 6 1.2.1 Initial Setup . . . . . . . . . . . . . . . . . . . . . . . . . 6 1.2.2 AFP Settings . . . . . . . . . . . . . . . . . . . . . . . . . 6 1.2.3 NFS Settings . . . . . . . . . . . . . . . . . . . . . . . . . 6 1.2.4 NetBoot Settings . . . . . . . . . . . . . . . . . . . . . . . 7 1.2.
Chapter 1 Netboot Services Last updated 2009/11/07 1.1 Introduction All recent models of Macintosh computer have the ability to be NetBooted, where the computer boots its operating system off of a special server on the network. This approach has several advantages in a managed setting, including the ability to manage software and OS settings in lab environments and not needing to clean public machines manually (as changes are lost after reboots).
1.2 Configuring Netboot Services To provide NetBoot services to your network, you’ll need a machine running Mac OS X Server. These instructions assume version 10.4, though they should work equally well for 10.3. (10.2 is significantly different, however, so these instructions will not work for that version.) You should use an unlimited client license version of OS X, or else you will only be able to boot a limited number of machines simultaneously.
1.2.4 NetBoot Settings In Server Admin, click on the NetBoot item. You should see an overview status of the other services that NetBoot depends on. Ensure that these services are shown as running (except DHCP, if your network already has a DHCP server). Click on the Settings tab at the bottom of the window. Under the General tab, you’ll have a few choices on how to store client data and images. Note that ”images” here refers to images that the clients will boot off of, not system restore images.
Additionally, you must ensure that you are not blocking any traffic between the clients and the server. NetBoot images are served via TFTP, AFP, HTTP, or NFS, so these ports (and any ”return” ports for protocols such as NFS) must be open. If your setup doesn’t seem to be working, try opening all ports to confirm that the problem isn’t networking-related. 1.
Additional Fonts, Language Translations, and Additional Applications. These things all take up space, and are not needed for our repair image. When the installation completes, you will be brought to a confirmation screen. Do not continue yet. Enabling The Root Account While still booted from the installation DVD, choose Reset Password from the Utilities menu. In the Reset Password Utility, select the hard drive you just installed OS X onto.
1.3.3 System Configuration OS Updates Run Software Update and install any pending updates. Reboot as necessary, and continue running until no further updates are pending. Resources Folder Create an alias to the ”Resources” folder on Veronica on the Desktop. Finder Preferences Show Connected Servers. New Finder windows should open Applications. Sidebar should only show Hard Disks, External Disks, CDs, DVDs, and iPods, Connected Servers, Home, and Applications. Show all file extensions.
/sbin/ipfw add 1000 deny udp from any to any dst-port 5353 out /sbin/ip6fw add 1001 deny udp from any to any 5353 out Disable Safe Sleep Safe Sleep keeps a large file (the size of physical RAM) on the boot volume to allow for hibernation. This is a huge performance hit, so we disable it for our repair image. Add the following to /etc/rc.local pmset -a hibernatemode 0 ”Reserved” Space Under 10.
Background Image To easily identify a computer that has been NetBooted, it is helpful to have a special background image. Suffield has such an image, stored in the Tech Repair folder on the server. To install an image on the master machine, copy it onto the computer and name it DefaultDesktop.jpg. Move the file into the folder /System/Library/CoreServices/, replacing any existing version. Disabling Network Authentication By default, our DHCP server advertises an LDAP server to all booted clients.
net.inet.tcp.keepintvl=150 net.inet.tcp.slowstart_flightsize=4 As always, you may wish to comment the lines to make future edits easier. 1.3.4 System Preferences Open the System Preferences and make the following changes: Appearance Set appearance and colors to Graphite. Desktop & Screen Saver Set the desktop to the replaced DefaultDesktop you installed earlier. Set the screen saver to Computer Name, and enable Show with clock. Have the screen saver start after 30 minutes.
Displays Check Show displays in menu bar. Energy Saver Set the Computer Sleep time to Never. Set the Display sleep time to 1 hour. Change the battery status menu to show estimated time. Print & Fax Add the Multimedia Lab printer. Network Disable the AirPort card (netbooted machines have a hardwired connection, so there’s no need for Airport). Sharing Name the computer ”Repair-and-Restore”. Enable Remote Login and Remote Management.
Software Update Disable checking for updates. Time Machine Turn off, and disable showing status in the menu bar. 1.3.5 Software Installation Below we describe how to install the standard suite of repair software used by Suffield Academy. DeployStudio Download the latest stable version of DeployStudio: http://www.deploystudio.com/ Launch the installer, and choose Customize. Select only DeployStudio Runtime (plus any mandatory greyed-out options). Install the software.
DataRescue Copy DataRescue II from the original media into the Applications folder on the master machine. Add it to the dock. Launch the program. On the first time through, it will prompt you to activate the registration for the software. Enter in the correct information and quit the program when it has been registered. TechTool Pro Run the TechTool Pro installer from the original media and install it onto the master machine. Start the program and register it properly.
Safari Show the status bar. Show the tab bar. In the preferences, set the default home page to: http://web.suffieldacademy.org/ils/crc/ Save downloaded files to the Desktop. For Bookmarks, only include Bonjour, and disable all collections. Set RSS never to update. Disable all forms AutoFill. Clear the history, empty the cache, and quit. Terminal Set the Terminal to ”Pro”. Set dimensions to 80x40. Set the window to close when the shell exits cleanly. 1.3.
1.3.7 Building the Image At this point, you should have a disk with a fully-functional NetBoot image on it. You must now connect this disk to a machine with Apple’s System Image Utility installed on it (it is included with Mac OS X Server). The simplest way to do this is to connect the master image directly to the NetBoot server via firewire. If your image is on a firewire drive, simply connect it.
• DHCP Machine will not boot at all. Other machines on subnet won’t get IP addresses assigned to them. • TFTP Machine will not get to ”spinning globe” stage of NetBoot (only flashing globe icon). TFTP is needed to send the initial booter file to clients, so if your boot fails early, check the TFTP service on the server. • NFS NFS is needed to mount the NetBoot image and complete the boot process.
