MacSysAdmin 2018 links

Here are some links from my presentation at MacSysAdmin 2018 in Göteborg, Sweden, “Imaging is Dead: What Now?”

Der Flounder, “Imaging will be dead soonish”: https://derflounder.wordpress.com/2017/01/10/imaging-will-be-dead-soon-ish/

AutoDMG: https://github.com/MagerValp/AutoDMG

Imagr: https://github.com/grahamgilbert/imagr

DeployStudio: http://www.deploystudio.com

Apple, “Upgrade macOS on a Mac at your institution”: https://support.apple.com/en-us/HT208020

Apple, “APFS and Imaging”: https://help.apple.com/deployment/macos/#/apd545ec8b69

Apple, “Restore Apple T2 firmware on iMac Pro”: https://help.apple.com/configurator/mac/2.7.1/#/apdebea5be51

Apple, “Restore Apple T2 firmware on 2018 MacBook Pro”: https://help.apple.com/configurator/mac/2.7.1/#/apd0020c3dc2

Apple, “How to create a bootable installer for macOS”: https://support.apple.com/en-us/HT201372

createbootvolfromautonbi.py: https://github.com/munki/macadmin-scripts/blob/master/createbootvolfromautonbi.py

Bootstrappr: https://github.com/munki/bootstrappr

Installr: https://github.com/munki/installr

Erik Gomez, Custom DEP series: http://blog.eriknicolasgomez.com/2017/03/08/Custom-DEP-Part-1-An-Introduction/
http://blog.eriknicolasgomez.com/2017/03/08/Custom-DEP-Part-2-Creating-a-custom-package-and-deploying-Munki/
http://blog.eriknicolasgomez.com/2017/03/08/Custom-DEP-Part-3-Best-Practices/
http://blog.eriknicolasgomez.com/2017/03/08/Custom-DEP-Part-4-The-Future/
http://blog.eriknicolasgomez.com/2017/04/05/Custom-DEP-Part-5-Dynamic-InstallApplication/
http://blog.eriknicolasgomez.com/2017/04/27/Custom-DEP-Part-6-Vendor-Announcement-and-Presentation/
http://blog.eriknicolasgomez.com/2017/07/27/Custom-DEP-Part-7-Getting-started-with-AirWatch-9.1.3/

Victor Vranchan, “Munkiing around with DEP”: https://groob.io/posts/dep-micromdm-munki/

installinstallmacos.py: https://github.com/munki/macadmin-scripts/blob/master/installinstallmacos.py

Armin Briegel, “macOS Installation for Apple Administrators”: https://scriptingosx.com/macos-installation-for-apple-administrators/

Advertisement

PSU MacAdmins 2018 Links

Here are some links from my presentation at the 2018 MacAdmins Conference at Penn State, “Imaging is Dead: Now What?”

Der Flounder, “Imaging will be dead soonish”: https://derflounder.wordpress.com/2017/01/10/imaging-will-be-dead-soon-ish/

AutoDMG: https://github.com/MagerValp/AutoDMG

Imagr: https://github.com/grahamgilbert/imagr

DeployStudio: http://www.deploystudio.com

Apple, “Upgrade macOS on a Mac at your institution”: https://support.apple.com/en-us/HT208020

Apple, “APFS and Imaging”: https://help.apple.com/deployment/macos/#/apd545ec8b69

Apple, “Restoring an iMac Pro with Configurator”: https://help.apple.com/configurator/mac/2.6/index.html?localePath=en.lproj#/apdebea5be51

Apple, “How to create a bootable installer for macOS”: https://support.apple.com/en-us/HT201372

createbootvolfromautonbi.py: https://github.com/munki/macadmin-scripts/blob/master/createbootvolfromautonbi.py

Bootstrappr: https://github.com/munki/bootstrappr

Erik Gomez, Custom DEP series: http://blog.eriknicolasgomez.com/2017/03/08/Custom-DEP-Part-1-An-Introduction/
http://blog.eriknicolasgomez.com/2017/03/08/Custom-DEP-Part-2-Creating-a-custom-package-and-deploying-Munki/
http://blog.eriknicolasgomez.com/2017/03/08/Custom-DEP-Part-3-Best-Practices/
http://blog.eriknicolasgomez.com/2017/03/08/Custom-DEP-Part-4-The-Future/
http://blog.eriknicolasgomez.com/2017/04/05/Custom-DEP-Part-5-Dynamic-InstallApplication/
http://blog.eriknicolasgomez.com/2017/04/27/Custom-DEP-Part-6-Vendor-Announcement-and-Presentation/
http://blog.eriknicolasgomez.com/2017/07/27/Custom-DEP-Part-7-Getting-started-with-AirWatch-9.1.3/

Victor Vranchan, “Munkiing around with DEP”: https://groob.io/posts/dep-micromdm-munki/

Armin Briegel, “macOS Installation for Apple Administrators”: https://scriptingosx.com/macos-installation-for-apple-administrators/

installinstallmacos.py: https://github.com/munki/macadmin-scripts/blob/master/installinstallmacos.py

Unwelcome Apple surprise

This morning while reviewing new updates on my reposado server I saw this new update:

091-76348   macOS High Sierra                           2018-04-10 []

I didn’t think much of it; various “Install macOS High Sierra” updates have appeared in the softwareupdate catalogs since early in the High Sierra beta cycle: the App Store, when installing the “Install macOS High Sierra” application, downloads resources from these catalogs. (See https://managingosx.wordpress.com/2017/09/26/some-stuff-about-install-macos-high-sierra-app/ for more info).

But then I saw this cry for help on the munki-discuss list: https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!msg/munki-discuss/I9nA-340mO4/KVQTJMEGCgAJ

Apologies if this has been asked and answered already, but we’re in a desperate time crunch. This morning, on the second day of standardized testing for our district, High Sierra is appearing as a “regular update” instead of an App Store option, so naturally MSC offers it:

It appeared that “macOS High Sierra” was being offered as an Apple software update (which Munki was then offering to install).

Continue reading “Unwelcome Apple surprise” →

Updated notes on deploying images to iMac Pro

A brief update to https://managingosx.wordpress.com/2018/01/25/early-notes-on-deploying-images-to-imac-pro/ :

This is much easier now with 10.13.4, which has updated asr restore to handle some of the tasks needed when restoring an image to iMac Pro.

I still recommend using AutoDMG to generate a deployment image from a 10.13.4 Install macOS High Sierra.app (and optionally your own additional packages).

The one restore workflow I know works is this:

Start up the iMac Pro in Target Disk Mode. Connect it to another Mac running 10.13.4. Make sure that Mac also has an active Internet connection that can reach Apple’s servers.

As root:

asr restore --source osx_updated_180402-10.13.4-17E199.apfs.dmg --target /Volumes/Macintosh\ HD\ 1 --erase

Where --source points to the AutoDMG-generated deployment image, and --target points to the iMac Pro’s internal disk (mounted via Target Disk Mode). The restore session should look something like this:

# asr restore --source osx_updated_180402-10.13.4-17E199.apfs.dmg --target /Volumes/Macintosh\ HD --erase
Validating target...done
Validating source...done
Erase contents of /dev/disk4s1 (/Volumes/Macintosh HD)? [ny]: y
Retrieving scan information...done
Validating sizes...nx_kernel_mount:1359: : checkpoint search: largest xid 72, best xid 72 @ 143
done
Restoring  ....10....20....30....40....50....60....70....80....90....100
Verifying  ....10....20....30....40....50....60....70....80....90....100
Inverting target volume...done
Remounting target volume...done
Personalization over TDM succeeded

and you should have a working macOS 10.13.4 volume on the iMac Pro.

Using Munki to revert or downgrade software

Introduction

It might come as little surprise to find out that I use Munki in my organization to manage software installations on macOS.

Munki is really good at keeping software up-to-date. Every time it runs, it compares the versions it has on the server against the versions installed on the local machine and updates any software at a lower version than it has on the server.

Its default behavior when an item on the local machine has a higher version than that on the server is to leave it alone. This is great when you have users that for whatever reason need to test newer versions (or perhaps they are actually developing the newer version of the software).

I also use AutoPkg to automate finding new software updates and to import them into my Munki repo. For us, AutoPkg checks on approximately 50 items each day, importing anything new into my Munki repo into a testing catalog.

On Tuesday of this week, Mozilla released Firefox 59. AutoPkg found the new release and imported it into Munki as expected. On Wednesday, I noticed that AutoPkg had imported Firefox 60! I looked at the installed application, and its version was actually 60.0b3. Someone at Mozilla had goofed and pointed the “latest firefox release” link at the 60 beta. Later in the day this goof was remedied and the link once again returned Firefox 59.

But my AutoPkg run had occurred while the Mozilla site was offering 60.0b3, and so it was downloaded and added to my Munki’s repo’s testing catalog. 25 Macs in my organization (including my own laptop) now had Firefox 60.0b3 installed.

(Side note: because of the way Munki does version comparisons, when the final release of Firefox 60 comes out, if it is versioned as “60.0”,  Munki would not “upgrade” from 60.0b3 to 60.0 – “60.0b3” compares as higher than “60.0”.)

I wanted to configure Munki to downgrade any install of Firefox 60.0b3 to Firefox 59. Since by default Munki leaves higher versions alone, this is not exactly obvious how to do.

Continue reading “Using Munki to revert or downgrade software” →

MacAD.uk 2018 Conference Links

Here are some links from my presentation at Mac Admins and Developers UK 2018, “Imaging is Dead: Now What?”

Der Flounder, “Imaging will be dead soonish”: https://derflounder.wordpress.com/2017/01/10/imaging-will-be-dead-soon-ish/

AutoDMG: https://github.com/MagerValp/AutoDMG

Imagr: https://github.com/grahamgilbert/imagr

DeployStudio: http://www.deploystudio.com

Apple, “Upgrade macOS on a Mac at your institution”: https://support.apple.com/en-us/HT208020

Apple, “APFS and Imaging”: https://help.apple.com/deployment/macos/#/apd545ec8b69

Restoring an iMac Pro with Configurator: https://help.apple.com/configurator/mac/2.6/index.html?localePath=en.lproj#/apdebea5be51

createbootvolfromautonbi.py: https://github.com/munki/macadmin-scripts/blob/master/createbootvolfromautonbi.py

Bootstrappr: https://github.com/munki/bootstrappr

Erik Gomez, Custom DEP series: http://blog.eriknicolasgomez.com/2017/03/08/Custom-DEP-Part-1-An-Introduction/
http://blog.eriknicolasgomez.com/2017/03/08/Custom-DEP-Part-2-Creating-a-custom-package-and-deploying-Munki/
http://blog.eriknicolasgomez.com/2017/03/08/Custom-DEP-Part-3-Best-Practices/
http://blog.eriknicolasgomez.com/2017/03/08/Custom-DEP-Part-4-The-Future/
http://blog.eriknicolasgomez.com/2017/04/05/Custom-DEP-Part-5-Dynamic-InstallApplication/
http://blog.eriknicolasgomez.com/2017/04/27/Custom-DEP-Part-6-Vendor-Announcement-and-Presentation/
http://blog.eriknicolasgomez.com/2017/07/27/Custom-DEP-Part-7-Getting-started-with-AirWatch-9.1.3/

Victor Vranchan, Munkiing around with DEP: https://groob.io/posts/dep-micromdm-munki/

Post-credits scene (installinstallmacos.py): https://github.com/munki/macadmin-scripts/blob/master/installinstallmacos.py

Early notes on deploying images to iMac Pro

Overview

Here are some early notes on making and restoring a High Sierra deployment image to an iMac Pro.

“Wait, I thought imaging was dead! Especially imaging the iMac Pro with Secure Boot!” you may be thinking. My reply: “We’ll see, won’t we?” It’s early days here: we’re experimenting. Our experiments might lead to dead ends, or they might lead to useful results.

Continue reading “Early notes on deploying images to iMac Pro” →

Bootstrappr

A little while ago, I made a new Mac deployment tool available:

https://github.com/munki/bootstrappr

Bootstrappr is really nothing more than a Bash script that installs any packages it finds in an adjacent packages directory. There’s no GUI, no bells and whistles.

What is it for? Why would you use it?

You’d use it for installation-based deployment workflows on iMac Pro (and potentially any Mac).

Continue reading “Bootstrappr” →

macOS installation-based workflows

Perhaps you are starting to worry about the future of “imaging” as a deployment/initial configuration method for Macs.

(I’ll define “imaging” as block-copying the contents of a disk image file to a disk volume, and resulting in a bootable, fully-functional machine.)

If you are concerned about the future of imaging, you might want to start investigating macOS installation-based workflows for deployment/initial configuration.

The basic idea is this: a workflow that either installs macOS, or starts with the factory os installation. It then installs additional packages that serve to enroll the Mac in whatever your ongoing management system is (Jamf Pro, Filewave, Munki, etc). It then becomes the management system’s job to finish the initial setup of the machine.

Here are a few things you might want to look at:

Continue reading “macOS installation-based workflows” →

Customized High Sierra Install issues and workarounds

The startosinstall tool in the High Sierra installer supports adding additional packages that will be installed after macOS is installed, via the --installpackage option:

bash-3.2$ /Applications/Install\ macOS\ High\ Sierra.app/Contents/Resources/startosinstall --usage
Usage: startosinstall

Arguments
--applicationpath, a path to copy of the OS installer application to start the install with.
--license, prints the user license agreement only.
--agreetolicense, agree to license the license you printed with --license.
--rebootdelay, how long to delay the reboot at the end of preparing. This delay is in seconds and has a maximum of 300 (5 minutes).
--pidtosignal, Specify a PID to which to send SIGUSR1 upon completion of the prepare phase. To bypass "rebootdelay" send SIGUSR1 back to startosinstall.
--converttoapfs, specify either YES or NO on if you wish to convert to APFS.
--installpackage, the path of a package to install after the OS installation is complete; this option can be specified multiple times.
--usage, prints this message.

Example: startosinstall --converttoapfs YES

A High Sierra NetInstall image built with System Image Utility has a similar option: you can add additional packages to the install:

Unfortunately, under both 10.13 and 10.13.1, both methods have a similar issue: if you try to install multiple packages, in some/many cases the installer will not properly cache all the intended packages and the install of macOS will fail with the message “The path /System/Installation/Packages/OSInstall.mpkg appears to be missing or damaged.” It tells you to restart and try again (which won’t work…).

Continue reading “Customized High Sierra Install issues and workarounds” →