OS X Modular Imaging and Deployment using Free and Open Source Tools

OS X Modular Imaging and Deployment using Free and Open Source Tools

bash-3.2$ whoami Ed Heagle IT Director for Shell Lake Schools eheagle@shelllake.k12.wi.us

School District of Shell Lake Virtually all Mac. About 400 computers and over 100 ipads Mix of 10.6, 10.7, and 10.8 Mostly OS X Server 1 IT Support person (Me!)

Problems faced Image creation process taking too long. Too many images Images for each lab, type of computer Storage space issues Post imaging tasks Time constraints Software installs and updates Aging / insufficient infrastructure

Issues

"Monolithic" Images Exact clones of a "master" computer Image files can get very large (>10 GB easily) Slow, cumbersome to update Near impossible to use on newer models as/when they are released.

Death of the Xserve... Discontinued January 31, 2011 Lack of "proper" server hardware replacements Mac Mini - underpowered, more towards single use Mac Pro - Where the #@^&! is it going to be placed in my datacenter/server room/closet? OS X Server - a shadow of its former glorious self.

Other Issues Apple Software Update Server (SUS) Software Distribution/Updates Apple Remote Desktop issues Configuration Management Cost of Commercial Management Solutions

Solutions

Why Free and/or Open Source? Budget / Cost Reliability Stable Openness Flexibility Support Learning / career betterment opportunity

DANGER WILL ROBINSON! DANGER! Many of the software solutions described in this presentation do not use GUI tools at all by default (many are command line based). If command line frightens you, do yourself a favor and pick up one (or many) of the numerous books on the subject of UNIX / Linux and educate yourself.

Some books to help you on that... Learning Unix for OS X Mountain Lion - O'Reilly Media Mac OS X for Unix Geeks - O'Reilly Media Learning the Unix Operating System - O'Reilly Media Learning the bash Shell - O'Reilly Media

DeployStudio http://www.deploystudio.com Free but not Open Source Requires a Mac for server service Used to restore computers, can create system images. Software and configuration deployment Workflows Full automation support

DeployStudio Alternatives To Mention Apple's own tools (System Image Utility) Not as intuitive or easy to use. YMMV Comes with OS X Server Blast Image Config http://clc.its.psu.edu/univservices/itadmins/mac/blastimageconfig Freeware

DeployStudio Alternatives Clonezilla www.clonezilla.org JAMFs Netboot/SUS virtual appliance Open Source Created by JAMF Software https://github.com/jamf/netsus

DeployStudio Best Practices Properly plan out your workflows Use scripts! Create multiple netboot sets according to OS versions Document, Document, Document... Test everything!

Reposado - Apple Software Update Service Replacement https://github.com/wdas/reposado More features than Apple's implementation Branches Does not need to be running on a Mac Server Command line based

Add on to Reposado Margarita - Graphical Browser based front end to Reposado. https://github.com/jessepeterson/margarita

Reposado Best Practices Make sure you have plenty of hard drive space (150GB currently used for entire update repository). Cull unused updates (if you have time) Use branches Test updates before putting out to production

Instadmg http://code.google.com/p/instadmg/ Instadmg allows you to create asr ready, clean OS X disk images "Factory install" clean Command line only Downloads and/or installs software and updates from Apple and/or any other source you choose. svn checkout http://instadmg.googlecode.com/svn/trunk instadmg

Instadmg Best Practices Avoid including everything Certain installers won't work 10.7 can create 10.6, 10.7 images, 10.8 can only create 10.8 images. Test, test, test. Watch the log files

munki - "Managed Software installation for OS X" http://code.google.com/p/munki/ munki allows you to distribute software, updates and even configuration changes easily and semi automatically. Users can install software that has been released through munki using the Managed Software Update program.

munki Requirements Clients: 10.5 and above. Repository stored/shared on any web server Doesn't need to be a Mac server Admin machine needs to be OS X

munki Supported Installers.pkg and.mpkg files drag and drop install style.dmgs "Adobe CS3/CS4/CS5/CS6 Deployment "packages" created with Adobe's Enterprise Deployment tools" Many Adobe CS3/CS4/CS5/CS6 product updaters

Repository Structure Catalogs Auto generated with makecatalogs Manifests List the software available to the client Manifest files can refer to other manifest files Pkginfo Describes the installer files

Command Line Tools munkiimport makepkginfo makecatalogs managedsoftwareupdate manifestutil

Managed Software Update Installs can be mandatory or optional. Can be set to run automatically at login window. Users can install updates without admin authorization (well most of the time) Can be set to install Apple updates besides what is in the repository.

Add ons MunkiReport-php - Report server for munki https://code.google.com/p/munkireport-php/ Munkiwebadmin - https://code.google. com/p/munki/wiki/munkiwebadmin

Problem Installers Adobe Flash Adobe software in general Microsoft Office 2011 Updates Java 7 Updates (maybe)

munki Best Practices Seriously plan out organization Test, test, test. Document it! Repackage software as needed Avoid licensed software installers if making server publicly accessible

Bringing it all together...

Future Directions Puppet git Strengthen the workflow Less dependence on OS X Server / Apple "server" hardware More automation

Thanks for listening. Any Questions?

Ed Heagle eheagle@shelllake.k12.wi.us http://www2.shelllake.k12.wi.us/brainstorm/