LSAIT — College of LS&A Information Technology | University of Michigan

accessible view | jump to content | search | jump to site-wide navigation

LSA Mac OS X Administration

Installing a new desktop machine

See http://www.lsa.umich.edu/lsait/admin/mac/LSA_NetInstall.pdf
Troubleshooting: http://www.lsa.umich.edu/lsait/admin/mac/sni-troubleshooting.asp

Creating the ability to netboot from your subnet

See http://www.lsa.umich.edu/lsait/admin/mac/LSA_NetInstall.pdf
Troubleshooting: http://www.lsa.umich.edu/lsait/admin/mac/sni-troubleshooting.asp

Adding a pkg to the loadset (excluding Apple Software Updates)

On lsa-mac-dev1.lsait.lsa.umich.edu:

1. Add the package to the appropriate directory under: /Volumes/DataDisk/Install/LSA/
   • OS-Non-Specific applications go in Apps-Common/
   • Leopard-only other packages go in Packages-Leopard/Other-Packages/
2. Run /usr/local/bin/pkg-dist-info the-new-package.pkg
3. Cut and paste the output into the line and choice sections of /Volumes/DataDisk/Install/LSA/Packages-Leopard/Apps.mpkg/Contents/TEMPLATE.dist. Be sure to backup your configuration dist files before moding them - a simple xml syntax error will result in a non-usable dist file and the SNI Application will not load it. Use the '/usr/local/bin/plist-backup' script to time-stamp name and backup your files.
4. Update the custom-load-ids.txt webpage using the output from
   /Volumes/DataDisk/Install/LSA/Packages-Leopard/Apps.mpkg/Contents

Note that the pkg must be able to be installed on the non-root volume. Primarily, this means that any postflight/preflight/etc scripts that are run by the pkg need to use the quoted form of $3 so that harddrives with spaces in their names are escaped correctly.

Adding Apple software updates to the load

1. Download the update from http://www.apple.com/support/downloads
2. If the package is a 10.5-only package and is in the flat-file (non-bundle) format:
   1. Launch PackageMaker
   2. Open the newly downloaded package in PackageMaker
   3. Project > Install Properties...
   4. Change the Minimum Target to Mac OS X v10.4 Tiger
   5. Click Build in the Toolbar
   6. Find someplace to save the package
   7. You'll see a couple packages being made inside a mpkg. One called "SU_TITLE" which is the softwareupdate wrapper pkg, and another package that's the one you actually want.
   8. Open up the mpkg in the Finder (show package contents)
   9. Inside you'll eventually find the software update you're looking for - install this pkg in the build (documented below)
   10. Inside that pkg, be sure to examine the Info.plist inside the update package. I found that the bundle ID was set to just "manual" - I had to make it unique by setting it to something like: edu.umich.lsa.extracted-pkg.osx1051update
   On lsa-mac-dev1.lsait.lsa.umich.edu:
3. Add the package to /Volumes/DataDisk/Install/LSA/Packages-Leopard/AppleUpdates
4. Run /usr/local/bin/pkg-dist-info the-new-package.pkg
5. Cut and paste the output into the line and choice sections of /Volumes/DataDisk/Install/LSA/Packages-Leopard/AppleUpdates/AppleUpdates.mpkg/Contents/distribution.dist
6. Be sure the title is filled in, optionally the description, and change the selected setting from false to true

Hints:
Obviously the following hints require examination to see if they still apply, but this is what I've had to do in the past:

For Quicktime updates, comment out the 'sudo' lines in the preflight and postflight scripts

For iTunes updates, inside AppleMobileDeviceSupport, remove all post* and pre* scripts. Inside iTunesX, disable the preflight and postflight

Adding a new department

On each SNI server,

1. sudo /usr/local/bin/acct-rep-in
2. cd /Volumes/DataDisk/Install/Group
3. sudo mkdir foo
4. sudo chmod 770 foo
5. sudo chgrp foo foo
6. sudo mkdir foo/DeptInfo
7. sudo cp lit/DeptInfo/DeptInfo.txt foo/DeptInfo/DeptInfo.txt
8. sudo vi foo/DeptInfo/DeptInfo.txt
9. sudo chmod -R -w foo/DeptInfo
10. sudo sharing -a "/Volumes/DataDisk/Install/Group/foo" -s 100 -g 000 -i 00

Be sure to verify via Connect to Server that the new share is available. There has been an instance where the 'sharing' command didn't HUP the daemon. Restarting the AFP service fixed it though. Add to SNI config files in AFS in
/afs/umich.edu/group/lsa/lsait/Public/html/mac/SimpleNetInstallData

Adding a new loadset to a department

The department plist files are kept here:
cd /afs/umich.edu/group/lsa/lsait/Public/html/mac/SimpleNetInstallData
undo the symlink to the generic one (unless this has already been done) copy a <dict> block, and paste it in below the current one, preferably keeping alphabetical order.
Change the Display Name to match the loadset name. If an OS Load is to be part of this, include an OS value, where the value is the location of the OS install mpkg within the department share.
If this OS Load is to be automated, include an OS Auto value, where the value is the location of the xml configuration file. If an Applications Load is to be part of this, include a Custom value, where the value is the location of the App install mpkg within the department share.
If this Applications Load is to be automated, include a Custom Auto value, where the value is the location of the xml configuration file

Check the XML file for validity:
xmllint -valid -noout dept.plist

Automating a loadset

Create a new plist using plist editor and populate it according to Apple's instructions http://docs.info.apple.com/article.html?artnum=107358
The package should always point at
/System/Installation/Packages/OSInstall.mpkg
for OS installs or at
/private/etc/rc.cdrom.packagePath
for Application installs. I'd advise against defining the HD name unless automation is going to be restricted to new HW

Adding a new account for doing installs

1. ssh lsa-sni-eh.lsa.umich.edu
2. dseditgroup -u macdiradmin -n /LDAPv3/127.0.0.1 -o edit -t user -a UNIQNAME DEPT (substituting the appropriate UNIQNAME and DEPT). (you'll be prompted for the 'macdiradmin' password)

Software update server configuration

1. First, login to lsa-swl2.lsa.umich.edu with your Kerberos password.
2. Next, run the Server Admin tool and select the Software Update option
3. By default, we have configured Software Update Services to leave recently downloaded updates unchecked. This allows for finer control over software packages. Keep in mind however, that notification of critical patches will not automatically be displayed.
4. Parse the update list for packages to enable - select only the applications or update that you need to have installed.
5. Configure the machine to pull from lsa-swl2.lsa.umich.edu rather then softwareupdate.apple.com: sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL http://lsa-swl2.lsa.umich.edu:8088/index.sucatalog. You can run this command via ARD UNIX command in order to configure each machine to pull from lsa-swl2.
6. Install updates: /usr/sbin/softwareupdate -i -a

Changing an install account password

Install accounts use UMICH.EDU Kerberos passwords. Follow your standard kerberos password changing procedure.

Adding a new server

See separate new server documents

Adding the LSA boot image to your existing Netboot server

1. Clone the entire LSA-10.5-v#.nbi directory from /Volumes/DataDisk/Library/NetBoot/NetBootSP0/ to your server, at /Library/NetBoot/NetBootSP0/
2. Edit the NBImageInfo.plist file inside the directory to match your desired configuration (e.g. change the Index, change whether it is default)

If the image doesn't show up, try disabling and re-enabling the image via the 'Server Admin' application installed from the Server Admin Tools CD. DO NOT START THE DHCP SERVICE. This is not necessary for netboot to operate, and will cause problems on the network. If all goes well, the image should now be visible from other machines.

UPDATING the LSA netboot image:

(this procedure updates the OS the target machine is booted from while packages are being installed, but does not affect what packages are installed)
When new hardware comes out, it's often necessary to update the netboot image to support it.

1. Use Network Image Utility to create a new NBI from the OS install of the new hardware's install disk. You can give the new image you're creating any name and ID - we won't actually be using the new NBI, we just need to get some files from it. This process will take 5-30 minutes depending on the speed of your hardware.
2. Open the resulting NBI folder.
3. In Terminal, run lsa-swl2.lsa.umich.edu:Packages/source/NetBootStuff/Make-SNI-NBI-leopard/RUN-ME and follow its instructions
4. Copy the NBI folder up to the server
5. Modify the NBImageInfo.plist to reflect the a new ImageID number and Image Name

on the netboot server:
sudo chown -R root:admin /Volumes/DataDisk/Library/NetBoot
(you may have to modify that path and remove /Volumes/DataDisk)

NOTE: If you're updating the netboot image to support new hardware you probably need to update the packages that get installed too. Be sure to follow the instructions in the next section for creating a new OS load.

Updating the OS loadset packages

(this procedure updates the packages that are actually installed on the target machine)
If basing the loadset off a retail box version of Leopard:

1. Insert the disc in your computer
2. In Terminal, type: open /Volumes/Mac\ OS\ X\ Install\ Disc/System/Installation/Packages
3. Copy all of the packages to lsa-mac-dev1.lsait.lsa.umich.edu, at LSA/Packages-Leopard/DVD-Packages

If basing the loadset off a disc that was included with recent hardware:

1. Insert the disc in your computer
2. In Terminal, type: open /Volumes/Mac\ OS\ X\ Install\ Disc/System/Installation/Packages
3. Copy all of the packages to lsa-mac-dev1.lsait.lsa.umich.edu, at LSA/Packages-Leopard/DVD-Packages
4. Copy the OSInstall.mpkg to your desktop, then open Terminal
5. cd /tmp
6. mkdir foo
7. cd foo
8. xar -xf ~/Desktop/OSInstall.mpkg
9. vi Distribution
10. ...Find the line the looks like >installation-check=hwbecheck()> and delete it
11. ...Remove any of the platform specific packages and bundled applications - these will usually be in a single gigantic blob - delete the whole blob, being sure you're not also deleting the closing tag that ends the whole >lines> or >choices> section
12. xar -cf /tmp/OSInstall.mpkg *
13. open /tmp
14. ...Copy the new OSInstall.mpkg to lsa-mac-dev1.lsait.lsa.umich.edu at LSA/Packages-Leopard/DVD-Packages

Synchronize accounts between two servers:

This is no longer necessary as the Mac servers now are all connected to a shared Open Directory on lsa-sni-eh. Group membership changes on that server should be visible immediately on all other servers.

back to top

• Who We Are, What We Do
  • About LSAIT
  • LSAIT Staff Directory
  • Contact Us
• Getting Started
  • Getting Started Overview
  • Windows User FAQ
• Help with Equipment and Software
  • Help with Equipment
  • Help with Software
  • New Faculty Computers
  • Faculty Computing Upgrade
• Summary of Accounts and Passwords
  • Accounts used in LSA
• E-mail
  • E-mail Overview
• Advanced Computing
  • Collaborations
  • Resources
• Department Admin Toolbox
  • Security
  • Windows Environment
  • Mac OS X Environment
  • Unix Environment
  • Video Conferencing
  • IT Professional Development

LSA | University of Michigan

© 2008 Regents of the University of Michigan | Web design by Marketing Communications

This website is optimized for standards-compliant browsers, following guidelines for XHTML, CSS and accessibility | XML | Contact webmaster

---

back to top