Mac Netbooting



  • Hello everyone! I just found out through a colleague this project was active again! Anyway, I’m aware that in the projects GitHub page there is a mac-boot repository, which will be great for devices already in Fog. My feature request is to also include Mac’s native netboot capability so new devices can immediately be added to Fog. JAMF Software has a free NetBoot appliance based on Ubuntu using netatalk, samba, tftp-hpa, and apache - GitHub project here if anyone would like to reference the configs: https://github.com/jamf/NetSUS

    The same colleague mentioned above also (long ago) made an iPXE netboot image using the old script attached below. build_ipxe_nbi.txt



  • Hi Wayne & Frank,

    I have read extensively through all the information I could get at the time I investigated that (like 2 years ago), we have macminis, 2011 & 2012. And I never could get them to properly boot on the network, so what I did was to live boot a Ubuntu image on the mac, and “fog” myself (well, that is why I helped have partclone replace partimage in fog, because partimage couldn’t handle hfs).

    Now I see you updated the wiki from what I remembered, as I was doing all that in the “pre ipxe” era. So I might give it a try next week… Thanks for the updates, I’ll let you know if that helps.

    Cheers,
    Gilles


  • Developer

    @Gilou Which Mac clients and OS version do you have (exact model or even better serial number)? The mentioned patch is only needed if you want to be able to select netbooting via the “Startup disk” GUI dialog within Mac OS X. But that is only one way of doing it. There are others too - like ‘n’ key while booting or the bless command…

    Please read through the wiki article. You should be able to boot iPXE on different Mac clients using the config code snippets in section ‘architecture’ and combine this with the section ‘fancy’ for newer clients. This article is work in progress and I am still not sure about “the best way” to make it work for everyone. Take a look: https://wiki.fogproject.org/wiki/index.php?title=FOG_on_a_MAC

    I am more than happy to update the article if you don’t know how to combine the code snippets. Just let me know.


  • Moderator

    @Gilou said:

    if I’m late in that, I’m trying to keep up with all that is happening with FOG lately… And it’s not easy

    I’m now of the opinion that the standard DHCP Option 067 should simply be set to ipxe.efi, and then create policies/classes for all the other stuff.

    Macs have way too many vendor class identifiers to even attempt to create a dhcp filter for each one.



  • Hi,

    This is really interesting, but annoying. I haven’t read all about NetSUS & stuff like that, but if I understand properly, for now, you need to patch ISC’s DHCP server to get to “properly” boot a mac from PXE?

    I have tried that a lot, with former wiki entries & dark information about how it works, but it usually didn’t work on ALL the mac we have. If we could get the mac to netboot on ipxe, a great deal would be done already. Now to make sure the fog linux client boots on mac… but ipxe would already be quite good. I’ll read about that ;)

    (Sorry if I’m late in that, I’m trying to keep up with all that is happening with FOG lately… And it’s not easy.)


  • Developer

    @Quantum Thanks again for bringing SCCM, VLAN and ip-helpers up. I did not know about this possibility where the client will contact the boot server(s) after retrieving an IP address (quite often using broadcast). I thought this is only done by Mac OS X (called BSDP).

    I tried to get this working in my lab but I couldn’t! I always see the following messages in syslog which means that isc-dhcp-server does not respond at all (checked with tcpdump) because it doesn’t want to without being able to offer a lease:

    DHCPDISCOVER from ... no free leases
    DHCPREQUEST for ... unknown lease x.x.x.x.
    

    So I really wonder if anyone has got this working with ISC dhcpd and not range statement in the config.


  • Developer

    @Quantum said:

    … GitHub page there is a mac-boot repository …

    Somehow I came back to think about your initial question and wondered if someone is still working on this (https://github.com/FOGProject/mac-boot)? Maybe @Tom-S ?? Is someone in contact with him?

    @Quantum Thanks a lot for your hint on DHCP. I am not sure if I get this right. To me it sounds like you can make ISC-DHCP a proxy DHCP server (only serving PXE options but no addresses) with this configuration. I would be amazed if this is working. Didn’t have the time to try yet. Have you?



  • @Uncle-Frank I’ve been playing around with a NetSUS VM a bit in the last couple days and soft of figured some stuff out. In a “normal” OS X NetBoot environment, the initial “booter” file is loaded over TFTP, and then that loads the DMG image over HTTP (or optionally NFS on OS X Server). The booted DMG then mounts a temporary home folder for the client on the netboot server using AFP (netatalk).

    Since FOG uses an ipxe.efi at the TFTP stage, the rest become irrelevant because iPXE is going to do it’s own thing. So I actually think you’ve got this pretty much ready to go.

    Also, I haven’t tested this extensively yet, but it appears that if the main DHCP server does NOT have the options set for PXE booting, and a second DHCP server (ISC-DHCP in this case) with the PXE options set globally with a simple

    subnet 172.20.1.0 netmask 255.255.255.0 {
    	allow unknown-clients;
    }
    

    to allow subnets - both servers added to ip helper-address list, the PXE client will pull the proper boot information. Got the idea from looking at the NetSUS’s DHCP config file and a number of references on Microsoft centered forums for using SCCM over VLANs - ip helpers is the only officially supported method. DHCP options work, but are not supported by Microsoft.


  • Developer

    Turned out that it does not show up in ‘Startup Disk’ only because of a special (random) source port used by Mac OS when sending the DHCPINFORM message - and therefore wants to see the answer going to that port, sure. I got the debian source, applied JAMF’s patch (https://github.com/jamf/NetSUS/blob/master/NetBoot/usr/local/sbin/dhcp-4.2.4-P1_dhcp.c.patch), build a new isc-dhcp-server and *there it is - showing up in ‘Startup Disk’.
    Thanks so much for pointing to JAMF’s project. It’s a great resouce! Nevertheless I still doubt that we need netatalk and NBI to make FOG people happy. And I think we’ll have to live without ‘Startup Disk’ as well as patching isc-dhcp is not an option I find. I played with a lot of options (local-port, remote-port) but couldn’t make it work with configuration.


  • Developer

    Thanks a lot for your answer. I am still in the process of testing and finding out what works and what not. The simple example works on very old Mac OS (Intel) machines but not on the newer ones. Yesterday I compared the config with the one you just posted and found them to be pretty close too. One major difference comes from NetSUS adding netatalk into the equation. I am not sure why we should add this to FOG if it works just as fine without. What do you think?

    Is this included in Fog’s default config, or is it something that admins have to add themselves later?

    As this is still kind of new to FOG we don’t have it included in the installer yet. But this could be done in a second. I just want to get it as prove as possible before we “release” it.

    it would hand out the NetBoot info, but not address

    You mean it acted like a proxyDHCP and not a full DHCP? I am asking because I am trying to hunt down everything on proxyDHCP right now as well! :-)

    Also, does this show up in OS X’s System Preferences -> Startup Disk?

    Got me! I think it does not show up. But I have to re-check. Is it worth to involve netatalk and NBI image stuff just to make it show up in ‘Startup Disk’?



  • @Uncle-Frank Your correct, and I believe you are close if not entirely there. I just looked over the “fancy” DHCP config snippet you have posted on the the wiki link you posted and compared it to JAMF’s (https://github.com/jamf/NetSUS/blob/master/NetBoot/var/appliance/conf/dhcpd.conf) and there are some small differences, mostly in the lower half. I don’t know how significant they are.

    Is this included in Fog’s default config, or is it something that admins have to add themselves later? Somehow the NetSUS worked with that DHCP config (modified slightly through the web gui - IP address and .nbi path). All we needed to do was add it to the ip-helpers in our switches and it would hand out the NetBoot info, but not address. They did use a patched dhcpd though, so that could be part of it?? Also, does this show up in OS X’s System Preferences -> Startup Disk? I thought that needed a properly formed .nbi folder, but that may just be on OS X Server?


  • Developer

    Hope I am not getting this wrong too. ;-)

    From my point of view we already have Mac Netbooting support documented here: https://wiki.fogproject.org/wiki/index.php?title=FOG_on_a_MAC

    I have been testing and updating this in the last days. Hope this is a good way to help Mac users. Thanks for the links! I will checkout NetSUS and the script to see if this is a better way of doing it. What do you think?



  • @Wayne-Workman Not a problem. I can see since I mentioned registration in my post that it could be a little confusing. To clarify for anyone else that might look at this, I’m talking about being able to NetBoot a brand new, fresh out of the box, never been booted before Mac directly to Fog.

    @Jbob I don’t think it will be terribly difficult to get working on the distros Fog supports. JAMF updated the NetSUS since the last time I looked at it to also support RetHat / CentOS, so the relevant packages should be there. I just hope that the build_ipxe_nbi script I included isn’t so old that it needs to be completely re-written.

    And thank you @Developers !


  • Moderator

    @Quantum I do apologize. I didn’t know what you were talking about and mistakenly thought you were referring to auto registration. @Jbob explained it to me and I think what you’ve suggested is a great idea. Again, I do apologize.

    Also, Welcome to the FOG community. :-)


  • Senior Developer

    @Quantum thanks for the resource! We’ll take a look at possibly integrating that net-boot configuration automatically. This would make using FOG in a Mac environment much easier. This trick for us will be adapting this to any distribution FOG runs on, which shouldn’t be too difficult.


  • Moderator

    @Quantum In FOG Trunk, you can configure an unregistered client to quick-register from the web interface should you want this, and also in FOG Trunk - registration is not mandatory for imaging any more.

    A lot has changed. Thank the amazing @Developers for their efforts.


Log in to reply
 

411
Online

39.3k
Users

11.0k
Topics

104.6k
Posts

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.