| |
| | |

Apple Phoon Forum

 Forgot password?
 Register
View: 798|Reply: 3

ASR Expert Required

[Copy link]

Post time: 2014-02-04 14:52:52 |Show all posts
Hi
after making this post (https://discussions.apple.com/message/21498786#21498786) I thought for a while, and realised that my title might not hit the right crowd, so I have opened this discussion to adress the same issue, but with the new title, as the question really needs an ASR expert which the first page does not have.
I chose to have two posts as the original does still stand alone, and there have been several posts on headless installs, so in case people go looking its still there.
Here is the original post:
i have recently aquired a mac in a datacenter where I have no physicall acess to the machine. I am looking at ways in which I can reinstall the machine if need be. From all I have read the issue is not actually reinstalling the machine, but rather that SSH is disabled by default, so once rebooted remote access is not possible. However, I think I may have found a way to do it, but not 100% sure, and wish to check with someone more knowledgeable than myself before destroying my system and having to pay a service fee to have it reinstalled.
As I use a Mac Mini as my primary desktop, I wondered if I could make an image from that, with the required services and passwords setup plus applications etc, and restore that on the remote machine. The issues would be:
1) can a headless mac be restored from an image
2) can an image made on one mac be deployed on another
It would appear the #2 is not an issue, as there are procedures for corporations to roll out identically configured Macs. So in reading up on #1, I found that ASR (Apple Software Restore) might be able to do this. I have not found any concrete information on Carbon Copy Clone or SuperDuper for what its worth. Does anyone have any experience here?
I have found the following link which looks helpful: http://clc.its.psu.edu/UnivServices/itadmins/mac/blastimageconfig/createasrmaste rimage10.7 its based on Lion, but hope its applicable to Mountain Lion as well.
The good news is that
1) my home mac is in need of a reinstall, so I will have a fresh base to build from
2) the hosted mac has a USB drive attached, but also the root disk is split into two partitions
Thus, my plan would be
1) reinstall my home mac, with SSH enabled, possibly the firewall as well, and secure passwords
2) install Mountain Lion onto the second partition or USB drive in the hosted Mac
3) enable SSH on the second install - can this be done from the first instance, or would I have to restore an image with SSH enabled to the USB drive?
4) boot from the second installation
5) use ASR to re-image the boot drive from my home Mac
As far as I can see, the issue really is step #3, but as I say, I am hoping for some expert advice here, failing that, I guess I try it, and report back!
Plan B, is to install Snow Leopard on the hosted mac and upgrade to Mountain Lion. I have read the SSH is started by default in Snow Leopard. The issue here is finding a copy of Snow Leopard
Updates:
Plan B is based upon this post:
https://groups.google.com/forum/#!topic/macenterprise/qxZzo90GhBo
******************************************************************************** ***********************
In Snow Leopard Server (and, I think, Lion as well) it was easy to to a
headless/remote clean install of the OS because SSH was enabled by default,
and login: password:  worked by default.
Unfortunately with Mountain Lion, SSH seems to be disabled by default on clean
install.
Any thoughts on how to modify the installer so that SSH would be enabled by
default, or otherwise, how best to perform a remote clean install/config of ML?
Best,
Rusty
******************************************************************************** ***********************
I am yet to confirm if this is true.
        Mac mini, OS X Mountain Lion (10.8)
Reply

Use magic Report

Post time: 2014-02-04 19:03:20 |Show all posts
Oh one other thing: a couple of years ago we had problems with Mac Minis not booting fully when in completely headless - ie when there was no display attached at all. If we just attached a VGA dongle (and nothing attached to the dongle), this worked around the booting problem. Later we connected all of the computer to full KVM switches so they always have a working display, which of course also solves that issue (unfortunately it also prevents them from sleeping properly, but that's another story...).
Reply

Use magic Report

Post time: 2014-02-04 17:47:57 |Show all posts
Hi,
I apologize for not replying yesterday as I promised on Twitter.
Anyway, first off I thought I'd reply to some of your questions directly, then I thought I could share a bit on one small piece of our Mac testing infrastructure that might serve as some inspiration for you and other system builders out there.
Yes, a headless Mac can be restored from an image using asr, provided you have alternate point to boot from, for example, as you suggest, a USB drive (as you naturally can't restore to the volume you're currently booted from).
Yes, an image made on one Mac can be deployed on another, provided they are of a similar model. Generally you should create images for specific models and deploy those images to that model only, but in most cases images can be used on many different models barring any major hardware changes. To create a restorable image, boot to your alternate boot media and use Disk Utility to create the disk image using "Disk Image From..." in the File menu. Once the dmg is created you also have to do a "Scan Image For Restore" (this can take a while).
It is possible to enable SSH on a restored image without booting into that image. How it's done can depend slightly on the OS X version. There are two files you may need to pay attention to: /private/var/db/launchd.db/com.apple.launchd/overrides.plist and /System/Library/LaunchDaemons/ssh.plist - either of them can be used to disable sshd. Assuming you have the newly-restored image mounted on /Volumes/RESTORED, you should be able to use the following commands to make sure sshd is enabled:
/usr/libexec/PlistBuddy -c 'Set :com.openssh.sshd:Disabled false' /Volumes/RESTORED/private/var/db/launchd.db/com.apple.launchd/overrides.plist
/usr/libexec/PlistBuddy -c 'Delete :Disabled' /Volumes/RESTORED/System/Library/LaunchDaemons/ssh.plist
You need to make sure that you have a working username and password (or SSH public keys) that you can login to. I recommend setting that up on the system before creating the image, but then you may as well, as you mention, enable SSH there and it should just work once you have restored it.
We run asr with the parameters --buffers=2 and --buffersize=64, which we have found speeds up the process somewhat.
I'll briefly describe our setup, which is rather comprehensive and probably not applicable to you, but may show what's possible.
We have a cluster with a number of Mac Minis in lab environment. We also have a Mac Mini Server (this is actually still running Snow Leopard Server) on the same LAN. The Mac Minis are configured to by default do a diskless NetBoot from the server (by plugging in a keyboard and pressing option-N when booting the first time). This makes it possible for us to, when the Macs are in netbooted mode, write any image we want to the system local disk. We then have a series of shell scripts that can automatically pick an OS image (we have images for the last four major OS X releases), restore it using "asr", apply a number of configuration options (such as setting hostname, changing desktop background, etc) on it, run "bless --mount /Volumes/RESTORED" --setBoot --nextonly" and then reboot. The bless command tells the firmware to use the defined volume as boot volume, but only once. This way, the only thing we have to do to get the computer back into a known-good state from where we can restore, is reboot - including power cycling if needed. If there is file system corruption on a machine we simply reboot it and reformat the disk and it's good to go again.
I hope all this helps a bit with your asr expirements. Good luck, and keep plenty of backups around. :-)
Reply

Use magic Report

Post time: 2014-02-04 16:30:35 |Show all posts
Do you have any kind of remote access to the Mac in the datacenter? Apple Remote Desktop, if not SSH?
Usually, as part of your contract with the co-lo host provider, they will reboot and or do other tasks to your server for additional fees. If you can't get remote access to the server, you will need to work with them to help with this task.
Reply

Use magic Report

You have to log in before you can reply Login | Register

Archive| Apple Phoon

2021-04-18 05:46 GMT-8 , Processed in 0.075312 sec., 27 queries .

Powered by Discuz! 7.2

Release 20121101, © 2001-2021

To Top