Admin the Mac: Making a NetBoot Server
(I just uploaded a test copy of a script for 10.6. Please let me know if it works!)
NetBooting can be an extremely useful tool for imaging your Macs. Unfortunately, it’s only officially supported in the server editions of OS X. And, considering we only manage six or seven laptops right now, we can’t justify the $500 price tag. Fortunately for us, all of the functionality is still in the regular version of OS X, we just have to make it work.
If you’re reading this article, you probably already have an idea of what NetBoot is. Simply, NetBoot allows your Mac to boot over the network, from an external image stored elsewhere. While this technology certainly has other uses, it’s quite useful for imaging machines because it frees up the internal harddrive to be written to/from, without having to either boot the machine into Target mode or otherwise physically move the machine.
Normally, all of the configuration needed to get NetBoot going smoothly is taken care of by the Server. I’m sure there’s more to it, but I just like to imagine a nice button that says “Enable NetBoot” right there in System Preferences. If you’re using the client version of OS X, it’s a little trickier; we’ve got files and folders to make, services to start and configure.
I’ve included two shell scripts that will setup your machine more or less effortlessly, but I’m going to take the rest of this article to outline what’s being done (thanks to Adam Knight at Mac Geekery, as well as Armagon, who wrote the 10.5 script).
As with anything you download from the internet, be careful with these scripts. I’ve tested them both and they work to my knowledge, but they are provided free and as-is. If you experience any trouble with them (or even if you don’t), let me know:
netboot 10.6 script (This is just a test script right now. It should work, let me know)
To run these scripts, first make sure they’re executable:
From Terminal, CD to the directory you’ve saved the script to, and type chmod 777 netboot105.sh (or netboot104.sh)
Next, you need to run the script as root:
sudo ./netboot105.sh
And then the script should execute.
Testing your NetBoot Setup
Once you’ve run the script, you need to create a NetBoot image to test it with. The easiest way (especially if you plan on using it for imaging) would be to download DeployStudio, and follow the instructions on making a netboot image. You can also create one from a bootable disk (like your OS X install disk). This image, if it’s not already there, belongs in /Library/NetBoot/NetBootSP0.
Now go to a computer on the same subnet as your NetBoot machine (we’ll call this one the Client). Open up System Preferences, and choose Startup Disk. In place of the Network Startup icon should be the name of your NetBoot image. Back on your NetBoot machine, open up the Console, and select system.log, you should have something like this it:
bootpd[379]: re-reading /etc/bootptab bootpd[379]: Loaded 0 entries from bootptab (0 bad) bootpd[379]: server name Mothra.local bootpd[379]: interface en0: ip 192.168.1.100 mask 255.255.255.0 bootpd[379]: bsdpd: re-reading configuration bootpd[379]: bsdpd: shadow file size will be set to 48 megabytes bootpd[379]: bsdpd: age time 00:15:00 bootpd[379]: BSDP INFORM [en0] 1,0:16:cb:9c:a4:a NetBoot003 arch=i386 sysid=MacBookPro1,1 bootpd[379]: NetBoot: [1,0:16:cb:9c:a4:a] BSDP ACK[LIST] sent 192.168.1.108 pktsize 300 bootpd[379]: DHCP INFORM [en0]: 1,0:16:cb:9c:a4:a bootpd[379]: ACK sent 192.168.1.108 pktsize 300 bootpd[379]: BSDP INFORM [en0] 1,0:16:cb:9c:a4:a NetBoot003 arch=i386 sysid=MacBookPro1,1 bootpd[379]: NetBoot: [1,0:16:cb:9c:a4:a] BSDP ACK[LIST] sent 192.168.1.108 pktsize 300 bootpd[379]: DHCP INFORM [en0]: 1,0:16:cb:9c:a4:a bootpd[379]: ACK sent 192.168.1.108 pktsize 300
The logs in this article are taken from a Leopard machine, but they should be extremely similar on Tiger. If you’re not getting this, first rule out dumb things like cable/network problems before you begin digging through help pages (it’s happened to me). Like I said earlier, if you run into problems because of these scripts, let me know, and I’ll try to help.
So assuming you’ve come this far with no problems, the next test is to try to actually boot the machine. On the client machine, select your NetBoot image, and press Restart (alternatively, just restart the computer and hold N while it boots). You should then see a big gray globe instead of the normal Apple logo. Back at your NetBoot machine, your console should read a repeat of above followed by:
tftpd[403]: adding RRQ to cache: 192.168.1.108,/private/tftpboot/NetBoot/NetBootSP0/ NetRestore Test.nbi/i386/booter tftpd[405]: adding RRQ to cache: 192.168.1.108,/private/tftpboot/NetBoot/NetBootSP0/ NetRestore Test.nbi/i386/booter tftpd[407]: adding RRQ to cache: 192.168.1.108,/private/tftpboot/NetBoot/NetBootSP0/ NetRestore Test.nbi/i386/mach.macosx tftpd[409]: adding RRQ to cache: 192.168.1.108,/private/tftpboot/NetBoot/NetBootSP0/ NetRestore Test.nbi/i386/mach.macosx tftpd[411]: adding RRQ to cache: 192.168.1.108,/private/tftpboot/NetBoot/NetBootSP0/ NetRestore Test.nbi/i386/mach.macosx.mkext tftpd[413]: adding RRQ to cache: 192.168.1.108,/private/tftpboot/NetBoot/NetBootSP0/ NetRestore Test.nbi/i386/mach.macosx.mkext
If you get something like this interspersed through your log:
Jan 14 13:04:58 Mothra com.apple.launchd[1] (com.apple.tftpd[413]): Stray process with PGID equal to this dead job: PID 414 PPID 1 tftpd+
it’s probably okay. From what I’ve seen, it’s mostly harmless. If you can still netboot fine, then it’s probably not worth trying to fix. At this point, your client machine should be booted into your netboot image.
Boring details about NetBoot
NetBoot uses a combination of different protocols (NFS, TFTP, DHCP, and BSDP) to get the job done. I don’t want to go into gross detail because, frankly, it’s kind of boring and unnecessary. If you want a really good look at what’s going on, Mike Bombich has written a good article.
The beginning of the NetBoot processs is a series of DHCP and BSDP calls. The client finds the NetBoot server, and they exchange information. Once the server knows what architecture the client is (i386 or ppc) and what image it wants, it begins transfering the necessary files over TFTP. It sends the booter, followed by mach.macosx, followed by mach.macosx.mkext. These files take care of booting the basic OS X kernel. You can verify these are being transfered by the system log (see the above tftp log). From here, the machine mounts your netboot image via NFS, and finishes the boot process.
BSDP (Boot Service Discovery Protocol) relies on the .clients and .sharepoint files (located in /Library/NetBoot) to know where to find NetBootSP0 and NetBootClients0. Since these folders aren’t hard-coded, you could really put your NetBoot images anywhere; you just have to make .sharepoint point to the right folder. A few other options must be enabled so bootpd knows it’s supposed to be netbooting. In Tiger, this is all taken care of under NetInfo Manager, but in Leopard, this is handled by the file /etc/bootpd.plist.
TFTP (Trivial FTP) only seems to need one file, /private/tftpboot/NetBoot, to do what it needs. This file is a symlink, like .clients or .sharepoint, and it points to /Library/NetBoot.
NFS (Network File System) needs to know what folders it’s sharing, and what permissions to give these folders. In our case, it needs to export /Library/NetBoot/NetBootSP0 with read-only capabilities. In Tiger, this is tied (like BSDP) to NetInfo Manager. However, in Leopard, it uses an exports file (/etc/exports), which seems to be more like how the rest of the Unix world works.
And that’s the basics of NetBooting.
Resources
Mike Bombich: Troubleshooting the Netboot Process
Mac Geekery: Make any Mac a NetBoot Server
(title image courtesy of Beho, of Stock.xchng)
Posted in 
Tags: 
I’m obviously being dim here, but attempting to run the script [after figuring out how to get in in the Scripts dropdown menu] gives a permissions error.
Details, perhaps? I often find that being told how to do something helps. Or as my old physics teacher used to advise ‘never be afraid to state the overwhelmingly obvious’.
and, thanks for putting the work in
You have to run the script as root, otherwise it’ll give you a permission error.
Here’s how to run the script:/Desktop.
Download the script to your desktop
Open Finder, go to Applications, and go to Utlities. Open up Terminal. type “cd Desktop” this changes your directory to ~
Then you need to set the script so you can execute it. type “chmod 777 netboot105.sh” (or netboot104.sh if you’re using tiger). chmod changes the read/write/execute permissions.
Next, type “sudo ./netboot105.sh”
the sudo command runs the next command as administrator. You’ll probably be promted for a password.
Thanks for pointing this out, I totally forgot about these issues.
This seems like a good enough tutorial, however I cannot get it to work. I ran the script for Leopard, and I didn’t get any errors. Internet sharing is turned off, I added the folders to Shared Folders, everything is plugged in right, and the computers are on the same subnet. I go into Startup Disk but where it should be saying the name of the server it just says Network Startup and the icon is a globe with a question mark.
Please help, I plan on deploying images for 60+ Macs in the near future.
Are you getting anything in your system log on the NetBoot machine when you try this? It sounds like everything should be set up correctly (but clearly, it’s not).
Also, double check that the bootps service is started, and that the /etc/bootpd.plist file exists and is filled out.
In the console i don’t get the same massages as you posted. I know it must be something I did wrong but I am not sure what to try. Any help would be appreciated.
heres what i did get;
7/31/09 12:24:10 PM com.apple.launchd[1] (com.apple.InternetSharing) Throttling respawn: Will start in 10 seconds
7/31/09 12:24:28 PM com.apple.service_helper[376] bind(): Address already in use
7/31/09 12:24:28 PM com.apple.service_helper[376] com.apple.tftpd: Already loaded
7/31/09 12:24:28 PM com.apple.service_helper[376] com.apple.bootpd: Already loaded
7/31/09 12:29:55 PM com.apple.service_helper[424] bind(): Address already in use
7/31/09 12:29:55 PM com.apple.service_helper[424] com.apple.tftpd: Already loaded
7/31/09 12:29:55 PM com.apple.service_helper[424] com.apple.bootpd: Already loaded
Well, Billy,
It looks like you have internet sharing on. You need to turn it off. Go to System Preferences > Sharing. Make sure that Internet Sharing is off; it shouldn’t have a checkmark next to it. If that doesn’t fix it, try re-running the script again, just in case.
Thanks Michael for the great script, even though it doesn’t work for me.
I ran it under 10.6 with Internet Sharing off, it always log out the same thing as Billy’s case:
… com.apple.service_helper[9801]: bind(): Address already in use
… com.apple.service_helper[9801]: com.apple.tftpd: Already loaded
… com.apple.service_helper[9801]: bind(): Address already in use
… com.apple.service_helper[9801]: com.apple.bootpd: Already loaded
Any idea? Thanks a lot!
Hi,
in my system.log, i have this :
bsdpd : settings permissions on ‘/Library/NetBoot/ /Library/NetBoot/NetBootSP0/’ failed : no such file or directory.
do you think its could be a problem of right on this folder ?
Thanks
Diggy
It sounds like the script didn’t execute properly. Did you run the script as root?
Try creating the folders by hand (these need to be run as root):
mkdir -p /Library/NetBoot/NetBootSP0
mkdir /Library/NetBoot/NetBootClients0
chown root:admin /Library/NetBoot/NetBoot*
chmod 775 /Library/NetBoot/NetBoot*
And then you might want to re-run the script.
Hi,
thanks for the great work!
Anyone tried to setup NetBoot using Snow Leopard Client? The script for 10.5 executes for me. But a bootup fails with a flashing globe..
Did any of the involved services change? Is a different setup needed?
Thanks
maccie
I have tried setting this up for 10.6 client as well but am unable to get machines to netboot from it. they see the server and the published nbi but fail to complete the netboot…
I don’t have 10.6 yet. The machine I do most of my Mac work on is a G4, so I don’t think I can install Snow Leopard on it if I wanted.
Trying to get this to work on Snow Leopard also. The client computers see the server, but they won’t netboot. Keep getting stuck at the flashing globe.
Anyone resolved this yet? I can provide logs if helpful.
I think I might have discovered a small issue with the tftp server in Snow Leopard.
When testing in Terminal, it seems the tftp server defaults to the admin’s home directory, not the root level of the hard drive. When trying to download any file from that location, I receive an error “Error code 512: Access violation”, even though the file has full read/write for all users.
Anyone have suggestions? This would completely explain the lack of Netboot functionality, as the client computers would be unable to download the booter file to begin the process.
Woot! Got it working on 10.6.2 client… I need to test the full workflow real quick again to make sure that the script is working. I’ll post once I’m finished…
Hi Michael
I was very happy with the idea to create on my macbook pro a netoot server (can make life easier for me )
on tiger it work however on snow leopard using 10.5 script it d’ont function terminal is giving me this message errors
“This command still works, but it is deprecated. Please use launchctl(8) instead.”
i guess it related to this line ” ln -s /Library/NetBoot /private/tftpboot/NetBoot
service tftp start ”
A netboot 10.6 script will be more then welcome
Ariel From Paris France and thank you again
I’m installing 10.6 on a machine this week, so I should be able to get a script up and running soon.
Ariel, it’s probably the “service tftp start” that’s been deprecated.
I got this to work on 10.6.
I’m not sure what one particular thing I did worked but here’s a list.
I used the 10.5 script. Created netboot stuff with Deploystudio.
Share the Library Folders accordingly.
Disable Back to My Mac or anything like that.
I also edited the plist file for the TFTP at /System/Library/LaunchDaemons/tftp.plist
Where it read /private/TFTP, I made that just /
Rebooted and it worked.
Hope the helps people. Great script otherwise, Has saved me a heap of time :-)
Did anyone create a new script for 10.6 to setup Netboot services? I’ve looked at the scripts and the bootpd servce had been depreciated as well so it didn’t work with any of the info I got from the responses. I’d appreciate it if someone much smarter than me with this stuff could modify a script for 10.6.
I can verify this works on 10.6 with the instructions give by Paul Devitt. This is a great script and has helped me streamline my imaging process
Wow, so when I said “this week” I meant, “I’m going to spend two months trying to work around everyone using the only Intel Mac that we have and install Snow Leopard on an external drive.”
I’m currently working on putting together a 10.6 script. I’ll try to keep you guys updated on this.
Alright, I have a test 10.6 script up. It overwrites tftp.plist, removing the -s option (which changes root to the given path), so you don’t need to change /private/tftp to /.
Also uses launchctl instead of service to start services.
I probably won’t get the chance to move this machine over to my testing area until Friday, so let me know if it works!
It owrks untill i see the first log..after that the client mac wont boot from it is there anything i should do…
I installed it on imacg3 mac osX Tiger on it, to netboot an imacg5 ppc
Thanks for your work on this Michael. I had pretty much the same thing on my script, except I ran the changes for tftp.plist through PlistBuddy…
# Fix tftp.plist for Snow Leopard
# Converted the tftp.plist from binary to xml so I could peek at it with PlistEdit Pro
plutil -convert xml1 /System/Library/LaunchDaemons/tftp.plist
#Ensures tfptd is not disabled and sets server to start in insecure mode
/usr/libexec/PlistBuddy -c “set :Disabled false” /System/Library/LaunchDaemons/tftp.plist
/usr/libexec/PlistBuddy -c “set :ProgramArguments:1 -i” /System/Library/LaunchDaemons/tftp.plist
everything else was the same…
;-)
spike:
how do i modify the tftp.plist to incorporate those lines you mentioned ? could you post an example?
Spike: plist files are just xml files; they should be readable.
I’m testing this all out right now, and so far, other than not setting Disable to false in bootpd.plist the script seems to work, except…
I get right to here:
tftpd[403]: adding RRQ to cache: 192.168.1.108,/private/tftpboot/NetBoot/NetBootSP0/
NetRestore Test.nbi/i386/booter
tftpd[405]: adding RRQ to cache: 192.168.1.108,/private/tftpboot/NetBoot/NetBootSP0/
NetRestore Test.nbi/i386/booter
tftpd[407]: adding RRQ to cache: 192.168.1.108,/private/tftpboot/NetBoot/NetBootSP0/
NetRestore Test.nbi/i386/mach.macosx
tftpd[409]: adding RRQ to cache: 192.168.1.108,/private/tftpboot/NetBoot/NetBootSP0/
NetRestore Test.nbi/i386/mach.macosx
and then I lose my IP address, and the server self-assigns. Obviously this means that the client machine can’t talk to the server anymore. The only way I can manage to fix this is by restarting the machine.
Any ideas?
Thanks a ton for the great script. But probably you have put the 10.6 script in your Univ repo and its forbidden to public.
Yikes! Thanks for pointing that out.
I don’t know what’s going on, but I can’t hit my public_html folder anymore -_-
First: Spike you’re right, they are written in binary. That’s very strange that they would bother making something that would otherwise be text-readable not…
Anyway, fixed the issue of bootpd still being disabled in 10.6
(added “defaults /System/Library/LaunchDaemons/bootps write Disabled 0″)
Let me know if it works!
Hi,
Tried this on 10.6 and the clients can see the image but kernal panic when trying to boot from it.
How can I disable this also as I don’t always want it on?
Are you sure that the netboot image you’re using works under normal conditions (like on 10.5?) If you make a netboot image from a 10.6 machine, it doesn’t include any PPC components, which can be a problem.
You can disable it by running
defaults write /System/Library/LaunchDaemons/bootps Disabled 1
from terminal. You may need to reboot or manually turn bootps off.
The boot image works (well I’m almost certain it does as it boots a machine fine from an external disk).
I have the added problem now that after I restarted my machine after playing around with things that I can’t now even get the computers to detect the netboot as an option.
I havent disabled it yet and have gone through all the steps I did from the beginning. I have also installed tftpServer to see if that helped me get a handle on things but hasn’t.
I have checked in activity monitor and bootpd is running.
Any ideas on what else I can check.
Thanks for the help.
Hi I have the netboot service up and running again but still every image I make kernel panic. Any ideas?