Creating a Modular System Image
The workflow for creating a modular system image suitable for deployment is a bit more involved than what is needed to create a cloned system image. However, as you’ll see, this technique yields cleaner system images and an easier upgrade path and is easy to automate.
About Modular System Images
A modular system image is a disk image that uses installation packages for every item and setting in the configuration to create a fully customized Mac OS X system. That is, instead of installing the operating system and all your custom software and configurations to a booted Mac system, you install these items directly to a disk image.
The use of installation packages for every item and setting in your system configuration results in a truly modular system image creation workflow. The only requirement is a base system image with an installation of Mac OS X. After that you can add as many more installation packages as you want to your system image. This allows you to easily create multiple system images by simply adjusting the number of installation packages applied to the image during the creation process. Further, updates and configuration changes are easily handled by adding installation packages to your creation workflow.
The workflow to create a modular system image can be divided into two stages, each with several steps. In the first stage, the preparation stage, you collect or create the installation packages that you will use to build your modular system image. There is no particular order or even an end point to this stage as you will continue to add installation packages as your needs change and as your software needs updating. Most of your time will be spent in this stage locating or creating the appropriate installation package modules.
Modular System Image Preparation Stage
- Prepare the Mac OS X v10.5 system installation.
- Locate or create additional software installations and update installations.
- Create custom installation packages that will apply configuration settings.
In the second stage, the build stage, you actually create the system image using the installation packages you prepared during the first stage. The build stage is a linear process that, in practice, is almost always automated.
Modular System Image Build Stage
- Create a blank sparse image and install Mac OS X v10.5 to the image volume, thus creating a base system image.
- Install Mac OS X system software updates to the system image volume.
- Install additional software, software updates, and any other custom installation packages to the system image volume.
- Copy the sparse system image to a read-only (optionally compressed) system image.
- Prepare the read-only system image for deployment.
To build a modular system image, all you need is one Mac OS X v10.5 system with access to enough storage space to contain all your installation packages and disk image files.
Nevertheless, the use of a separate scratch drive will speed up the modular system image creation process. In this scenario, your installation packages are stored on your primary drive, and during the build process you install to a sparse image on the scratch drive. Once the installations are complete, you create a read-only copy of the sparse system image on the primary drive. This additional workflow ensures that one drive is always reading while the other drive is writing, thus maximizing drive bandwidth and reducing build time.
Preparing for a Modular System Image
You first need to prepare a collection of installation packages that includes the Mac OS X v10.5 installation, any software updates, any additional software, and any custom configuration installation packages.
Preparing the Mac OS X v10.5 Installation
All system images must include an installation of Mac OS X v10.5. However, by default, the Mac OS X v10.5 installation process isn’t conducive to the modular system image workflow. For starters, the Mac OS X installation usually resides on inconvenient media: an optical disc. You will need more frequent access to this installer, so you create a disk image of the Mac OS X Install DVD or the Mac OS X Server Install Disc.
As you learned in Chapter 2, “Deploying Individual Items and Containers,” it’s fairly easy to create a disk image using the contents of a folder or volume. In the graphical interface, you can use the Disk Image application, or at the command line you can use the hdiutil command.
Another problem with the Mac OS X v10.5 installation process is that the Easy Install option usually installs several gigabytes worth of additional items that are not needed in your system image. If you do not want to install these additional items to your modular system image, you will need to prepare an installation choices file. This is a simple XML formatted text file that will be used to instruct the installer command to install only selected items from the full Mac OS X v10.5 installation metapackage.
The XML structure of the installation choices file is an array, or list, of installation choice identifier strings. To reveal the installation choice identifier strings of an installation package, use the installer command. The syntax to show the installation choices of an installation package is installer -showChoicesXML -pkg followed by the path to the installation package.
In the following example, Michelle reveals the installation choices for the main Mac OS X v10.5 installation metapackage. To save space here, much of the output was truncated, but as you can see, the choice identifier string will always be listed near the choice title, which is what you would see in the Installer application.
MyMac:~ michelle$ installer -showChoicesXML -pkg /Volumes/Mac\ OS\ X\ InstallDVD/System/Installation/Packages/OSInstall.mpkg ... <key>choiceIdentifier</key> <string>LanguageTranslations</string> ... <key>choiceTitle</key> <string>Language Translations</string>
Once you know the identifier strings of the installation choices, you can create your installation choices file. Each identifier string listed in this file is equivalent to a user clicking that choice’s checkbox in the Installer application’s user interface. For instance, if an item is selected by default for installation, listing that item’s identifier string once in the installation choices file will deselect that item for installation. To disable a mixed-state item, indicated by a dash, you would need to list the choice identifier string twice, because you would have to click twice in the Installer application to disable that choice.
You can use any text editor you like to create the installation choices file, but you must follow the XML structure, and you should name the file something appropriate like InstallationChoices.xml.
The following is sample text from an installation choices file that will disable every optional installation that’s part of the standard Mac OS X v10.5 installation metapackage.
<array> <string>PrinterDriversGroup</string> <string>AdditionalFonts</string> <string>LanguageTranslations</string> <string>X11</string> </array>
Preparing Additional Software and Updates
Preparing additional software and updates can be easy or difficult depending on what additional items your modular system image requires. The key is that all additional items must be added to your modular system image through an installation package. All Apple software and many third-party items are distributed this way, so preparing these items is as simple as collecting all the necessary installers in a convenient location on your build system.
However, third-party items distributed using simple file containers or non-Apple installers will need to be repackaged inside a custom-built installation package, as outlined in Chapter 3, “Deploying with Installation Packages.” The Mac OS X v10.5 PackageMaker snapshot technology can help you repackage third-party items.
You can use your build system to create these installation packages, but a better option is to use a second dedicated “clean” system for building and testing your custom installation packages. During the testing process, you will undoubtedly come across installation packages that don’t deploy as expected. Use the techniques covered in the “Deploying and Maintaining Installation Packages” section of Chapter 3 to inspect and troubleshoot problem installation packages.
Creating Configuration Installation Packages
For most administrators the process of creating configuration installation packages is the most difficult and time-consuming step of the entire modular system image workflow. Essentially, you have to research and develop a payload or script to be built into an installation package, which performs all the custom configurations, including configuring system settings, creating users, and configuring any user-specific settings, that you would normally do manually to a model system.
It’s possible to set any Mac OS X configuration by using the appropriate command or by replacing the appropriate file as illustrated earlier in the “Customizing the Model System” section of this chapter. Nearly all the customizations presented earlier can be easily automated and made part of an installation package. Exploring all the possible configuration options that can be automated is beyond the scope of this text, but the following references (all from Peachpit) should get you started:
UNIX For Mac OS X 10.4 Tiger: Visual QuickPro Guide, 2nd Edition—This guide serves as a great command-line and scripting primer.
Apple Training Series: Mac OS X Directory Services v10.—This is a comprehensive guide to both local and network directory services and user accounts in general.
Apple Training Series: Mac OS X Advanced System Administration v10.5—This is a general guide to advanced Mac OS X and Mac OS X Server configuration.
Building a Modular System Image
Once you have collected or created all your installation packages, it’s time to build the modular system image. To give you a full understanding of the modular system image build process, this section will guide you through all the steps to manually build a modular system image. However, if you want to take the easier, automated route, look no further than the third-party InstaDMG tool that this process is based on.
To build a modular system image:
- At the command line, use the hdiutil command to create a sparse disk image that will act as the build destination for your modular system image.
This image needs to be formatted with a Mac OS X Extended Journaled volume large enough to contain your entire system deployment. Remember, this is a sparse disk image, so it will only occupy as much space as the contents of the volume require.
In the following example, Michelle first uses hdiutil create to create a sparse disk image that can expand to 300 gigabytes. The name and format of the volume are immaterial at this point because you will have to reformat the volume in the next step to appease the installation process. The disk image file itself will be created on her desktop and is named modimage.sparseimage. She then uses the hdiutil command to mount the disk image volume.
MyMac:~ michelle$ hdiutil create -size 300g -type SPARSE -fs HFS+J Desktop/modimage.sparseimage created: /Users/michelle/Desktop/modimage.sparseimage MyMac:~ michelle$ hdiutil attach Desktop/modimage.sparseimage /dev/disk1 GUID_partition_scheme /dev/disk1s1 EFI /dev/disk1s2 Apple_HFS /Volumes/untitled
Note that the file-system mount point, /dev/disk1 in this example, is not the same as the volume name, untitled. The system mount point is chosen based on the order in which an item was mounted since system boot, so it could be different every time. This file-system mount point will be used in the next step.
- With the modular disk image volume still mounted, use the diskutil command to reformat that volume. This step is necessary to name the volume and to format the partition scheme so the Mac
OS X installation process thinks it’s a bootable destination.
In the following example, Michelle uses diskutil eraseDisk to properly reformat the modular disk image volume. Notice that she has to specify the volume format in quotes, then the new name of the volume (PretendcoHD in this example), then the partition format, and finally the file-system mount point of the modular disk image volume. The file-system mount point of your modular disk image volume may be different from the one shown by the hdiutil command in the last step when you mounted the volume.
MyMac:~ michelle$ diskutil eraseDisk "Journaled HFS+" PretendcoHD GPTFormat /dev/disk1 Started erase on disk disk1 Creating partition map Formatting disk1s2 as Mac OS Extended (Journaled) with name PretendcoHD [ + 0%..10%..20%..30%..40%..50%..60%..70%..80%..90%..100% ] Finished erase on disk disk1 Finished partitioning on disk disk1
- Use the hdiutil command to mount the disk image you created earlier of the Mac OS X install media.
In the following example, Michelle uses hdiutil attach to mount the Mac10.5Install.dmg disk image file in the ModularItems folder on her desktop.
MyMac:~ michelle$ hdiutil attach Desktop/ModularItems/Mac10.5Install.dmg Checksumming whole disk (Apple_HFS : 0)... .................................................................. whole disk (Apple_HFS : 0): verified CRC32 $24B0A354 verified CRC32 $226663A2 /dev/disk2 /Volumes/Mac OS X Install DVD
- Use the installer command to install the Mac OS X system software to the modular build image volume. The Mac OS X installation metapackage
is buried deep inside the Mac OS X Install volume, but it’s shown in the example here. By default, the installer command will install all items of the selected installation package. If you want to limit which items are installed, you’ll
need to specify an installation choices XML file that you created previously.
In the following example, Michelle uses the installer command to install the Mac OS X system software in the modular build disk image volume PretendcoHD. As you can see, she must run the installation with root access. She also chooses to specify an installation choices XML file to limit the items that will be installed, and at the end she specifies an installation language and verbose logging so she can watch the process in detail.
MyMac:~ michelle$ sudo installer -applyChoiceChangesXML "Desktop/ModularItems/ InstallationChoices.xml" -pkg "/Volumes/Mac OS X Install DVD/System/Installation/ Packages/OSInstall.mpkg" -target "/Volumes/PretendcoHD" -lang en -verbose ... installer: The software was successfully installed..... installer: The install was successful.
- Use the installer command to install all the necessary Apple software updates.
You will probably need to run multiple installations to install all the necessary updates. You must install the Apple software updates in an appropriate order. For example, you should always install the latest system combo update first before any newer updates. In addition, you should check the Apple Downloads webpage for other, version-dependent updates that must be installed before yours (http://www.apple.com/downloads/macosx/apple/).
In the following example, Michelle uses the installer command to install the Mac OS X 10.5.2 Combo updater to the modular build disk image volume PretendcoHD. Although she still has to run the command with root access, she does not have to specify any more variables besides the source installation package and the target volume.
MyMac:~ michelle$ sudo installer -pkg Desktop/ModularItems/MacOSXUpdCombo10.5.2.pkg -target /Volumes/PretendcoHD -verbose ... installer: The software was successfully installed..... installer: The install was successful.
- After all your Apple updates are installed, you can optionally choose to archive a base system image. Then, in addition to
being up-to-date, the system image you have just created will be a clean installed version of Mac OS X that could be used
as the future starting point for other disk images.
If this is something you want, eject the modular disk image volume using hdiutil eject, and then make a copy of the disk image file. Keep the copy archived until your next modular system build, and you can skip the first four steps of the build process.
- Continue the build process by using the installer command to install all your third-party or custom installation packages. Keep in mind that these packages may need to be
installed in a certain order. Also note that all the installation choices inside installation metapackages can be individually
selected by implementing an installation choices XML document similar to the one used for the main Mac OS X v10.5 installer.
Use the same simple installation process that you used to install the Apple system updates. In the following example, Michelle uses the installer command to install a custom package. Using the verbose flag here is especially wise because this is where you will probably start running into your first installation packages bugs.
MyMac:~ michelle$ sudo installer -pkg Desktop/ModularItems/AdminDeployment.mpkg -target /Volumes/PretendcoHD -verbose ... installer: The software was successfully installed..... installer: The install was successful.
- After you have performed all the intended installations for you modular disk image, copy the final modular system volume to
a new read-only (optionally compressed) disk image to get it ready for deployment.
In the following example, Michelle uses hdiutil create to create a read-only compressed disk image from the contents of the modular disk image volume. Notice she is copying from one drive to another to reduce the amount of time this process can take.
MyMac:~ michelle$ sudo hdiutil create -format UDZO -srcfolder /Volumes/PretendcoHD /Volumes/Storage/ModularSystem.dmg Password: .. created: /Volumes/Storage/ModularSystem.dmg
- Scan the read-only modular system image just as you did to prepare the cloned system image earlier in this chapter. In fact,
you have to perform an image scan on any system disk image that you intend to deploy.
In this example Michelle uses asr imagescan to prepare the ModularSystem.dmg disk image for deployment.
MyMac:~ michelle$ sudo asr imagescan -source /Volumes/Storage/ModularSystem.dmg Password: Block checksum: ....10....20....30....40....50....60....70....80....90....100 asr: successfully scanned image "/Volumes/Storage/ModularSystem.dmg"
Updating a Modular System Image
Now you’ll see where using the modular system workflow really pays off. To update your image, simply add new or updated installation packages and build a new image using the steps in the preceding task. This new image will be exactly the same as the previous system image for the items that you have not updated or changed. Thus, updating a modular system image generally requires much less testing than updating a cloned system image.
Further, because in this workflow all your additions and updates take the form of installation packages, you can easily update systems that are already deployed. Using a tool such as Apple Remote Desktop 3 you can distribute these new installation packages to your deployed systems. Once updated, your deployed systems should have nearly the same system configuration as your new modular system image.