Minimalist’s guide to NetBoot

I recall my fourth grade teacher giving a lesson on issuing directions. He asked every student to write down, with exacting detail, the steps involved in making a peanut butter and jelly sandwich. Then he gathered all the ingredients and attempted to execute the directions. Of all the kids in the class, I came closest to directing him towards making an edible sandwich… but unfortunately I forgot to instruct him to remove the second piece of bread from the bag. The result was as you’d expect: he smeared the PB&J onto the slice of bread while it was still in the bag, going forward as if nothing was wrong. Hilarious at the time, but the point was made.

Turns out that lesson had an application that neither I nor the teacher realized at the time: as a metaphor for various types of programming, and computers in general; the most literal embodiment of “do what I say, not what I mean”. Many of my classmates might have gotten farther had they remembered to include their dependencies in the beginning (you can’t apply jelly if you don’t get jelly first).

And so it was with configuring a generic NetBoot server. There are many ‘NetBoot from a Linux box’ type documents out there, but it seems they all fail to mention at least one key thing you wouldn’t know if you didn’t have a machine running OS X Server to refer to. It was for that reason that I’d been shying away from configuring NetBoot on my network for quite some time.

Recently I came upon a situation where I needed to image a bunch of Macs in a hurry, and NetBoot was the only tool for the job. So I waded through the myriad of tools and documentation, and whittled it all down to the few steps below. Turns out it’s not so bad once you dig down to the right details.

All the most crucial, NetBoot-specific details are outlined below… no bells and whistles, just the things you need to get a Mac booting from your *NIX box. If you’re comfortable with the process of using PXE to feed bootloaders and kernels to PCs (as I am), you’ll have no problem getting NetBoot to work. If not, just follow the directions carefully.

 

tl;dr – There’s no magic in OS X Server that makes NetBoot work… just incorporate the config snippets below and you’re golden.

 

What you’ll need:

  • A DHCP server. I used ISC dhcpd; if you prefere something else, chances are you’ll be able to translate.
  • A TFTP server. From what I can tell, any one will do.
  • An NFS server. Again, nothing fancy is required. (HTTP can also be used, but isn’t covered here)
  • Mac OS X install media. I chose to use the DVD for 10.5, since it supports booting both PowerPC and Intel Macs.
  • Server Admin Tools. Freely available from Apple’s website – download the version which matches your install media (above).
  • A Mac. Used to gather the needed pieces and create images. (In the future I’d like to reverse-engineer the process, thus eliminating the need for a running Mac and make the process more flexible)

How to do it:

I’ll spare you all the details of prepping your *NIX box and installing the services above. You’re no idiot, and chances are you’re already running most of them anyways. The idea here is to integrate NetBoot into your (most likely) existing network, so we won’t waste time reinventing the wheel.

Make the NetBoot set. Download and install the Server Admin Tools. Once that’s done, look inside Applications -> Server for the System Image Utility. Mount your OS X install media, and run the utility.

Once the utility starts, you’re just a few clicks away from creating a NetBoot set – which will include the bootloader, kernel, driver cache, and disk image you need to boot a Mac over the network. So get clicking!

After a while, you’ll be left with a directory like this:

In my case, there’s one disk image and two sets of bootloader/kernel/drivers – one for PowerPC, and one for Intel. There’s also an XML property list, which I assume would provide the set description that an OS X Server would expect to find. (Since we have no such thing, this file is useless and can be ignored.)

TFTP prep. The contents of the “i386″ and/or “ppc” folders are retrieved by the Mac via TFTP. I made a folder called “mac” within my TFTP root, then placed the “i386″ and “ppc” folders within it. Make sure the permissions are correct, and you’re good to go.

NFS prep. Once the Mac has its bootloader, kernel, and drivers, it’s going to need to mount the disk image and finish booting from it. This image can be accessed via NFS – so we’ll make an NFS share and place the image within it. Edit your /etc/exports to add a line like this:

/export/nbi 10.22.0.0/24(async,ro,no_root_squash,insecure,no_subtree_check)

In my case, I wanted to limit access to just the local network. You can adjust yours to your liking.

Needless to say, this directory should contain the disk image (“NetInstall.dmg” in this example), and both it and its contents should be world readable.

DHCP changes. Below you’ll find the relevant portions of my dhcpd.conf – look it over, and modify yours as such.

ignore client-updates;
allow booting;
authoritative;

class "AppleNBI-i386" {
match if substring (option vendor-class-identifier, 0, 14) = "AAPLBSDPC/i386";
option dhcp-parameter-request-list 1,3,17,43,60;
if (option dhcp-message-type = 1) { option vendor-class-identifier "AAPLBSDPC/i386"; }
if (option dhcp-message-type = 1) { option vendor-encapsulated-options 08:04:81:00:00:67; }
filename "mac/i386/booter";
option root-path "nfs:10.22.0.2:/export/nbi:NetInstall.dmg";
}

class "AppleNBI-ppc" {
match if substring (option vendor-class-identifier, 0, 13) = "AAPLBSDPC/ppc";
option dhcp-parameter-request-list 1,3,6,12,15,17,43,53,54,60;
option vendor-class-identifier "AAPLBSDPC";
if (option dhcp-message-type = 1) { option vendor-encapsulated-options 08:04:81:00:00:09; }
elsif (option dhcp-message-type = 8) { option vendor-encapsulated-options 01:01:02:08:04:81:00:00:09; }
else { option vendor-encapsulated-options 00:01:02:03:04:05:06:07; }
filename "mac/ppc/booter";
option root-path "nfs:10.22.0.2:/export/nbi:NetInstall.dmg";
}

Be sure to change the “filename” and “root-path” lines to reflect your configuration.

Ready to run. Once you’ve got everything set, plug a Mac into the network (NetBoot doesn’t work over AirPort for obvious reasons) and turn it on while holding the “N” key. If all goes well, it’ll boot. If not, double-check your configuration. You may also want to hold down Command-V while booting – if the issues are occurring after the kernel is loaded, you’ll be able to see the machine’s console output and possibly diagnose the problem.