“If it ain’t broke, don’t fix it.” But not all things have to be broken to know they could be better …
In a spree of watching past Mac Admin presentations from various conferences not too long ago, I learned about BSDPY: a replacement to the one thing that many environments loath having to have run on Mac hardware in production – a NetBoot server. A Mac NetBoot server allows IT administrators to run a fully-functional Mac operating system on a Mac from over the network. This is frequently used for imaging Macs, as it does not require local storage. Mac NetBoot servers can also be used to deploy network-based macOS installers (NetInstall) as well as run Apple-provided troubleshooting tools with Apple Service Toolkit (AST).
The problem with the macOS NetBoot Server is that it is entirely dependent on Mac hardware running macOS and the macOS Server application. As a result, many environments begrudgingly deploy Mac Minis (or Mac Pros) as servers in production in order to utilize this functionality.
Having personally started down the road of Linux administration, I took it upon myself to move everything currently on our Mac mini – our JSS, file distribution point, and NetBoot server – all to an enterprise-grade server. BSDPY proved easy to get going by comparison once I found the right guide (thanks to @bruienne – who is also the creator of BSDPY – over on the #bspdy MacAdmins Slack channel!) .
See below the jump for how to do this.
Before you read any further, know that you can test BSDPY yourself within a Linux VM! You don’t need a physical box. In fact, it’s a bit easier to build in a VM because VirtualBox can natively mount ISO files, whereas a physical box requires you to make a bootable media from an ISO.
The guide that was recommended to me after I struggled with a different guide can be found here: https://grahamgilbert.com/blog/2015/04/22/getting-started-with-bsdpy-on-docker/
If you happen to prefer CentOS over Ubuntu, there are a couple differences I found following the guide above. To make it easier, I’ve just put all the steps I completed below:
1) Install, enable, and start Docker.
yum install docker
systemctl enable docker
systemctl start docker
2) Install required docker images for BSDPY.
docker pull macadmins/netboot-httpd
docker pull macadmins/tftpd
docker pull bruienne/bsdpy:1.0
- netboot-httpd is what serves the Netboot.dmg files over http
- tftpd is what communicates what NetBoots are available in the Mac’s boot loader
- bsdpy:1.0 is the latest version of BSDPY
3) Make a Netboot storage directory. /nbi is where BSDPY looks by default.
4) Copy your NetBoot set(s) from your existing macOS server to your BSDPY VM or physical box /nbi folder. I ran this from Terminal on our existing macOS Server.
scp -r /Library/NetBoot/NetBootSP0/<nameofNBIfolder>.nbi <yourlinuxuser>@<yourlinuxserver>:/nbi
- If your NetBoot(s) .nbi folder has spaces in it, you’ll need to remove them. BSDPY does not like spaces in the folder name!
- However, you can keep spaces in the NBImageInfo.plist name (this is what will be shown at the Mac’s boot loader screen).
5) Setup the docker containers.
docker run --restart=always -d -v /nbi:/nbi -p 80:80/tcp --name web macadmins/netboot-httpd
docker run --restart=always -d -v /nbi:/nbi -p 69:69/udp --name tftpd macadmins/tftpd
docker run --restart=always -d -v /nbi:/nbi -p 67:67/udp -e BSDPY_IP=<yourlinuxserverip> -e BSDPY_IFACE=eth01 -e BSDPY_NBI_URL=http://<yourlinuxserverip> --name bsdpy bruienne/bsdpy:1.0
6) Add the necessary firewall rules. This assumes you’re using the default “public” zone.
firewall-cmd --zone=public --add-service=http --permanent
firewall-cmd --zone=public --add-port=69/udp --permanent
firewall-cmd --zone=public --add-port=67/udp --permanent
6) Restart the firewall to apply your changes
systemctl restart firewalld
Once restarted you should be able to see and load your NetBoot sets from your Linux server!
Things to Be Aware Of
After building and rebuilding this twice, there are a few things to look out for if you’re having issues getting this working.
- Make sure you’re forwarding the right UDP ports for the tftpd and bsdpy containers. I accidentally flipped them (67 for tftpd and 69 and for bsdpy … oops) and as a result couldn’t see my NetBoots.
- Don’t have spaces in your .nbi folder name. BSDPY doesn’t like spaces!
- You need to set your NetBoots to distribute over HTTP, not NFS. If you’re like me and were previously using NFS for your NetBoots you’ll need to switch to HTTP. As such, you’ll need to either change this setting on your macOS server before you copy to your Linux server, or edit the NBImageInfo.plist on your server once the copy has completed.
- Some changes may require restarting your Docker containers. If you make a change and it doesn’t apply, just restart your containers –
docker restart <containername>.