Providing OS X Upgrades via Casper’s Self Service
To help the folks in my shop keep their Macs updated to the latest version of OS X, I’ve been providing a Self Service-driven OS upgrade option via Casper for the past couple of years. For a high-level overview, here’s how the process looks for El Capitan from my folks’ perspective.
1. Launch Casper’s Self Service application.
2. Locate the El Capitan Upgrade option
3. Click on the Install OS X button.
4. In the next window that pops up, they’re given important information about the OS upgrade and need to click again on the Install OS X button.
If their Mac does not have sufficient free space available available on their boot drive, they receive a warning message and the upgrade process stops at this point.
If their Mac’s boot drive has sufficient free space available, they receive a message that OS X 10.11.x is downloading and preparing for installation. Once all preparations are complete, their Mac will automatically reboot to begin the installation process.
5. Once the Mac reboots, the OS upgrade process runs. Once completed, the Mac reboots.
6. Following the reboot, an automated post-upgrade process runs. This process will update the Mac with all available Apple updates along with applying my shop’s preferred settings for the new version of OS X.
Note: This process may involve several reboots, depending on what Apple updates are needed. Once the post-upgrade process completes, the Mac will reboot again.
7. Following the reboot, the Mac will boot to the login window. At this point, the OS upgrade process has been completed and it is OK to log in and begin working again.
To see how I’ve set up this workflow using Casper and other tools, please see below the jump.
The OS X upgrade method that I’m using leverages createOSXinstallPkg, which is a tool that allows you to create an installer package from Apple’s OS X installers. The resulting installer package can be used in the following ways:
- Installing OS X on an empty partition
- Upgrading existing OS X installations to a newer version of the OS X
You can use createOSXinstallPkg to build an OS X installer which installs a stock copy of that version of OS X. However, you can also use createOSXinstallPkg to add your own packages to a createOSXinstallPkg-built OS X installer. This is important from my point of view because this ability allows me to add a package which can run various tasks during the first time the Mac boots following the OS upgrade’s completion, including the previously-mentioned automated Apple software update check and application of my shop’s preferred settings.
This kind of installer package is known as a firstboot installer package, and the tool that I’m using to build my firstboot package is First Boot Package Install Generator.app.
Preparing installers for use with First Boot Package Install Generator.app
1. Set up a folder to hold your installers.
Note: createOSXinstallPkg has an upper limit of 350 MBs of available space for added packages, though this can vary per OS X version. This is sufficient space for basic configuration, payload-free or bootstrapping packages, but it’s not a good idea to add Microsoft Office or similar large installers to this installer.
2. Create numbered directories inside that folder, with 00 being the first and proceeding on to as many as you need. For numbers less than 10, make sure to label the directory with a leading zero (For example, 06).
3. Add one installer package to each numbered directory. The number of the directory indicates the install order, with 00 being the first.
Note: If installing more than 100 packages, be aware that this was beyond the scope of my testing. I recommend adding another leading zero where appropriate.
4. Once finished adding installers to the numbered directories, use First Boot Package Install Generator.app to generate a first boot installer package.
Creating the firstboot package using First Boot Package Install Generator.app
1. If needed, download the latest version of the First Boot Package Install Generator.app installer and install the application on your Mac.
2. Once downloaded and installed, double-click on the First Boot Package Install Generator application. You’ll be prompted to select the directory that contains the installers you want to have installed at first boot.
3. Once you’ve selected the folder with your installers, you’ll be prompted to name the installer package. By default, the name filled in will be First Boot Package Install, but this name can be changed as desired.
4. Once you’ve entered a name for the installer package, you’ll be prompted for a package identifier. By default, the name filled in will be com.github.first_boot, but this name should be changed to be something unique.
5. Once you’ve entered an identifier for the installer package, you’ll be prompted for a version number. By default, the value filled in will be 1.0, but this value can be changed as needed.
6. You will be prompted to choose if you want to have all available Apple software updates applied before your packages are installed. Choose Yes or No as appropriate.
7. Once the package name, package identifier, package version and software update choice have been set, First Boot Package Install Generator.app will prompt for an administrator’s username and password.
8. Once the admin username and password are provided, First Boot Package Install Generator.app will create the installer package and prompt you when it’s finished.
9. Click OK at the prompt and a new Finder window will open and display the newly-created first boot installer package.
10. Once the new package has been displayed, First Boot Package Install Generator.app will automatically exit. The package is now ready for use.
Building an OS X installer using createOSXinstallPkg
1. If needed, download the latest version of createOSXinstallPkg
2. Consult the createOSXinstallPkg documentation on how to create a new installer package that installs OS X El Capitan and includes a first boot package.
As an example of how I’m doing it, I’m running the following commands:
A. Open Terminal and navigate to the createOSXinstallPkg application directory
B. Create an El Capitan installer with the following options:
- Include one installer package named El Capitan First Boot Package Install.pkg
- Set the El Capitan installer package’s name to be El Capitan 10.11.1 Installer.pkg
sudo ./createOSXinstallPkg --source /path/to/Applications/Install\ OS\ X\ El\ Capitan.app --pkg /path/to/El\ Capitan\ First\ Boot\ Package\ Install.pkg --output /path/to/El\ Capitan\ 10.11.1\ Installer.pkg
Here’s what the output of the example process above looks like:
3. Once you have your OS X installer built, the next steps are to upload the createOSXinstallPkg-built OS X installer package to Casper and build your policies.
Installing OS X via Casper and Self Service
On Casper’s end, I have three policies that work together to run the OS upgrade process in Self Service. The first two policies have manual triggers:
cache-elcapitan-installer goes with a policy named Cache El Capitan Installer which caches the createOSXInstallPkg-built El Capitan installer on the Mac in question.
run-elcapitan-installer goes with a policy named Install El Capitan Installer that installs the cached createOSXInstallPkg-built El Capitan installer
The third policy is named El Capitan Upgrade, which runs a script and is the only policy of the three which is visible in Self Service.
The script is available at the following location:
This script’s Parameter 4 and Parameter 5 correspond to the two following values:
- $4 – The amount of free space you want to require on the boot drive before the OS upgrade can proceed.
- $5 – the version number of the OS that is being upgraded to. For example, 10.11.
The reason I wrote a script to manage the OS upgrade process, as opposed to just installing the OS X installer package, is that I wanted to accomplish several things, but still ensure my users only had to deal with clicking the Install OS X button in Self Service.
- Make sure the Mac has enough free space available for an OS upgrade, plus a little extra for insurance.
- Make sure that encrypted Macs were able to stop at the OS login window (to ensure that the post-upgrade processes I included would run normally.)
- Do everything possible to make sure that the OS installer could be run successfully.
I’ve set a minimum amount of free space available on the Mac being upgraded, which on my Casper server is configured to be 40 GBs (this is defined by the $4 parameter for the script.) This allows for the 8.8 GBs of free space needed as a bare minimum for OS X El Capitan’s system requirements, the 6 GBs of space taken up by the createOSXinstallPkg-built OS X installer package, then a generous safety margin.
To enforce this, the script checks the Mac being upgraded for the actual amount of free space available and compares it against the value which I’ve set as the minimum amount of free space available. The part of the script that handles this is linked below:
If a Mac does not have the specified amount of free space, a message appears to let them know that they need to have X amount of space to install the OS using Self Service and they have an amount of free space which is less than X. The part of the script that handles this is linked below:
If they do have sufficient space available, a note is made in the log and and the script proceeds. The part of the script that handles this is linked below:
To help make sure that both encrypted and not-encrypted Macs will stop at the OS login window for the running of the post-upgrade process, the script will check to see if the Mac is encrypted or isn’t. If it is, a setting is added to /Library/Preferences/com.apple.loginwindow.plist to disable FileVault 2’s automatic login. The part of the script that handles this is linked below:
As part of my post-upgrade process, I have a script that re-enables FileVault 2’s automatic login.
Once the script has gotten past the check for free space and the encryption check, a message appears to let the user know that the installer is downloading and that the Mac will automatically restart to begin the OS upgrade process.
The parts of the script that handles these functions are linked below:
At that point, it downloads and caches the installer using the cache-elcapitan-installer policy. This is to ensure that all the parts of the OS installer downloaded properly before proceeding with the installation process. The part of the script that handles this is linked below:
Once the cache-elcapitan-installer policy has completed, the run-elcapitan-installer policy runs and installs the cached installer. If the cached installer isn’t found, the policy fails but otherwise won’t cause problems. The part of the script that handles this is linked below:
Once the run-elcapitan-installer policy completes, then the script triggers a restart. The part of the script that handles this is linked below:
Once the Mac reboots, it will automatically proceed to upgrade the OS using the createOSXinstallPkg-built OS X installer.
Once the upgrade completes, the firstboot package’s process will be triggered and run the post-upgrade process.