(UPDATE: If you’re interested in a Snow Leopard upgrade process, please see this post for updated instructions.)
adminertia : an admin at rest tends to stay at rest and an admin in motion tends to want to return to rest as soon as possible.
When Leopard was first released, I was almost grateful that it didn’t work reliably with Active Directory since that flaw provided me with a valid excuse for not having an upgrade procedure ready to roll when upgrade requests started trickling in from my users. I knew that by the time Apple got around to releasing an update that made Leopard work well with AD, the number of requests would have increased significantly. I needed to have a method of handling them in a timely manner.
Walking around the building with an installer DVD or a FireWire drive in hand doesn’t exactly rank as timely, nor does it rank as anything close to what I want to be doing with my time. NetBooting from a copy of the installer DVD is a slightly better option, but that would require applying a handful of OS and security updates after the initial install in order to bring each computer up-to-date. NetBooting with a NetRestore set created with Mike Bombich‘s (otherwise) excellent software is not an option because it can’t upgrade a computer, only overwrite it.
Because I have chosen not to use Radmind in my environment, it seemed my options for creating a more or less automated upgrade to take Macs running 10.4.x directly to the latest version of Leopard were severely limited. After much despair, head scratching, and a little behind-the-scenes investigation, I discovered that Leopard’s System Image Utility could be wrangled to accomplish my goal.
First, a word about Leopard’s System Image Utility
I’ll be completely honest. I have a love/hate relationship with this program. When I first started using it I found that it was the buggiest piece of crap non-beta software I had used in a very long time. It didn’t allow me to save my workflows after I had carefully set them up, the resulting NetInstall sets would often simply not boot computers, and sometimes when they did boot computers they did not work as expected. The SIU and I have since come to an understanding. I’ve broken its spirit and now it does my bidding. (When I said “wrangled” above, I was not exaggerating.)
But you’re not here to waste your time reading about the parallels between a piece of software and a wild horse. You want to know…
What you’ll need to get this working
- A 10.5 software license, or individual retail copy of Leopard, for each computer you are upgrading from Tiger to Leopard — this is easily overlooked, so let’s keep things legal
- One Mac OS X v10.5 Leopard Install DVD (i.e. not shipped with a computer), or a DMG made from one
- One build computer running Leopard with the latest version of Leopard’s Server Admin Tools installed (10.5.7 as Sept. 4, 2009)
- A computer running OS X Server providing NetBoot services — either Tiger Server or Leopard Server will work
- The latest Combo Updater (10.5.8 as of this Sept. 4, 2009)
- A copy of the OSUpgrade.pkg found on the Install DVD at /Volumes/Mac OS X Install DVD/System/Installation/Packages. This is a hidden folder, so use Go to Folder from the Finder’s Go menu to reveal it.
That last item is your key to success.
Why the OSUpgrade.pkg is your savior
By design, when you create a custom NetInstall image versus creating a NetInstall image directly from the Install DVD, you lose the ability to upgrade an existing OS X installation. Since Apple has no way of knowing whether any packages you add will cause conflicts or even hose your existing install, this safeguard is understandable. Before we can understand why this package is our savior, we need to know what it does.
As Greg Neagle mentions in response to a comment I made on his blog, this is a payloadless package that runs a script called migrateNetInfo, which in turn calls a compiled binary called netInfoToDS, which does the real work. Since it’s a binary file, there’s no easy way to see exactly how netInfoToDS is doing what it’s doing, but at least we know what it’s doing, and that’s the vitally important NetInfo to dslocal account migration.
Without this OSUpgrade package, your custom NetInstall image will simply install Leopard over top of Tiger with no migration of user accounts from Tiger’s NetInfo db to Leopard’s dslocal store. By explicitly adding the OSUpgrade.pkg back in, you can circumvent the safeguard and create a 10.5.4 upgrade image that will bring existing user accounts along for the ride.
Let’s build our NetInstall Image
If you haven’t yet made a DMG from the Mac OS X v10.5 Leopard Install DVD, do it now. (I use Disk Utility to create a default compressed image.) Mount the disk image and then launch the System Image Utility found in /Applications/Server. The program will auto-detect the mounted disk image as a source and select the NetInstall Image build option.
Click Customize at the bottom of the window to bring up the workflow assembly interface.
The idea here is to drag and drop the components you want from the Library window to the workflow area. The Define Image Source item is added for you at the top. We’re going to build the simplest possible custom upgrade image, so we’ll add only two more items to our workflow.
First, select the Add Packages and Post-Install Scripts item and drag it over. Now go to the Finder and locate the Combo Updater and the OSUpgrade package. Drag each of them into list area of the Add Packages and Post-Install Scripts item. (The order probably doesn’t matter, but I do it in the order I mentioned.)
Then, drag the Create Image item to the bottom of your workflow. Agree to the software license. (Remember the first item in the What you’ll need section above?) Click the In drop down and select Other. Select your boot drive from the Devices list in the sidebar and click Open. (Why save it to the root of the boot drive? In the past, there was a bug in SIU that would prevent your image from saving correctly if you saved it too deeply in the drive’s hierarchy. I haven’t verified if it’s been fixed yet, so play it safe and tell SIU to save the image to the root of your hard drive.)
In the Named field, give the image a name that is unique from any other NetBoot images you may have. The Volume Name is not critical, so put in whatever you like. Enter a Description if you wish, and then enter a unique Index number. Choose a number between 1-4095 if you have a single NetBoot server. Choose a number between 4096-65335 if you have more than one NetBoot server in a load-balanced configuration.
In the past, when I tried to save my workflow at this point, SIU would lose all the work I’d done so far. I’m happy to report that Apple fixed that bug in their 10.5.3 update to the Server Admin Tools, so if you’re using at least that version, you should be able to click Save and successfully save your workflow.
To build the image, click Run. In a few moments, you’ll be asked for your admin credentials, after which the build process will begin. If you want to track the progress, go to the View menu and select Show Log. This is a relatively quick build, so hang around unless you really need a coffee. (The image I built while writing this article took approximately 10 minutes on a Mac Pro dual 2.66.)
It’s done! Now what?
Ok, so your NetInstall image was created successfully. All that’s left to do now is to copy it to your server’s (or servers’) NetBootSPx share(s). (I have mine shared via AFP, but your environment may be different.) After you’ve transferred it, use Server Admin to enable the new NetBoot image. Assuming your network is set up in a NetBoot-friendly way — I am so glad I get along well with our network team — you should now be able to upgrade any Mac under your control from Tiger to Leopard by booting it with this NetInstall image.
Before you go jumping into the fire, though, you must…
Test it, test it, test it.
If you’re reading this article, you probably have a recent Tiger image you can deploy to a Mac for testing purposes. One way or another, though, you should find a Mac running Tiger that you can use for your initial tests. Boot this computer with your new NetBoot image and go through the installation process. You will want to proceed with all default options. Because we’re playing out of bounds with this NetInstall image, the interface won’t reflect the fact that this is an upgrade installation. You’ll have to trust me the first time through. (This is the primary reason I’ve asked you to test it on something you can afford to mess up.)
After you’ve successfully run through one or two zero-impact tests and proven to yourself that this NetInstall image does what I said it could do, it’s time to find a volunteer. In my experience, given a large enough group, there’s always someone willing to risk the inconvenience of some downtime in order to have the opportunity to use the latest major revision of the OS. (Mac people can be strange that way.) Just be sure you have a recent backup of their data at hand before proceeding.
If you love something, set it free
Eventually, your confidence in this upgrade method may grow to the point that you might consider trusting some of your users to upgrade themselves. Come again, you ask? Am I telling me that this has the potential to be a completely touch-free procedure, allowing you to remain at rest at your desk?”