An Introduction to Builds
Volume Number: 21 (2005)
Issue Number: 4
Column Tag: Programming
An Introduction to Builds
by Clay Williams
Creating and Using Builds in Mac OS X
Five years ago my employer at the time purchased roughly 650 G4 Cubes. Each of those gleaming fanless little boxes needed to be customized for our environment. Bookmarks had to be created, homepages set, network preferences entered. Our standard application suites had to be installed and configured. This had to be done six hundred and fifty times. No problem. Clearly, since I am still in IT, we didn't have to do this manually. We had a build. Most people in IT are familiar with the concept of a build: a snapshot of a system configuration that is saved and applied to other machines. It's a fairly simple concept. Anyone who's worked in a larger environment has had to image machines at some point. For some reason though, we often forget about builds in smaller settings.
We tend to consider actually creating a build as a particularly complex undertaking. It's perceived as a job that requires a bigger staff or any staff at all to do right. Many admins think that creating a build takes up a lot of time. While it is possible to spend weeks creating an intricate build that customizes nearly every aspect of the OS, it is hardly required. Do as much or as little as you'd like. At the heart of build making is the desire to save time by reducing repetition. Why perform the same tasks five times or five hundred times? If you've done it once, you may have already done all you need to do. Even if all you need is a clean install of the OS, imaging a machine is usually faster than Apple's installer discs. On top of that, you can set network preferences or create an administrative user or delete an application that your users could wreak havoc with (NetInfo Manager anyone?). If there's something you'd like every machine in your environment to do - or not do - chances are you could be greatly assisted by a build.
One big stigma that builds have yet to overcome is a leftover from the days of OS 9. I remember looking at a folder full of disc images trying to figure out which one I needed. They were all of the same OS, but only one of them would do me any good. Back then builds had to be managed for different hardware. Laptops required one build, desktops another; assorted graphics cards used conflicting drivers so each needed a build. OS X has so far eliminated this. These days a build made on a laptop can typically work on anything else that will boot the OS. Take your build home with you, work on it while you commute. It will still work on the towers in the office. New hardware may require an update to boot, but that is easily remedied. If you have a new computer that won't boot from your build, use the installer on the discs that came with the machine to update the build. Use the install in place option with your build volume as the destination.
Following these steps, you can create your own build. See for yourself how straight forward the process can be and how valuable the result.
What you'll need.
Below are the tools needed to create a basic build. All the utilities used are free and available on the Internet.
Hardware:
- 1 firewire drive, with four partitions, A,B, C and D, at least 10 GB each. Partition A must have a bootable OS X system installed.
- A machine that will boot the most recent iteration of the OS.
Software:
- Onyx: (http://www.titanium.free.fr/english.html) A freeware utility that provides a GUI to various command line applications and hidden features. It can clear your caches, optimize your disk and run maintenance jobs at will.
- Carbon Copy Cloner (http://www.bombich.com):
- Disk Utility: Apple's updated combination of Disk First Aid, Drive setup and Disk Copy. It also integrates the features of Apple Software Restore, which we will be using to implement the image.
Preparation:
On the bootable partition (A) of your firewire drive install Onyx and Carbon Copy Cloner - they are both drag installs and can be run from any folder.
Step one: Installation.
Boot your Mac from an OS X installation disc. Use volume B as the destination. Choose your preferred installation options. Install OS X. Restart using partition B as the startup disk.
Step Two: Configuration.
Create initial administrative user using Apple Setup Assistant. Configure as desired. This user will be your administrative user. You, or other techs, can use this account for later installations and testing. I prefer to customize this account with utilities in the dock and bookmarks to frequently used Mac sites.
DO NOT install software on your build that you are not properly licensed for. It's illegal. Some applications do not prompt for a serial number until they are first run. You may want to install the unlicensed product on the build. After imaging the machine you'll just need to run the application and enter the serial numbers individually.
In the customization section, there is a list of ways you may want to configure your build. None is required, do as much or as little as you'd like.
Step Three: There is no step three.
Step Four: Clean up.
Clear your browser history, delete recent searches in Find File, and other applications. Toss the preferences in all By Host preferences folders. Get rid of anything you don't want on everyone's machines. Carbon Copy Cloner will take care of a good deal of the necessary clean up just by excluding certain unnecessary files when it creates your Disk Image. Onyx is a bit more thorough. If you have not installed it on your build, you can run it from partition A. Use it to clear out cache folders, optimize the disk, run scheduled maintenance jobs, clear log files and delete .DS Store files. A manual once over, checking applications and clearing recent activity is a good idea anyway.
Step Five: Create your image.
Reboot your Mac, starting up from partition A. Run Carbon Copy Cloner. Select Partition B as the source. Select partition D as the target. Click the preferences button. Select the "Create a disk image on target" check box. Also check "Prepare for Apple Software Restore." If you haven't made any peculiar permission changes, you should probably check "Repair permissions before cloning".
If your users are going to have administrator rights and you want them to set up their accounts themselves, you can check the "Run Setup Assistant after restore" box. A new account will be created in addition to your default admin user you initially created. Users will go through the whole setup process. This could be convenient if you are setting up a machine for users in a remote office.
Click Save. Click the lock to authenticate as the administrator and then Clone.
Figure 1: Carbon Copy Cloner
Figure 2: Carbon Copy Cloner Preferences.
Step Six: Congratulations, it's a build.
"The clone operation is complete" will appear on your screen. Click OK. Quit Carbon Copy Cloner.
Launch Disk Utility. Erase a volume on your internal hard drive. Drag your build to the volumes field on the left. Click the Restore tab. Drag the disk image of your build from the volumes field to the source field. Drag the internal drive volume to the destination field. Click Restore. All this can be done from the command line as well using the asr command. Read the asr man pages for more information.
Figure 3: Disk Utility's Restore Pane
Once the restore is complete, select the internal volume as the startup disk. This is important, as the System needs to be 'blessed' by Startup Disk.
Restart your machine.
Your machine is now imaged. Test it out; make sure it works the way you'd like it to. If there's anything you want to change, go back to the original and adjust accordingly. Once you're happy with the build, repeat Step Six to your heart's desire. Backup the disk image of the build to a server or some other safe location.
Below is a list of configuration options you may want to consider in Step 2.
- Set network preferences for your environment. If the machines you will be imaging need different network settings, add them all and use location manager to switch between them. Remember that the Network preference pane allows you to prioritize Network interfaces. One location can include the remote settings for a modem, the office settings for Ethernet and a setting for Airport that works for both.
- Set the root password. Every administrator has a different opinion about whether root should be enabled or even used ever. Regardless, you should at least set the root password. Since every administrator can do this, it's better that you do it first. Launch NetInfo Manager, select enable root user under the Security menu. You will be prompted to set the password. Afterwards you can disable it.
- Set a master password for FileVault before your users do. Apple added this feature in Panther to appease those looking for total security. Home folders are encrypted and decrypted on the fly keeping your data secure in case of loss or theft. This is probably a great feature - if you trust your users to remember their password. If, however, your users tend to forget their passwords after a long weekend, it may not be a great idea. The master password is your key to recovering this data if the user password is not available. Again, even if you never plan to use this feature, it's better to set from the start.
Figure 4: Set your Master Password in the Security Pane
- Disable automatic login. OS 9 users may be used to getting right to their desktops at startup, but it's not terribly secure. In fact, it's totally insecure. Times change, our users' habits will have to as well.
- Create a hidden admin. An administrator account that's off the radar can be handy if you are concerned with a user, malicious or otherwise, who might somehow disable your access. You can give this account remote administration rights as you see fit. In order to do this, create an account, configure the Apple Remote Desktop preferences as you'd like them. In NetInfo Manager, set the uid to an unused number below 500. Change the group to 80 (admin), deleting the default group assigned to the account. Set the home folder to /var/tmp/ which is cleared at shutdown. Delete the original home folder. When you restart, the account will not be listed in the accounts pane or any accounts list outside of the NetInfo Manager.
- Remove NetInfo Manager. This may seem heavy handed, but keep in mind that NetInfo Manager can be run from another volume if you find that you need it.
- Add Property List Editor. One of many useful tools you will find in Apple's Developer's Tools, it reads plist files natively. It makes reading and editing preference files a lot easier than learning xml. The program is a drag install and can be run from the admin's folder if you'd prefer your users do not fiddle with it.
Figure 5: Property List Editor provides an easier interface for editing .plist files.
- Set LDAP server information. If you are using an Apple Open Directory Server for user management, you can set Directory Access to point to your server. As soon as a machine is imaged with this build, users would be able to login using their Workgroup Manager credentials. All preferences dictated by the server will be respected.
- Manage fonts. Install a basic set of fonts that all users will always need, put them in the /User/Library/Fonts folder. Or strip down the fonts here If you will be using a font management system, so they do not conflict with the fonts your users may load.
There are, of course, more advanced options. If you'd like, you can customize the preference of every user that will exist on the machine, setting bookmarks and desktop patterns, dock items and desktop aliases for all new users. In a future piece we will discuss where these preferences are and the best ways to edit them. In the meantime, try out the above configurations or come up with other ways to customize your build for your environment.
Clay Williams is a Senior Systems Analyst for ESPN Magazine and ESPN.com. He has supported Macs professionally for 6 years. Clay lives in New York City, the bright center of the universe, but travels to the hinterlands often.