Script: Set Network Time Server

terminalMac OS X provides a one-stop command for viewing and setting several OS configuration items.  The systemsetup command is found at /usr/sbin/systemsetup.

Running the command:

man systemsetup

in the Terminal application will return a full listing of the options available in this command.  This script uses the systemsetup command to configure a target system to use a specified network time server.  The script, as written, is intended for use with The Casper Suite.  Replacing $4 with a static value or using another method of passing a value would be necessary if you are not using The Casper Suite.

#!/bin/bash
##### HEADER BEGINS #####
# scr_sys_setNTP.bash
#
# Created 20090627 by Miles A. Leacy IV
# miles.leacy@themacadmin.com
# Modified 20090627 by Miles A. Leacy IV
# Copyright 2009 Miles A. Leacy IV
#
# This script may be copied and distributed freely as long as this header
# remains intact.
#
# This script is provided “as is”.  The author offers no warranty or
# guarantee of any kind.
# Use of this script is at your own risk.  The author takes no responsibility
# for loss of use,
# loss of data, loss of job, loss of socks, the onset of armageddon, or any
# other negative effects.
#
# Test thoroughly in a lab environment before use on production systems.
# When you think it’s ok, test again.  When you’re certain it’s ok, test
# twice more.
#
# This script sets a Mac OS X system to use a network time server specified
# by the value passed in the $4 parameter by the Casper Suite.
# Run as an “at reboot” script when imaging with Casper, making sure to type
# double-check the serial in the script parameters before imaging.
#
##### HEADER ENDS #####
systemsetup -setusingnetworktime on -setnetworktimeserver $4
#!/bin/bash

##### HEADER BEGINS #####
# scr_sys_setNTP.bash
#
# Created 20090627 by Miles A. Leacy IV
# miles.leacy@themacadmin.com
# Modified 20090627 by Miles A. Leacy IV
# Copyright 2009 Miles A. Leacy IV
#
# This script may be copied and distributed freely as long as this header
# remains intact.
#
# This script is provided "as is".  The author offers no warranty or
# guarantee of any kind.
# Use of this script is at your own risk.  The author takes no responsibility
# for loss of use,
# loss of data, loss of job, loss of socks, the onset of armageddon, or any
# other negative effects.
#
# Test thoroughly in a lab environment before use on production systems.
# When you think it's ok, test again.  When you're certain it's ok, test
# twice more.
#
# This script sets a Mac OS X system to use a network time server specified
# by the value passed in the $4 parameter by the Casper Suite.
# Run as an "at reboot" script when imaging with Casper, making sure to type
# double-check the serial in the script parameters before imaging.
#
##### HEADER ENDS #####

systemsetup -setusingnetworktime on -setnetworktimeserver $4

exit 0

Script: Set Mac OS X Server Serial Number

Continuing with the concept of automated server deployment, here is a small script that changes the serial number in a Mac OS X Sever installation.

A server system that has been deployed via disk imaging or automated deployment systems will boot, but to use the server features, a valid and unique serial number must be entered.  Luckily, Apple provides a command line utility to set the serial number.

The script, as written, is intended for use with The Casper Suite.  Replacing $4 with a static value or using another method of passing a value would be necessary if you are not using The Casper Suite.

#!/bin/bash

##### HEADER BEGINS #####
# scr_sys_setServerSerial.bash
#
# Created 20081231 by Miles A. Leacy IV
# miles.leacy@themacadmin.com
# Modified 20081231 by Miles A. Leacy IV
# Copyright 2008 Miles A. Leacy IV
#
# This script may be copied and distributed freely as long as this header
# remains intact.
#
# This script is provided "as is".  The author offers no warranty or
# guarantee of any kind.
# Use of this script is at your own risk.  The author takes no responsibility
# for loss of use,
# loss of data, loss of job, loss of socks, the onset of armageddon, or any
# other negative effects.
#
# Test thoroughly in a lab environment before use on production systems.
# When you think it's ok, test again.  When you're certain it's ok, test
# twice more.
#
# This script sets a Mac OS X Server installation's serial number to the value
# provided in $4 by Casper.
# Run as an "at reboot" script when imaging with Casper, making sure to type
# double-check the serial in the script parameters before imaging.
#
##### HEADER ENDS #####

# Change serial to $4 from JSS

/System/Library/ServerSetup/serversetup -setServerSerialNumber "$4"

exit 0

 

Script: Create Mirrored RAID Volume

As of late, I have been tasked with managing Mac servers.  Since a Mac server is really only slightly different than a Mac client, I use the same general methodologies and tools to manage them.  My Xserve hardware standard includes three identical hard disks.  What follows is a script intended to be used with the Casper Suite as a “before” script in a configuration.  It will create a mirrored RAID volume from two of the three drives.

#!/bin/sh
#
##### HEADER BEGINS #####
# scr_sys_createServerMirror.sh
#
# Created 20081230 by Miles A. Leacy IV
# miles.leacy@themacadmin.com
# Modified 20090421 by Miles A. Leacy IV
# Copyright 2009 Miles A. Leacy IV
#
# This script may be copied and distributed freely
# as long as this header remains intact.
#
# This script is provided "as is".  The author offers no warranty
# or guarantee of any kind.
# Use of this script is at your own risk.  The author takes no
# responsibility for loss of use, loss of data, loss of job,
# loss of socks, the onset of armageddon, or any other
# negative effects.
#
# Test thoroughly in a lab environment before use on production systems.
# When you think it's ok, test again.  When you're certain it's ok,
# test twice more.
#
# This script creates a mirrored RAID volume from the first two internal
# disks found.
# It is intended for use on Xserves with two or more identical internal disks.
# Run as a "before" script when imaging with The Casper Suite.
#
##### HEADER ENDS #####
i=0
diskcount=0

while [ $diskcount -lt 3 ]; do
if [ `diskutil info disk$diskcount | grep Internal | grep -c Yes` -gt 0 ] ;then
	if [ $i -eq 0 ] ; then
		raiddisk1=disk$diskcount
	fi
	if [ $i -eq 1 ] ; then
		raiddisk2=disk$diskcount
	fi
	let i++
fi
let diskcount++
done

diskutil createRAID mirror Server HD JHFS+ $raiddisk1 $raiddisk2

Script: Enable SSH & Limit to Admin Group

I’m always looking for ways to get to zero-touch deployment with less effort.  In that vein, I threw together this script which can be deployed as an “at reboot” script in a Casper configuration.  Using this prevents you from having to go into your base image and manually configure ssh.  The script can also be run locally on an existing machine that doesn’t have ssh enabled or limited to the admin group.  It may work with other imaging tools, but remember to test thoroughly.  This script has only been tested with Mac OS X version 10.5.6.

#!/bin/bash

##### HEADER BEGINS #####
# scr_sys_turnOnSshLimitToAdmin.bash
#
# Created 20090320 by Miles A. Leacy IV
# miles.leacy@themacadmin.com
# Modified 20090320 by Miles A. Leacy IV
# Copyright 2009 Miles A. Leacy IV
#
# This script may be copied and distributed freely
# as long as this header remains intact.
#
# This script is provided "as is".  The author offers no warranty
# or guarantee of any kind.
# Use of this script is at your own risk.  The author takes no
# responsibility for loss of use, loss of data, loss of job,
# loss of socks, the onset of armageddon, or any other negative effects.
#
# Test thoroughly in a lab environment before use on production systems.
# When you think it's ok, test again.  When you're certain it's ok,
# test twice more.
#
# This script turns on remote login (ssh) and activates a SACL to
# limit access to members of the admin group.  It is intended to be used
# on a fresh image where ssh has not been enabled or limited previously.
#
# Run as an "at reboot" script when imaging with Casper.
#
##### HEADER ENDS #####

# Turn on remote login
systemsetup -setremotelogin on

# Create the com.apple.access_ssh group
dseditgroup -o create -q com.apple.access_ssh

# Add the admin group to com.apple.access_ssh
dseditgroup -o edit -a admin -t group com.apple.access_ssh

 

Expect more scripts and tips on building a zero-touch deployment in the future.