Update December, 2018: Because of the changes that came with Apple’s T2 chips, I wouldn’t recommend the below workflow any more. Instead, I’d recommend a DEP=>MDM=>Munki workflow instead.
I wanted to create a workflow that involved pretty much just imaging a new machine with a thin image and then having the image itself pull updates. Sounds simple, but I had to do quite a bit of experimenting to figure out the exact flow.
What to include with AutoDMG
Include in the AutoDMG-created image only CreateUserPkg (for one default user), Outset (for boot and login scripts), the latest Munki tools, and a special “.pkg” that puts some scripts in place to run at boot.
The special .pkg
In addition to distributing various payloads, it’s key that the special .pkg have a postinstall script that runs
This cannot be an Outset script. It has to be part of the AutoDMG-created never-booted image, because if you boot the previously-never-booted image without the .AppleSetupDone file in place, you’ll be prompted to do all the Mac setup stuff (e.g., create a user, select the time zone, connect to a wireless network manually) at first boot.
One of the payloads should be a script that goes into the /usr/local/outset/boot-every directory, because Outset won’t run boot-once scripts unless there’s a network connection by default—you can change the preferences .plist and deploy it, but I find it easier to just use a boot-every script. This script will do several things:
- Check for a Munki preferences file. If the file exists, self-delete (otherwise the script will run at every boot).
- Create Munki preferences.
- Create the Munki bootstrap file.
- Connect to a wireless network to pull in updates.
- Reboot after waiting a minute (just to give a little time for the wireless connection to finish).***
*** In real-world testing, if you put in your script to wait one minute before shutting down, it may sometimes take more than one minute for the reboot to happen. In a recent test I did, it took about four minutes from first boot for the next reboot to happen. And then the reboot after that (the one that triggered the Munki bootstrap) took about 90 seconds.
After that, the Munki bootstrap file should take care of any subsequent reboots and updates until the machine is fully updated.
Leave a Reply