14. In the list of command files, select the command file you
just created. The contents of the command file will appear in the Load Type/Load
Name pane of the Command File Editor window. It should be empty, and ready
for us to start adding entries.
15. Select the 10.3-lab-negative.T transcript from the Radmind
Loadsets window and drag it to the Command File Editor window.
16. Change the Load Type to "n" for negative, and
click the "Save" button.
17. In the Radmind Server Configuration editor, click the "New
Client" button and enter the IP address or DNS name of your master
machine (eventually, you will need to enter the IP address or DNS names
of all of the machines you wish to manage).
18. Select the new client, and change the Loadset to the command
file you just created. Click the "Save" button.
Switch
to the Client/Master
Now we need to create our base loadset, which, in my situation,
usually consists of the base operating system install (including iApps that
are installed during a standard OS install).
19. Go to the
Session menu and select "Create New Loadset" and follow the instructions
(don't update - this is a fresh install and the server doesn't know what's
managed yet). Give the transcript a descriptive name (such as macosx-10.3.2-base.T).
Click the Continue button.
20. Review the transcript and delete lines for files that you
don't want to see on machines when they are managed (temp files/caches/etc)
then upload the new loadset to the server. (This is nearly impossible to
do without having done this at least once ą if you run into errors
uploading, keep a list of lines to delete from the transcripts of future
uploads)
21. The upload can take up to an hour or more depending on
the size of your loadset (major improvement over previous versions!).
If there is an error in the upload:
ex. "Radmind Assistant encountered an error: line 128379,
size in transcript does not match size in file" (means size has changed
between the time when the transcript was produced and the file itself started
to upload, which could very well be possible)
22. On the Client, locate the last line stored by opening the
Radmind Assistant Log (command ą l), and read the last line before
the error ą it will have ":stored" at the end of it. Open
the Transcript Editor (shift-command-t), and scroll to that line. Note the
line following the last line stored. Write this down. Quit the Radmind Assistant.
23. On the server, delete the incomplete loadset and old transcript
from the /var/radmind/tmp/file and /var/radmind/tmp/transcript/ folders,
using Terminal. Ex:
admin%
sudo -s
root#
rm -r /var/radmind/tmp/file/pismoxLoadset.T (this deletes the actual files: rm -r will delete a directory
and all of its contents)
root#
rm /var/radmind/tmp/transcript/pismoxLoadset.T (this deletes the transcript)
24. On the Client, open the Radmind Assistant. Choose "Create
New Loadset" from the FILE menu. Name the new loadset. Ex: pismo-positive.T. Click Continue.
25. Once the new transcript has been written, click the "Review
Transcript Contents" button. This will open the transcript in the Transcript
Editor. Scroll to the line that caused the error (ex: /private/etc/printcap),
and delete it (click on the line, and click the Trash icon in the window
bar). Save the transcript, and close the Transcript Editor.
26. Click the Continue button to upload the new Loadset to
the server.
27. Repeat as necessary, keeping detailed notes on lines that
caused problems, for future installs.
As each upload can take over an hour, this is a long process
until you learn what causes errors on your setup. You'll definitely want
to keep track of problem files from the start to avoid errors later.
Once the Loadset is stored:
28. On the server,
launch Radmind Assistant if it is not already running.
29. A window will come up telling you that there is a new loadset.
Click the "Update and Check in" button.
30. Once the transcript has finished the update and check in
process, select it in the Radmind Loadset window. Click the "Verify"
button to verify the transcript.
31. When it has been verified, switch to the Command File Editor
and select the command file you created earlier.
32. Select the new transcript from the Radmind Loadsets window
and drag it to the Command File Editor window, to a position above 10.3-lab-negative.T.
This makes sure that the base transcript that you just created is the first
transcript applied, and that the negative is the last.
33. Make sure that the loadset is marked "p" for
positive.
34. Click the "Save" button.
35. Test the load set (here's where it gets even more fun,
because it may not work even then).
36. On the Client: Open the Radmind Assistant.
37. Press the Continue button - this is on the Radmind Updater
screen.
38. Select your Radmind server from the list, or enter its
name or IP address. It should show up by default. Click Continue. Enter
your password to authenticate. The client will connect with the server and
verify that it has the most up-to-date command files and related transcripts,
and will download them if necessary.
39. After this is done, the Radmind Assistant will examine
the file system for differences. Press Continue to examine the file system
for changes.
40. If there are any differences found, click the Continue
button to apply those changes. This shouldn't take long, since you just
uploaded the loadset.
41. Once all changes have been applied, the Radmind Assistant
will tell you when the update has completed. Click the Finish button to
end the update session.
Create an Overload
Once you have your base configuration loaded and working, you
can add your applications and make any other configuration changes to your
setup. In my case, I added a keyserver overload first, then separate overloads
for each application. Finally, I create overloads for both our kerberized
login, and iHook configurations. This lets me pick and choose which applications
are installed on which machines.
42. Install new software or make any configuration changes
necessary.
43. Open the Radmind Assistant. Choose "Create New Loadset"
from the Session menu.
44. Name the new loadset descriptively. ex. photoshop-8.T.
(add the version number in the transcript name.)
45. Create the transcript. Once it is stored, click the "Review
Loadset Contents" button and make sure that the transcript is listing
the additions. If the line
/Users/adminuser/Library/Preferences/edu.umich.transcripteditor.plist
is present, delete it.
46. Click the Save button, then quit Transcript Editor.
47. Click the Continue button to start storing the loadset.
48. If you receive any errors, note the last line stored (command
- l opens the log).
49. On the Server, delete the failed loadset and transcript.
admin%
sudo -s
root#
rm -r /var/radmind/tmp/file/photoshop-8.T
root#
rm /var/radmind/tmp/transcript/photoshop-8.T
50. On the client, create a new loadset and click the "Review
Transcript Contents". Locate the line you noted earlier. Delete the
next line and save the transcript. Quit the Transcript Editor.
51. Click the Continue button to store the loadset on the server.
If you get another error, repeat the whole process.
52. Once the loadset is stored on the server, update and verify
the transcript. Add it to your command file, just after the base loadset
entry, and before the negative entry (add transcripts to the command file
in the order they were installed on the master. This will help you avoid
an older application replacing something installed or modified by a newer
one). Save the command file.
53. On the Client, use the Radmind assistant to update the
machine and get the new command file, and verified transcript.
Repeat this as needed. Using multiple overloads helps you fine-tune
your setup and makes it easier to make changes later.
iHook
-
Using iHook to run a logout script that calls Radmind, compares the client
to the image, and replaces modified items.
1. Open the iHook disk image and copy the iHook application
to /Applications/Utilities on the client.
2. Open Terminal and type:
admin%
sudo -s
password:
###### (enter your password)
3. Edit the sample script that calls radmind using the vi editor.
root#:
vi /Volumes/iHook/Sample\ Hooks/Bourne\ Shell\ Hooks/sh-radmind-logout.hook
4. Set the TLS auth level to 0, and replace the reference to
radmind.server.edu with your server name or IP address (just match what
you put in the Radmind Preferences).
When you enter vi, type
:set
verbose showmode (press the "return" key)
The current mode (Command, Insert, Append, etc.) will be displayed
in the lower right hand of the terminal window. You can switch from edit mode to Command
mode by pressing the ESC key. Use the "x" key in Command mode
to delete characters. Use the "a" key to append to a line, and
the "i" key to insert characters.
Set the TLS AuthLevel
to 0:
authlevel="-w 0"
Change the rserver entry to:
rserver="-h
your.radmind.server.edu" (your
server IP or DNS name)
5. In my setup, I was having problems with Radmind failing
when students left items in our generic user's trash. To avoid this I added
the following lines to the beginning of the radmind logout hook:
###
Empty labuser Trash ###
cd
/Users/labuser/.Trash
rm
-r -d -f *
This deletes everything in the .Trash folder without deleting
the folder itself.
6. To cancel all print jobs, to ensure that print jobs are
not retained after logout, I added the following lines to the beginning
of the radmind logout hook (after the Empty labuser Trash commands):
###
Kill Print Jobs ###
cd
/var/spool/cups
rm
-r -d -f *
This deletes everything in /var/spool/cups without deleting
the cups folder itself.
7. You will need to edit references to the radmind tools to
use full paths. Go through the document and add /usr/local/bin/ to the following
entries:
Changes are in bold. (This is not the full script.)
#
We want ktcheck's output to be displayed in the drawer, so we
#
redirect it to stderr:
/usr/local/bin/ktcheck
-c sha1 $rserver $authlevel 1>&2
rc="$?"
....
#
run fsdiff, redirecting output to a file. Error messages will automatically
#
appear in the drawer.
/usr/local/bin/fsdiff -A $cksum $fsdiffpath > $fsdiffoutput
....
echo
Applying changes....
/usr/local/bin/lapply $cksum $rserver $authlevel $fsdiffoutput
1>&2
case "$?" in
0)
break
;;
1)
echo Apply failed, no changes made
exit 1
;;
2)
echo Apply failed, trying again...
echo %OPENDRAWER
sleep 2
echo %0
echo Checking for changes on the server...
/usr/local/bin/ktcheck -c sha1 $rserver $authlevel 1>&2
continue
;;
8. When finished editing, press the ESC key to enter Command
mode and type
:w
/etc/hooks/LORadmind.hook
This will save the script as "LORadmind.hook" in
the /etc/hooks directory so that the iHook masterlogout.hook will call it
at logout.
10. Now we will customize masterlogout.hook to use a background
image (asking our lab users to please be patient while the machine refreshes).
I create a folder called "images" in the /Library folder, and
place custom images in that folder.
root#:
vi /etc/hooks/masterlogout.hook
11. Add the following lines to the beginning of the script:
echo
%BACKGROUND \
/Library/images/yourimage.png (I used Photoshop to create
a transparent PNG file with our College of Design logo. This file was then
stored in the /Library/images directory.)
12. When finished editing, press the ESC key to enter Command
mode and type
:w
13. IMPORTANT In
order to get fsdiff to actually run at every logout, instead of just
when there are updates from the server, you will need to delete the "exit
0" line in LORadmind.hook:
#
Check exit status of ktcheck. If > 1, an error occurred.
#
If there aren't any updates from the server, skip the rest of
#
the script. This keeps logout times to a minimum.
case
"$rc" in
0)
echo No updates
sleep 2
exit 0 --- delete this line!
;;
This forces fsdif to examine the filesystem for changes, and
makes the logout script update the machine at every logout, instead of not
updating unless a transcript or command file has changed on the server.
14. Next, we need to edit the ttys file to call logout.hook
at logout.
root#:
vi /etc/ttys
Change this line (note: changes are in bold):
console
"/System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow"
vt100 on secure onoption="/usr/libexec/getty std.9600"
to:
console
"/System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow
-LogoutHook
/etc/logout.hook" vt100 on secure onoption="/usr/libexec/getty
std.9600"
note:
If you have a Login Hook item in addition to a Logout Hook, the login hook
entry appears immediately after .../loginwindow and before - LogoutHook
15. Write the file by entering ":w", and pressing
the return key.
16. Restart the machine to let the changes take effect.
17. Login under your administrator account and open Terminal.
18. At the prompt, type:
admin%
sudo chmod 0755 /etc/logout.hook
This sets the correct permissions for the script and makes
it executable.
19. Logout to test that this works. The iHook window should
appear. Any error messages will open an error log tray. However, this disappears
after two minutes of no activity, so you need to watch this carefully.
Loading other Clients
Clients are loaded using NetRestore, which uses a disk image
created by Carbon Copy Cloner (check the "Prepare for NetRestore"
option in the CCC Prefs), from FireWire drives. Radmind will be used only
to maintain the systems in the labs, and install new applications, not to
propagate a complete image to fresh machines. (These notes are specific
to the way I will be setting up lab machines.)
1. Connect the FireWire drive to computer to be loaded (machine
should be off).
2. Turn on the drive. Hold down the option key on the keyboard
and turn on the computer.
3. Select the Boot drive (this is usually a clone of a standard
MacOS X system install built from our newest machines to ensure maximum
compatibility).
