using the bless command to netboot across subnets

If you’re like me you use Netboot, and it’s sister Netinstall, often enough that you have nervous ticks when it’s unavailable to you. Netboot is great if you only have one local network to support, but both Netboot and Netinstall use the bootp protocol to enable clients to boot to a network drive. bootp is a broadcast protocol, meaning it won’t cross subnets unless 1 of 2 things is true: your router (or switch that can route traffic) is configured to pass bootp requests to other switches/routers and eventually to the network host, or have a Netboot/install server configured for every subnet (or a server with as many NICs in it as you have subnets, each configured accordingly).

On smaller networks this might not be so much of a problem, and certainly isn’t if you are also the network admin. However if you work in an enterprise, as I do, with hundreds of subnets and thousands of switches, the network team might not be so receptive to the idea of letting bootp run free, and I can’t blame them. And since buying a server for each subnet is not only insane, but cost prohibitive as well (so is buying enough NICs for a single server to handle that many subnets – remember, not more than one Netboot server per subnet! – is that even possible?), your only other option is to somehow subvert the fact that bootp is a broadcast protocol and direct it straight to the netboot server. That’s where bless comes in.

I love the command line, in part because it plays so well with JAMF’s Casper Suite (it runs every command as sudo or root). With these two simple commands I can boot any mac on any network segment in the company to a single netboot server:

sudo bless --netboot --nextonly --server bsdp://<ip address of the netboot server>
sudo shutdown -r now

Let’s break it down: sudo is obvious. bless is the term used to make something bootable. That something can be a folder, external drive, or in our case a network drive. –netboot directs bless to a netboot server. –nextonly instructs the bless command that this is only for the next restart. –server bsdp://ip of the server tells bootp where to directly route the netboot request. NOTE: this has to be the IP address of the server. Bless does not understand DNS names.

shutdown instructs the computer to shut down at a given time. -r specifies to restart rather than shut down, and now means do this immediately, do not wait.

This command sequence allows me to upgrade OSes or reimage multiple production units at once without taking them off the floor. There are a multitude of possibilities. There are three caveats here however:

  1. Using the bless command on a subnet other than the netboot server assumes the default netboot image on the server, be that a netboot OR netinstall.
  2. Using the bless command on the same subnet as the netboot server will make the machine default to the last netboot/netinstall disk it used, regardless of the default image set on the server.
  3. Using the bless command on any subnet will confuse the netboot process on the client if there are multiple images of the same type (2+ netboot or 2+ netinstall) enabled on the server, regardless of what the default is set to. It seems that bless will choose the image with the lowest index, regardless of server settings.

In depth information about the Netboot process is available at Bombich’s website here: http://www.afp548.com/netboot/mactips/nbas.html.


About this entry