One of the minor annoyances I've run into during a re-imaging process is the time and trouble it takes to backup and restore user data. Our users store home folders locally on their Macs and use AD accounts to log in. I don't want to get into network homes or syncing homes. We do backup computers over the network via Tivoli storage manager, but that's another topic and we don't backup graduate student machines.
Usually, I have to spend time backing up the home folders and restoring them after imaging the Mac. This relatively easy task slows me down taking up my (precious?) time to do this. Training someone would be fairly simple, but then we'd have to hire someone who can support Macs; that's not an option right now.
The manpower I do have available to me have already been trained to use DeployStudio. The great thing about DeployStudio is; I can tell the staff person what workflow to run, I know the workflow will run the correct steps for the task, and I can give access to workflows for specific users as they grow to do more (or remove access if needed).
Since DeployStudio does not have a built-in option to;
- backup user data
- image a machine
- restore the data
...then we have to do it ourselves!
Introducing the DeployStudio BackupRestore* scripts
The concept with the scripts is easy...
Backup Script:
- Creates a new folder called "Backups" DeployStudio Repository
- Data is stored in a subfolder using the MAC address as the name (sans ":")
- User home folder is backed up using tar
- User account is backed up using plist, password hash is also backed up
- Network and Mobile accounts (AD/OD) are skipped (if uid is > 1000, skip account)
Restore Script:
- Finds the backup folder based on the MAC address
- For local accounts; Creates all the accounts & restores password hash
- Restores the user home folders
- Does NOT delete backups
Example:
MAC Address: 01:02:03:04:05:06
Users: "userA" and "userB"
"userA" is a local user - GeneratedUID="ABC12345"
"userB" is a mobile account
When the Backup script creates a machine specific folder, it uses the MAC address of the machine without the ":".
//Backups/010203040506/
Then the users home folder is backed up, with tar, to the Backups folder using their username, machine MAC address, and the keyword "HOME":
userA.010203040506.HOME.tar
and
userB.010203040506.HOME.tar
The account details are backed up to a plist file with the naming convention of:
userA.010203040506.USER.plist
Then the password hash is backed up as:
userA.010203040506.ABC12345
...the mobile account is skipped because it can be recreated when the user logs back in.
That is it for backing up! When the Restore script runs it creates the user account, restores the GeneratedUID (for the local accounts), then restores the home folders on the target for EVERY record in the folder that matches the Macs MAC address.
The implementation in DeployStudio is very easy. Simply take the scripts and wrap them around your workflow:
That's it!
I'm releasing this code for all, please share, edit, use! Please report bugs and branches back to me at rustymyers@gmail.com. I'd love to hear what you're doing!
Thanks to Pete Akins and his createUser.pkg from the instaDMG project. It was heavily relied upon for the backing up and creating of users. Seriously, Thank You, Pete!
Thanks to the ##osx-server channel on the freenode IRC server. Everyone was very helpful in helping me work out the "bugs".
* Updated Thursday, February 9, 2011
- See notes in scripts
* Updated Monday, December 20, 2010
- Resolved issue with accounts not showing in System Preferences after restore.
- Added support for restoring admin rights for network users
Notes:
These scripts have been tested on 10.6 with local accounts and AD accounts. Machines are bound to AD via Directory Utility, with mobile accounts being created at login.
*Crappy generic name subject to change without notification