Netbooting Without OS X

Rewrite intro stuff here, lost it due to Ghost refresh...

Docker image

Types of Netboot

  • Netboot boot to an OS over the network
  • NetInstall boot to a software installer
  • NetRestore Boot to disk image

How does Netboot work

Leverages DHCP/BootP. We need to figure this out.


Apple Has a word document.

Basic DHCP overview of BSDP documentation.

Vendor options 43 amung others are required to tell the BSDP client where to go.

Enter BSDPy

Open source:

Written in Python, uses PYDHCP to emulate the DHCP informs from the Netboot server. Wonder if it works with a Windows DHCP server?


  • Is able to serve NetInstall images, standalone from a single host.
  • Is able to filter images by Mac address and Hardware models.
  • Is able to laod balance through server priority.
  • Can serve BSDP, TFTP and HTTPS/NFS from seperate hosts.
  • Connect to a JSON API to determine client entitlements. (saved image state)
  • Runs on most linux distros and Windows.

NetBoot listens on the local subnet. Won't work cross subnets... Hence, Raspberry Pi at each school seems required. Can point to same file server, or clustered/load balanced. Must use HTTP for load balancing. Does not use https, so use the DMZ.


Queries the API on BSDP LIST Phase, uses IP Address, Mac Address and Model ID.

API Determines which image the client is entitled to, sends back list. List includes URLs to TFTP and HTTP servers.

Useful to create location based restrictions. Write logic for IP subnet filtering. This cannot be done with OS X Server.

For each client checkin JSON

  • ip_address - String
  • name - String
  • mac_address - string

API should respond with Json

  • Array of dictionaries names "images" with keys
    • name - Name of image to show on client
    • booter_ url - Absolute TFTP path to booted kernel
    • root_dmg _url - Valid complete URL to netinstall dmg
    • priority - The lowest priority is default. Should set the order shown in the netboot menu
    Example JSON

        "images": [
                "name": "Super awesome Yosemite",
                "booter_url": "tftp://",
                "root_dmg_url": "",
                "priority": 1

Ensure API DB is set to cache, as each client could make 15 requests a minute to make sure it has all available images.


Docker is the recomended deployment method. Is also availible as a Puppet module.

Ports 67 (BSDP), 69 (TFTP), 80 (HTTP)

Environment Variables


In Practice

Clients descover via DHCP (will need to experiment more this this)
Optional Redirect from IP Helper
BSDP Server serves TFTP and HTTP with Nginx
Client boots to image given from BSDP server

If a subnet seperating server and clients, use IP Helper. Or have a server on every subnet.
Optimize TFTP block size to 1468
DHCP Needs to be fast. EFI will give up very quickly.

Demoed with a Raspbery Pi running Docker. With that, use an external http server.