When you NetBoot, the read-only NetBoot DMG file gets mounted read-write via the use of a Shadow File. Any Mac OS X DMG file can be mounted with a Shadow file. When a Shadow file is in use, any data which would be written to the DMG file is instead written to the Shadow file, and when data is read, the data will be read from the Shadow file first before the DMG file.
When NetBooting, there are three kinds of images, each with three different methods of mounting the DMG and storing the Shadow file:
- NetInstall Images are made from a Mac OS X Installer DVD or an Installer Image downloaded from the App Store. They have no Shadow file, the root partition
/ is read only and there is no swap.
- NetBoot Images are made using System Image Utility from an installed Mac OS X system. the Shadow file is stored on the first hard disk in the hidden
/private/netboot folder
- Diskless Netboot Images are the same as NetBoot Images but the Shadow file is stored over the network using Apple File Protocol (AFP)
In the case of Diskless Netboot (The most powerful), the Shadow file is stored in the NetBootClients0 folder of the Library/NetBoot folder on the server machine (Or NetBootClients1, NetBootClients2, etc, where the number matches the number of theNetBootSP` folder in which the Net Boot DMG resides)
To make a NetBoot image a Diskless Netboot Image, use the "Make this image available for Diskless booting" checkbox under the image settings in Server.app:
You also need to have AFP File Sharing enabled, and you need a guest writable sharepoint for the NetBoot directory. (I do not recall if Server.app creates this automatically) Apple has a document about troubleshooting Diskless NetBoot which is helpful. AFP548 also has some great hints
When a client machine boots a specific net boot image, my understanding is that it copies at least the most necessary parts of the image via network and stores it somehow on its local resources
This is not technically correct. When you NetBoot, the Mac OS X Kernel mounts the root filesystem (/, the boot volume) over the network. So nothing is stored locally. When data needs to be read (E.G. an application is launched) it is read over the network, rather than from your hard drive. No data is copied from the server to the local machine.
When changes are made, for example, a new file is saved, then the Mac OS X kernel needs to write those changes somewhere, and that's where the Shadow file comes in. As described above the Shadow file might be on the first local hard drive, but it might also be stored over the network. If it is stored over the network, then the Mac OS X client can actually unmount the drives and do things like running Disk Utility. It can even have the hard drives completely removed.
Yes - booting to Recovery HD is the best option. Then you can do the bit for bit copy. I'm liking to do installs and then run Migration Assistant (over the network if needed or) by connecting over target disk mode to migrate from the old Mac to the clean new OS during the initial setup.
The procedure for that is to boot the new Mac to Recovery HD and to erase it completely if it already ran the setup assistant and created an initial user.
The reasons I like migration is:
- You know the new OS is clean/pristine
- It's faster - sometimes far faster
- System unique files are actually unique so that the two "clones" aren't too close a match for some oddball edge cases and Time Machine backup cases.
Best Answer
I have the same problem using the imagetool command or the System Image Utility app on macOS Sierra.
As a semi-solution (workaround?), you could follow the steps on this web page that shows how to create a NetBoot image (.nbi) using the Install Sierra.app as source. I was able to create a "plain" NetBoot image with these steps. I assume you could also customize stuff using additional Installer packages and post-install scripts.
I'm still looking for a (free-style, good-old) way to create a NetBoot image from a custom bootable macOS Sierra partition though.