Macintosh-Admin

If you hadn’t heard the fervent rumors over the past few weeks about Apple’s impending tablet computer, you’ll no doubt hear about the real deal: the iPad. It’s a mid-size, thin, fast, multi-touch tablet computer running an enhanced version of the iPhone OS and including Bluetooth, WiFi, and optional 3G connectivity. I’ll leave you to watch the video or drool over the specs & pricing.

Since I’m on-call 24/7 and must be ready to respond whether I’m on the couch or on a long trip, my primary workstation is the thin & light MacBook Air. I certainly wouldn’t mind carrying just an iPad with me wherever I went, but there are a few caveats for a server admin like me. While the iPhone OS’s copy & paste support is stellar and was worth the wait, the lack of multitasking could certainly make life more tedious in some cases or downright impossible in others. The iPad supports current iPhone/iPod touch applications at their existing resolutions (or at 2x size) and I have no doubt that the developers of SSH apps and such will update them to support the new resolution & keyboards quite quickly, but there are key apps missing. They’ve developed excellent new versions of the iWork apps for use on the iPad, but I’d need them to port Server Admin, Workgroup Manager, and Apple Remote Desktop for me to actually give up my MacBook Air.

It’s sexy. It has the potential. It certainly has the screen resolution and performance to take on such tasks. I’ll even guarantee that plenty of third-party tools will be developed for server admins using the iPad, but I hope Apple sees the light and brings over their own admin tools as well.

While Jimmy has previously covered disabling MySQL’s binary logging for those who don’t need it and don’t want to worry about the unexpected disk space usage, others prefer to merely purge older binary logs to reclaim disk space. MySQL’s binary logs live in /var/mysql and appear as mysql-bin.000001. Some of my servers merely hosting a few weblogs have bin logs taking up 4K-1MB, but others hosting large web applications have bin logs in the 1GB range. The last thing you want is for the drive hosting your MySQL databases to fill up unexpectedly.

Here’s a one-liner for removing all MySQL bin logs older than 30 days:

sudo find /var/mysql -name "mysql-bin.0*" -mtime +30 -exec rm {} +

Obviously, any command like this that automates deletion of potentially needed data could be disastrous, so make sure you have a good backup of your data before you try it. The benefit of the above command is that you can remove ‘-exec rm {} +‘ from the end of it to do a dry-run without actually removing any files and it’ll merely list the file names. Also, if you want preserve all bin logs newer than 60 days, simply change to read ‘-mtime +60‘, or whatever best fits your needs.

Depending on your usage & backup setup, you could certainly automate this using cron or launchd.

Have you ever accidentally edited, moved, or deleted a launchd daemon/agent plist file without stopping the job first and then found you couldn’t unload it? I’ve done this on a few occasions and learned the following trick from the launchctl man page, just run `sudo launchctl remove <job_label>`. The <job_label> should be the job’s ‘Label’ specified in the plist file (the reverse domain notation used in the plist filename, e.g. ‘tld.domain.job’ if the filename is ‘tld.domain.job.plist’) or you can look it up using `sudo launchctl list`.

A little background in case you’re interested: the ‘remove’ subcommand is there to counteract jobs added manually/programmatically using the ’submit’ subcommand, hence it working when the plist file is not there for you to use the ‘unload’ subcommand (which requires a plist file).

While configuring a Mac OS X 10.5 Leopard Server as an Open Directory Replica of a Leopard Open Directory Master I got “Open Directory Replica Error value = 1255" when it tried to start creating the replica. This error has to do with not being able to establish an ssh connection with the OD Master, but the server in question had Remote Login enabled and, while I was using service level ACLs to limit ssh access, the admin user had ssh access.

However, although the root user and admin user share the same password by default, they’re not the same user and I couldn’t ssh in as root. Oddly, the root user isn’t an option to add to service level ACLs in Server Admin (at least for that Leopard Server installation). A quick search pulled a knowledge base article regading being unable to add the root user to service-based ACL for SSH which tells you to run the following command to add it manually:

sudo dseditgroup -o edit -a root -t user com.apple.access_ssh

Sure enough, it worked like a charm and now root shows up as “System Administrator” in the SSH service level ACLs in Server Admin:

Naturally, I was then able to ssh in as root and the Open Directory Replica creation went off without a hitch.

Here was a new one for me. A Mac OS X 10.5 Leopard Server file server had been unresponsive to Apple Remote Desktop and wouldn’t display video for about a week. I could still SSH in and the AFP services it hosted were functioning normally, so I left it for a “later” project. Well, this morning I was notified that some of the AFP shares were no longer listed due to a power outage affecting the RAIDs connected to it.

No worries, restarting the AFP service or rebooting should resolve that. Only it didn’t. There was high usage by syslogd and I found tons of the following messages in /var/log/system.log:

Record of type dsRecTypeStandard:Config named ‘ServicesInformation’ already exists in /Local/Default. Trying with new name: ServicesInformation1

Others have run into this before, and it seems to be a corruption of /var/db/dslocal/nodes/Default/config/ServicesInformation.plist. In my case, there was some file system corruption, so I did the following:

1. Booted from another drive w/Disk Utility and SuperDuper!
2. Verified the disk using Disk Utility (which failed.)
3. Backed up the drive with SuperDuper! (Just in case.)
4. Repaired the volume with Disk Utility (successfully.)
5. Booted into Single User Mode.
6. Backed up /var/db/dslocal/nodes/Default/config/ServicesInformation.plist and removed all the extra ServicesInformation*.plist files.
7. Rebooted from the original boot drive.

What I found while fixing this:

• The ServicesInformation.plist was corrupted and contained text regarding a disk full error, so that’s likely the cause of the corruption.
• I was able to just delete ServicesInformation.plist and let it regenerate without detrimental effects, but be dubious.

I’ll admit it: I rarely ever work with Access Control Lists. Most of my time is spent in web server land where POSIX permissions are more than adequate, so I just fire up Server Admin if I have to add an ACL.

However, a co-worker recently ran into an ACL mess after a client converted their server from Standalone to Open Directory Master and back again. So, how to strip all ACLs so you can start over? It’s probably dangerous or some command I’m not familiar with, right? Nope.

The following call to chmod will recursively remove all ACLs:

chmod -RN /path/to/directory

Voilà!

Apple released Apple Server Diagnostics 3X106 yesterday to support for Snow Leopard Server and the Mac mini. If you’ve still got 3X104, you’ll need to grab the new version if you’re running Snow Leopard Server.

The tests it performs include:

• Boot ROM
• Ethernet controller
• Fan
• Hard drive
• Memory
• Power supply
• Processor
• Sensor
• USB ports
• Video controller

[Via TUAW]

macminicolo.net has posted their 2009 state of the Mac mini, including their test drive and photos (un-boxing & take-apart) of the new Mac mini w/Snow Leopard Server. Interesting tidbits I was unaware of are:

• The new Mac minis will accept 8GB of RAM and the now-previous ones only need a firmware upgrade to do so.
• AppleCare covers GUI-based server & network management issues for the Mac mini w/Snow Leopard Server, but “isn’t the case if you buy a Mac mini and Snow Leopard Server separately.”
• Approximately 70% of their customers use Mac OS X client. I shouldn’t be surprised due the former pricing, but I think the killer combination of Snow Leopard Server only costing $499 for unlimited clients and bundling it with a Mac mini configuration will change all of that.

They also remind the naysayers who complain about lack of additional Ethernet ports “that Apple’s USB Ethernet Adapter works fine on a mini. Just plug it in and you’re set.”

[Via Daring Fireball]

As of today, OpenDNS has added Deluxe & Enterprise plans to it’s free Basic service. I’ve been using OpenDNS’s free service for quite some time now and it does a good job of offering reliable, fast DNS with a few added bonuses such as phishing & botnet protection, typo correction, content filtering (if needed), and stats.

The Deluxe plan starts at $9.95/year, is ad-free, and includes the following features above and beyond Basic:

• Up to 50 whitelist/blacklist domains (up from 25)
• A whitelist-only mode
• Advanced customization options
• Archived stats & logs for 1 year (up from 2 weeks)
• Email technical support 9-5 (Pacific) on weekdays (in addition to opendns.com/support)

According to the press release, “Notable features included in OpenDNS Enterprise include”:

Malware Site Protection to secure networks from online threats, Delegated Administration to allow multiple administrators across multiple locations to administer accounts, Block-Page Bypass functionality, which makes OpenDNS cloud-based Web content filtering more flexible and allows administrators and trusted individuals to bypass filtering when necessary, and more comprehensive reporting and statistics offerings, including a daily PDF report of network activity delivered via email.

Obviously, that’s in addition to the Basic & Deluxe features. You’ll have to call for Enterprise pricing.

[Via OpenDNS]

Along with other new products and a refresh of the Mac mini line, Apple has now come to their senses and is offering a Mac mini with Snow Leopard Server! For $999 you get a Mac mini w/2.53GHz Intel Core 2 Duo processor, 4GB RAM, and—get this—the optical drive has been ditched to make room for a second hard drive, so two 500GB 2.5″ 5400-RPM SATA hard drives. Oh, and Snow Leopard Server, of course.

It seems like this is going to be a great deal, especially assuming that the $599 Mac mini is spec’d with 2.26GHz processor, 2GB RAM, and $160GB hard drive, and SuperDrive. I’ve been using a Mac mini as a server for years and would love to add one of these to my network.

Update: They note that you can use the MacBook Air SuperDrive (USB) if you need an optical drive. I’ve always found a MacBook in FireWire Target Disk mode to be more than adequate, in a pinch.