Macintosh-Admin

If you hadn’t heard the fervent rumors over the past few weeks about Apple’s impending tablet computer, you’ll no doubt hear about the real deal: the iPad. It’s a mid-size, thin, fast, multi-touch tablet computer running an enhanced version of the iPhone OS and including Bluetooth, WiFi, and optional 3G connectivity. I’ll leave you to watch the video or drool over the specs & pricing.

Since I’m on-call 24/7 and must be ready to respond whether I’m on the couch or on a long trip, my primary workstation is the thin & light MacBook Air. I certainly wouldn’t mind carrying just an iPad with me wherever I went, but there are a few caveats for a server admin like me. While the iPhone OS’s copy & paste support is stellar and was worth the wait, the lack of multitasking could certainly make life more tedious in some cases or downright impossible in others. The iPad supports current iPhone/iPod touch applications at their existing resolutions (or at 2x size) and I have no doubt that the developers of SSH apps and such will update them to support the new resolution & keyboards quite quickly, but there are key apps missing. They’ve developed excellent new versions of the iWork apps for use on the iPad, but I’d need them to port Server Admin, Workgroup Manager, and Apple Remote Desktop for me to actually give up my MacBook Air.

It’s sexy. It has the potential. It certainly has the screen resolution and performance to take on such tasks. I’ll even guarantee that plenty of third-party tools will be developed for server admins using the iPad, but I hope Apple sees the light and brings over their own admin tools as well.

There’s a neat application on the iPhone App Store called TouchTerm which allows you to SSH in to your servers while on the go! I’ve personally found that this application has come in handy multiple times when a client needs a quick edit on one of their websites or if there’s a configuration error that needs a quick fix. I’ve also found it handy when the MySQL service or any of the services for that matter needs to be restarted. For 99 cents you really can’t go wrong!

The normal version of the application allows you to create server profiles so you can just tap them to connect rather then needing to input connection details every time you wish to connect to a server. I find this to be a really great time-saving feature. A new recent and much appreciated feature is the ability to use the application in landscape mode. This allows for the keyboard to be a bit bigger over the portrait mode.

The application support VT100 Terminal Emulation so that means you can run anything from top, to screen — really any console application!

There is a Pro version of this application includes all the same features as the normal version but also includes:

• Extensive Configurability: Customize almost any aspect of the TT Pro interface, and manage configuration profiles to provide different settings for different servers.
• Configuration Import/Export (Version 1.1): Import and export configuration settings, saved configurations, and keypads. This makes it easy to install “add-ons”, backup configuration data, share / download TT Pro ideas with the user community, and manually setup complicated or repetitive configurations using a text editor.
• Command Library: You can “re-program” the interface functionality to suit your needs by referring to actions you do frequently. Nearly every user-accessible action is available in TT Pro as a custom command. This includes sending characters or commands to the remote host, changing font size and color, launching interface elements, and sending e-mails. Over 50 commands in all! These commands (individually, or in sequence) can easily be associated with gestures, custom keypads, and even application events. This provides you with complete control over the TT Pro interface!
• Gesture Engine: TT Pro currently supports 94 different touch gestures, with more on the way. Each gesture can be customized to perform any of the available interface actions using the command library. Gesture Feedback also gives you instant, graphical feedback when a gesture is recognized, and “Practice Mode” allows you to quickly acclimate to the Gesture Engine. Finally, all aspects of the Gesture Engine are configurable. So you can now tailor settings for things like double-tap speed, swipe straightness, corner size, etc., in the way that is most comfortable for your usage in a particular context.
• Copy and Paste: Easily place and adjust selection markers by dragging them within the terminal view. Popup zoom windows around the cursor make character-by-character adjustments easy, even when using a tiny font.
• Auto-Completion: TT Pro includes the ability to index and remember everything you have typed or seen as output, and provide a popup list of available completions. Auto-Completion can be configured to launch whenever completions are available, or only when explicitly requested.
• Graphical Filesystem Navigation: Never type “cd” on your iPhone again! FS Navigation Mode presents a graphical, table-based interface for quickly navigating directories with a single tap.
• E-mail Integration: Mail the contents of the clipboard, the current terminal screen, or even the entire buffered contents.
• Custom Keypads: Create and use any number of custom keypads. These keypads can be overlaid on the terminal view and used in conjunction with, or instead of, the standard iPhone keyboard. You have complete control over all the labels and actions associated with these keypads.
• Integrated Help: TT Pro is a complex program, with powerful configuration tools and hundreds of ways to customize the interface just for your needs. To assist you along the way, integrated help is available through all stages of the customization process. Our online (iPhone-accessible!) guides and tutorials also help you quickly become familiarized with TT Pro.
• Advanced Features: TT Pro includes several advanced features and options, such as control over SSH compression and encryption settings, and the ability to import private DSA/RSA authentication keys.

I haven’t got the Pro version myself, but I am thinking about getting it just for the ability to use the private DSA/RSA keys, and the graphical filesystem navigation abilities.

Check out the TouchTerm home page here and check out the normal and Pro versions of the applications on iTunes!

Recently I’ve decided to dedicate one of my Mac OS X Server boxes to be a Subversion server. Now Subversion itself is great and there’s already a few GUI applications for OS X (Versions.app and Coda for example) that can help you view your Subversion repository quite easily. But what if you don’t have a wonderful application like Versions or Coda, or you’re on Windows or Linux for that matter?

Trac is an excellent answer and solution to that question. Trac is a web based front-end to subversion and much more (I only use it for viewing and comparing code changes visually). Straight from the Trac website:

Trac is an enhanced wiki and issue tracking system for software development projects. Trac uses a minimalistic approach to web-based software project management. Our mission is to help developers write great software while staying out of the way. Trac should impose as little as possible on a team’s established development process and policies.

It provides an interface to Subversion (or other version control systems), an integrated Wiki and convenient reporting facilities. Trac allows wiki markup in issue descriptions and commit messages, creating links and seamless references between bugs, tasks, changesets, files and wiki pages. A timeline shows all current and past project events in order, making the acquisition of an overview of the project and tracking progress very easy. The roadmap shows the road ahead, listing the upcoming milestones.

So how about getting it installed in OS X? It’s really really simple!

First, check to see which version of Python you have installed. You can do this by:

python --version

You should be okay, but just make sure you have at least version 2.3. I had version 2.5 which most people will have.

Next, download a copy of setuptools. You can visit this page:

http://pypi.python.org/pypi/setuptools#downloads

and snag ’setuptools-0.6c9-py2.5.egg’. Although depending on which version of Python you get, make sure you get the right setuptool installer. Now, mine downloaded as setuptools-0.6c9-py2.5.egg.sh, I just removed the ‘.sh’ bit so it was just ’setuptools-0.6c9-py2.5.egg’. Now, run this script as you would a shell script:

sudo sh ./setuptools-0.6c9-py2.5.egg

This will install a really fantastic thing called ‘easy_install’. Now, to actually install Trac, type in:

sudo easy_install Trac

BAM! You’re pretty much done if no error messages come up. A really good thing to see is ‘installed tracd to /usr/local/bin/’. Make sure you run the command with sudo since it’ll be install some pieces into areas normally restricted to non-admin accounts.

Once completed you can make yourself a Trac environment by typing in:

sudo trac_admin /path/to/trac/project initenv
ex. sudo trac_admin /usr/local/trac/myproject initenv

This will add a new Trac project to your server. To start up the Trac server use:

sudo tracd -p 81 /usr/local/trac/myproject

You can now open a web browser and browse to http://127.0.0.1:81 and you should see your project listed!

Now let me breakdown that command to startup tracd. ‘tracd’ is the server binary, so you obviously need that, the -p 81 means it’ll run on port 81, I chose 81 since my webserver is using port 80 already and then I give the path to the project I want hosted. Do note, you can list multiple project paths, I have about 7-8 listed in my startup command.

By default tracd will only listen on your local loopback IP address (127.0.0.1) which is nice if you only need to access it locally but I am 2000 miles from my server so I need to access it externally. This can easily be accomplished by using the ‘–hostname=’ parameter.

This should pretty much cover a basic Trac install on OS X Server. Beyond this, you can create a LaunchDaemon for tracd so that it starts when your server starts and something very important is authentication and permissions. I haven’t gone into detail on either of those items in this article, but if anyone is interested, I’d be more then willing to share that information! I highly recommend checking out the Trac website as well!

Just recently I had a consulting appointment with a school that needed to use a proxy server in order to block students from inappropriate websites. Previous to my visit they were using a tangerine iBook with OS9 and some piece of software that did the proxy work. After some thought we came up with the idea of using OS X Server (since they also were running that) as the proxy server. It was much more up to date and it seemed like it would be pretty easy to transfer the list from the iBook’s proxy software to OS X Server. Unfortunately, I have a feeling the list was so huge that it kept crashing the Web service, so it was back to the drawing board.

We finally decided to use OpenDNS and after some initial testing it all seemed to work fine. We assigned all the student computers static IPs and setup the DNS using the OS X Leopards IP and then OpenDNS. We included the the servers IP first because it allowed the clients to find the server for network home directory use and then I assumed it would use OpenDNS second (for all other queries).

Unfortunately, while we could login to the network home directories, OpenDNS and blocking in-appropriate websites failed to work. Puzzled, I searched for a way to allow us to use the server for initial DNS, but anything else had to pass through OpenDNS. A quick search through the knowledge base turned up this article. Basically you just had to add a few lines into one of the DNS configuration files. Really simple. When I restarted the DNS service, nothing worked. I believe that is because the article linked above is for OS X Server Tiger and previous versions. After looking around in the DNS service settings (via the Server Admin tool) I found a box called, ‘DNS Forwarding’. I simply plugged in the OpenDNS IP addresses and removed all but the servers IP from the client DNS servers.

Restarted the DNS service and rebooted the client machine for good luck and attempted to login to the network home directory. It worked! Next I tried loading a site on my OpenDNS blacklist and it too was blocked. It worked just as I had wanted it too.

DNS Forwarding in my understanding works like so:

1. The client machine use the server’s IP for it’s main DNS server.
2. In my case the server contains one DNS entry (well two if you count the reverse DNS record). The one record is of itself. That way the clients know of the server.
3. Anything that isn’t in the servers DNS list gets sent to the entries in your DNS Forward records. In this case it was OpenDNS so pretty much every request except one’s for the server were forwarded to OpenDNS.

Hopefully this article can help people out who use in-house DNS and are also looking for a way to send other DNS queries to other outside services such as their ISPs DNS servers or even OpenDNS.

This past weekend, I got to try out some of the new features that come in Mac OS X Leopard Server. First, let’s back up a bit to Tiger Server.

OS X Tiger Server is the first piece of server software I’ve used from Apple. I come from the world of Linux where most of the configuration is done by hand, you have to edit your own application configuration files. There’s no pretty GUI (graphical user interface) or buttons to click on. Tiger Server saved a lot of time because all I had to do was type a few things in, click ‘Go’ and I could have a very resourceful server. In just a matter of minutes, I could be running a web server, file server, DNS server, VPN server and more! Apple really made Tiger Server easy to setup and manage. They provided some really great tools too.

With Leopard Server they’ve made it even EASIER to setup and manage. I think Apple has really extended the potential of Leopard server; they’re making it so Leopard Server has a place in the home as well as large companies. They continue to provide some really awesome tools to manage it, and it includes loads of new and cool features. When I set up Leopard Server, I did a fresh install (no upgrade) so I am not sure if some of the things I am talking about will apply to people who choose to upgrade from Leopard Server.

Upon boot up after you install Leopard server, you can choose what type of server you want. There are three options: Standard, Workgroup or Advanced. Each of the three types just had a bit different configuration in which services it uses and sets up for you. While I think this is great for people who like things done for them, I prefer to configure each service by hand (I guess that’s the Linux-side of me coming out). People who really just want the easiest way to manage their server should probably choose either the Standard or Workgroup configurations. This will also allow you to use some of the new and nifty tools that Apple has included with Leopard Server. Unfortunately when you use the Advanced server type you loose the ability to use some of those tools (you can still use Server Admin, Workgroup Manager and command line utilities though).

I am torn between letting Apple do all of the hard stuff so I can use the new tools (using the Workgroup server type) or just using the Advanced server type and handling everything myself. I’m still deciding but I have to say I think it’s great that Apple is making their server software usable by most anyone with some experience in computer and networking. So after choosing the type of server you want, Apple will go about and work its magic, setting up the services and configuring them for you.

For my tests I chose the Workgroup type, so I got the iCal service, web server, iChat service, Mail service, Time Machine backup service, the Open Directory service and a few others. I have a feeling most people will choose the Workgroup type, because it includes a lot of services while still being able to easily manage it.

One of the new management applications that comes with Leopard Server is called Server Preferences. It looks very similar to System Preferences, but it allows you to easily manage the services on your server. Over the last 2-3 years I’ve gotten very used to using Server Admin and Workgroup Manager to manage all my services and users, so if I choose to use the Workgroup server type on my live server, I’ll have to get used to doing everything through the Server Preferences application. It’s definitely a great tool for people who are new to OS X Server.

A few of the things that I am really looking forward to actually using is the wiki server, the iCal server and possibly the Time Machine service. I run a couple wikis (think of Wikipedia.org but on a much smaller scale) so I would love to move them into this service. I have a few shared calendars that need to actually be editable by more then just one person, so the iCal server will surely help with that problem.

Regarding the Time Machine backup service, it sounds really interesting, but at this point I don’t know enough about how it works to rely on that as my only backup service. It sounds really great that client machines can back up to the server rather than a local disk. It saves me from having to buy multiple external drives for each client; instead I can just point them to the server and use that as my backup location. I guess I’ll just have to do some testing!

In the few days I spent playing with Leopard server, I have to say that I am really impressed with how easy Apple has made it for someone to set up and manage a fully featured server. They include some great tools and some really new and much-welcomed features.

Here are a couple of PDF files that I found quite useful when setting up Leopard Server; check them out:

Getting Started with OS X Leopard Server
Installation Setup & Worksheet