Subversion on OS X Leopard Server

It’s pretty simple to follow, basically you just use the svnadmin command to create the actual repository, then you need to activate a couple modules for Apache via Server Admin, then create a realm, and voila! One thing I do different from the guide, is that I create all my repositories in /usr/local/svn/ instead of /usr/local/. This is really just a personal preference thing, however my main reason is for neatness. I like to keep things organized. You of course can create the repositories where ever you’d like, even in your home folders if that’s your thing!

—–

Unfortunately, my experience today does not support the conclusion that Apple has fixed the GUI in the Disk Utility included with OS 10.6.3.

I was forced to rely on the command line to add a replacement disk to a degraded RAID-1 because no amount of dragging and dropping in the DU window worked. The drag-and-drop would not place the replacement drive within the existing RAID set and the rebuild button never became active.

But the process was simpler than your prior description.

Wanting to take no chances with the data, I first cloned the data off the degraded RAID from the operating drive with Carbon Copy Cloner. In fact, I cloned it twice, to two different drives. Better safe than sorry.

I installed a new, replacement drive of equal capacity to the operating drive in my MacPro and initialized it as a single partition with a unique and easily identifiable name.

Using the command line in Terminal, I used the command “diskutil list” to get the disk numbers of all the disks installed in my MacPro.

Then, with no other commands necessary, I entered:

diskutil repairMirror disk4 disk0

Disk4 is the disk ID of the degraded RAID-1
Disk0 is the disk ID of the new drive

This command re-initialized the freshly initialized new disk I installed (called disk0), added it to RAID with the new name “RAID Slice disk0s2″, removed the name of the previously missing, failed member of the RAID-1, and automatically began rebuilding the array.

Much more efficient to type one command to do it all but I would rather that the GUI-based disk utility function as it should. It would be much more intuitive – and isn’t that what Apple products are supposed to be about?

—–

Matt also followed up to my email to which I had asked a few questions.

—–

The failed drive was NOT the boot drive.

I was NOT using the OSX 10.6.3 Install DVD as my boot disk. I was booted from my 10.6.3 normal boot hard drive.

And one other thing. I purposely and deliberately screwed up my RAID-1 just to see whether, in fact, Apple did fix the DU GUI. The drive itself did not go bad. I just wanted to experiment and I’m glad that I did. After the RAID rebuilt with the replacement drive perfectly in 4 hours, I deliberately failed the RAID again by removing the replacement drive and reinserting the original drive. I used the same command again and the original drive was reitialized and resynced to the still functioning drive just fine, only that took 7 hours. The only difference? My original drives are Seagate 1-TBs. The replacement test drive that I used was a borrowed WD RE3 1TB model. I think I’ll get four of those puppies! I guess there’s nothing like having two processing chips in a hard drive to almost halve the write times.

By all means, feel free to publish my comments. I wrote to you specifically to share my experience with you and your readers. The more all of us share our knowledge, the easier it becomes for other folks.

Best wishes,

Matt S.

That said, I’d like to myself try replicating the issue just to verify that once again the Disk Utility in 10.3.6 is broken. It’s too bad because it’s a lot easier to just drag and drop and new disk into Disk Utility rather then having to run through the command line.

Fortunately you can easily install the unrar application on your server or even just normal OS X client. Visit the RARLab website and go into their downloads section. There is one download which is Command Line Only and made for Mac OS X. Download that and then uncompress it. You should have a new folder called ‘rar’. While in command line navigate into that folder and run:

sudo install -c -o yourusername unrar /bin

This will install the binaries needed into the correct places. Now since my normal everyday account isn’t an account with administrator privileges I first had switch to one that was and then ran that command. Once completed (the install should take a few seconds if that) you can test it out by running:

unrar

If you’re shown a list of options then it worked!

I’m not really sure as to why GUI applications have trouble unraring large sized files, but unrar seems to be able to handle them just fine!

Trac is an excellent answer and solution to that question. Trac is a web based front-end to subversion and much more (I only use it for viewing and comparing code changes visually). Straight from the Trac website:

Trac is an enhanced wiki and issue tracking system for software development projects. Trac uses a minimalistic approach to web-based software project management. Our mission is to help developers write great software while staying out of the way. Trac should impose as little as possible on a team’s established development process and policies.

It provides an interface to Subversion (or other version control systems), an integrated Wiki and convenient reporting facilities. Trac allows wiki markup in issue descriptions and commit messages, creating links and seamless references between bugs, tasks, changesets, files and wiki pages. A timeline shows all current and past project events in order, making the acquisition of an overview of the project and tracking progress very easy. The roadmap shows the road ahead, listing the upcoming milestones.

So how about getting it installed in OS X? It’s really really simple!

First, check to see which version of Python you have installed. You can do this by:

python --version

You should be okay, but just make sure you have at least version 2.3. I had version 2.5 which most people will have.

Next, download a copy of setuptools. You can visit this page:

http://pypi.python.org/pypi/setuptools#downloads

and snag ‘setuptools-0.6c9-py2.5.egg’. Although depending on which version of Python you get, make sure you get the right setuptool installer. Now, mine downloaded as setuptools-0.6c9-py2.5.egg.sh, I just removed the ‘.sh’ bit so it was just ‘setuptools-0.6c9-py2.5.egg’. Now, run this script as you would a shell script:

sudo sh ./setuptools-0.6c9-py2.5.egg

This will install a really fantastic thing called ‘easy_install’. Now, to actually install Trac, type in:

sudo easy_install Trac

BAM! You’re pretty much done if no error messages come up. A really good thing to see is ‘installed tracd to /usr/local/bin/’. Make sure you run the command with sudo since it’ll be install some pieces into areas normally restricted to non-admin accounts.

Once completed you can make yourself a Trac environment by typing in:

sudo trac_admin /path/to/trac/project initenv
ex. sudo trac_admin /usr/local/trac/myproject initenv

This will add a new Trac project to your server. To start up the Trac server use:

sudo tracd -p 81 /usr/local/trac/myproject

You can now open a web browser and browse to http://127.0.0.1:81 and you should see your project listed!

Now let me breakdown that command to startup tracd. ‘tracd’ is the server binary, so you obviously need that, the -p 81 means it’ll run on port 81, I chose 81 since my webserver is using port 80 already and then I give the path to the project I want hosted. Do note, you can list multiple project paths, I have about 7-8 listed in my startup command.

By default tracd will only listen on your local loopback IP address (127.0.0.1) which is nice if you only need to access it locally but I am 2000 miles from my server so I need to access it externally. This can easily be accomplished by using the ‘–hostname=’ parameter.

This should pretty much cover a basic Trac install on OS X Server. Beyond this, you can create a LaunchDaemon for tracd so that it starts when your server starts and something very important is authentication and permissions. I haven’t gone into detail on either of those items in this article, but if anyone is interested, I’d be more then willing to share that information! I highly recommend checking out the Trac website as well!

Initially I had thought I had setup my VPN correctly, as I was able to connect to it, although after looking at some websites and AFP shares from the server, I wasn’t getting the results I had wanted.

Unfortunately after checking my IP when I was on the web, I noticed it was still using my non-VPN IP which meant all my web traffic was not going through the VPN. I then tried to connect to some AFP shares, and they worked, but after looking in Server Admin, I was still connecting with my Verizon IP address, and not the IP from the VPN.

Speaking with my good friend we figured out that the IP blocks couldn’t be the same. I was dishing out 192.168.1.x from the VPN and my local network was also dishing out that same block. I also had to make sure I had “Send all traffic through VPN” was switched on. This parameter can be found in System Preferences >> Network >> VPN Connection’s Advanced button >> and under the Session section. It’s turned off by default but make sure it’s turned on.

Now for the IP block that the VPN dishes out, I changed that to something a bit more secure, something that normal home routers don’t dish out. I chose 192.168.10.x, which I’ve yet to see a DHCP/home router dish out. I would think you might find that block in a bigger organization, but it should be safe to use. Saved that setting and then I tried to connect. Unfortunately, it didn’t work right just yet.

Then I added a virtual interface to the single Ethernet port and assigned it an IP address within the range that the VPN server was handing out. I gave it the router address of my public IP and then tried to connect again.

It worked! So in summary, when you’ve got a server with a single Ethernet port and an external IP address, it’s a good idea to:

1. Give it a virtual interface
2. Change the block range of IPs your VPN hands out
3. Give your virtual interface an IP from that range
4. Make sure your client(s) have the “Send all traffic through VPN” turned on. Security is good :)
5. Verify that it’s working correctly by visiting FindMyIP.com and looking in Server Admin

I’ve also allowed people to connect to the AFP service ONLY if they’re coming from the VPN IP range, which is much more secure then letting everyone connect to it.

To the point, one of the two drives in my mirror RAID failed. It made those tell tale clicking noises and wouldn’t mount at all. I opened up Disk Utility and sure enough it reported that my RAID was degraded. A day or two later I had bought a new hard drive to replace the failed one. I connected it up to my system and opened up Disk Utility again. I added the new drive (a simple drag and drop) into my degraded RAID and clicked on ‘rebuild’. Within a few seconds I was told that the ‘filesystem was unrecognized’ and the RAID could not be rebuilt. After trying again multiple times, I was prompted with that lovely message each time.

Being that I had about 450GBs of data on that RAID set I wasn’t about to give up so easily. I search Google for the exact error message that I was getting. I came across 2 good sources.

First was this thread in the Apple mailing lists. Apparently it’s a known bug. Great. Unfortunately the site didn’t seem to provide any solution for fixing the degraded RAID set.

The second link was to the Apple discussion boards. A few posts down a user posted a solution that worked and was confirmed working by following posts by other users. With only 450GBs of data to loose I thought I’d just give it a shot!

So a few days later I came back with my Leopard install disk and booted the machine off that. I opened up a terminal window and used the following commands (taken right from the post):

• diskutil list (to find the partition that is going to be added)
• diskutil checkRAID (to get the RAID UUID)
• diskutil addToRAID
• diskutil checkRAID (to watch the rebuild)
• diskutil removefromRAID (to remove the “Failed” drive once the rebuild is done)

12-13 hours later my RAID had been rebuilt and worked just great! It’s too bad that Disk Utility isn’t working the way it should, although I could have sworn that I read something about 10.5.1 including a fix so that it works the way it should, and doesn’t return the ‘unrecognized filesystem’ error. Either way, if you have a degraded RAID system and are receiving that error when trying to rebuild it, the previous steps should get you back on track.

Of course if you’ve got some really important data and aren’t too daring, and use a mirror RAID, I recommend copying all the data to another drive, purchase a new drive for the RAID set, destroying the current set and then creating it again with the new drive. Then copy the data back over.

In order to get the servers to talk to each other without having me type in usernames and passwords I’ll be creating special “keys” that allow them to talk without user intervention!

In our example I have Server1 which makes the actual backups of my databases, on Server2 I have a nice RAID setup so I can keep my backups safe and secure! Server2 is where I want to put Server1′s backup files. Also the user I am using for an example on Server1 is jimmy and on Server2 it is jimmy2. Hopefully it’s not too confusing!

On Server1 I will open up a Terminal and type in:

ssh-keygen -t
rsa

It will ask you where you want to save the key (usually something like /Users/your-username/.ssh/) – just hit enter here. It will then ask you to input a passphrase, just hit here and again when it asks you to ‘enter in the same passphrase’. It will then spit out something like:

Your identification has been saved in /Users/jimmy/.ssh/id_rsa.
Your public key has been saved in /Users/jimmy/.ssh/id_rsa.pub.
The key fingerprint is: 88:99:60:ee:eb:e5:ac:1f:fb:fe:ae:83:5c:3c:c4:0b jimmy@mycomputer

Perfect!

Now we need to put this special key onto the machine you want to remotely connect too, in this case Server2.

What I did was use rsync:

rsync -avz /Users/jimmy/.ssh/id_rsa.pub
jimmy@ip-address-of-Server2:/Users/jimmy2/.ssh/

This bit:

rsync -avz /Users/jimmy/.ssh/id_rsa.pub

Will sync the file ‘id_rsa.pub’ from Server1 to the user account of ‘jimmy2′ on Server2. It will put that file into:

/Users/jimmy2/.ssh/

So now you can SSH into Server2, you will still be prompted for a password. Go into the .ssh directory for the user you synced the id_rsa.pub file too, in this example the user is jimmy2:

cd
~/.ssh/

Now type:

mv id_rsa.pub authorized_keys

You can even copy and paste that command. That command will just rename the
id_rsa.pub file to ‘authorized_keys’.

Now if all went well you can SSH from Server1 to Server2 and not be prompted for a password! This is a really excellent technique for moving files such as backups or when making mirror(s) of a website and not needing to input the password to the server(s) each time!

A note of warning though! If you remember when we were making our special key it prompted to input a passphrase, the passphrase makes your key more secure, but it will prompt you for that passphrase every time you want to connect defeating the purpose of this exercise. You should also keep track of which servers/clients can connect to each other without a password.

It’s also possible to get Server2 to go into Server1 without requiring a password. Follow the same steps to create the key, I renamed it to id_rsa2.pub and then used rsync to move it to Server1. Then I just renamed it authorized_keys using the above ‘mv’ command.

Good luck!

I used this website to help me:
http://ammonlauritzen.com/blog/index.php/2006/04/16/shared_key_ssh_authentication