Macintosh-Admin

Server Assistant is a wonderful tool that allows OS X Server administrators to install and configure their server(s) remotely. I personally have used the tool multiple times in setting up servers, but not to install OS X Server to a machine.

Finally this past week I got the chance to do it. Despite being incredibly easy to do, there was one drawback that will definitely make me think twice about using it in that fashion again.

It will not allow you to choose which packages to install and which to leave out. Because of this I had to install all 11.4GBs instead of the 5-6GBs that I usually do. I tend to leave out the languages, printer drivers and fonts.

If there’s one thing I hope Apple fixes, it’s being able to select which packages to install and which not to when using Server Assistant to do a remote server install.

Just a heads up for people interested in doing remote OS X Server installs, keep in mind you won’t be able to choose the software that gets installed and make sure you can afford to spend ~11GBs of drive space!

I really enjoy how easy Tiger and Leopard makes setting up RAIDs. A RAID is essentially a collection of hard drives connected together. There are multiple RAID types but I generally stick with the mirror RAID type as it works well for my purposes.

To the point, one of the two drives in my mirror RAID failed. It made those tell tale clicking noises and wouldn’t mount at all. I opened up Disk Utility and sure enough it reported that my RAID was degraded. A day or two later I had bought a new hard drive to replace the failed one. I connected it up to my system and opened up Disk Utility again. I added the new drive (a simple drag and drop) into my degraded RAID and clicked on ‘rebuild’. Within a few seconds I was told that the ‘filesystem was unrecognized’ and the RAID could not be rebuilt. After trying again multiple times, I was prompted with that lovely message each time.

Being that I had about 450GBs of data on that RAID set I wasn’t about to give up so easily. I search Google for the exact error message that I was getting. I came across 2 good sources.

First was this thread in the Apple mailing lists. Apparently it’s a known bug. Great. Unfortunately the site didn’t seem to provide any solution for fixing the degraded RAID set.

The second link was to the Apple discussion boards. A few posts down a user posted a solution that worked and was confirmed working by following posts by other users. With only 450GBs of data to loose I thought I’d just give it a shot!

So a few days later I came back with my Leopard install disk and booted the machine off that. I opened up a terminal window and used the following commands (taken right from the post):

• diskutil list (to find the partition that is going to be added)
• diskutil checkRAID (to get the RAID UUID)
• diskutil addToRAID
• diskutil checkRAID (to watch the rebuild)
• diskutil removefromRAID (to remove the “Failed” drive once the rebuild is done)

12-13 hours later my RAID had been rebuilt and worked just great! It’s too bad that Disk Utility isn’t working the way it should, although I could have sworn that I read something about 10.5.1 including a fix so that it works the way it should, and doesn’t return the ‘unrecognized filesystem’ error. Either way, if you have a degraded RAID system and are receiving that error when trying to rebuild it, the previous steps should get you back on track.

Of course if you’ve got some really important data and aren’t too daring, and use a mirror RAID, I recommend copying all the data to another drive, purchase a new drive for the RAID set, destroying the current set and then creating it again with the new drive. Then copy the data back over.

This is an article aimed at mostly system administrators and people that use SSH on a daily basis to connect to remote clients and servers. I myself have been wanting to set this up for quite some time and now I’ve found the time and need too! I currently have multiple servers each running several various services. I plan on setting it up so that when one server makes a backup of a few databases it can automatically connect to another server and upload the backups there for safe keeping. While it sounds semi-complicated, especially when trying to get the servers talk to each other without any user interaction, it’s not all that bad!

In order to get the servers to talk to each other without having me type in usernames and passwords I’ll be creating special “keys” that allow them to talk without user intervention!

In our example I have Server1 which makes the actual backups of my databases, on Server2 I have a nice RAID setup so I can keep my backups safe and secure! Server2 is where I want to put Server1’s backup files. Also the user I am using for an example on Server1 is jimmy and on Server2 it is jimmy2. Hopefully it’s not too confusing!

On Server1 I will open up a Terminal and type in:

ssh-keygen -t rsa

It will ask you where you want to save the key (usually something like /Users/your-username/.ssh/) - just hit enter here. It will then ask you to input a passphrase, just hit here and again when it asks you to ‘enter in the same passphrase’. It will then spit out something like:

Your identification has been saved in /Users/jimmy/.ssh/id_rsa.
Your public key has been saved in /Users/jimmy/.ssh/id_rsa.pub.
The key fingerprint is:
88:99:60:ee:eb:e5:ac:1f:fb:fe:ae:83:5c:3c:c4:0b jimmy@mycomputer

Perfect!

Now we need to put this special key onto the machine you want to remotely connect too, in this case Server2.

What I did was use rsync:

rsync -avz /Users/jimmy/.ssh/id_rsa.pub jimmy@ip-address-of-Server2:/Users/jimmy2/.ssh/

This bit:

rsync -avz /Users/jimmy/.ssh/id_rsa.pub

Will sync the file — id_rsa.pub from Server1 to the user account of ‘jimmy2′ on Server2. It will put that file into:

/Users/jimmy2/.ssh/

So now you can SSH into Server2, you will still be prompted for a password. Go into the .ssh directory for the user you synced the id_rsa.pub file too, in this example the user is jimmy2:

cd ~/.ssh/

Now type:

mv id_rsa.pub authorized_keys

You can even copy and paste that command. That command will just rename the id_rsa.pub file to ‘authorized_keys’.

Now if all went well you can SSH from Server1 to Server2 and not be prompted for a password! This is a really excellent technique for moving files such as backups or when making mirror(s) of a website and not needing to input the password to the server(s) each time!

A note of warning though! If you remember when we were making our special key it prompted to input a passphrase, the passphrase makes your key more secure, but it will prompt you for that passphrase every time you want to connect defeating the purpose of this exercise. You should also keep track of which servers/clients can connect to each other without a password.

It’s also possible to get Server2 to go into Server1 without requiring a password. Follow the same steps to create the key, I renamed it to id_rsa2.pub and then used rsync to move it to Server1. Then I just renamed it authorized_keys using the above ‘mv’ command.

Good luck!

I used this website to help me:
http://ammonlauritzen.com/blog/index.php/2006/04/16/shared_key_ssh_authentication

Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!

This past weekend, I got to try out some of the new features that come in Mac OS X Leopard Server. First, let’s back up a bit to Tiger Server.

OS X Tiger Server is the first piece of server software I’ve used from Apple. I come from the world of Linux where most of the configuration is done by hand, you have to edit your own application configuration files. There’s no pretty GUI (graphical user interface) or buttons to click on. Tiger Server saved a lot of time because all I had to do was type a few things in, click ‘Go’ and I could have a very resourceful server. In just a matter of minutes, I could be running a web server, file server, DNS server, VPN server and more! Apple really made Tiger Server easy to setup and manage. They provided some really great tools too.

With Leopard Server they’ve made it even EASIER to setup and manage. I think Apple has really extended the potential of Leopard server; they’re making it so Leopard Server has a place in the home as well as large companies. They continue to provide some really awesome tools to manage it, and it includes loads of new and cool features. When I set up Leopard Server, I did a fresh install (no upgrade) so I am not sure if some of the things I am talking about will apply to people who choose to upgrade from Leopard Server.

Upon boot up after you install Leopard server, you can choose what type of server you want. There are three options: Standard, Workgroup or Advanced. Each of the three types just had a bit different configuration in which services it uses and sets up for you. While I think this is great for people who like things done for them, I prefer to configure each service by hand (I guess that’s the Linux-side of me coming out). People who really just want the easiest way to manage their server should probably choose either the Standard or Workgroup configurations. This will also allow you to use some of the new and nifty tools that Apple has included with Leopard Server. Unfortunately when you use the Advanced server type you loose the ability to use some of those tools (you can still use Server Admin, Workgroup Manager and command line utilities though).

I am torn between letting Apple do all of the hard stuff so I can use the new tools (using the Workgroup server type) or just using the Advanced server type and handling everything myself. I’m still deciding but I have to say I think it’s great that Apple is making their server software usable by most anyone with some experience in computer and networking. So after choosing the type of server you want, Apple will go about and work its magic, setting up the services and configuring them for you.

For my tests I chose the Workgroup type, so I got the iCal service, web server, iChat service, Mail service, Time Machine backup service, the Open Directory service and a few others. I have a feeling most people will choose the Workgroup type, because it includes a lot of services while still being able to easily manage it.

One of the new management applications that comes with Leopard Server is called Server Preferences. It looks very similar to System Preferences, but it allows you to easily manage the services on your server. Over the last 2-3 years I’ve gotten very used to using Server Admin and Workgroup Manager to manage all my services and users, so if I choose to use the Workgroup server type on my live server, I’ll have to get used to doing everything through the Server Preferences application. It’s definitely a great tool for people who are new to OS X Server.

A few of the things that I am really looking forward to actually using is the wiki server, the iCal server and possibly the Time Machine service. I run a couple wikis (think of Wikipedia.org but on a much smaller scale) so I would love to move them into this service. I have a few shared calendars that need to actually be editable by more then just one person, so the iCal server will surely help with that problem.

Regarding the Time Machine backup service, it sounds really interesting, but at this point I don’t know enough about how it works to rely on that as my only backup service. It sounds really great that client machines can back up to the server rather than a local disk. It saves me from having to buy multiple external drives for each client; instead I can just point them to the server and use that as my backup location. I guess I’ll just have to do some testing!

In the few days I spent playing with Leopard server, I have to say that I am really impressed with how easy Apple has made it for someone to set up and manage a fully featured server. They include some great tools and some really new and much-welcomed features.

Here are a couple of PDF files that I found quite useful when setting up Leopard Server; check them out:

Getting Started with OS X Leopard Server
Installation Setup & Worksheet