Monthly Archives: February 2010

Mac OS X Mass Deployment

Verifying & Repairing Permissions

Disk Utility has a nifty little button to Verify Disk Permissions and another to Repair Disk Permissions. Many use this frequently over the course of basic Mac OS X troubleshooting.

The underlying functionality is also exposed at the command line. Diskutil (located in /usr/sbin) has the verifyPermissions and repairPermissions, which roughly correspond to the buttons in Disk Utility. Because these can be run against different disks, each will need the volume indicated following the verb. For example, to run a Verify Disk Permissions against a volume called Seldon, you would use the following command:

diskutil verifyPermissions /Volumes/Seldon

To then run a Repair Disk Permissions on that same volume, you would use:

diskutil repairPermissions /Volumes/Seldon

In most cases, repairPermissions is done to the currently booted volume. To find this volume, you can use the bless command along with the –getBoot option. For example:

bless –getBoot

Bless will then respond with the device that comprises your boot volume. To convert this into a path that can be used with diskutil, you would use the diskutil command followed by info followed by the output of the bless command. For example, if the device were /dev/disk0s2 then you would run the following:

diskutil info /dev/disk0s2

You could then script a repair permission of the boot volume using the following, which would also dump the output into a log file:

declare tmp=/disk

declare boot=/disk

bless –getBoot > $tmp

mkdir /var/log/318

diskutil info $tmp | grep “Media Name:” | cut -c 30-100 > $boot

/usr/sbin/diskutil repairPermissions $boot >> /var/log/318/fixperm.log

echo “Repair Permisssions completed at `date` >> /var/log/318/fixperm.log

Placing this script into a package would then allow for sending a Repair Disk Permissions command to client computers though, let’s say, ARD or even allow a user to run it themselves using the JAMF self-service client. All without having to leave ones chair or provide an administrative password to a user (having said this the script will require local administrative privileges).

personal

10 Billion Songs

When the iTunes Store came out if you had told me that they would end up selling 10 billion songs you might have come across like a bit of an Austin Powers skit. But Apple has crossed 10 billion now in “staggering” fashion: http://www.apple.com/pr/library/2010/02/25itunes.html

Mac OS X Mac OS X Server

Enabling RAID Mirrors Redux

When new versions of operating systems come out sometimes articles need to be updated. It’s always nice when someone else does the hard part. Recently, Ben Levy, an Apple Consultant from Los Angeles, did some work on an article I did awhile back. To quote Ben, the new procedure is to:

1. Boot from something other than your intended RAIDed boot drive, open Terminal and use diskutil list to identify the relevant disks and partitions.

2. diskutil appleRAID enable mirror disk0s2 – (assuming correctly identified slice, yours may be different) This command turns your primary disk into a RAID mirror without a mirror

3. Reboot back to your boot drive

4. diskutil checkRAID and diskutil list just so you know where and what everything is…

5. diskutil AppleRAID add member disk2 8014A446-E10D-4BC9-A199-67362E54FB7C – (assuming disk2 is in fact the drive you are adding) the UUID is the UUID of the RAID as discovered in checkRAID

6. diskutil checkRAID should now show it rebuilding the RAID. This could take hours. You can check on the progress again using the same command.

Thanks to Ben for the hard work. Now, I think it’s about time I wrapped this into a GUI app…

Mac OS X

Programatically Secure Erasing Free Space

One of those security things that pops up every now and then is to use the secure erase feature of Mac OS X, located in Disk Utility. But you can access this same feature from the command line using the secureErase option in diskutil followed by the freespace option.

The format of the command is:

diskutil secureErase freespace [level] [device]

The levels are as follows (per the man page as not all of these are specified in Disk Utility):

  1. Single-pass zero-fill erase
  2. Single-pass random-fill erase
  3. US DoD 7-pass secure erase
  4. Gutmann algorithm 35-pass secure erase
  5. US DoE algorithm 3-pass secure erase

So for example, let’s say you had a volume called Seldon and you wanted to do a standard Single-pass zero-fill erase. In this example you would use the following:

diskutil secureErase freespace 0 /Volumes/Seldon

If you were to automate the command then you would want to dump the output into a log file. For example:

diskutil secureErase freespace 0 /Volumes/Seldon > /var/log/secureeraselog.tmp

Business

Meet the Press

As my most recent information seems to now be on Amazon I have wrapped that into an easy link with links back to this site. It can be found at http://krypted.com/amazon.

Unix

SCALE 8

The 8th annual Southern California Linux Expo (SCALE) is being held at the Westin by LAX in Los Angeles this weekend. It starts today (so I should have posted this sooner) and sports sessions on open source topics ranging from Zenoss to Sugar to Fedora. For more on the schedule check out the conference schedule at http://www.socallinuxexpo.org/scale8x/conference-schedule-feb-19-2010.

This is one of those conferences that I’ve had to miss the last couple of years. But prior to that I was at the first few. The topics were mostly technical in nature, other than me the speakers/conference faculty were all top notch and the organization of the show is impressive. Given all the sessions and work that goes into it, it’s modestly priced and I’m sure to be a blast while also being a great chance to get a little inexpensive technical training. If I were in LA this weekend I would be there (and much warmer no doubt).

So swing by and check it out. You can register here.

Mac OS X

Brace Yourself!

Brace yourself, ’cause I’m a tool (or don’t brace yourself if you’ve read much of my writing or met me since you already knew this to be the case). Classic cedge-fail moment that I just had to share. What do you do when you have a variable before a string of text but cannot have any spaces? You brace your variable. Basically, place the $ followed by the variable that is wrapped in the braces. For example, if I was going to put cedge as the content of a variable and then write a file called cedge.plist from the contents then I would use the following.

user=cedge
touch “${user}.plist”

Big script, took 10 minutes to figure out I had forgotten to brace the variable.

Articles and Books personal sites

Standing On The Shoulders Of Giants

I write a lot. There are the meanderings that appear on this site, the writing on the 318 TechJournal, more structured prose that goes into books (sometimes regrettably only slightly more structured), writing for clients, freelance writing, writing for other websites and even a bit of ghost writing here and there. Sometimes the writing is short, sometimes long, but there is a pretty consistent amount of it. The reason is because I enjoy it.

Most of my writing is technical in nature. And like many who maybe learn a thing or two on my site I end up sharing tips or tricks from places that I no longer remember where they came from. Others do the same thing, whether on web sites or in books or in a different fashion, such as in classes, on mailing lists or in forums. All vehicles are equally as helpful to those that need it. For the most part, my information comes from toiling away in my lab reproducing what knowledge I glean from other sites, from books and from man pages. Over the years afp548.com, xsanity.com, Apple kbase articles, forums, mailing lists and other places have helped me in ways that I cannot even begin to describe. As have books from O’Reilly, Peachpit Press, Apress and other publishers.

The things that I have learned how to do are almost all from things that others have written. This can be in the form of a book, a web site or even a man page. The code itself that comprises the technical topics is even written by someone else. This is true for any of us not writing new stuff in low level languages. A lot goes on inside of our systems. And wrapping your head around it all is a cumulative understanding, often not one gained in a single source.

I consistently do not name the sources where I learned how to do some of this stuff. This is not intentional; in many cases, I simply do not remember where I figured out how to do something 6 months or even 5 years ago. These omissions though do not mean that I do not know that I stand on the shoulders of a long line of giants. I say that without making any claim that I am one of those giants. Some day I hope to do something worthy, but I make no illusions that I have done anything to date worth more than passing mention, if that…

So a big thanks to all those who I have learned a thing or two (or 50) from. Your contributions are a debt I hope to some day repay to the communities you tirelessly helped to build. I only hope that we can do you the justice you deserve!

Xsan

Don't Defrag the Whole SAN

I see a numer of environments that are running routine defragmentation scripts on Xsan volumes. I do not agree with this practice, but given certain edge cases I have watched it happen. When defragmenting a volume, there is no reason to do so to the entire volume. Especially if much of the content is static and not changing very often. And if specific files doesn’t have a lot of extents then they are easily skipped. Let’s look at a couple of quick ways to narrow down your defrag using snfsdefrag.

The first is by specifying the path. In this case you would specify a -r option and follow that with the path starting path you want to recursively seek fragmented files. The second is to limit the number of extents in the file. To combine these, let’s assume that we are looking to defragment a folder called Seldon on an Xsan volume called Harry.

snfsdefrag -r -m 25 /Volumes/Harry/Seldon

You should also build logic into scripts if you are automating the events. For example, you could also use the -c option to just look at how many extents there are and perform the actual defragmentation as part of an if/then only in the event that there are more than a specified threshold. Another example is to check that there isn’t an existing process running in snfsdefrag.

Also, if there is then don’t fire up yet another instance:

currentPID=$(ps -ewo pid,user,command | grep snfsdefrag | grep -v grep | cut -d ” ” -f 1)
echo The current snfsdefrag PID is ${currentPID} so we are aborting the process. > $logfile

If you insist on automating the defragmentation of an Xsan volume, then there’s lots of other little sanity checks that you can do as well. Oh, you’re backing up, right?

Xsan

Isolating iNodes in Xsan cvfsck Output

I’ve noticed a couple of occasions where data corruption in Xsan causes a perceived data loss on a volume. This does not always mean that you have to restore from backup. Given the cvfsck output, you can isolate the iNodes using the following:

cat cvfsck.txt | grep *Error* | cut -c 27-36 > iNodeList.txt

Once isolated you can then use the cvfsdb tool to correlate this to file names. For example, if you have an iNode of 0x20643c8 then you can convert this into a file name using the following:

cvfsdb> show inode 0x20643c8

The output will be similar to the following:

000: 0100 8000 3f04 0327 5250 2daa 0000 0000 |….?..’RPL…..
010: 0000 024d 6163 506f 7274 1233 3455 362e |…MyFile-9.6.
020: 302d 2222 2e35 1ca4 656f 7061 7264 2e64 |0-Leopard.d
030: 6d67 0404 084e 5453 4400 0000 0000 0000 |mg…NTSD…….
040: 0000 0000 0000 0000 0000 0000 0000 0000 |…………….
050: 0000 0000 0000 0000 0000 0000 0000 0000 |…………….

The string to the right of the | and between the … characters can then be used to obtain a file name. Using that file name you can then put humpty dumpty back together. If you have a lot of corruption that cvfsck has fixed then you can have a lot of recompiling and therefore would want to automate the task in a script.