Monthly Archives: June 2012

Mass Deployment

One Teletype to Bind Them (Or, Clustered SSH for OS X)

When working at scale, and particularly with hosts that need to have the same configuration or you want to perform the same queries on, the issue becomes how do I ‘reach out and touch’ my fleet? Without centralized infrastructure backed by a messaging broker or a heavier process that leaves hooks in systems and/or requires its own domain specific language, sometimes you can get by with… plain ol’ ssh. Apple Remote Desktop can take us a lot of the way there, and one of the announced features of Mountain Lion is that screen sharing gets another piece of ARD’s pie, the ability to drag-and-drop files to transfer them to the remote machine. But when trying to use features other than screen control, ARD has been found to be hit-or-miss (or misreporting the functionality of hosts) in some circumstances.

csshX in action

‘Scripty’ folks look at these issues and craft tools to meet the challenge-slash-obscure-use case. Perl has long been relied upon for network-aware utilities, and csshX is a tool for managing a ‘cluster’ of  ssh sessions on the Mac. You can download or checkout the code from its googlecode site, and it has a man page that can be accessed when calling the binary directly with the -m switch. Options include telling it the login and/or password to use, feeding it a text file of hosts to access, or merely list hosts by DNS name or IP with spaces in between. Even if user names or passwords are different, fully-functional windows open as it attempts ssh connections to each host, with a red window you can use to control them all once you’ve authenticated to the ssh sessions.
From that point on, the world is your proverbial jerry-rigged oyster! To mimic ARD’s file transfers you could scp back to your machine (as kludges go, smileyface,) and another random tip: using the emacs readline functionality to jump to the beginning of a line with Ctrl-a still works, even though csshX uses that for a special purpose (as does the terminal multiplexer screen,) simply hit Ctrl-a again and the program will understand you wanted to send that to the remote sessions. Enjoy!

sites WordPress

Comments On krypted.com

Comments on this site have been a pain since I enabled them about 2 1/2 years ago. I believe I enabled them due to something some judgmental person said when they couldn’t comment on an article I had written. During the first year, there was a lot of fine tuning the spam blocking to try and keep out the spammy crap. That continues to be a work in progress, but it seems to be in pretty good shape.

During those couple of years I ended up racking up a queue of about 7,000 in the spam category and another 2,000+ in the pending category (which meant I need to deal with them). I was dealing with comments every day, but I’d miss a few and it built up over the course of a couple of years. Tonight, I either addressed or cleared out all but 17. My database is much happier. The 17 remaining are thoughtful questions and require thoughtful answers, so I’ll get to them when I have time to provide such an answer.

In the meantime, note that now that it’s all cleaned up, if there are any comments, feel free to post and I should actually respond at this point… Sorry for being latent on those up ’till now.

Mac OS X Server Mac Security

Forcing NFS to Use TCP

NFS has 3 settings in Lion Server: nbDaemons, the number of NFS daemons, useTCP, whether or not TCP is used and useUDP, whether or not udp is used. To disable UDP forces TCP:

serveradmin settings nfs:useUDP = 0

Or to turn UDP back on:

serveradmin settings nfs:useUDP = 1

To disable TCP if you’d rather just use UDP:

serveradmin settings nfs:useTCP = 0

Or to turn TCP back on:

serveradmin settings nfs:useTCP = 1

Mac OS X

Disable Rubber Band Scrolling In Lion & Up

10.7 and up have a little feature called elastic scrolling. When you get to the top of a page and you keep scrolling you see the linen background. There is a NAS devices whose web portals seems to be pretty shady overall, but specifically seems to lock up when this rubber band effect kicks in. So to disable:

defaults write -g NSScrollViewRubberbanding -bool FALSE

To disable the disable, or re-enable the effect:

defaults write -g NSScrollViewRubberbanding -bool TRUE

Mac OS X

Selecting Text in QuickLook

You’re searching for some content on your desktop and opening pages file after pages file and pdf after pdf in QuickLook. Finally you find that one juicy morsel. It’s a short script you just need to copy into your clipboard. But you can’t. The gods of technology are aligned against you, to make you hit command-O and then after waiting for the entire 3 seconds it takes Preview to open, you have to search within the document for that information. Holy crap, you just lost at least 5 to 8 seconds of your day. I guess now you have to cancel vacation or let your spouse know you’ll be home late late.

But you don’t have to miss the train. I have a step in my imaging workflow that you’re going to love. One of those little gems I put in my default user and had almost started thinking was the default until I realized it was part of my imaging workflow during ML upgrades. Gain back at least 10 seconds a day with this handy little option: enable text selection in QuickLook. Basically, if you click on text in QuickLook nothing happens, double-click the file to open. If you write the QLEnableTextSelection key into com.apple.finder (.plist) then log out, reboot or kill the Finder, you can click on text and it actually highlights (cue angelic chorus):

defaults write com.apple.finder QLEnableTextSelection -bool TRUE

And to kill the finder:

killall Finder

To undo:

defaults write com.apple.finder QLEnableTextSelection -bool FALSE

Now take that extra hour a year I gave ya’ and sumbit an article to this site using the Submit button in the toolbar!

Mac OS X Mass Deployment

Programmatically Running And Looping Keynote Presentations

These days, you can spend a lot of money buying really nice digital signage tools. And if you’re doing so, then you likely have some pretty dynamic content you’d like to load. Something that doesn’t necessarily lend itself to a dynamic content platform, but which is nice for the quick presentation that you whip up and want to use for a form of digital signage is Keynote presentations. These are inexpensive and can be played on monitors through AirPlay or directly through a Mac Mini connected to a television or big monitor. Great for a monitor in the company lobby, the hallway in the school or for subliminal messaging at the DMV to convince you that no, the guy with the forehead tat isn’t really going to shank you (srsly, metal detectors, pls).

There are a few issues there, though. First, for most uses, you need the presentation to either go on forever or need to queue up a bunch of them. Then, you need to set the presentation to automatically start when opened so that you can just open files through a script. Scripts being able to be set as login items for a default user. There are also some logistical issues with the physical hardware if it’s in public, but I’ll assume you’ve got those covered and move on to the technical details of how to do the above tasks.

To prepare a Keynote presentation, first open the Keynote, click on Inspector in the toolbar and then at the inspector click on the document icon (in the far left top corner of the inspector). Then, check the boxes for “Automatically play upon open” and “Loop slideshow”. This will automatically play the presentation and start it again when it’s done.


Then I’d use the second icon from the left on each slide to automate the transition to the next slide.


Then, the entire Keynote is automated. That part is all done within Keynote and the next part is just opening and closing Keynote from the command line. To open via ARD or another management tool, send the following command:

open /Users/admin/Desktop/Presentationname.key

Then to close Keynote and run something else:

killall Keynote

To close one presentation and immediately reopen a different presentation, merge the commands into one line:

killall Keynote; open /Users/admin/Desktop/Presentationname.key

Just make sure everything’s automated or the loop won’t run. Now, to automate events within Keynote will require clicking on things from an AppleScript or Automator workflow or using the AppleScript options for Keynote. To automate just clicking to move to another slide can be done with the following AppleScript (and sent via osascript), although it’s usually best done within Keynote:

tell application “System Events”
click
end tell

The following are all of the Keynote-specific options from Automator:

To close a single presentation, the following workflow would do the trick:

One challenge is that when you loop through different Keynote presentations, you would see the desktop of OS X and the Dock while Keynote is re-opening if you kill it off first. It should take a little less than a second. Once keynote re-opens, you see the menu for keynote for about another half second while the keynote document is opening. If I don’t close Keynote and instead just open a 2nd document then I see the Keynote menu bar for a split second while the second presentation is starting and I don’t end up seeing the actual Desktop. That would be done just by opening a second presentation from the command line. The caveat is that as you toggle between them, if you don’t kill off the Keynote application, you’ll end up starting where the other left off rather than at the beginning (which might be fine in a given workflow).

You can, if you need to kill the application, launch the screen saver first:

osascript -e 'tell application id "com.apple.ScreenSaver.Engine" to launch'

Or just in bash:

open -a /System/Library/Frameworks/ScreenSaver.framework//Versions/A/Resources/ScreenSaverEngine.app

This just fires up the screen saver to try and hide what you’re doing in the background. You can layer the three commands we’ve looked at on top of each other as a single command from ARD:

osascript -e 'tell application id "com.apple.ScreenSaver.Engine" to launch' ; killall Keynote ; open /Users/admin/Desktop/Presentationname.key

That would effectively kick off the screen saver, kill keynote while it’s hidden and then open the new presentation. The presentation would need to be transferred to the client system first, but that’s usually the easy part. You could also sleep the commands to bring up different presentations and bolt more logic in, although much of that is best left inside of Keynote itself. If you wanted to get extra crafty, in case the desktop did ever appear, you could have a fail safe of having the screen saver appear as the desktop background, which I wrote up awhile ago here. There are also various kiosk applications that do crazy things like replace the Finder or fire up kioskish (is that a word?!?!) browsers and the such, but all will likely require a little testing and massaging to get just right.

Overall, Apple products can make for pretty good signage options given how well they typically handle various graphics and connectivity, without buying 3rd party tools. You do get what you pay for, so it might be worth looking at some of those tools. Also, it’s worth noting that Rich Trouton wrote up a nice article on using AppleTV for this type of stuff here on his site. I’ve also scripted digital content delivery to Macs using Final Cut Server, CatDV and various scripting tools such as python. We’ve even gone so far as to programatically create the actual Keynote files, but that’s probably best saved for a github gist rather than a krypted.com post…

Mac OS X Server Mass Deployment

Add Services to Server Admin From the Command Line

In the Server Admin application, you need to enable any services before you can actually start them. In order to do so to a lot of servers at once, you want to automate that. Such automation can be done using the serveradmin command line options. The settings would be sent to info. To see all of the settings available there:

serveradmin settings info

Note that there’s a whole section for info:serviceConfig:

info:serviceConfig:roles:com.apple.SimpleServerSetup.ODPlugin:configured = yes
info:serviceConfig:services:com.apple.ServerAdmin.DirectoryServices:configured = yes
info:serviceConfig:services:com.apple.ServerAdmin.NetBoot:configured = no
info:serviceConfig:services:com.apple.ServerAdmin.AddressBook:configured = yes
info:serviceConfig:services:com.apple.ServerAdmin.SWUpdate:configured = yes
info:serviceConfig:services:com.apple.ServerAdmin.NAT:configured = no
info:serviceConfig:services:com.apple.ServerAdmin.Mail:configured = no
info:serviceConfig:services:com.apple.ServerAdmin.Notification:configured = yes
info:serviceConfig:services:com.apple.ServerAdmin.VPN:configured = yes
info:serviceConfig:services:com.apple.ServerAdmin.DHCP:configured = no
info:serviceConfig:services:com.apple.ServerAdmin.Calendar:configured = yes
info:serviceConfig:services:com.apple.ServerAdmin.AppleFile:configured = yes
info:serviceConfig:services:com.apple.ServerAdmin.Jabber:configured = yes
info:serviceConfig:services:com.apple.ServerAdmin.Radius:configured = no
info:serviceConfig:services:com.apple.ServerAdmin.IPFirewall:configured = no
info:serviceConfig:services:com.apple.ServerAdmin.Podcast:configured = no
info:serviceConfig:services:com.apple.ServerAdmin.Windows:configured = yes
info:serviceConfig:services:com.apple.ServerAdmin.DNS:configured = yes
info:serviceConfig:services:com.apple.ServerAdmin.NFS:configured = yes
info:serviceConfig:services:com.apple.ServerAdmin.Xgrid:configured = no
info:serviceConfig:services:com.apple.ServerAdmin.Web:configured = yes

Toggling these will cause the corresponding service to appear in Server Admin. So to enable the VPN service to show in Server Admin:

serveradmin settings info:serviceConfig:services:com.apple.ServerAdmin.VPN:configured=yes

The server name is also set in info at configuration time and while the wizard changes the name in some places, it doesn’t change the name that appears on client systems for Profile Manager Management Profiles. info:ComputerName is the name that was given to the server when Server.app was installed, which doesn’t necessarily match the output of scutil –get ComputerName or HostName. Anyway, overall, there are a few interesting settings in here and when I’m looking for something I rarely think to look here first. A tip of the hat to Allan Sanderson (@allansan) for pointing this out on the ‘ole Twitter.

Mac OS X Mac OS X Server Mac Security Mass Deployment

profiles -x: The Most Important New Feature In Mountain Lion!!!

There are a lot of cool new features in Mountain Lion. But the most important finds its way to us through how you can use the profiles command. If you can believe it (moment of suspense), the profiles command now supports a -x option that allows administrators to see what version of the profiles command is being run. OMGOMGOMGPWNIESOMGOMGOMG!!!

profiles -x

Since the profiles command appeared in Lion, the rev in Mountain Lion would arguably 2.0. Actually, if you check your output it’s 2.00!!! There ya’ go. Value, baby. That’s what Mountain Lion is all aboot! Other than that, the commands are about the same as when I wrote about them in Lion.

Mac OS X

Disable Shadows On Mac OS X Screenshots

Screenshot formats, locations and styles are controlled by the com.apple.screencapture defaults domain. This time of the year (or OS Release Cycle) I am doing a lot of screenshots. And while I love the way they look with drop shadows, no one else does. So I find myself frequently disabling those drop shadows. To do so:

defaults write com.apple.screencapture disable-shadow -bool true

Then reboot or killall SystemUIServer:

killall SystemUIServer

To get them back:

defaults write com.apple.screencapture disable-shadow -bool false ; killall SystemUIServer

iPhone Mac OS X Mass Deployment

JAMF Nation User Conference 2012

JAMF has announced the 2012 rendition of their National User Conference. Having been to two of these, I can say that if you use any JAMF products that it is a great event to attend. It is a lot of very specific information about integrating, mass deploying, mass managing, mass document distributing and mass 3rd partying for Apple products.

The National User Conference will be held October 23-25 2012, 8:00 am – 5:00 pm in beautiful Minneapolis, Minnesota (where all the cool kids live). The venue is one of the best conference spots I’ve seen in the Guthrie theater, overlooking the stone arch bridge. In previous years, there have been announcements, new versions, people discussing their specific integrations, etc. I would also think that if you use another product that you might find the conference helpful, as you get to see whether the grass really is greener on the other side!

Anyway, I recommend coming out to Minneapolis for this one if you can. And if you do, let me know!