When working at scale, and particularly with hosts that need to have the same configuration or you want to perform the same queries on, the issue becomes how do I ‘reach out and touch’ my fleet? Without centralized infrastructure
backed by a messaging broker
or a heavier process that leaves hooks in systems and/or requires its own domain specific language, sometimes you can get by with… plain ol’ ssh. Apple Remote Desktop can take us a lot of the way there, and one of the announced features of Mountain Lion
is that screen sharing gets another piece of ARD’s pie, the ability to drag-and-drop files to transfer them to the remote machine. But when trying to use features other than screen control, ARD has been found to be hit-or-miss (or misreporting the functionality of hosts) in some circumstances.
csshX in action
‘Scripty’ folks look at these issues and craft tools to meet the challenge-slash-obscure-use case. Perl has long been relied upon for network-aware utilities, and csshX
is a tool for managing a ‘cluster’ of ssh sessions on the Mac. You can download or checkout the code from its googlecode site, and it has a man page that can be accessed when calling the binary directly with the -m switch. Options include telling it the login and/or password to use, feeding it a text file of hosts to access, or merely list hosts by DNS name or IP with spaces in between. Even if user names or passwords are different, fully-functional windows open as it attempts ssh connections to each host, with a red window you can use to control them all once you’ve authenticated to the ssh sessions.
From that point on, the world is your proverbial jerry-rigged oyster! To mimic ARD’s file transfers you could scp back to your machine (as kludges go, smileyface,) and another random tip: using the emacs readline functionality to jump to the beginning of a line with Ctrl-a still works, even though csshX uses that for a special purpose (as does the terminal multiplexer screen,) simply hit Ctrl-a again and the program will understand you wanted to send that to the remote sessions. Enjoy!
krypted June 28th, 2012
Posted In: Mass Deployment
Apple Remote Desktop, ARD, Casper, cdist, configuration management, csshX, deepfreeze, fabric, Marionette Collective, mcollective, Puppet, remote management, ssh, sync tool
Comments on this site have been a pain since I enabled them about 2 1/2 years ago. I believe I enabled them due to something some judgmental person said when they couldn’t comment on an article I had written. During the first year, there was a lot of fine tuning the spam blocking to try and keep out the spammy crap. That continues to be a work in progress, but it seems to be in pretty good shape.
During those couple of years I ended up racking up a queue of about 7,000 in the spam category and another 2,000+ in the pending category (which meant I need to deal with them). I was dealing with comments every day, but I’d miss a few and it built up over the course of a couple of years. Tonight, I either addressed or cleared out all but 17. My database is much happier. The 17 remaining are thoughtful questions and require thoughtful answers, so I’ll get to them when I have time to provide such an answer.
In the meantime, note that now that it’s all cleaned up, if there are any comments, feel free to post and I should actually respond at this point… Sorry for being latent on those up ’till now.
krypted June 26th, 2012
Posted In: sites, WordPress
NFS has 3 settings in Lion Server: nbDaemons, the number of NFS daemons, useTCP, whether or not TCP is used and useUDP, whether or not udp is used. To disable UDP forces TCP:
serveradmin settings nfs:useUDP = 0
Or to turn UDP back on:
serveradmin settings nfs:useUDP = 1
To disable TCP if you’d rather just use UDP:
serveradmin settings nfs:useTCP = 0
Or to turn TCP back on:
serveradmin settings nfs:useTCP = 1
krypted June 25th, 2012
Posted In: Mac OS X Server, Mac Security
disable TCP, disable UDP, Enable TCP for NFS in Lion Server, increase nbDaemons, NFS, NFS not in Server Admin, serveradmin, useUDP
You’re searching for some content on your desktop and opening pages file after pages file and pdf after pdf in QuickLook. Finally you find that one juicy morsel. It’s a short script you just need to copy into your clipboard. But you can’t. The gods of technology are aligned against you, to make you hit command-O and then after waiting for the entire 3 seconds it takes Preview to open, you have to search within the document for that information. Holy crap, you just lost at least 5 to 8 seconds of your day. I guess now you have to cancel vacation or let your spouse know you’ll be home late late.
But you don’t have to miss the train. I have a step in my imaging workflow that you’re going to love. One of those little gems I put in my default user and had almost started thinking was the default until I realized it was part of my imaging workflow during ML upgrades. Gain back at least 10 seconds a day with this handy little option: enable text selection in QuickLook. Basically, if you click on text in QuickLook nothing happens, double-click the file to open. If you write the QLEnableTextSelection key into com.apple.finder (.plist) then log out, reboot or kill the Finder, you can click on text and it actually highlights (cue angelic chorus):
defaults write com.apple.finder QLEnableTextSelection -bool TRUE
And to kill the finder:
defaults write com.apple.finder QLEnableTextSelection -bool FALSE
Now take that extra hour a year I gave ya’ and sumbit an article to this site using the Submit button in the toolbar!
krypted June 23rd, 2012
Posted In: Mac OS X
com.apple.finder, Command line, defaults write com.apple.finder QLEnableTextSelection -bool FALSE, edit plists, killall finder, QuickLook, search for documents, select text
These days, you can spend a lot of money buying really nice digital signage tools. And if you’re doing so, then you likely have some pretty dynamic content you’d like to load. Something that doesn’t necessarily lend itself to a dynamic content platform, but which is nice for the quick presentation that you whip up and want to use for a form of digital signage is Keynote presentations. These are inexpensive and can be played on monitors through AirPlay or directly through a Mac Mini connected to a television or big monitor. Great for a monitor in the company lobby, the hallway in the school or for subliminal messaging at the DMV to convince you that no, the guy with the forehead tat isn’t really going to shank you (srsly, metal detectors, pls).
There are a few issues there, though. First, for most uses, you need the presentation to either go on forever or need to queue up a bunch of them. Then, you need to set the presentation to automatically start when opened so that you can just open files through a script. Scripts being able to be set as login items for a default user. There are also some logistical issues with the physical hardware if it’s in public, but I’ll assume you’ve got those covered and move on to the technical details of how to do the above tasks.
To prepare a Keynote presentation, first open the Keynote, click on Inspector in the toolbar and then at the inspector click on the document icon (in the far left top corner of the inspector). Then, check the boxes for “Automatically play upon open” and “Loop slideshow”. This will automatically play the presentation and start it again when it’s done.
Then I’d use the second icon from the left on each slide to automate the transition to the next slide.
Then, the entire Keynote is automated. That part is all done within Keynote and the next part is just opening and closing Keynote from the command line. To open via ARD or another management tool, send the following command:
Then to close Keynote and run something else:
To close one presentation and immediately reopen a different presentation, merge the commands into one line:
killall Keynote; open /Users/admin/Desktop/Presentationname.key
Just make sure everything’s automated or the loop won’t run. Now, to automate events within Keynote will require clicking on things from an AppleScript or Automator workflow or using the AppleScript options for Keynote. To automate just clicking to move to another slide can be done with the following AppleScript (and sent via osascript), although it’s usually best done within Keynote:
tell application “System Events”
The following are all of the Keynote-specific options from Automator:
To close a single presentation, the following workflow would do the trick:
One challenge is that when you loop through different Keynote presentations, you would see the desktop of OS X and the Dock while Keynote is re-opening if you kill it off first. It should take a little less than a second. Once keynote re-opens, you see the menu for keynote for about another half second while the keynote document is opening. If I don’t close Keynote and instead just open a 2nd document then I see the Keynote menu bar for a split second while the second presentation is starting and I don’t end up seeing the actual Desktop. That would be done just by opening a second presentation from the command line. The caveat is that as you toggle between them, if you don’t kill off the Keynote application, you’ll end up starting where the other left off rather than at the beginning (which might be fine in a given workflow).
You can, if you need to kill the application, launch the screen saver first:
osascript -e 'tell application id "com.apple.ScreenSaver.Engine" to launch'
Or just in bash:
open -a /System/Library/Frameworks/ScreenSaver.framework//Versions/A/Resources/ScreenSaverEngine.app
This just fires up the screen saver to try and hide what you’re doing in the background. You can layer the three commands we’ve looked at on top of each other as a single command from ARD:
osascript -e 'tell application id "com.apple.ScreenSaver.Engine" to launch' ; killall Keynote ; open /Users/admin/Desktop/Presentationname.key
That would effectively kick off the screen saver, kill keynote while it’s hidden and then open the new presentation. The presentation would need to be transferred to the client system first, but that’s usually the easy part. You could also sleep the commands to bring up different presentations and bolt more logic in, although much of that is best left inside of Keynote itself. If you wanted to get extra crafty, in case the desktop did ever appear, you could have a fail safe of having the screen saver appear as the desktop background, which I wrote up awhile ago here
. There are also various kiosk applications that do crazy things like replace the Finder or fire up kioskish (is that a word?!?!) browsers and the such, but all will likely require a little testing and massaging to get just right.
Overall, Apple products can make for pretty good signage options given how well they typically handle various graphics and connectivity, without buying 3rd party tools. You do get what you pay for, so it might be worth looking at some of those tools. Also, it’s worth noting that Rich Trouton wrote up a nice article on using AppleTV for this type of stuff here on his site
. I’ve also scripted digital content delivery to Macs using Final Cut Server, CatDV and various scripting tools such as python. We’ve even gone so far as to programatically create the actual Keynote files, but that’s probably best saved for a github gist rather than a krypted.com post…
krypted June 22nd, 2012
Posted In: Mac OS X, Mass Deployment
API, applescript keynote, digital signage, keynote, keynote automation, keynote.app, Lion, MAC, osascript, play keynotes automatically, run keynote from the command line, run screen saver, script
In the Server Admin application, you need to enable any services before you can actually start them. In order to do so to a lot of servers at once, you want to automate that. Such automation can be done using the serveradmin command line options. The settings would be sent to info. To see all of the settings available there:
serveradmin settings info
Note that there’s a whole section for info:serviceConfig:
info:serviceConfig:roles:com.apple.SimpleServerSetup.ODPlugin:configured = yes
info:serviceConfig:services:com.apple.ServerAdmin.DirectoryServices:configured = yes
info:serviceConfig:services:com.apple.ServerAdmin.NetBoot:configured = no
info:serviceConfig:services:com.apple.ServerAdmin.AddressBook:configured = yes
info:serviceConfig:services:com.apple.ServerAdmin.SWUpdate:configured = yes
info:serviceConfig:services:com.apple.ServerAdmin.NAT:configured = no
info:serviceConfig:services:com.apple.ServerAdmin.Mail:configured = no
info:serviceConfig:services:com.apple.ServerAdmin.Notification:configured = yes
info:serviceConfig:services:com.apple.ServerAdmin.VPN:configured = yes
info:serviceConfig:services:com.apple.ServerAdmin.DHCP:configured = no
info:serviceConfig:services:com.apple.ServerAdmin.Calendar:configured = yes
info:serviceConfig:services:com.apple.ServerAdmin.AppleFile:configured = yes
info:serviceConfig:services:com.apple.ServerAdmin.Jabber:configured = yes
info:serviceConfig:services:com.apple.ServerAdmin.Radius:configured = no
info:serviceConfig:services:com.apple.ServerAdmin.IPFirewall:configured = no
info:serviceConfig:services:com.apple.ServerAdmin.Podcast:configured = no
info:serviceConfig:services:com.apple.ServerAdmin.Windows:configured = yes
info:serviceConfig:services:com.apple.ServerAdmin.DNS:configured = yes
info:serviceConfig:services:com.apple.ServerAdmin.NFS:configured = yes
info:serviceConfig:services:com.apple.ServerAdmin.Xgrid:configured = no
info:serviceConfig:services:com.apple.ServerAdmin.Web:configured = yes
Toggling these will cause the corresponding service to appear in Server Admin. So to enable the VPN service to show in Server Admin:
serveradmin settings info:serviceConfig:services:com.apple.ServerAdmin.VPN:configured=yes
The server name is also set in info at configuration time and while the wizard changes the name in some places, it doesn’t change the name that appears on client systems for Profile Manager Management Profiles. info:ComputerName is the name that was given to the server when Server.app was installed, which doesn’t necessarily match the output of scutil –get ComputerName or HostName. Anyway, overall, there are a few interesting settings in here and when I’m looking for something I rarely think to look here first. A tip of the hat to Allan Sanderson (@allansan) for pointing this out on the ‘ole Twitter.
krypted June 21st, 2012
Posted In: Mac OS X Server, Mass Deployment
Enable Service, enable serviceConfig, info:serviceConfig, Lion, Mac OS X Server, serveradmin settings, Services, show DHCP
There are a lot of cool new features in Mountain Lion. But the most important finds its way to us through how you can use the profiles command. If you can believe it (moment of suspense), the profiles command now supports a -x option that allows administrators to see what version of the profiles command is being run. OMGOMGOMGPWNIESOMGOMGOMG!!!
Since the profiles command appeared in Lion, the rev in Mountain Lion would arguably 2.0. Actually, if you check your output it’s 2.00!!! There ya’ go. Value, baby. That’s what Mountain Lion is all aboot! Other than that, the commands are about the same as when I wrote about them in Lion
krypted June 21st, 2012
Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment
CLI, command line changes, mountain lion, profiles command
Screenshot formats, locations and styles are controlled by the com.apple.screencapture defaults domain. This time of the year (or OS Release Cycle) I am doing a lot of screenshots. And while I love the way they look with drop shadows, no one else does. So I find myself frequently disabling those drop shadows. To do so:
defaults write com.apple.screencapture disable-shadow -bool true
Then reboot or killall SystemUIServer:
To get them back:
defaults write com.apple.screencapture disable-shadow -bool false ; killall SystemUIServer
krypted June 19th, 2012
Posted In: Mac OS X
defaults write com.apple.screencapture disable-shadow -bool false ; killall SystemUIServer, disable shadows, dropshadows, Lion, Mac OS X, mountain lion, screen capture, screen shots
Next Page »
JAMF has announced the 2012 rendition of their National User Conference. Having been to two of these, I can say that if you use any JAMF products that it is a great event to attend. It is a lot of very specific information about integrating, mass deploying, mass managing, mass document distributing and mass 3rd partying for Apple products.
The National User Conference will be held October 23-25 2012, 8:00 am – 5:00 pm in beautiful Minneapolis, Minnesota (where all the cool kids live). The venue is one of the best conference spots I’ve seen in the Guthrie theater, overlooking the stone arch bridge. In previous years, there have been announcements, new versions, people discussing their specific integrations, etc. I would also think that if you use another product that you might find the conference helpful, as you get to see whether the grass really is greener on the other side!
Anyway, I recommend coming out to Minneapolis for this one if you can. And if you do, let me know!
krypted June 18th, 2012
Posted In: iPhone, Mac OS X, Mass Deployment
deployment, ios, JAMF User Conference, Lion, lion server, Mac OS X, National User Conference