Category Archives: Xsan

iPhone Mac OS X Mac OS X Server Mac Security Mass Deployment Network Infrastructure Xsan

Upgrading To OS X Server (4.0) on Yosemite

Setting up OS X Server has never been easier. Neither has upgrading OS X Server. In this article, we’ll look at upgrading a Mac from OS X 10.8 or 10.9 running Server 2 or Server 3 to OS X 10.10 (Mavericks) running Server 4.

The first thing you should do is clone your system. The second thing you should do is make sure you have a good backup. The third thing you should do is make sure you can swap back to the clone should you need to do so and that your data will remain functional on the backup. The fourth thing you should do is repeat all that and triple check that your data is there!

Once you’re sure that you have a fallback plan, let’s get started by downloading OS X Yosemite from the App Store. I would also purchase the Server app first while Yosemite is downloading. Screen Shot 2014-11-04 at 7.15.56 PM Once downloaded, you’ll see Install OS X Yosemite sitting in LaunchPad. Once downloaded, you’ll see Install OS X Yosemite sitting in LaunchPad, as well as in the /Applications folder.

Screen Shot 2014-11-04 at 5.09.18 PM

Open the app and click Continue (provided of course that you are ready to restart the computer and install OS X Yosemite).

Screen Shot 2013-10-04 at 4.45.46 PMAt the licensing agreement, click Agree (or don’t and there will be no Mavericks for you).

Screen Shot 2013-10-04 at 4.45.48 PMAt the pop-up click Agree again, unless you’ve changed your mind about the license agreement in the past couple of seconds.

Screen Shot 2013-10-04 at 4.45.52 PMAt the Install screen, click Install and the computer will reboot and do some installation fun stuff.

Screen Shot 2013-10-04 at 4.45.54 PMOnce done and you’re looking at the desktop, download the latest version of the Server app you should have purchased previously, if you haven’t already. Then open it.

Screen Shot 2014-11-04 at 5.13.05 PM
If prompted that the Server app was replaced, click OK. Then open the app.

Screen Shot 2013-10-04 at 5.48.52 PMAt the Update screen, click Continue (assuming this is the server you’re upgrading).

Screen Shot 2014-11-04 at 5.13.09 PMAt the Licensing screen, click Agree.

Screen Shot 2014-11-04 at 5.13.12 PMWhen prompted for an administrator account, provide the username and password of an administrator and click OK.

Screen Shot 2014-11-04 at 7.28.07 PMWhen the app opens, verify DNS (absolutely the most important element of this upgrade), etc and then check that configured services still operate as intended. If you end up deciding that you no longer need OS X Server, just delete the app and the contents of /Library/Server and you’re good. Handle with Care.

Mac OS X Server Xsan

Yosemite Server: Configure Clients In Xsan 4 Environments

Yosemite brings Xsan 4, which brings a new way to add clients to an Xsan. Xsan Admin is gone. From now on, instead of scanning the network using Xsan Admin. we’ll be adding clients using a Configuration Profile. This is actually a much more similar process to adding Xsan clients to a StorNext environment than it is to adding clients to Metadata Controllers running Xsan 3 and below. But instead of making a fsnameservers file, we’re plugging that information into a profile, which will do that work on the client on our behalf. To make the Xsan configuration profile, we’re going to use Profile Manager.

To get started, open the Profile Manager web interface and click on a device or device group (note, these are scoped to systems so cannot be used with users and user groups). Then click on the Settings tab for the object you’re configuring Xsan for.

Screen Shot 2014-10-29 at 11.37.14 AM

Click Edit for the profile listed (Settings for <objectname>) and scroll down until you see the entry for Xsan.

Screen Shot 2014-10-29 at 11.37.32 AM

From the Xsan screen, click Configure.

Screen Shot 2014-10-29 at 11.37.41 AM

This next screen should look a little similar, in terms of the information you’ve plugged into the Xsan 4 setup screen. Simply enter the name of the Xsan in the Xsan Name field, the IP address or host names of your metadata controllers in the File System Name Servers field and the Authentication Secret from the Xsan screen in the Server app into the Authentication Secret field. Click OK to close the dialog.

Screen Shot 2014-10-29 at 11.38.29 AM

Click Save to save your changes. Then you’ll see the Download button become clickable.

Screen Shot 2014-10-29 at 11.44.15 AM

The profile will download to your ~/Downloads directory as Settings_for_<OBJECTNAME>.mobileconfig. So this was called test and will result in a name of Settings_for_test.mobileconfig. That profile will automatically attempt to install. If this is an MDC where you’re just using Profile Manager to bake a quick profile, or if you don’t actually want to install the profile yet, click Cancel.

Screen Shot 2014-10-29 at 11.43.43 AM

If you haven’t worked with profiles that much, note that when you click Show Profile, it will show you what is in the profile and what the profile can do.

Screen Shot 2014-10-29 at 11.43.59 AM

Simply open this file on each client (once you test it of course) and once installed, they’ll automatically configure to join your Xsan. If you don’t have a Profile Manager server, you can customize this file for your environment (YMMV): Settings_for_test.mobileconfig

Mac OS X Mac OS X Server Mac Security Mass Deployment Xsan

Yosemite Server And Logs

OS X Yosemite running the Server app has a lot of scripts used for enabling services, setting states, changing hostnames and the like. Once upon a time there was a script for OS X Server called server setup. It was a beautiful but too simplistic kind of script. Today, much of that logic has been moved out into more granular scripts, kept in /Applications/Server.app/Contents/ServerRoot/System/Library/ServerSetup, used by the server to perform all kinds of tasks. These scripts are, like a lot of other things in Yosemite Server. Some of these include the configuration of amavisd, docecot and alerts. These scripts can also be used for migrating services and data. Sometimes the scripts are in bash, sometimes ruby, sometimes perl and other times even python. And the scripts tend to change year over year/release over release.

One of the things that can can be useful about the scripts scattered throughout the Server app is to learn how the developers of OS X Server intend for certain tasks to occur.

Looking At Services

This is also where I learned that Apple had put an Open Directory backup script in /Applications/Server.app/Contents/ServerRoot/usr/libexec/server_backup/opendirectorybackup (that still requires a password). But what I haven’t seen in all of these logs is bumping up the logging level for services before performing tasks, so that you can see a verbose output of what’s going on. To do this, it looks like we’re going service-by-service. So let’s look alphabetically, starting with Address Book:

sudo serveradmin settings addressbook:DefaultLogLevel = “warn”

This by defualt logs to /var/log/caldavd/error.log, which is built based on the following, which sets the base:

sudo serveradmin settings addressbook:LogRoot=/var/log/caldavd

And the following, which sets the file name in that directory:

sudo serveradmin settings addressbook:ErrorLogFile=error.log

You can change either by changing what comes after the = sign. Next is afp. This service logs output to two places. The first is with errors to the service, using /Library/Logs/AppleFileService/AppleFileServiceError.log, the path designated in the following:

sudo serveradmin settings afp:errorLogPath = “/Library/Logs/AppleFileService/AppleFileServiceError.log”

The second location logs activities (open file, delete file, etc) rather than errors and is /Library/Logs/AppleFileService/AppleFileServiceAccess.log, defined using:

sudo serveradmin settings afp:activityLogPath = “/Library/Logs/AppleFileService/AppleFileServiceAccess.log”

The activity log is disabled by default and enabled using the command:

sudo serveradmin settings afp:activityLog = yes

The events that trigger log entries are in the afp:loggingAttributes array and are all enabled by default. There are no further controls for the verbosity of the afp logs. The next service is calendar. Similar to address book, the caldav server uses DefaultLogLevel to set how much data gets placed into logs:

sudo serveradmin settings calendar:DefaultLogLevel = “warn”

This by defualt logs to /var/log/caldavd/error.log, which is built based on the following, which sets the base:

sudo serveradmin settings calendar:LogRoot=/var/log/caldavd

And the following, which sets the file name in that directory:

sudo serveradmin settings calendar:ErrorLogFile=error.log

You can changing either by changing what comes after the = sign.
Profile Manager is called devicemgr in the serveradmin interface and I’ve found no way to augment the logging levels. Nor does its migration script ( /Applications/Server.app/Contents/ServerRoot/System/Library/ServerSetup/MigrationExtras/80-devicemgrmigration.sh ) point to any increased logging during migration.

The dirserv (aka Open Directory) uses the slapconfig back-end, so I use slapconfig to increase logging:

sudo slapconfig -enableslapdlog

The DNS service uses named.conf, located in /etc to set log levels and has no serveradmin settings for doing so. Here, use the logging section and look for both the file setting (by default /Library/Logs/named.log) for where the log is stored as well as the severity setting, which can set the logging levels higher or lower.

By default Messages, or iChat Server, logs a lot. See the following for what is logged:

sudo serveradmin settings jabber:logLevel = “ALL”

Adding the -D option to the LaunchDaemon that invokes jabber will increase the logs. Logging long-term is handled in each of the xml files that make up the features of jabber. See the Logconfiguration section of the c2s file via:

cat /Applications/Server.app/Contents/ServerRoot/private/etc/jabberd/c2s.xml

The mail service has a number of options for logging, much of which has to do with the fact that it’s a patchy solution made up of postfix, etc. Global log locations are controlled using the mail:global:service_data_path key, which indicates a path that logs are stored in (as usual many of these are in /Library/Server):

sudo serveradmin settings mail:global:service_data_path = "/Library/Server/Mail"

To see the virus database logging levels (which should usually be set to warn):

sudo serveradmin settings mail:postfix:virus_db_log_level

To see the spamassassin logging levels:

sudo serveradmin settings mail:postfix:spam_log_level

To see the actual postfix logging level:

sudo serveradmin settings mail:postfix:log_level

To enable timestamps on logs:

sudo serveradmin settings mail:imap:logtimestamps = yes

To set the dovecot logging to info:

sudo serveradmin settings mail:imap:log_level = “info”

To set increased logging per function that dovecot performs, see the config files in /Applications/Server.app/Contents/ServerRoot/private/etc/dovecot/default/conf.d, each of which has a logging section to do so.

The NetBoot service is simple to configure logging for, simply set the netboot:logging_level to HIGH (by default it’s MEDIUM):

sudo serveradmin settings netboot:logging_level = “HIGH”

The Postgres service uses a log directory, configured with postgres:log_directory:

sudo serveradmin settings postgres:log_directory = “/Library/Logs/PostgreSQL”

The /private/etc/raddb/radiusd.conf has a section (log {}) dedicated to configuring how the radius service logs output.

The Xsan service logs output per volume to both the System Log and volume-based log files, stored in /Library/Preferences/Xsan/data.

The smb service has a file /Library/Preferences/SystemConfiguration/com.apple.smb.server.plist with a key for log level that can be used for more verbose output of the service.

The PPTP VPN service logs output to the file specified in vpn:Servers, configured with these:

sudo serveradmin settings vpn:Servers:com.apple.ppp.pptp:Server:LogFile = “/var/log/ppp/vpnd.log”
sudo serveradmin settings vpn:Servers:com.apple.ppp.pptp:PPP:LogFile = “/var/log/ppp/vpnd.log”
sudo serveradmin settings vpn:Servers:com.apple.ppp.l2tp:Server:LogFile = “/var/log/ppp/vpnd.log”
sudo serveradmin settings vpn:Servers:com.apple.ppp.l2tp:PPP:LogFile = “/var/log/ppp/vpnd.log”

By default, verbose logging is enabled, which you can see with:

sudo serveradmin settings vpn:Servers:com.apple.ppp.pptp:Server:VerboseLogging
sudo serveradmin settings vpn:Servers:com.apple.ppp.pptp:PPP:VerboseLogging
sudo serveradmin settings vpn:Servers:com.apple.ppp.l2tp:Server:VerboseLogging
sudo serveradmin settings vpn:Servers:com.apple.ppp.l2tp:PPP:VerboseLogging

The last service is web (Apache). The default access logs are per-site, with a key called customLogPath existing for each. The defaultSite uses the following for its logs:

sudo serveradmin settings web:defaultSite:customLogPath

Swap out the defaultSite with another site to see its log paths. There’s also a key for errorLogPath that shows errors. These are per-site so that administrators can provide access to logs for the owners of each site and not fear them having access to logs for other users. Global error logs are stored in /private/var/log/apache2/error_log as defined in /private/etc/apache2/httpd.conf. Find LogLevel in this file and set it to configure how in depth the logs will be, using debug for the most verbose and info, notice, warn, error, crit, alert, and emerg to get incrementally less information.

Additionally the log formats can be set in /private/etc/apache2/httpd.conf, allowing administrators to configure Yosemite Server’s built-in web service to conform to the standards of most modern web log analyzers.

Conclusion

Overall, there’s a lot of information in these logs and administrators can spend as much time reviewing logs as they want. But other than standard system logs, the output is typically configured on a service-by-service basis. Some services offer a lot of options and others offering only a few. Some services also offer options within the serveradmin environment while others use their traditional locations in their configuration files. I’ll end this with a warning. There can also be a lot of output in these logs. Therefore, if you set the logging facilities high, make sure to keep a watchful eye on the capacity of the location you’re writing logs out to. The reason I looked at paths to logs where applicable was because you might want to consider redirecting logs to an external volume when debugging so as not to fill up a boot volume and cause even more problems than what you’re likely parsing through logs looking to fix…

Mac OS X Mac OS X Server Mac Security Mass Deployment Unix Windows Server Xsan

Make iMovie Work With Network Volumes

I work with a lot of network storage and video world stuff. While most in the editorial world prefer FinalCut, Avid, Adobe and other tools for video management, I do see the occasional task done in iMovie. By default, iMovie doesn’t support using assets stored on network volumes. However, you can make it. To do so, just use defaults to write com.apple.iMovieApp with a boolean allowNV key marked as true:

defaults write com.apple.iMovieApp allowNV -bool TRUE

imovie

Xsan

Access Qlogic Switches & Other Java Apps From OS X

Qlogic fibre channel switches are about the most common I see in Xsan environments. A common frustration when managing a Qlogic switch is that the Java runtime used to manage the switch is blocked from most OS X systems by default. But it’s pretty easy to get into them with a couple of minor adjustments.

To get started, first download and install the latest Java from here. Once installed, open System Preferences on your Mac and then open the Java Preferences. Here, click on the Security tab.

Screen Shot 2014-03-17 at 10.43.11 AM

Click Edit Site List… In the pop-up, click Add and enter http:// followed by the name or IP address of your switch.

Screen Shot 2014-03-17 at 10.42.45 AM

Click on OK to commit your changes. Then access the switch address from Firefox (what I use for these) or whatever browser you prefer. Because the switch has a self-signed certificate, you’ll be prompted with a  security warning. Here, click the checkbox for “I accept the risk and want to run this application” and then click on the Run button.

Screen Shot 2014-03-17 at 10.40.21 AM

You’ll then be prompted by another Security Warning dialog. This one is indicating that the Java applet is potentially unsafe. Because we somewhat trust Qlogic, click Don’t Block. You’ll have to click this one every time you access the switch.

Screen Shot 2014-03-17 at 10.43.48 AM

The switch interface then opens and you can manage your switch as needed.

Screen Shot 2014-03-17 at 10.45.20 AM

Enjoy.

Mac OS X Mac OS X Server Xsan

Test Volume Speeds for Xsan Metadata Controllers

I have used a variety of tools for testing the speed of Xsan volumes. But none have been as easy as the BlackMagic Disk Speed Test. It’s cute, it’s fast, it’s very informative and it requires no Terminal, unlike the other tools I’ve used for years. To use Disk Speed Test, first download it from the Mac App Store (it’s free). Then mount the volume you’d like to test and open the Disk Speed Test app.

BlackMagic1

 

Click on the Settings icon in the middle and select the volume you’d like to test.

BlackMagic2

Then click Start. Enjoy.

VMware Xsan

Resolve Error 1006.0005 For Qlogic Switches

Error 1006.0005 can appear on a Qlogic fibre channel switch when using ACL zones. If you don’t need ACL zones, then the easiest thing to do here is to swap the offending zone back to a soft zone. To do so, open the Qlogic Switch and use the Edit menu to select “Edit Zoning …”

Screen Shot 2014-03-05 at 2.12.57 PM

From the zone editor, right-click on the zone to change and click on Set Zone Type.

Screen Shot 2014-03-05 at 2.17.24 PM

From the Set Zone Type pop-up, click on the option for Soft.

Screen Shot 2014-03-05 at 2.18.37 PM

Save the zoning and provided that you can actually use soft zones you are done. Now, what if you can’t use soft zoning? In that case, I find that this error specifically comes up when you have a device in a soft and ACL-based zone. To rectify that, either switch the soft zone to ACL or define the port in the ACL zone and the WWN in the soft zone.

Mac OS X Mac OS X Server Xsan

Recycling The Promise X10

The Promise X30 and beyond have been out for some time. I find that as the older X10 units reach the next phase of their lifecycle, removing LUNs and RAIDs from the units is a necessity. While many are put back into production as near-line or backup storage (with new drives even) these RAIDs still need to be cleaned off. As such, an example of doing so might be creating one large LUN each of an E+J pair.

First, let’s delete our spare drives. To do so, click on Spare Drives in the sidebar.

Screen Shot 2014-01-29 at 11.49.49 AM

Then click on the Delete tab.

Screen Shot 2014-01-29 at 11.48.37 AM

Check all of the boxes and then click on the Submit button.

Screen Shot 2014-01-29 at 11.50.04 AM

When prompted, type the word CONFIRM and press Enter.

Next, let’s delete our arrays. To get started, click on the Disk Arrays button in the explorer sidebar.

Screen Shot 2014-01-29 at 11.47.56 AM

Click on the Delete tab.

Screen Shot 2014-01-29 at 11.48.35 AM

Check the box for each array that you’d like to delete, noting that this step is irrecoverable and if you don’t mean to, you will end up loosing all of the data on these LUNs forever and ever and ever (unless of course you immediately call Promise and get them to help you restore them, by reconstructing the array – which of course can’t be guaranteed nor considered an option – but I’ve seen it happen as long as you don’t do anything else).

 

 

 

Click Submit. When prompted, type the word CONFIRM.

Screen Shot 2014-01-29 at 11.48.43 AM

Click OK and viola, you can now upload a new script to config the unit. Enjoy.

 

Mac OS X Mac OS X Server Mac Security Xsan

Disable Swap Files In OS X

Every now and then I need to reclaim that space in /var/vm or I need to stop a process from paging to swap files while I’m troubleshooting something else. I in no way endorse disabling swap files (which basically kills using swap files as a part of your overall virtual memory) for extended periods of time. However, it has saved me in the case of stability concerns long enough to get a system patched or something like that.

To disable OS X swap files, all you need to do is stop the com.apple.dynamic_pager daemon and restart. Use launchctl to stop:

sudo launchctl unload -wF /System/Library/LaunchDaemons/com.apple.dynamic_pager.plist

Once restarted, you may need to remove the files in /var/vm as that is where the swap files are stored. To do so, rm the contents of /var/vm:

rm /var/vm/swapfile*

You should also be able to get rid of the sleepimage file in that directory if needed. Since this is supposed to be a temporary or troubleshooting measure, to turn swapping back on:

sudo launchctl load -wF /System/Library/LaunchDaemons/com.apple.dynamic_pager.plist