krypted.com

Tiny Deathstars of Foulness

Let’s start out with what’s actually available in the Server Admin CLI: serveradmin. The serveradmin command, followed by settings, followed by san shows a few pieces of information:

bash-3.2# serveradmin settings san
san:computers = _empty_array
san:primaryController = "95C99FB1-80F2-5016-B9C3-BE3916E6E5DC"
san:ownerEmail = "krypted@me.com"
san:sanName = "krypted"
san:desiredSearchPolicy:_array_index:0 = ""
san:serialNumbers = _empty_array
san:dsType = 0
san:ownerName = "Charles Edge"
san:managePrivateNetwork = yes
san:metadataNetwork = "10.0.0.0/24"
san:numberOfFibreChannelPorts = 2
san:role = "CONTROLLER"

Here, we see the metadata network, the GUID of the primary (active) MDC, the name of the SAN, an array of serial numbers (if applicable – in a purely Mountain Lion/Mavericks SAN they aren’t), the owner info plugged in earlier and the metadata network interface being used.
Next, we’ll take a peak at the fsm process for each volume:

bash-3.2# ps aux | grep fsm
root 7030 0.7 0.7 2694708 62468 ?? Ss 10:18AM 0:03.08 /System/Library/Filesystems/acfs.fs/Contents/bin/fsm BettyWhite mdm.pretendco.lan 0
root 6834 0.1 0.0 2478548 2940 ?? S 10:10AM 0:01.37 fsmpm -- -- /var/run/fsmpm-sync.6800 1800

Next, we can look at the version rev, which shows that the Server Revision is the same as in Mavericks, but the build number has incremented by 19 commits:

bash-3.2# cvversions
File System Server:
Server Revision 5 Branch Head
Created on Tue Sep 13 09:59:14 PDT 2015
Built in /SourceCache/XsanFS/XsanFS-527/buildinfo
Host OS Version:
Darwin 14.0.0 Darwin Kernel Version 14.0.0: Sat Sep 24 01:15:10 PDT 2015; root:xnu-2738.0.0.0.5~1/RELEASE_X86_64 x86_64

Next, we’ll check out the contents of /Library/Preferences/Xsan. First the volume configuration file:

bash-3.2# cat BettyWhite.cfg
# Globals
AllocationStrategy Round
FileLocks Yes
BufferCacheSize 32M
Debug 0x0
CaseInsensitive Yes
EnableSpotlight Yes
EnforceACLs Yes
SpotlightSearchLevel ReadWrite
FsBlockSize 16K
GlobalSuperUser Yes
InodeCacheSize 8K
InodeExpandMin 0
InodeExpandInc 0
InodeExpandMax 0
InodeDeleteMax 0
InodeStripeWidth 0
JournalSize 16M
MaxConnections 139
MaxLogSize 10M
MaxLogs 4
NamedStreams Yes
Quotas Yes
QuotaHistoryDays 7
ThreadPoolSize 256
UnixIdFabricationOnWindows Yes
UnixNobodyUidOnWindows -2
UnixNobodyGidOnWindows -2
WindowsSecurity Yes
# Disk Types
[DiskType LUN2Type]
Sectors 488355807
SectorSize 512
# Disks
[Disk LUN2]
Type LUN2Type
Status UP
# Stripe Groups
[StripeGroup All]
Status Up
StripeBreadth 16
Metadata Yes
Journal Yes
Exclusive No
Read Enabled
Write Enabled
Rtmb 0
Rtios 0
RtmbReserve 0
RtiosReserve 0
RtTokenTimeout 0
MultiPathMethod Rotate
Node LUN2 0
Affinity All

The above is not the XML I was thinking we’d see, but the same format and variables previously available. The configuration for the SAN itself is XML though:

bash-3.2# cat config.plist


 

computers

desiredSearchPolicy



dsType
0
managePrivateNetwork
metadataNetwork
10.0.0.0/24
ownerEmail
krypted@me.com
ownerName
Charles Edge
primaryController
95C99FB1-80F2-5016-B9C3-BE3916E6E5DC
role
CONTROLLER
sanName
krypted
serialNumbers




The automount file is a plist as well:

bash-3.2# cat automount.plist


 

BettyWhite

AutoMount
rw
MountOptions

atimedelay
no
dircachesize
10485760
threads
12





The aux-data is also a plist:

bash-3.2# cat BettyWhite-auxdata.plist


 

Config

ClientDelayAccessTimeUpdates
0
ClientDirCacheSize
10485760
ClientThreadCount
12
StoragePoolIdealLUNCount
4
StoragePoolStripeBreadth
16

FailoverPriorities


controllerUUID
95C99FB1-80F2-5016-B9C3-BE3916E6E5DC
enabled
1



 
Next, cvadmin remains basically unchanged, with the addition of restartd/startd/stopd (managing the fem and the removal of :

Xsanadmin (BettyWhite) > help
Command summary:
activate, debug, dirquotas, disks, down, fail, filelocks, fsmlist, help, latency-test, multipath, paths, proxy, qos, quit, quotas, quotacheck, quotareset, ras, repfl, repquota, repof, resetrpl, rollrj, select, show, start, stat, stop, up, who, ?
activate [ | ]
Activate a File System .
This command may cause an FSM to activate.
If the FSM is already active, no action is taken.
debug [ [+/-] ]
Get or Set (with ) the FSS Debug Flags.
Enter debug with no value to get current setting and bit meanings.
Value should be a valid number. Use 0x to indicate hexadecimal.
If the ‘+’ or ‘-’ argument is used, only specified flags
will be modified.
‘+’ will set and ‘-’ will disable the given flags.
dirquotas <create|mark|destroy>
The ‘create’ command turns the given directory into the root of a
Directory Quota namespace. The command will not return until the
current size value of the directory is tallied up. The ‘mark’
command also turns the given directory into the root of a
Directory Quota namespace, but the current size value is left
uninitialized.  The command ‘quotacheck’ should be run later to
initialize it. The ‘destroy’ command destroys the namespace
associated with the given directory.  The directory’s contents
are left unchanged.
disks [refresh]
Display the acfs Disk volumes visible to this machine.
If the optional “refresh” is used, the volumes will.
be re-scanned by the fsmpm.
disks [refresh] fsm
Display the acfs meta-data Disk volumes in use by the fsm.
If the optional “refresh” is used, additional paths to these
volumes may be added by the fsm.
down
Bring down stripe group .
fail [ | ]
Failover a File System .
This command may cause a stand by FSM to activate.
If the FSM is already active, the FSM will
shut down. A stand-by FSM will take over or the
FSM will be re-launched if it is stand-alone.
fsmlist [] [on ]
Display the state of FSM processes, running or not.
Optionally specify a single to display.
Optionally specify the host name or IP address of the system
to list the FSM process(es) on.
help (?)  This message.
latency-test [ | all] []
Run an I/O latency test between the FSM process and one
client or all clients.  The default test duration is
2 seconds.
multipath < balance | cycle | rotate | static | sticky >
Change the Multi Path method for stripe group
to “balance”, “cycle”, “rotate”, “static”, or “sticky”.
paths
Display the acfs Disk volumes visible to this machine
grouped according to the “controller” identity.
proxy [ long ]
proxy who
Display Disk Proxy Servers, and optionally the disks
they serve, for this filesystem
The “who” option displays all proxy connections
for the specified host.
qos       Display per-stripe group QOS statistics.
quit      Exit
filelocks
Query cluster-wide file/record lock enforcement.
Enter filelocks with no value to get current setting.
Currently Cluster flocks are automatically used on Unix.
Windows file/record locks are optional.
quotas
Get the current state of the quota system
quotas get <user|group|dir|dirfiles>
Get quota parameters for user, group, or directory .
quotas set <user|group|dir|dirfiles>
Set current quota parameters for user, group, or directory
. can be the name of a user or group or the
path to a directory. For users and groups, it can also be an
integer interpreted as a uid or gid.  Setting the hardlim,
softlim, and timelim to 0 disables quota enforcement for that user,
group, or directory. The values for hardlim and softlim are
expressed in bytes when setting user, group, or dir values.  When
setting dirfiles values, they are numbers of regular file inodes.
The value for timelim is expressed in minutes.
quotacheck
Recalculate the amount of space consumed (the current
size field of the quota record) by all users,
groups, and directory namespaces in the file system. This
command can be run on an active file system although file
updates (writes, truncates, etc.) will be delayed until
quotacheck has completed.
quotareset
Like quotacheck, but deletes the quota database before
performing the check. All limits and directory namespaces
will be lost. Use with extreme caution.
ras enq “detail string”
Generate an SNFS RAS event.  For internal use only.
ras enq “detail string”
Generate a generic RAS event.  For internal use only.
repquota
Generate quota reports for all users, groups, and directory
namespaces in the file system. Three files are generated:
1. quota_report.txt – a “pretty” text file report.
2. quota_report.csv – a comma delimited report
suitable for Excel spreadsheets.
3. quota_regen.in – a list of cvadmin commands that
can be used to set up an identical quota database
on another Xsan.
repfl
Generate a report of currently held locks
on all connected acfs clients.
repof
Generate a report of currently open files
on all connected acfs clients.
resetrpl [clear]
Repopulate Reverse Path Lookup (RPL) information.
The optional “clear” argument causes existing
RPL data to be cleared before starting repopulation.
Note: “resetrpl” is only available when cvadmin is
invoked with the -x option.  Running resetrpl
may significantly delay FSM activation.  This command
is not intended for general use.  Only run “resetrpl”
when recommended by Technical Support.
restartd [once]
Stop and start the process.
For internal use only.
rollrj
Force the FSM to start a new restore journal.
This command is only used on a managed file system
select [ | | none]
Select the active File System .
Typing “select none” will de-select the current FSS.
If the FSM is inactive (standing by) it cannot be selected.
Using this command with no argument shows all active FSSs.
show [ ] [ long ]
Show all stripe groups or a specific stripe group .
Adding the modifier “long” shows more verbose information.
start [on] []
Start the File System Service for .
When running on an HA MDC, the local service is started and
then an attempt is made to start the service on the peer MDC.
Optionally specify the hostname or IP address to start the
FSM on that MDC only.
startd [once]
Start the process.
For internal use only.
stat      Display the general status of the file system.
stats [clear]
Display read/write statistics for the file system.
If clear, zero the stats after printing.
stop [on] [] |
Stop the File System Services for
or . Stopping by name without specifying a
hostname will stop all instances of the service, and will
cancel any pending restart of the service on the local system.
Stopping by name on a particular system will stop or cancel
a restart of the service on that system.  Stopping by
number only stops the service associated with the index.
Indexes are displayed on the left side as “nn>” when.
using the “select” command.
stopd
Stop the process.
For internal use only.
up
Bring up stripe group .
If there are no stripe groups that have exclusively numeric names,
the stripe group index number shown in the “show” command may be
used in place of .
who [] [long]
List clients attached to file system.
In the short form, “who” returns the following information:
- acfs I.D.       – Client License Identifier
- Type            – Type of client connection
FSM              – File System Manager (FSM) connection
ADM              – Administrative (cvadmin) connection
CLI              – File system client connection. May be
followed by a CLI type character:
S – Disk Proxy Server
C – Disk Proxy Client
H – Disk Proxy Hybrid Client
- Location        – Client’s hostname or IP address
- Up Time         – Total time client has been connected to FSM
- License Expires – Date client’s license will expire
In the long form, “who” returns network path, build, latency
and reconnect information, if available.
Administrative and FSM clients return a limited set of information.
Xsanadmin (BettyWhite) > select
List FSS
File System Services (* indicates service is in control of FS):
1>*BettyWhite[0]        located on 10.0.0.1:57724 (pid 7030)

September 13th, 2016

Posted In: Xsan

Tags: , , ,

Leave a Comment

In case you’re using DEP and haven’t noticed this, you need to accept the latest terms of service in the Apple license agreement for DEP if you’re going to continue using the service. I don’t usually post emails I get from Apple, but I can easily see orgs using accounts that don’t have email flowing to anyone that is capable of responding, so I strongly recommend you go in and accept the latest and greatest agreements so your stuff doesn’t break!

Here’s the email I got from Apple:

Apple Deployment Programs

Thank you for participating in the Device Enrollment Program. On September 13 Apple will release updated software license agreements. Your Program Agent must go to the deployment website and accept the following agreements to continue to use the program:

  • iOS 10 Software License Agreement
  • Software License Agreement for macOS Sierra

For more information please see this support article:https://support.apple.com/kb/HT203063.

Note: If you’re using Casper, then the errors you’ll see will be something along the lines of:

Unable to Contact https://mdmenrollment.apple.com

September 12th, 2016

Posted In: iPhone, JAMF, Mac OS X, Mac OS X Server, Mac Security, MacAdmins Podcast

Tags: , , , , ,

Leave a Comment

September 10th, 2016

Posted In: Articles and Books, iPhone, Mac OS X, Mac OS X Server, Mac Security, MacAdmins Podcast

One Comment

September 9th, 2016

Posted In: Apple Watch, Apps, iPhone, Mac OS X

Tags: , , , , , , ,

Leave a Comment

Special thanks to @dials_mavis for being basically the best ever, cutting this thing together while he was sick, and for the rest of the team for being awesome to help hide the fact that I’m not. 🙂

September 8th, 2016

Posted In: Mac OS X, Mac OS X Server, MacAdmins Podcast

Tags: , , , ,

Leave a Comment

App Store Stats and Fun Stuff

  • 17,000,000!
  • 900,000,000 lighting connector devices
  • 10 year anniversary of the Apple Music Festival, with Britney
  • 140 billion app downloads
  • 106% YoY download increases
  • 2 times the “nearest competitor”
  • 1/2 million games on the store
  • Mario: Super Mario Run
  • Mention ConnectEd!
  • Everyone Can Code
  • iWork
    • Real Time Collaboration (only behind Google by how long?)
    • But it’s prettier than what Google does
    • Apple is the 2nd largest watchmaker now, and largest smartwatch maker

Watch:

  • WatchOS 3
    • New dock
    • New faces
    • Tapback messaging
    • Animated stickers in messages
    • Full screen effects, just like in Messages for Mac
    • Breathe
    • Emergency Messaging
    • Developers
    • Pokémon Go for watch
    • 500,000,000 downloads of Go, 4.6 Billion KM
  • Apple Watch Series 2: $369, Series 1 is $269
    • 50 meters, new seals, new adhesives, speaker ejects water
    • Redesigned SiP, 2nd gen display, 2x brighter
    • 1,000 nits, great for sun
    • Built-in GPS – exposed to the API
    • Available in ceramic
    • NikePlus watch

iPhone 7: $629 with Plus starting at $729

  • Over 1 Billion devices, with the best selling product “of its kind” in the history of the world
  • A video that left no dry eyes in the audience
  • New design
  • Jet black finish, black finish (my style btw), gold, silver, rose gold
  • Force sensitive, solid state, taptic Engine-driven home button
  • Homekit, home app, Works with “Apple HomeKit”
  • Messages: Stickers, confetti, etc
  • Water and dust resistant
  • New dual camera, stabilization, f/1.8 aperture sense for 50% more light, six-element sense, 12 megapixel sensor, true tone flash, with 4 LEDs (50% brighter, with a flicker sensor to compensate for artificial lighting), 2x the throughput of the image signal processor (called by Phil Schiller “the supercomputer of” digital photos), depth of field
  • Front-side camera: 7MP FaceTime HD camera, wide color capture, image stabilization
  • 1x to 10x zoom
  • 25% brighter display, wide color gamut, Instagram sent a rep
  • Stereo Speakers on the phones
  • Headphones via lightning or bluetooth, comes with a free adaptor
  • Wireless: Apple AirPods, W1 Apple-designed wireless chip, intelligent high-efficiency playback, infrared sensors detect you, voice accelerometers target the source of your voice, and reduce external noise. 5 hours per charge, 24hours of life off the case, with incredible sound “a technical tour de force”
  • LTE up to 450Mbps
  • Apple Pay goes to Japan
  • Performance: “Apple’s chip team is killing it”
  • A10 Fusion: 64 bit, four-core processor, 40% faster than A9, 2x faster than A8, 120x faster than iPhone1. 2 high performance cores, two high efficiency cores, for longer battery life, with a performance controller, new 6 core graphics chip in the A10, for 3x faster GPU of the A8, for a total of 240x the performance of the original iPhone.
  • 7 and 7 plus now go from 32 to 256GB of storage (yowza)
  • iPhone Upgrade Program, includes a new iPhone every year, choose your carrier, starts at 32/mo and includes AppleCare Plus, now expanding to the UK and China

iOS 10 drops on September 13th 2016, OS X on September 20th, 2016.

Things not discussed re: iOS 10:

  • Siri API (e.g. Wink, but also options for when I’ll use the Home app vs Wink – and waiting for Wink to integrate with HomeKit)
  • All the fun new Messages options:
    • Sketches
    • Annotations on photos and videos
    • Bigger emoji
    • Effects in messages
    • Messages app store
    • Memories in Photos like I have in Facebook
  • Better Apple Music and Maps
  • The ability to manage the following with MDM:
    • Callkit: managing the default app for Calls
    • Moving some restrictions to Supervised mode (differentiating Corporate vs personally owned devices
    • Notification APIs

September 7th, 2016

Posted In: iPhone

Tags: , ,

Leave a Comment

When speaking to a group of people, I once created a folder called Old and then moved all my files in there. However, you can create a temporary desktop that shows as clean and empty. To do so, write the CreateDesktop key in the com.apple.finder defaults domain, with a setting of false, as follows:

defaults write com.apple.finder CreateDesktop -bool false

Then restart the Finder and it will show crisp and new:

killall Finder

Then once you’re done, delete the temporary desktop, by deleting the key, as follows:

defaults delete com.apple.finder CreateDesktop

Then restart the Finder to see your files again:

killall Finder

September 6th, 2016

Posted In: Mac OS X, Mac Security

Tags: , ,

2 Comments

Set plain text in TextEdit as the default format to save files in using the defaults command to write the RichText key into com.apple.TextEdit as an integer of 0, as follows:

defaults write com.apple.TextEdit RichText -int 0

To remove the key:

defaults delete com.apple.TextEdit RichText

September 5th, 2016

Posted In: Mac OS X

Tags: , , , ,

Leave a Comment

You can disable the Connect to Server menu in OS X. This can be done via MDM or using defaults. To do so with the defaults command, send a ProhibitConnectTo key into com.apple.finder as True and then restart the Finder, as follows using the defaults command:

defaults write com.apple.finder ProhibitConnectTo -bool true ; killall Finder

To undo:

defaults write com.apple.finder ProhibitConnectTo -bool false

September 4th, 2016

Posted In: Mac OS X, Mac Security

Tags: , , , , ,

I’ve been on a quest to have less meetings in this world. But since that doesn’t seem likely, I’m settling on shorter, more specific meetings. One of the ways I’ve been trying to achieve this is to send a key called “Default duration in minutes for new event” into com.apple.iCal with an integer. In this case, I’m going to reduce my default meeting times to 15 minutes.

defaults write com.apple.iCal 'Default duration in minutes for new event' 15

And viola, just like that I get to have less time spent in meetings! Note that this doesn’t change the default time of Quick Events.

September 3rd, 2016

Posted In: Mac OS X

Tags: , , ,

« Previous PageNext Page »