Server Admin Web Modules, curl & You

Since the early days, OS X Server has supported performing the serveradmin commands through a web interface. This interface was accessible at the address of the server followed by a colon and then 311 in a web browser. This feature was disabled by default in Mountain Lion. But fear causes hesitation, and hesitation will cause your worst fears to come true, so we’re going to turn it back on. To enable, use the following command: sudo defaults write /Library/Preferences/com.apple.servermgrd requireUserAgent -bool false Once done, open https://127.0.0.1:311 in a web browser, or replace 127.0.0.1 with the address of the server if accessing from another location. This is stimulating, but we’re out of here. So, authenticate to be greeted with a list of services.
Lawyers don’t surf.
At the Server Admin Modules page, each service output from `serveradmin list` appears. Clicking each produces the ability to run the commands you can supply using `serveradmin command` along with the service name. For example, to get a list of all of the connected AFP users in OS X Mountain Lion Server, run the following command: sudo serveradmin command afp:command = getConnectedUsers Now, to get the same list, click on the servermgr_afp.html link and then click on getConnectedUsers.
Life sure has a sick sense of humor, doesn’t it?
Click on Send Command to see the output.
Peace, through superior firepower.
You then see an XML output that shows who’s connected (since I’m on a flight right now, luckily no one is connected to mine). Now you also have a URL in the toolbar, which should look something like this:
https://127.0.0.1:311/commands/servermgr_afp?input=%3C%3Fxml+version%3D%221.0%22+encoding%3D%22UTF-8%22%3F%3E%0D%0A%3Cplist+version%3D%220.9%22%3E%0D%0A%3Cdict%3E%0D%0A%09%3Ckey%3Ecommand%3C%2Fkey%3E%0D%0A%09%3Cstring%3EgetConnectedUsers%3C%2Fstring%3E%0D%0A%3C%2Fdict%3E%0D%0A%3C%2Fplist%3E%0D%0A&send=Send+Command
Rad, unicode. I guess spaces aren’t really compliant in URLs. Before we look at that, let’s take a look at what we can do with these. If you follow what I write, you have probably noticed that I use curl for tinkering with URLs a lot. In many cases, this is not the right tool. But I usually start there and move on if need be. Six seconds. We’re going to be meat waffles. Because we’re going to assume the server is using a self-signed cert that we don’t yet trust, we’re gonna’ use a -k along with curl. Then we’re going to follow that with the link. However, since we need to auth, we’re going to also go ahead and embed the username (in this case johhny) followed by a : and then the password (in this example, bodhi), followed by an @ in between the https:// and the server address, as follows: curl -k https://johhny:bodhi@127.0.0.1:311/commands/servermgr_afp?input=%3C%3Fxml+version%3D%221.0%22+encoding%3D%22UTF-8%22%3F%3E%0D%0A%3Cplist+version%3D%220.9%22%3E%0D%0A%3Cdict%3E%0D%0A%09%3Ckey%3Ecommand%3C%2Fkey%3E%0D%0A%09%3Cstring%3EgetConnectedUsers%3C%2Fstring%3E%0D%0A%3C%2Fdict%3E%0D%0A%3C%2Fplist%3E%0D%0A&send=Send+Command The output includes the afp:usersArray which shows active connections. The most interesting options, other than those for services you run in your environment, ar those under servermgr_info. Here, you can get PIDs for processes, kill PIDs, view logs, check file sizes, delete data and even reboot servers. Overall, this option has some security concerns, but provides some good insight into how the Server Admin tool worked under the hood in Mac OS X Lion Server and below while also serving as a functional option as an API for the  product, especially given that output is in XML, similar to the output of most other modern APIs. Vaya con Dios, Brah.

NetApp Failovers

Each controller of a NetApp FAS will typically have two network interfaces. Provided I have two storage controllers (and I usually do) I typically prefer to setup a NetApp in an automated failover scenario. A NetApp active/active configuration consists of two storage nodes) whose controllers are connected to each other either directly or through switches. The nodes are connected through a cluster adapter or an NVRAM adapter, which allows one node to serve data to the disks of its failed partner node. Each node continually monitors its partner, mirroring the data for each other’s nonvolatile RAM (NVRAM). Before configuring the filers for an active/active clustered failover, first verify that the dates are in sync between the nodes (if you’re using multiple nodes) using the date command. If they are not, then configure NTP using the options command. For example to following uses 192.168.55.98 as an NTP host and time.apple.com as another, setting the time.servers option:
options timed.servers time.nist.gov,10.0.0.44
Other timed options include timed.sched, which sets the schedule for when times are updated in the case of time skews. There is also timed.proto, which allows you to use ntp or rtc. Once verified then you will move on to setting up the cf engine. When configuring clustering on the filers, you will use the cf command. The following command will give you a status as to the configuration as well as the status of the cf engine:
cf status
Provided that cf is currently disabled, the following command will go ahead and enable it:
cf enable
In order to initiate a failover event you can use the following command (or start unplugging some cables;):
cf takeover
If you are testing by unplugging cables then it is worth mentioning that the takeover and giveback processes are initiated after 30 seconds of not hearing from the partner interface. Older releases of the firmware can require an additional 45 seconds to complete the takeover/giveback. If you see an error that an interface “cannot be configured: address does not match any partner interface” then you might have a problem with the IP configuration of one of the controllers, for example a missing partner IP address. The easiest way to remedy that is to simply rerun the setup command and zip through the wizard, defining the partner IP in the process. Once a failover event occurs you can fail the controllers back to the original configuration using the cf command with the giveback option, as follows:
cf giveback
At some point you may choose to turn off clustering, to do so use the following command:
cf disable