krypted.com

Tiny Deathstars of Foulness

Let’s start out with what’s actually available in the Server Admin CLI: serveradmin. The serveradmin command, followed by settings, followed by san shows a few pieces of information:

/Applications/Server.app/Contents/ServerRoot/usr/sbin/serveradmin settings san

The results would be similar to:

san:computers = _empty_array san:primaryController = "95C99FB1-80F2-5016-B9C3-BE3916E6E5DC" san:ownerEmail = "krypted@me.com" san:sanName = "krypted" san:desiredSearchPolicy:_array_index:0 = "" san:serialNumbers = _empty_array san:dsType = 0 san:ownerName = "Charles Edge" san:managePrivateNetwork = yes san:metadataNetwork = "10.0.0.0/24" san:numberOfFibreChannelPorts = 2 san:role = "CONTROLLER"

Here, we see the metadata network, the GUID of the primary (active) MDC, the name of the SAN, an array of serial numbers (if applicable – rarely encountered these days), the owner info plugged in earlier and the metadata network interface being used. Next, we’ll take a peak at the fsm process for each volume:

bash-3.2# ps aux | grep fsm

The results would be as follows:

root 7030 0.7 0.7 2694708 62468 ?? Ss 10:18AM 0:03.08 /System/Library/Filesystems/acfs.fs/Contents/bin/fsm BettyWhite mdm.pretendco.lan 0 root 6834 0.1 0.0 2478548 2940 ?? S 10:10AM 0:01.37 fsmpm -- -- /var/run/fsmpm-sync.6800 1800

Next, we can look at the version rev, which shows that the Server Revision:

bash-3.2# cvversions File System Server: Server Revision 6 Branch Head Created on Tue Sep 13 09:59:14 PDT 2017 Built in /SourceCache/XsanFS/XsanFS-527/buildinfo Host OS Version: Darwin 14.0.0 Darwin Kernel Version 14.0.0: Sat Sep 1 02:15:10 PDT 2017; root:xnu-2788.0.0.0.5~1/RELEASE_X86_64 x86_64


Next, we’ll check out the contents of /Library/Preferences/Xsan. First the volume configuration file:

bash-3.2# cat BettyWhite.cfg # Globals AllocationStrategy Round FileLocks Yes BufferCacheSize 32M Debug 0x0 CaseInsensitive Yes EnableSpotlight Yes EnforceACLs Yes SpotlightSearchLevel ReadWrite FsBlockSize 16K GlobalSuperUser Yes InodeCacheSize 8K InodeExpandMin 0 InodeExpandInc 0 InodeExpandMax 0 InodeDeleteMax 0 InodeStripeWidth 0 JournalSize 16M MaxConnections 139 MaxLogSize 10M MaxLogs 4 NamedStreams Yes Quotas Yes QuotaHistoryDays 7 ThreadPoolSize 256 UnixIdFabricationOnWindows Yes UnixNobodyUidOnWindows -2 UnixNobodyGidOnWindows -2 WindowsSecurity Yes # Disk Types [DiskType LUN2Type] Sectors 488355807 SectorSize 512 # Disks [Disk LUN2] Type LUN2Type Status UP # Stripe Groups [StripeGroup All] Status Up StripeBreadth 16 Metadata Yes Journal Yes Exclusive No Read Enabled Write Enabled Rtmb 0 Rtios 0 RtmbReserve 0 RtiosReserve 0 RtTokenTimeout 0 MultiPathMethod Rotate Node LUN2 0 Affinity All The configuration for the SAN itself is in XML, which can be seen by viewing the config.plist:

bash-3.2# cat config.plist computers desiredSearchPolicy dsType 0 managePrivateNetwork metadataNetwork 10.0.0.0/24 ownerEmail krypted@me.com ownerName Charles Edge primaryController 95C99FB1-80F2-5016-B9C3-BE3916E6E5DC role CONTROLLER sanName krypted serialNumbers

The automount file controls which systems automatically mount which volumes and is in a plist as well:

bash-3.2# cat automount.plist BettyWhite AutoMount rw MountOptions atimedelay no dircachesize 10485760 threads 12

The aux-data is also a plist:

bash-3.2# cat BettyWhite-auxdata.plist Config ClientDelayAccessTimeUpdates 0 ClientDirCacheSize 10485760 ClientThreadCount 12 StoragePoolIdealLUNCount 4 StoragePoolStripeBreadth 16 FailoverPriorities controllerUUID 95C99FB1-80F2-5016-B9C3-BE3916E6E5DC enabled 1

Next, cvadmin remains basically unchanged, with the addition of restartd/startd/stopd (managing the fem and the removal of :

Xsanadmin (BettyWhite) > help Command summary: activate, debug, dirquotas, disks, down, fail, filelocks, fsmlist, help, latency-test, multipath, paths, proxy, qos, quit, quotas, quotacheck, quotareset, ras, repfl, repquota, repof, resetrpl, rollrj, select, show, start, stat, stop, up, who, ? activate [ | ] Activate a File System . This command may cause an FSM to activate. If the FSM is already active, no action is taken. debug [ [+/-] ] Get or Set (with ) the FSS Debug Flags. Enter debug with no value to get current setting and bit meanings. Value should be a valid number. Use 0x to indicate hexadecimal. If the ‘+’ or ‘-’ argument is used, only specified flags will be modified. ‘+’ will set and ‘-’ will disable the given flags. dirquotas <create|mark|destroy> The ‘create’ command turns the given directory into the root of a Directory Quota namespace. The command will not return until the current size value of the directory is tallied up. The ‘mark’ command also turns the given directory into the root of a Directory Quota namespace, but the current size value is left uninitialized. The command ‘quotacheck’ should be run later to initialize it. The ‘destroy’ command destroys the namespace associated with the given directory. The directory’s contents are left unchanged. disks [refresh] Display the acfs Disk volumes visible to this machine. If the optional “refresh” is used, the volumes will. be re-scanned by the fsmpm. disks [refresh] fsm Display the acfs meta-data Disk volumes in use by the fsm. If the optional “refresh” is used, additional paths to these volumes may be added by the fsm. down Bring down stripe group . fail [ | ] Failover a File System . This command may cause a stand by FSM to activate. If the FSM is already active, the FSM will shut down. A stand-by FSM will take over or the FSM will be re-launched if it is stand-alone. fsmlist [] [on ] Display the state of FSM processes, running or not. Optionally specify a single to display. Optionally specify the host name or IP address of the system to list the FSM process(es) on. help (?) This message. latency-test [ | all] [] Run an I/O latency test between the FSM process and one client or all clients. The default test duration is 2 seconds. multipath < balance | cycle | rotate | static | sticky > Change the Multi Path method for stripe group to “balance”, “cycle”, “rotate”, “static”, or “sticky”. paths Display the acfs Disk volumes visible to this machine grouped according to the “controller” identity. proxy [ long ] proxy who Display Disk Proxy Servers, and optionally the disks they serve, for this filesystem The “who” option displays all proxy connections for the specified host. qos Display per-stripe group QOS statistics. quit Exit filelocks Query cluster-wide file/record lock enforcement. Enter filelocks with no value to get current setting. Currently Cluster flocks are automatically used on Unix. Windows file/record locks are optional. quotas Get the current state of the quota system quotas get <user|group|dir|dirfiles> Get quota parameters for user, group, or directory . quotas set <user|group|dir|dirfiles> Set current quota parameters for user, group, or directory . can be the name of a user or group or the path to a directory. For users and groups, it can also be an integer interpreted as a uid or gid. Setting the hardlim, softlim, and timelim to 0 disables quota enforcement for that user, group, or directory. The values for hardlim and softlim are expressed in bytes when setting user, group, or dir values. When setting dirfiles values, they are numbers of regular file inodes. The value for timelim is expressed in minutes. quotacheck Recalculate the amount of space consumed (the current size field of the quota record) by all users, groups, and directory namespaces in the file system. This command can be run on an active file system although file updates (writes, truncates, etc.) will be delayed until quotacheck has completed. quotareset Like quotacheck, but deletes the quota database before performing the check. All limits and directory namespaces will be lost. Use with extreme caution. ras enq “detail string” Generate an SNFS RAS event. For internal use only. ras enq “detail string” Generate a generic RAS event. For internal use only. repquota Generate quota reports for all users, groups, and directory namespaces in the file system. Three files are generated: 1. quota_report.txt – a “pretty” text file report. 2. quota_report.csv – a comma delimited report suitable for Excel spreadsheets. 3. quota_regen.in – a list of cvadmin commands that can be used to set up an identical quota database on another Xsan. repfl Generate a report of currently held locks on all connected acfs clients. repof Generate a report of currently open files on all connected acfs clients. resetrpl [clear] Repopulate Reverse Path Lookup (RPL) information. The optional “clear” argument causes existing RPL data to be cleared before starting repopulation. Note: “resetrpl” is only available when cvadmin is invoked with the -x option. Running resetrpl may significantly delay FSM activation. This command is not intended for general use. Only run “resetrpl” when recommended by Technical Support. restartd [once] Stop and start the process. For internal use only. rollrj Force the FSM to start a new restore journal. This command is only used on a managed file system select [ | | none] Select the active File System . Typing “select none” will de-select the current FSS. If the FSM is inactive (standing by) it cannot be selected. Using this command with no argument shows all active FSSs. show [ ] [ long ] Show all stripe groups or a specific stripe group . Adding the modifier “long” shows more verbose information. start [on] [] Start the File System Service for . When running on an HA MDC, the local service is started and then an attempt is made to start the service on the peer MDC. Optionally specify the hostname or IP address to start the FSM on that MDC only. startd [once] Start the process. For internal use only. stat Display the general status of the file system. stats [clear] Display read/write statistics for the file system. If clear, zero the stats after printing. stop [on] [] | Stop the File System Services for or . Stopping by name without specifying a hostname will stop all instances of the service, and will cancel any pending restart of the service on the local system. Stopping by name on a particular system will stop or cancel a restart of the service on that system. Stopping by number only stops the service associated with the index. Indexes are displayed on the left side as “nn>” when. using the “select” command. stopd Stop the process. For internal use only. up Bring up stripe group . If there are no stripe groups that have exclusively numeric names, the stripe group index number shown in the “show” command may be used in place of . who [] [long] List clients attached to file system. In the short form, “who” returns the following information: - acfs I.D. – Client License Identifier - Type – Type of client connection FSM – File System Manager (FSM) connection ADM – Administrative (cvadmin) connection CLI – File system client connection. May be followed by a CLI type character: S – Disk Proxy Server C – Disk Proxy Client H – Disk Proxy Hybrid Client - Location – Client’s hostname or IP address - Up Time – Total time client has been connected to FSM - License Expires – Date client’s license will expire In the long form, “who” returns network path, build, latency and reconnect information, if available. Administrative and FSM clients return a limited set of information. Xsanadmin (BettyWhite) > select List FSS File System Services (* indicates service is in control of FS): 1>*BettyWhite[0] located on 10.0.0.1:57724 (pid 7030)

September 26th, 2017

Posted In: Mac OS X Server, Xsan

Tags: , , , ,

Previously we looked at using wildcards in conjunction with the SQL LIKE operator. Wildcards allow you to search for data in a defined table. Think of them as text globbing for SQL. The wildcards available include the following:
  1. [list]: Define a ranges of characters for pattern matching
  2. [!charlist]: Matches only a character NOT specified within the brackets
  3. %: Require a single character/object in a pattern
  4. _: Allow any single character in a pattern
In this article, we’ll use the same “Customers” table from our first articles: ID Site Contact Address City Zip Country 1 Krypted Charles Edge my house Minneapolis 55418 US 2 Apple Tim Cook spaceship Cupertino 95014 US 3 Microsoft Satya Nadella campus Redmond 98053 US 4 Facebook Mark Zuckerberg foodhall Menlo Park 94025 US 5 JAMF Dean Hager Grain Exchange Minneapolis 55410 US The following SQL statement selects all customers with a City starting with “Minne”: SELECT * FROM Customers WHERE City LIKE 'Minne%'; The above SELECT would not locate an object that was just called Minne because the % indicates that something must be there. We could also look for something with nn but with something before and after the pattern: SELECT * FROM Customers WHERE City LIKE '%nn%'; Or to look for something that would contain Minneapoli: SELECT * FROM Customers WHERE City LIKE 'Minneapoli_'; Not that the _ is looking for a single character and that the % is looking for any string in that space. We could also look for a set of objects or omit a set of objects using brackets to define multiple items or a range. For example, let’s say we wanted to look for zip codes 55418 and 55410 SELECT * FROM Customers WHERE Zip LIKE '[55418 55410]%'; Or 55410 through 55419, use a dash to separate the two (in ascending order): SELECT * FROM Customers WHERE Zip LIKE '[55410-55418]%'; Or the ones that don’t match that pattern: SELECT * FROM Customers WHERE Zip LIKE '[!55410-55418]%'; Overall, the globbing/pattern matching options are very basic (think DOS-like syntax) unless you use more complicated functions. But, it’s amazing what kind of stuff you can string together with simple commands, joins, and other tricks, without having to get into functions.

February 8th, 2016

Posted In: SQL

Tags: , , , , , , , ,

There’s an excellent tool that can be used to grab a heap dump from a Java process. It’s called jmap. To do so, run the jmap command, followed by a format and a file path as the format and file operators. Also, provide the PID, as follows: jmap -dump:format=b,file=~/memdump.hprof 80446 Once dumped, you can view the dump file in the Memory Analyzer Tool (MAP) and find objects that use use too much memory and/or have memory leaks, as part of your troubleshooting. You can also replace the pid with a name of an executable or a core. Run the map tool along with a -h option for a help summary. A sister tool is jps, which can be used to just list running processes by pid and then path. To run, assuming the same pid as earlier: jps 80446 You can also run a java debugger daemon using jsadebugd, which attaches a process as a debug server. Then stack, map and info can attach via RMI. Finally, not everyone has access to every path on a file system. So jinfo can be used to view a configuration for a Java process or core. To run, simply run jinfo followed by a pid, executable or core name, as follows (assuming 80446 is the pid for the java process in question: jinfo 80446

July 25th, 2015

Posted In: Java, Mac OS X

Tags: , , , , , ,

I was recently building some preflight scripts and was looking to record some information about a machine live, before proceeding with a script. I found the cheapest way to determine information about architectures and chipsets when scripting preflight scripts for OS X to be the arch and machine commands respectively. For example, to verify the architecture is i386, use the arch command with no options: /usr/bin/arch Which simply outputs “i386”: i386 To check the machine type, simply use the machine command: /usr/bin/machine Which outputs as follows: x86_64h

December 14th, 2014

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment, Network Infrastructure

Tags: , , , , , , ,

There is no built-in support for GroupWise on the iPhone. Apple supports a number of other services, but GroupWise has not been high on the priority list and honestly, I don’t know that it would be high on mine either… Having said that, it did pop up on my radar and I was able to find a couple of ways to achieve a good sync. The first is Entourage. You can use Entourage as a conduit to then grab information and sync it with GroupWise. This has a hopefully obvious disadvantage, which is that it does not synchronize wirelessly – you have to cradle sync to get the data onto the iPhone. The second and third options are outsourced services that just handle everything for you. Of these, GroupWise Sync is a great option (they have a free version that just grabs mail or pay-per-month for contacts and calendars) as is the monthly version of the CompanionLink GroupWise sync. CompanionLink has a separate desktop client, but much of what it does can be obtained by using GroupWise 6.5 along with Office 2003 and iTunes to synchronize contacts and calendars while cradled. Finally there’s NotifyLink, which works with Exchange, Kerio, Gmail, CommuniGate Pro, FirstClass, Scalix, Zimbra and about anything else you could ask for, providing synchronization services to iPhone, Palm, Windows Mobile, Blackberry and Symbian.  In short NotifyLink is the Swiss Army knife of the mobile sync world.  Take anything, sync to pretty much anything else, for a monthly fee.  Just make sure your users look at the results before you put it into production en masse as it is a little different than the standard screens they’re used to seeing in some cases…

June 3rd, 2009

Posted In: Kerio, Mac OS X, Mac OS X Server, Microsoft Exchange Server

Tags: , , , , , , , , , ,