Tiny Deathstars of Foulness

Installing Mavericks Server is about as easy as installing Keynote. First, open the Mac App Store and search for OS X Server. Then, click the button to buy the software, or if you’ve already purchased the software click on the Install button. Screen Shot 2013-11-05 at 2.50.39 PMThe Server app downloads to your /Applications directory which you can watch happen by watching the status in LaunchPad. Screen Shot 2013-11-05 at 2.55.21 PM Once the download is finished, click on the Server app in LaunchPad or open the Server app to start the initial configuration wizard. Screen Shot 2013-11-05 at 3.01.46 PM When you first click on the Server app, you will be prompted to setup your server. Click Continue. Screen Shot 2013-11-05 at 3.02.26 PMAgree to the licensing agreement by clicking Agree. Screen Shot 2013-11-05 at 3.04.07 PMAuthenticate with an administrative password if prompted. Screen Shot 2013-11-05 at 3.04.52 PMServices are prepared. Be patient, there are literally big physical cog wheels turning in your computers head right about now. Screen Shot 2013-11-05 at 3.05.41 PMThe Server Tutorials screen opens. Read them all or you can’t use the server. Actually, you can just close this screen, although they’re well done and you should read them. Screen Shot 2013-11-05 at 3.06.59 PMOnce you close the screen, you’ll be in the app and your server install is complete. Well, kinda’. In articles on services I go into fixing host names and the such. But if this is a pretty basic server you’re all done. Note: Now, before you make fun of how simple this is, note that there’s an item on an outline and this article is completing one of the items in my outline. Thank you for your judgement. -the mgmt

November 8th, 2013

Posted In: Mac OS X Server

Tags: , , , , ,

Getting started with Messages Server couldn’t really be easier. Messages Server in Mavericks Server uses the open source jabber project as their back-end code base (and going back, OS X has used jabber since the inception of iChat Server all the way through Server 3). The jabberd binary is located at /Applications/ and the autobuddy binary is at /Applications/ Given the importance of having multiple binaries that do the same thing, another jabberd binary is also stored at /Applications/, where there are a couple of perl scripts used to migrate the service between various versions as well. Note that the man page says it’s in /etc. But I digress. Setting up the Messages service is simple. Open the Server app and click on Messages in the Server app sidebar.
Screen Shot 2013-10-05 at 3.42.19 PM

I brought you some supper but if you’d prefer a lecture, I’ve a few very catchy ones prepped…sin and hellfire… one has man page lepers.

Once open, click on the checkbox for “Enable server-to-server federation” if you have multiple iChat, er, I mean, Messages servers and then click on the checkbox for “Archive all chat messages” if you’d like transcripts of all Messages sessions that route through the server to be saved on the server. You should use an SSL certificate with the Messages service. If enabling federation so you can have multiple Messages servers, you have to. Before enabling the service, click on the name of the server in the sidebar of Server app and then click on the Settings tab. From here, click on Edit for the SSL Certificate (which should be plural btw) entry to bring up a screen to select SSL Certificates.
Screen Shot 2013-10-05 at 3.49.12 PM

Well they tell you: never hit a man with a closed fist. But it is, on occasion, hilarious.

At the SSL Certificates screen (here it’s plural!), select the certificate the Messages service should use from the available list supplied beside that entry and click on the OK button. If you need to setup federation, click back on the Messages service in the sidebar of Server app and then click on the Edit button. Then, click on the checkbox for Require server-to-server federation (making sure each server has the other’s SSL certificate installed) and then choose whether to allow any server to federate with yours or to restrict which servers are allowed. I have always restricted unless I was specifically setting up a server I wanted to be public (like public as in everyone in the world can federate to it, including the gorram reavers that want to wear your skin).
Screen Shot 2013-10-05 at 3.50.37 PM

This is what I do, darlin’. This is what I do.

To restrict the service, then provide a list of each server address capable of communicating with your server. Once all the servers are entered, click the OK button. Obviously, if you only have one server, you can skip that. Once the settings are as you wish them to be, click on the ON/OFF switch to light up the service. To see the status of the service, once started, use the fullstatus option with serveradmin followed by the jabber indicator: sudo serveradmin fullstatus jabber The output includes whether the service is running, the location of jabber log files, the name of the server as well as the time the service was started, as can be seen here: jabber:state = "RUNNING" jabber:roomsState = "RUNNING" jabber:logPaths:PROXY_LOG = "/private/var/jabberd/log/proxy65.log" jabber:logPaths:MUC_STD_LOG = "/var/log/system.log" jabber:logPaths:JABBER_LOG = "/var/log/system.log" jabber:proxyState = "RUNNING" jabber:currentConnections = "0" jabber:currentConnectionsPort1 = "0" jabber:currentConnectionsPort2 = "0" jabber:pluginVersion = "10.8.211" jabber:servicePortsAreRestricted = "NO" jabber:servicePortsRestrictionInfo = _empty_array jabber:hostsCommaDelimitedString = "mavserver.pretendco.lan" jabber:hosts:_array_index:0 = "mavserver.pretendco.lan" jabber:setStateVersion = 1 jabber:startedTime = "" jabber:readWriteSettingsVersion = 1 There are also a few settings not available in the Server app. One of these that can be important is the port used to communicate between the Messages client and the Messages service on the server. For example, to customize this to 8080, use serveradmin followed by settings and then jabber:jabberdClientPortSSL = 8080, as follows: sudo serveradmin settings jabber:jabberdClientPortSSL = 8080 To change the location of the saved Messages transcripts (here, we’ll set it to /Volumes/Pegasus/Book: sudo serveradmin settings jabber:savedChatsLocation = “/Volumes/Pegasus/Book” To see a full listing of the options, just run settings with the jabber service: sudo serveradmin settings jabber The output lists each setting configurable jabber:dataLocation = "/Library/Server/Messages" jabber:s2sRestrictDomains = no jabber:jabberdDatabasePath = "/Library/Server/Messages/Data/sqlite/jabberd2.db" jabber:sslCAFile = "/etc/certificates/mavserver.pretendco.lan.10E6CDF9F6E84992B97360B6EE7BA159684DCB75.chain.pem" jabber:jabberdClientPortTLS = 5222 jabber:sslKeyFile = "/etc/certificates/mavserver.pretendco.lan.10E6CDF9F6E84992B97360B6EE7BA159684DCB75.concat.pem" jabber:initialized = yes jabber:enableXMPP = no jabber:savedChatsArchiveInterval = 7 jabber:authLevel = "STANDARD" jabber:hostsCommaDelimitedString = "mavserver.pretendco.lan" jabber:jabberdClientPortSSL = 5223 jabber:requireSecureS2S = no jabber:savedChatsLocation = "/Library/Server/Messages/Data/message_archives" jabber:enableSavedChats = no jabber:enableAutoBuddy = no jabber:s2sAllowedDomains = _empty_array jabber:logLevel = "ALL" jabber:hosts:_array_index:0 = "mavserver.pretendco.lan" jabber:eventLogArchiveInterval = 7 jabber:jabberdS2SPort = 0 To stop the service: sudo serveradmin stop jabber And to start it back up: sudo serveradmin start jabber It’s also worth noting something that’s completely missing in this whole thing: Apple Push Notifications… Why is that important? Well, you use the Messages application to communicate not only with Mac OS X and other jabber clients, but you can also use Messages to send text messages. Given that there’s nothing in the server that has anything to do with texts, push or anything of the sort, it’s worth noting that these messages don’t route through the server and therefore still require an iCloud account. Not a huge deal, but worth mentioning that Messages server doesn’t have the same updates built into the Messages app. Because messages don’t traverse the server, there’s no transcripts.

October 23rd, 2013

Posted In: Mac OS X Server

Tags: , , , , , , , , , , , ,

The swupd.plist file used to daisy chain multiple servers so they act as a cascade of software update servers. The new path for the property list is /Library/Server/Software Update/Config/swupd.plist. Here, the metaIndexURL key is sill the location that points to an internal Software Update Server that the server you are editing should look to for updates. To set a server to look at another internal server for software updates, edit the metaIndexURL key in the /Library/Server/Software Update/Config/swupd.plist file to include the path to the new server. The path should always have /content/meta/mirror-config-1.plist after the FQDN of the host name. So if your internal software update server was called the command to set that as the upstream software update server would be: defaults write /Library/Server/Software\ Update/Config/swupd metaiIndexURL “” This is a minor change, but one that might be frustrating if you were still trying to cascade updates the old way. If you’re new to cascading updates, this is a pretty straight forward configuration change, run from a Terminal command. It’s also worth noting that there are a few other settings in this file that could come in handy. You can limit bandwidth using the limitBandwidth key, purge any old updates using the PurgeUnused key, set a max download speed using the maxDownloadSpeed key, configure the Software Update Server TCP port using the portToUse key (automatically set to 8088), change the path to the updates (e.g. if you mv them and then want to repoint to the new location without downloading them all again) using the updatesDocRoot key, etc. Overall, the settings align with the old settings, but just in a new place. Note: The keys above correspond to settings found in the following command: sudo serveradmin settings swupdate The list of settings is as follows: swupdate:checkError = no swupdate:limitBandwidth = no swupdate:PurgeUnused = yes swupdate:portToUse = 8088 swupdate:autoEnable = yes swupdate:valueBandwidth = 0 swupdate:syncStatus = "Initializing" swupdate:autoMirror = yes swupdate:syncBandwidth = 0 swupdate:updatesDocRoot = "/Library/Server/Software Update/Data/" swupdate:autoMirrorOnlyNew = no

October 22nd, 2013

Posted In: Mac OS X Server, Mass Deployment

Tags: , , , , , , , , ,

OS X Mavericks Server (Server 3) comes with the /usr/sbin/serverinfo command (introduced in Mountain Lion Server). The serverinfo command is useful when programmatically obtaining information about the very basic state of an Apple Server. The first option indicates whether the Server app has been downloaded from the app store, which is the –software option: serverinfo --software When used, this option reports the following if the can be found:
This system has server software installed.
Or if the software cannot be found, the following is indicated:
This system does NOT have server software installed.
The –productname option determines the name of the software app: serverinfo --productname If you change the name of the app from Server then the server info command won’t work any longer, so the output should always be the following: Server The –shortversion command returns the version of the Server app being used: serverinfo --shortversion The output will not indicate a build number, but instead the version of the app on the computer the command is run on:
To see the build number (which should iterate with each update to the Server app from the Mac App Store, use the –buildversion option: serverinfo --buildversion The output shows the build of server, which doesn’t necessarily match the OS X build number:
Just because the Server app has been downloaded doesn’t mean the Server setup assistant has been run. To see if it has, use the –configured option: serverinfo --configured The output indicates whether the system is running as a server or just has the app installed (e.g. if you’re using it to connect to another server:
This system has server software configured.
You can also output all of the information into a single, easy to script against property list using the –plist option: serverinfo --plist The output is a list of each of the other options used: IsOSXServerVolume IsOSXServerVolumeConfigured IsServerHardware LocalizedServerProductName Server ServerBuildVersion 13S411 ServerPerformanceModeEnabled ServerVersion 2.2.67 The Server Root can reside in a number of places. To see the path (useful when scripting commands that are relative to the ServerRoot: serverinfo --prefix By default, the output is as follows, which is basically like a dirname of the ServerRoot:
You can also see whether the system is running on actual hardware desgnated by Apple for servers using the --hardware option: serverinfo --hardware The output simply indicates if the hardware shipped with OS X Server on it from Apple:
This system is NOT running on server hardware.
The --perfmode option indicates whether or not the performance mode has been enabled, dedicating resources to binaries within the Server app: serverinfo --perfmode If the performance mode has not been enabled then the output will be as such:
Server performance mode is NOT enabled.
To enable performance mode, you can also use serverinfo. This is the only task that the command does that can make any changes to the system and as such is the only time you need to elevate privileges: sudo serverinfo —setperfmode 1 Or set the boolean value back to 0 to disable. sudo serverinfo —setperfmode 0

October 22nd, 2013

Posted In: Mac OS X Server

Tags: , , , , , , , , , , , , , , , , , , , , ,

The logs in Xcode Server (Server 3) by default point to /Library/Server/XcodeLogs/credserver.log. This takes all of the output from xcscredd and xcscredhandler. If you’re doing a lot of debugging then logs can be pointed to another location, such as another drive. The path to the logs is defined in the /Applications/ directory. The file to edit is a standard property list, XCSCredentialServer.plist. Once open, look for a key called logPath. Change that to the desired path, such as /Volumes/MyDrive/Logs/credserver.log and then restart the service: serveradmin stop xcode; serveradmin start xcode

October 22nd, 2013

Posted In: Mac OS X Server

Tags: , , , , , , , ,