krypted.com

Tiny Deathstars of Foulness

The NetBoot service allows administrators of Apple computers to leverage images hosted on a server to boot computers to a central location and put a new image on them, upgrade them and perform automations based on upgrades and images. Since the very first versions of OS X, the service has been called NetBoot and so the name remains at the command line, but is listed as NetInstall in the Server app. In the Server app, Apple provides a number of options surrounding the NetInstall service, based on Automator-style which we’ll explore further in this article. The first step to configuring the NetInstall service is to decide what you want the service to do. There are three options available in System Image Utility (available under the Tools menu of the Server app in OS X Server):
  • Create a NetBoot Image: Allows Macs to boot over the network to a disk image hosted on a server.
  • Create a NetInstall Image: Leverage NetBoot as a boot disk so that an image hosted on a server can be used to run a macOS installer.
  • Create a NetRestore Image: Leverage NetBoot as a boot disk so that you can restore a computer that has been configured over a network. Use this option to restore an image that has been prepared.
For the purposes of this example, we’re going to use a macOS Sierra (10.12) installer running Server 5.2 to boot a Mac over the network. The first step in doing so is to create a Network Disk Image (in this case 10.12), or the 10.9 installation media (which is the Install macOS Sierra bundle for this example). Before setting it up, download the Install macOS Sierra installer app into the /Applications directory from the App Store. Create An Image To then set up the NetBoot disk image (you can’t start the NetInstall service until you give it an image to serve), often referred to as the NetBoot set, open the Server app and then click on System Image Utility from the Tools menu of OS X. screen-shot-2016-09-29-at-11-03-03-pm When System Image Utility opens, click on the Install macOS Sierra entry in the list of available sources and click Next. screen-shot-2016-09-29-at-11-03-49-pm Then, in the list of options, click on NetBoot Image and then click on the Next button. screen-shot-2016-09-29-at-11-04-09-pm At the License Agreement screen, click Agree. screen-shot-2016-09-29-at-11-04-35-pm Then provide an account name, short name and password in the Image Settings screen. Also choose the language of the user and select if you want the account to log in automatically. Once provided, click Next. screen-shot-2016-09-29-at-11-04-58-pm Next, select any profiles, packages or post-install scripts to run on the NetBoot image once created. Here, you can use a profile to deploy a printer, bind to Active Directory, or use a package to install software. Post-install scripts allow you to do pretty much anything you’d like to a system, provided it’s allowed by SIP. screen-shot-2016-09-29-at-11-05-14-pm At the System Configuration screen, choose how you’d like systems to receive names. Here, you can provide a name as a base for computers to get a computer name or you can use a file to deploy names. In most cases, you should also check the box for “Match to client after install.” Click Next once you’ve selected how this should occur. screen-shot-2016-09-29-at-11-05-36-pm At the Directory Servers screen, click on the plus sign if you’d like to bind the system to a particular directory server. screen-shot-2016-09-29-at-11-06-09-pm In this example, we’re binding to ad.krypted.com. Also provide an account with access to bind to where you’re binding. In this case, we’re using the built-in admin account for Active Directory. Click Add once you’ve provided the appropriate directory server and credentials. screen-shot-2016-09-29-at-11-06-31-pm At the Image Settings screen, provide a name for the image, as well as how the index number for the image is created. Note that each image should have a unique image index, so unless you’re storing your image on multiple servers, it’s best left at the defaults. Click Next. screen-shot-2016-09-29-at-11-06-45-pm At the Supported Computer Models screen, you can choose which models of computer you don’t wish to support for this image. We’re not doing that here, but it’s useful, for example, if you’d like to preclude desktops from an image. screen-shot-2016-09-29-at-11-06-58-pm At the Filter Clients By MAC Address, you can choose to explicitly allow or deny given MAC addresses for computers. We’re not going to do that as part of this workflow, so just click Next (unless of course you’d like to do that). screen-shot-2016-09-29-at-11-07-12-pm Then, when prompted, select a location to store the Disk Image, provide any tags to be applied to the files that comprise the image and click on Save. screen-shot-2016-09-29-at-11-07-50-pm The computer will then start creating the NetBoot set. Setup The NetInstall Service Once finished, it’s time to set up the NetInstall service in macOS Server. To get started, go back to the Server app. screen-shot-2016-09-29-at-11-08-25-pm First, define which disk will host NetBoot Images. To do so, click on the Edit Storage Settings button. At the Storage Settings overlay, select the volume that Images will be hosted as well as the volume that Client Data will be hosted. The Image is what you are creating and the Client Data is dynamic data stored in images. screen-shot-2016-09-29-at-11-08-58-pm If you only have one disk, as in this example, click on “Images & Client Data” for that disk. Then click on the OK button. Once you’ve selected a disk to store your image, we need to copy the disk image into the Library/NetBoot/NetBootSP0 folder of the disk used for images. screen-shot-2016-09-29-at-11-13-40-pm Once in the appropriate folder, click on the Edit button for Network Interfaces and select the appropriate network interface you wish to serve images over, and click OK. Refresh the Server app (Command-R) and provided the image was created and moved into the /Library/NetBoot/NetBootSP0 directory of a volume set to host images, the image will appear in the images list, with a green indicator light. screen-shot-2016-10-01-at-9-37-13-pm The green indicator light means the image is being served over the network. Double-click on an image. screen-shot-2016-10-01-at-9-39-03-pm At the image settings screen, you can select NFS over the default HTTP protocol for “Make available over”.Note, you can also restrict access to the image to certain models of Apple computers and/or certain MAC addresses by using the “Image is visible to” and “Restrict access to this images” options respectively. Additionally, use the Make this image available for diskless booting option to allow computers without hard drives to boot to the image. screen-shot-2016-10-01-at-9-39-24-pm Click on the OK button. Click on the image and then click on the cog-wheel icon. Click on “Use as Default Boot Image” to set an image to be the default images computers boot to when booting to NetBoot. Now, it’s as easy as clicking on the ON button. Do so to start the service. screen-shot-2016-10-01-at-9-37-19-pm Once started, open a Terminal window. Here, let’s get a status of the service using the serveradmin fullstatus option (along with the service name, which is still netboot from the command line): sudo serveradmin fullstatus netboot The output of which shows the various components, logs and states of components: netboot:state = "RUNNING" netboot:stateTFTP = "RUNNING" netboot:readWriteSettingsVersion = 1 netboot:netBootConnectionsArray = _empty_array netboot:logPaths:netBootLog = "/var/log/system.log" netboot:dhcpLeasesArray = _empty_array netboot:stateDHCP = "STOPPED" netboot:stateHTTP = "RUNNING" netboot:serviceCanStart = 1 netboot:timeOfSnapshot = "2016-09-27 02:07:32 +0000" netboot:stateNFS = "STOPPED" netboot:stateImageArray:_array_index:0:_array_index:0 = 1 netboot:stateImageArray:_array_index:0:_array_index:1 = 0 netboot:stateImageArray:_array_index:0:_array_index:2 = 0 netboot:stateImageArray:_array_index:0:_array_index:3 = 1 netboot:stateImageArray:_array_index:0:_array_index:4 = 2 netboot:stateImageArray:_array_index:1:_array_index:0 = 0 netboot:stateImageArray:_array_index:1:_array_index:1 = 0 netboot:stateImageArray:_array_index:1:_array_index:2 = 0 netboot:stateImageArray:_array_index:1:_array_index:3 = 0 netboot:stateImageArray:_array_index:1:_array_index:4 = 2 netboot:stateImageArray:_array_index:2:_array_index:0 = 0 netboot:stateImageArray:_array_index:2:_array_index:1 = 0 netboot:stateImageArray:_array_index:2:_array_index:2 = 0 netboot:stateImageArray:_array_index:2:_array_index:3 = 0 netboot:stateImageArray:_array_index:2:_array_index:4 = 2 netboot:stateImageArray:_array_index:3:_array_index:0 = 0 netboot:stateImageArray:_array_index:3:_array_index:1 = 0 netboot:stateImageArray:_array_index:3:_array_index:2 = 0 netboot:stateImageArray:_array_index:3:_array_index:3 = 0 netboot:stateImageArray:_array_index:3:_array_index:4 = 2 netboot:servicePortsRestrictionInfo = _empty_array netboot:netBootClientsArray = _empty_array netboot:servicePortsAreRestricted = "NO" netboot:setStateVersion = 1 netboot:startedTime = "2016-09-27 02:06:53 +0000" netboot:stateAFP = "STOPPED" And to start the service when not running: sudo serveradmin start netboot There are also a number of settings available at the command line that are not in the graphical interface. For example, to allow writing to the NetBoot share: sudo serveradmin settings netboot:netBootStorageRecordsArray:_array_index:0:readOnlyShare = no Or to get more verbose logs: sudo serveradmin settings netboot:logging_level = "HIGH" To stop the service: sudo serveradmin stop netboot In the beginning of this article, I mentioned that ways to configure NetInstall images. I’ll cover NetInstall and NetRestore in later articles as they tend to be more involved workflow-wise than copying a volume into a Network Disk Image. But to end this one, many an old-school admin might wonder where all the settings went that used to be in the GUI. Well, serveradmin still maintains a lot of the older stuff. To see a list of all available settings, run serveradmin with the settings verb and then netboot: sudo serveradmin settings netboot If there was a feature you want to use (e.g. maximum users), you should see it in the resultant list: netboot:netBootFiltersRecordsArray = _empty_array netboot:netBootStorageRecordsArray:_array_index:0:sharepoint = yes netboot:netBootStorageRecordsArray:_array_index:0:clients = yes netboot:netBootStorageRecordsArray:_array_index:0:volType = "hfs" netboot:netBootStorageRecordsArray:_array_index:0:okToDeleteSharepoint = no netboot:netBootStorageRecordsArray:_array_index:0:readOnlyShare = no netboot:netBootStorageRecordsArray:_array_index:0:path = "/" netboot:netBootStorageRecordsArray:_array_index:0:okToDeleteClients = yes netboot:netBootStorageRecordsArray:_array_index:0:volName = "Macintosh HD" netboot:netBootPortsRecordsArray:_array_index:0:deviceAtIndex = "en5" netboot:netBootPortsRecordsArray:_array_index:0:nameAtIndex = "USB 10/100/1000 LAN" netboot:netBootPortsRecordsArray:_array_index:0:isEnabledAtIndex = yes netboot:logging_level = "MEDIUM" netboot:filterEnabled = no netboot:netBootImagesRecordsArray:_array_index:0:RootPath = "NetBoot.dmg" netboot:netBootImagesRecordsArray:_array_index:0:IsInstall = no netboot:netBootImagesRecordsArray:_array_index:0:Kind = "1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:0 = "MacBookAir6,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:1 = "MacBookAir5,2" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:2 = "MacBookAir7,2" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:3 = "MacBookAir2,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:4 = "MacBookAir5,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:5 = "MacBookAir4,2" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:6 = "MacBookAir4,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:7 = "MacBookAir6,2" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:8 = "MacBookAir7,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:9 = "MacBookAir3,2" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:10 = "MacBookAir3,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:11 = "MacBookPro5,2" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:12 = "MacBookPro9,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:13 = "MacBookPro6,2" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:14 = "MacBookPro6,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:15 = "MacBookPro8,3" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:16 = "MacBookPro11,3" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:17 = "MacBookPro7,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:18 = "MacBookPro11,2" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:19 = "MacBookPro10,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:20 = "MacBookPro12,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:21 = "MacBookPro11,4" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:22 = "MacBookPro11,5" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:23 = "MacBookPro3,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:24 = "MacBookPro4,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:25 = "MacBookPro8,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:26 = "MacBookPro10,2" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:27 = "MacBookPro5,3" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:28 = "MacBookPro5,5" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:29 = "MacBookPro5,4" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:30 = "MacBookPro5,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:31 = "MacBookPro9,2" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:32 = "MacBookPro11,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:33 = "MacBookPro8,2" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:34 = "iMac14,2" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:35 = "iMac9,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:36 = "iMac7,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:37 = "iMac12,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:38 = "iMac11,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:39 = "iMac14,4" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:40 = "iMac11,3" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:41 = "iMac13,2" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:42 = "iMac15,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:43 = "iMac12,2" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:44 = "iMac8,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:45 = "iMac10,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:46 = "iMac13,3" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:47 = "iMac14,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:48 = "iMac14,3" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:49 = "iMac13,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:50 = "iMac11,2" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:51 = "Macmini5,3" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:52 = "Macmini5,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:53 = "Macmini4,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:54 = "Macmini5,2" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:55 = "Macmini3,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:56 = "Macmini6,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:57 = "Macmini6,2" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:58 = "Macmini7,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:59 = "MacBook8,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:60 = "MacBook7,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:61 = "MacBook5,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:62 = "MacBook6,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:63 = "MacBook5,2" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:64 = "MacPro3,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:65 = "MacPro5,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:66 = "MacPro4,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:67 = "MacPro6,1" netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:68 = "Xserve3,1" netboot:netBootImagesRecordsArray:_array_index:0:Description = "NetBoot of OS X 10.11 (15A178w) Install (9.12 GB)." netboot:netBootImagesRecordsArray:_array_index:0:Name = "NetBoot of Install OS X 10.11 El Capitan" netboot:netBootImagesRecordsArray:_array_index:0:imageType = "netboot" netboot:netBootImagesRecordsArray:_array_index:0:Index = 3089 netboot:netBootImagesRecordsArray:_array_index:0:osVersion = "10.11" netboot:netBootImagesRecordsArray:_array_index:0:BackwardCompatible = no netboot:netBootImagesRecordsArray:_array_index:0:SupportsDiskless = no netboot:netBootImagesRecordsArray:_array_index:0:EnabledSystemIdentifiers = _empty_array netboot:netBootImagesRecordsArray:_array_index:0:Language = "Default" netboot:netBootImagesRecordsArray:_array_index:0:BootFile = "booter" netboot:netBootImagesRecordsArray:_array_index:0:IsDefault = no netboot:netBootImagesRecordsArray:_array_index:0:Type = "HTTP" netboot:netBootImagesRecordsArray:_array_index:0:Architectures = "4" netboot:netBootImagesRecordsArray:_array_index:0:IsEnabled = yes netboot:netBootImagesRecordsArray:_array_index:0:pathToImage = "/Library/NetBoot/NetBootSP0/NetBoot of Install macOS 10.12 Sierra.nbi/NBImageInfo.plist" netboot:afpUsersMax = "50" Boot to Your NetBoot Image Next, you’ll want to have a computer boot to the NetBoot image you just created. Once upon a time, you would use the bless command to select a path to an image that you wanted to boot to in order to do so. Or you’d just boot holding down the N key and let the system pick an image. As of OS X 10.11, due to SIP restrictions, you’ll use the csrutil command to set a NetBoot address, continuing into macOS 10.12. To do so, run csrutil followed by the netboot option and then the add verb, followed by an address. In the following example, we’ll set the system to boot to the NetBoot server at 10.0.0.10: csrutil netboot add 10.0.0.10 Once you’ve finished any NetBoot workflows, use the remove verb to remove that address: csrutil netboot remove 10.0.0.10 And to list any available NetBoot servers, use the list verb: csrutil netboot list Overall, all of this usually takes me a good 10 minutes of work, plus maybe up to half an hour of waiting for an image to create. You can use NetBoot to remotely boot systems, or NetInstall to remotely install systems. There are lots of articles out there (including here) on how to make sure clients can access these images over a network client, so I won’t rehash.

October 19th, 2016

Posted In: Mac OS X Server

Tags: , , , , , ,

DHCP, or Dynamic Host Control Protocol, is the service used to hand out IP addresses and other network settings by network appliances and servers. The DHCP Server built into macOS Server 5.2 on Sierra is similar to the DHCP service that was included in Server 10.2 from the good ‘ole Panther days. It’s pretty simple to use and  transparent, just as DHCP services should be. To install the service, open the Server app and then click on the Show button beside Advanced in the server sidebar. Then click on DHCP. screen-shot-2016-09-28-at-10-20-57-am At the DHCP screen, you’ll see two tabs: Settings, used for managing the service and Clients, used to see leases in use by computers that obtain IP address information from the server. You’ll also see an ON and OFF switch, but we’re going to configure our scopes, or Networks as they appear in the Server app, before we enable the service. To configure a scope, double-click on the first entry in the Networks list. screen-shot-2016-09-28-at-10-21-37-am Each scope, or Network, will have the following options:
  • Name: A name for the scope, used only on the server to keep track of things.
  • Lease Duration: Select an hour, a day, a week or 30 days. This is how long a lease that is provided to a client is valid before the lease expires and the client must find a new lease, either from the server you’re configuring or a different host.
  • Network Interface: The network interface you’d like to share IPs over. Keep in mind that you can tag multiple VLANs on a NIC, assign each an interface in OS X and therefore provide different scopes for different VLANs with the same physical computer and NIC.
  • Starting IP Address: The first IP address used. For example, if you configure a scope to go from 192.168.210.200 to 192.168.210.250 you would have 50 useable IP addresses.
  • Ending IP Address: The last IP address used in a scope.
  • Subnet Mask: The subnet mask used for the client configuration. This setting determines the size of the network.
  • Router: The default gateway, or router for the network. Often a .1 address for the subnet used in the Starting and Ending IP address fields. Note that while in DHCP you don’t actually have to use a gateway, OS X Server does force you to do so or you cannot save changes to each scope.
  • DNS: Use the Edit button for DNS to bring up a screen that allows you to configure the DNS settings provided as part of each DHCP scope you create, taking note that by default you will be handing out a server of 0.0.0.0 if you don’t configure this setting.
The DNS settings in the DHCP scope are really just the IP addresses to use for the DNS servers and the search domain. The search domain is the domain name appended to all otherwise incomplete Fully Qualified Domain Names. For example, if we use internal.krypted.lan and we have a DNS record for wiki.internal.krypted.lan then we could just type wiki into Safari to bring up the wiki server. Click the minus sign button to remove any data in these fields and then click on the plus sign to enter new values. screen-shot-2016-09-28-at-10-22-02-am Click OK to save DNS settings and then OK to save each scope. Once you’ve build all required scopes, start the service. Once started, verify that a new client on the network gets an IP. Also, make sure that there are no overlapping scopes and that if you are moving a scope from one device to another (e.g. the server you’re setting up right now) that you renew all leases on client systems, most easily done using a quick reboot, or using “ipconfig /release” on a Windows computer. If you have problems with leases not renewing in OS X, check out this article I did awhile back. So far, totally easy. Each time you make a change, the change updates a few different things. First, it updates the /etc/bootpd.plist property list, which looks something like this (note the correlation between these keys and the settings in the above screen shots.: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>NetBoot</key> <dict/> <key>Subnets</key> <array> <dict> <key>allocate</key> <true/> <key>dhcp_domain_name</key> <string>no-dns-available.example.com</string> <key>dhcp_domain_name_server</key> <array> <string>0.0.0.0</string> </array> <key>dhcp_domain_search</key> <array/> <key>dhcp_router</key> <string>192.168.210.1</string> <key>lease_max</key> <integer>3600</integer> <key>name</key> <string>192.168.210 Wi-Fi</string> <key>net_address</key> <string>192.168.210.0</string> <key>net_mask</key> <string>255.255.255.0</string> <key>net_range</key> <array> <string>192.168.210.200</string> <string>192.168.210.253</string> </array> <key>selected_port_name</key> <string>en0</string> <key>uuid</key> <string>B03BAE3C-AB79-4108-9E5E-F0ABAF32179E</string> </dict> </array> <key>allow</key> <array/> <key>bootp_enabled</key> <false/> <key>deny</key> <array/> <key>detect_other_dhcp_server</key> <false/> <key>dhcp_enabled</key> <false/> <key>old_netboot_enabled</key> <false/> <key>relay_enabled</key> <false/> <key>relay_ip_list</key> <array/> </dict> </plist> Settings from this file include:
  • dhcp_enabled – Used to enable dhcp for each network interface. Replace the <false/> immediately below with <array> <string>en0</string> </array>. For additional entries, duplice the string line and enter each from ifconfig that you’d like to use dhcp on.
  • bootp_enabled – This can be left as Disabled or set to an array of the adapters that should be enabled if you wish to use the bootp protocol in addition to dhcp. Note that the server can do both bootp and dhcp simultaneously.
  • allocate – Use the allocate key for each subnet in the Subnets array to enable each subnet once the service is enabled.
  • Subnets – Use this array to create additional scopes or subnets that you will be serving up DHCP for. To do so, copy the entry in the array and paste it immediately below the existing entry. The entry is a dictionary so copy all of the data between and including the <dict> and </dict> immediately after the <array> entry for the subnet itself.
  • lease_max and lease_min – Set these integers to the time for a client to retain its dhcp lease
  • name – If there are multiple subnet entries, this should be unique and reference a friendly name for the subnet itself.
  • net_address – The first octets of the subnet followed by a 0. For example, assuming a /24 and 172.16.25 as the first three octets the entry would be 172.16.25.0.
  • net_mask – The subnet mask clients should have
  • net_range – The first entry should have the first IP in the range and the last should have the last IP in the range. For example, in the following example the addressing is 172.16.25.2 to 172.16.25.253.
  • dhcp_domain_name_server – There should be a string for each DNS server supplied by dhcp in this array
  • dhcp_domain_search – Each domain in the domain search field should be suppled in a string within this array, if one is needed. If not, feel free to delete the key and the array if this isn’t needed.
  • dhcp_router – This entry should contain the router or default gateway used for clients on the subnet, if there is one. If not, you can delete the key and following string entries.
If you run the serveradmin command, followed by the settings verb and then the dhcp service, you’ll see the other place that gets updated: serveradmin settings dhcp The output indicates that dhcp:static_maps = _empty_array dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:WINS_secondary_server = "" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:selected_port_name = "en0" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:dhcp_router = "192.168.210.1" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:dhcp_domain_name_server:_array_index:0 = "192.168.210.2" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:net_mask = "255.255.255.0" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:WINS_NBDD_server = "" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:net_range_start = "192.168.210.200" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:lease_max = 3600 dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:dhcp_domain_search:_array_index:0 = "internal.krypted.lan" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:descriptive_name = "192.168.210 Wi-Fi" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:WINS_primary_server = "" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:net_range_end = "192.168.210.253" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:dhcp_ldap_url = _empty_array dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:WINS_node_type = "NOT_SET" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:net_address = "192.168.210.0" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:dhcp_enabled = yes dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:dhcp_domain_name = "internal.krypted.lan" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:WINS_scope_id = "" dhcp:subnet_defaults:logVerbosity = "MEDIUM" dhcp:subnet_defaults:WINS_node_type_list:_array_index:0 = "BROADCAST_B_NODE" dhcp:subnet_defaults:WINS_node_type_list:_array_index:1 = "HYBRID_H_NODE" dhcp:subnet_defaults:WINS_node_type_list:_array_index:2 = "NOT_SET" dhcp:subnet_defaults:WINS_node_type_list:_array_index:3 = "PEER_P_NODE" dhcp:subnet_defaults:WINS_node_type_list:_array_index:4 = "MIXED_M_NODE" dhcp:subnet_defaults:dhcp_domain_name = "no-dns-available.example.com" dhcp:subnet_defaults:WINS_node_type = "NOT_SET" dhcp:subnet_defaults:routers = _empty_dictionary dhcp:subnet_defaults:logVerbosityList:_array_index:0 = "LOW" dhcp:subnet_defaults:logVerbosityList:_array_index:1 = "MEDIUM" dhcp:subnet_defaults:logVerbosityList:_array_index:2 = "HIGH" dhcp:subnet_defaults:dhcp_domain_name_server:_array_index:0 = "192.168.210.201" dhcp:subnet_defaults:selected_port_key = "en0" dhcp:subnet_defaults:selected_port_key_list:_array_index:0 = "bridge0" dhcp:subnet_defaults:selected_port_key_list:_array_index:1 = "en0" dhcp:subnet_defaults:selected_port_key_list:_array_index:2 = "p2p0" dhcp:subnet_defaults:selected_port_key_list:_array_index:3 = "en1" dhcp:logging_level = "MEDIUM" Notice the correlation between the uuid string in /etc/bootp.plist and the arrayid entry for each subnet/network/scope (too many terms referring to the same thing, ahhhh!). Using the serveradmin command you can configure a lot more than you can configure in the Server app gui. For example, on a dedicated DHCP server, you could increase logging level to HIGH (as root/with sudo of course): serveradmin settings dhcp:logging_level = "MEDIUM" You can also change settings within a scope. For example, if you realized that you were already using 192.168.210.200 and 201 for statically assigned IPs elsewhere you can go ahead and ssh into the server and change the first IP in a scope to 202 using the following (assuming the uuid of the domain is the same as in the previous examples): serveradmin settings dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:net_range_start = "192.168.210.202" You can also obtain some really helpful information using the fullstatus verb with serveradmin: serveradmin fullstatus dhcp This output includes the number of active leases, path to log file (tailing that file is helpful when troubleshooting issues), static mappings (configured using the command line if needed), etc. dhcp:state = "RUNNING" dhcp:backendVersion = "10.11" dhcp:timeOfModification = "2016-10-04 04:24:17 +0000" dhcp:numDHCPActiveClients = 0 dhcp:timeOfSnapShot = "2016-10-04 04:24:19 +0000" dhcp:dhcpLeasesArray = _empty_array dhcp:logPaths:systemLog = "/var/log/system.log" dhcp:numConfiguredStaticMaps = 1 dhcp:timeServiceStarted = "2016-10-04 04:24:17 +0000" dhcp:setStateVersion = 1 dhcp:numDHCPLeases = 21 dhcp:readWriteSettingsVersion = 1 Once started, configure reservations using  the /etc/bootptab file. This file should have a column for the name of a computer, the hardware type (1), the hwaddr (the MAC address) and ipaddr for the desired IP address of each entry: %% # hostname hwtype hwaddr ipaddr bootfile a.krypted.lan 1 00:00:00:aa:bb:cc 192.168.210.230 b.krypted.lan 1 00:00:00:aa:bb:cc 192.168.210.240 You can start and stop the service either using the serveradmin command: serveradmin stop dhcp serveradmin start dhcp Or using the launchctl: sudo /bin/launchctl unload -w /System/Library/LaunchDaemons/bootps.plist sudo /bin/launchctl load -w /System/Library/LaunchDaemons/bootps.plist Finally, you can define DHCP options in /etc/bootp.plist. This process isn’t necessarily support, there is no GUI control for options, and options are not as widely used with devices as they once were. However, it’s absolutely an option if needed.

October 13th, 2016

Posted In: Mac OS X Server, Network Infrastructure

Tags: , , , ,

Getting started with Messages Server couldn’t really be easier. Messages Server in the macOS Server 5.2 version of the Server app uses the open source jabber project as their back-end code base. The jabber binary is located at /Applications/Server.app/Contents/ServerRoot/private/var/jabberd directory and the autobuddy binary is at /Applications/Server.app/Contents/ServerRoot/usr/bin/jabber_autobuddy. The actual jabberd binary is also stored at /Applications/Server.app/Contents/ServerRoot/usr/libexec/jabberd, where there are a couple of perl scripts used to migrate the service between various versions as well. Setting up the Messages service is simple. Open the Server app and click on Messages in the Server app sidebar.  screen-shot-2016-09-27-at-11-03-18-am Click on the Edit… button for the Permissions. Here, define which users and interfaces are allowed to use the service. screen-shot-2016-09-27-at-11-03-45-am From Server app, click on the checkbox for “Enable server-to-server federation” if you have multiple iChat, er, I mean, Messages servers and provide the address for servers to federate to. screen-shot-2016-09-27-at-11-04-14-am Next, click on the checkbox for “Archive all chat messages” if you’d like transcripts of all Messages sessions that route through the server to be saved on the server. screen-shot-2016-09-27-at-11-04-47-am You should use an SSL certificate with the Messages service. If enabling federation so you can have multiple Messages servers, you have to. Before enabling the service, click on the name of the server in the sidebar of Server app and then click on the Settings tab. From here, click on Edit for the SSL Certificate (which should be plural btw) entry to bring up a screen to select SSL Certificates. At the SSL Certificates screen (here it’s plural!), select the certificate the Messages service should use from the available list supplied beside that entry and click on the OK button. If you need to setup federation, click back on the Messages service in the sidebar of Server app and then click on the Edit button. Then, click on the checkbox for Require server-to-server federation (making sure each server has the other’s SSL certificate installed) and then choose whether to allow any server to federate with yours or to restrict which servers are allowed. I have always restricted unless I was specifically setting up a server I wanted to be public (like public as in everyone in the world can federate to it, including the gorram reavers that want to wear your skin). screen-shot-2016-09-27-at-11-05-38-am To restrict the service, then provide a list of each server address capable of communicating with your server. Once all the servers are entered, click the OK button. Obviously, if you only have one server, you can skip that. Once the settings are as you wish them to be, click on the ON/OFF switch to light up the service. To see the status of the service, once started, use the fullstatus option with serveradmin followed by the jabber indicator: sudo serveradmin fullstatus jabber The output includes whether the service is running, the location of jabber log files, the name of the server as well as the time the service was started, as can be seen here: jabber:state = "RUNNING"
jabber:roomsState = "RUNNING"
jabber:logPaths:PROXY_LOG = "/private/var/jabberd/log/proxy65.log"
jabber:logPaths:MUC_STD_LOG = "/var/log/system.log"
jabber:logPaths:JABBER_LOG = "/var/log/system.log"
jabber:proxyState = "RUNNING"
jabber:currentConnections = "0"
jabber:currentConnectionsPort1 = "0"
jabber:currentConnectionsPort2 = "0"
jabber:pluginVersion = "10.8.211"
jabber:servicePortsAreRestricted = "NO"
jabber:servicePortsRestrictionInfo = _empty_array
jabber:hostsCommaDelimitedString = "osxserver.krypted.lan"
jabber:hosts:_array_index:0 = "osxserver.krypted.lan"
jabber:setStateVersion = 1
jabber:startedTime = ""
jabber:readWriteSettingsVersion = 1 There are also a few settings not available in the Server app. One of these that can be important is the port used to communicate between the Messages client and the Messages service on the server. For example, to customize this to 8080, use serveradmin followed by settings and then jabber:jabberdClientPortSSL = 8080, as follows: sudo serveradmin settings jabber:jabberdClientPortSSL = 8080 To change the location of the saved Messages transcripts (here, we’ll set it to /Volumes/Pegasus/Book: sudo serveradmin settings jabber:savedChatsLocation = “/Volumes/Pegasus/Book” To see a full listing of the options, just run settings with the jabber service: sudo serveradmin settings jabber The output lists each setting configurable:
jabber:dataLocation = “/Library/Server/Messages” jabber:s2sRestrictDomains = no jabber:jabberdDatabasePath = “/Library/Server/Messages/Data/sqlite/jabberd2.db” jabber:sslCAFile = “/etc/certificates/osxserver.krypted.com.31971C0C39DCBF4733FA671BCE3AF260769E4FB7.chain.pem” jabber:jabberdClientPortTLS = 5222 jabber:sslKeyFile = “/etc/certificates/osxserver.krypted.com.31971C0C39DCBF4733FA671BCE3AF260769E4FB7.concat.pem” jabber:initialized = yes jabber:enableXMPP = yes jabber:savedChatsArchiveInterval = 7 jabber:authLevel = “STANDARD” jabber:hostsCommaDelimitedString = “osxserver.krypted.com” jabber:jabberdClientPortSSL = 5223 jabber:requireSecureS2S = yes jabber:savedChatsLocation = “/Library/Server/Messages/Data/message_archives” jabber:enableSavedChats = yes jabber:enableAutoBuddy = no jabber:s2sAllowedDomains = _empty_array jabber:logLevel = “ALL” jabber:hosts:_array_index:0 = “osxserver.krypted.com” jabber:eventLogArchiveInterval = 7 jabber:jabberdS2SPort = 5269
To stop the service: sudo serveradmin stop jabber And to start it back up: sudo serveradmin start jabber It’s also worth noting something that’s completely missing in this whole thing: Apple Push Notifications… Why is that important? Well, you use the Messages application to communicate not only with Mac OS X and other jabber clients, but you can also use Messages to send text messages. Given that there’s nothing in the server that has anything to do with texts, push or anything of the sort, it’s worth noting that these messages don’t route through the server and therefore still require an iCloud account. Not a huge deal, but worth mentioning that Messages server doesn’t have the same updates built into the Messages app. Because messages don’t traverse the server, there’s no transcripts.

October 12th, 2016

Posted In: Mac OS X Server

Tags: , , , , , , , , ,

Apple developers in growing development teams invariably need a continuous integration system. This automates the build, analysis, and testing solution for software development using Xcode. macOS Server has an Xcode service, capable of integrating your developer account with git, providing many of the options required to build a continuous integration system. Before you configure the Xcode service that can take committed code and then test and build your software, you’ll need an Apple developer account. The Xcode service then links git to a developer account and runs automations, referred to as bots, in Xcode. Therefore, you’ll also need to have Xcode installed on the computer running the Xcode service. Bots are then managed and reported on using a web app that the Server app runs. Once the pre-requisites are met, open the Server app and click on the Xcode service. screen-shot-2016-09-25-at-11-50-35-pm Click on the Choose Xcode button. screen-shot-2016-09-25-at-11-50-54-pm When prompted, browse to the version of Xcode you have installed on the server. Screen Shot 2015-09-24 at 10.11.46 PM Configure the user account to use for the service. screen-shot-2016-09-25-at-11-52-00-pm The service will then require you to login. Do so when prompted. screen-shot-2016-09-25-at-11-53-30-pm This enables the user account, which you will then need to login as. screen-shot-2016-09-25-at-11-54-24-pm You’ll see a new user environment. Use fast user switching to then switch back to your other account. Xcode will require access to the Accessibility framework to run unit tests. Click on Request Access to provide the rights to Xcode to do so. Once access has been granted to Xcode, you’ll see the version indicated in the Build Using field. screen-shot-2016-09-25-at-11-59-59-pm Next, click on Add Team, in order to identify the correct team from your Apple Developer account that will have access to the Xcode service. screen-shot-2016-09-26-at-12-00-28-am When prompted, select the team from your Apple Developer account that you wish to provide access to the server, note that you need to be a team agent or an administrator of the developer organization. screen-shot-2016-09-26-at-12-02-15-am Click on the Repositories tab. Here, you will define repositories for your Xcode projects. Click on the Repository Access button to define what protocols git should be accessible via. screen-shot-2016-09-26-at-12-02-45-am At the Repository Access screen, select HTTPS or SSH. Click OK. screen-shot-2016-09-26-at-12-04-11-am Click the Edit Repository Creators button. At the Repository Access screen, add any groups of users that should have access to create new git repositories. Once all of the appropriate users or groups have been added, click on OK. screen-shot-2016-09-26-at-12-04-30-am   Select your repository again, and click on the HTTPS Access button to provide access via HTTPS. Once saved, double-click on the repository again to see the uri for each type of access. And that’s it. screen-shot-2016-09-26-at-12-05-21-am Next, you’ll want to add a repository to the Xcode app. To do so, open Xcode and then use the Source Control menu to select Check Out. From there, you’ll get a Check Out screen. Screen Shot 2015-09-25 at 7.04.42 PM At the Check Out screen, enter the uniform the repository screen, shown in the previous step of this article and click on the Next button. Next, you’ll need to create bots to automate your build process.

October 8th, 2016

Posted In: Mac OS X Server, Programming

Tags: , , , , , , ,

There are a couple of ways to create groups in macOS Server 5.2, running on Sierra. The first is using the Server app, the second is using the Users & Groups System Preference pane and the third is using the command line. In this article we will look at creating groups in the directory service with the Server app. Once a server has been an Open Directory Master all user and group accounts created will be in the Local Network Group when created in Server app. Before that, all user and group objects are stored locally when created in Server app. Once promoted to an Open Directory server, groups are created in the Open Directory database or if you select it from the directory domain drop-down list, locally. Groups can also be created in both locations, using a command line tool appropriate for group management.
 To create a new group, open the Server app and then click on Groups in the ACCOUNTS list of the Server app sidebar. From here, you can switch between the various directory domains accessible to the server using the drop-down list available. Click on the plus sign to create a local network group.
screen-shot-2016-09-25-at-10-37-53-pm
At the New Group screen, provide a name for the group in the Full Name field. This can have spaces. Then create a short name for the group in the Group Name field. This should not have spaces.
screen-shot-2016-09-25-at-10-39-34-pm
Click Done when you have supplied the appropriate information and the group is created. Once done, double-click on the group to see more options.
 screen-shot-2016-09-25-at-10-40-25-pm
Here, use the plus sign (“+”) to add members to the group or highlight members and use the minus sign (“-“) to remove users from the group. You can also choose to use the following options:
  • Mailing Lists: Lists that are connected to the group.
  • Members: The users that are part of the group
  • Give this group a shared folder: Creates a shared directory for the group, or a group with an ACL that grants all group members access.
  • Make group members Messages buddies: Adds each group member to each other group members buddy list in the Messages client.
  • Enable group mailing list: Enables a list using the short name of the group where all members receive emails to that address.
  • Create Group Wiki: Opens the Wiki interface for creating a wiki for the group.
  • Keywords: Keywords/tags to help locate users.
  • Notes: Notes about users.
Once changes have been made, click Done to commit the changes.

October 7th, 2016

Posted In: Mac OS X Server

Tags: , , , , , , ,

There are a few ways to create users in macOS Server 5.2, running on Sierra. The first is using the Server app, the second is using using the Users & Groups System Preference pane and the third is using the command line. In this article we will look at creating users in the Server app. To do so, open the Server app and connect to your server. Then click on the Users entry in the ACCOUNTS list. The list of users is displayed, based on the directory domain(s) being browsed. A directory domain is a repository of account data, which can include local users, local network users and users in a shared directory service such as Open Directory and Active Directory. screen-shot-2016-09-25-at-10-47-57-pm The drop-down list allows you to see objects that are stored locally as well as on a shared directory server. Therefore, clicking All Users will show all of the accounts accessible by the system. Click on the plus sign to create a new account. At this point, if the server has been promoted to an Open Directory Master, the account will be a local network account, with no way of choosing a different location to store the account in the Server app. screen-shot-2016-09-25-at-10-49-14-pm When prompted, provide the following information about the new user:
  • Full Name: Usually the first and last name of the user.
  • Account Name: A shorter representation of that name with no spaces or special characters.
  • Email address: The email address to use if the account is going over quotas, has calendar invitations sent, or used for email hosted on the server, etc.
  • Password: The password the user will use to access services on the server.
  • Verify: The password a second time to make sure there are no spelling errors.
  • Allow user to administer this server: Optional field that grants the user administrative access to the server.
  • Home Folder: Optional field that by default creates local home directories for users that use the account but that also allows you to select a directory shared using the File Sharing service as a location for home folders. Each user in OS X has a home folder, this option defines whether that folder will reside on their computer or on a central server.
  • Limit Disk Usage To: Define the amount of space an account can take up on servers.
  • Keywords: Keywords, or tags, for the user.
  • Notes: Any notes you want to enter into the user record.
Note: Optionally, you can also drag an image onto the image shown in the New User screen if you’d like the user to have an avatar.
Once the account details are as you would like, click on the Done button. The account will then be displayed in the list of available accounts. Once the account is created, highlight it and click on the cog wheel icon below the list of accounts. Here, you have the option to edit the account you just created, edit their access to services hosted on the server, configure email information and change their password. screen-shot-2016-09-25-at-10-49-57-pm Click Edit User. Here, you have two new features. You can add the user to groups and use the checkbox for “log in” to disable the account. screen-shot-2016-09-25-at-10-50-25-pm Click Cancel and then using the cog wheel menu again, click on Edit Access to Services. Here, uncheck each service that the user should not have access to. If the service isn’t running then it’s not a big deal. You can highlight multiple accounts concurrently and then use this option to disable services for users en masse.

October 6th, 2016

Posted In: Mac OS X, Mac OS X Server

Tags: , , , , , ,

macOS Server 5.2 (for Sierra)  comes with the /usr/sbin/serverinfo command (introduced in Mountain Lion Server). The serverinfo command is useful when programmatically obtaining information about the very basic state of an Apple Server. The first option indicates whether the Server app has been downloaded from the app store, which is the –software option: serverinfo --software When used, this option reports the following if the Server.app can be found:
This system has server software installed.
Or if the software cannot be found, the following is indicated:
This system does NOT have server software installed.
The –productname option determines the name of the software app: serverinfo --productname If you change the name of the app from Server then the server info command won’t work any longer, so the output should always be the following: Server The –shortversion command returns the version of the Server app being used: serverinfo --shortversion The output will not indicate a build number, but instead the version of the app on the computer the command is run on:
5.2
To see the build number (which should iterate with each update to the Server app from the Mac App Store, use the –buildversion option: serverinfo --buildversion The output shows the build of server, which doesn’t necessarily match the OS X build number:
16S1195
Just because the Server app has been downloaded doesn’t mean the Server setup assistant has been run. To see if it has, use the –configured option: serverinfo --configured The output indicates whether the system is running as a server or just has the app installed (e.g. if you’re using it to connect to another server:
This system has server software configured.
You can also output all of the information into a single, easy to script against property list using the –plist option: serverinfo --plist The output is a list of each of the other options used: <?xml version=”1.0″ encoding=”UTF-8″?> <!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd”> <plist version=”1.0″> <dict> <key>IsOSXServerVolume</key> <true/> <key>IsOSXServerVolumeConfigured</key> <true/> <key>IsServerHardware</key> <false/> <key>LocalizedServerProductName</key> <string>Server</string> <key>MinimumServerVersionAllowed</key> <string>5.0.19</string> <key>ServerBuildVersion</key> <string>16S1195</string> <key>ServerPerformanceModeEnabled</key> <false/> <key>ServerVersion</key> <string>5.2</string> </dict> </plist> The Server Root can reside in a number of places. To see the path (useful when scripting commands that are relative to the ServerRoot: serverinfo –prefix By default, the output is as follows, which is basically like a dirname of the ServerRoot:
/Applications/Server.app/Contents/ServerRoot
You can also see whether the system is running on actual hardware desgnated by Apple for servers using the –hardware option: serverinfo --hardware The output simply indicates if the hardware shipped with OS X Server on it from Apple:
This system is NOT running on server hardware.
The –perfmode option indicates whether or not the performance mode has been enabled, dedicating resources to binaries within the Server app: serverinfo --perfmode If the performance mode has not been enabled then the output will be as such:
Server performance mode is NOT enabled.
To enable performance mode, you can also use serverinfo. This is the only task that the command does that can make any changes to the system and as such is the only time you need to elevate privileges: sudo serverinfo —setperfmode 1 Note: This isn’t really working for me right now, but I filed a radar and guessing it will shortly. Or set the boolean value back to 0 to disable. sudo serverinfo —setperfmode 0 Note: This isn’t really working for me right now, but I filed a radar and guessing it will shortly.

October 2nd, 2016

Posted In: Mac OS X Server

Tags: , , , , , , , ,

I’ve written plenty about macOS Server over the years. But way more effort went into the official documentation from our friends at Apple. There’s lots of nuggets here at: http://help.apple.com/serverapp/mac/getstarted/5.2/ Screen Shot 2015-09-22 at 11.45.23 PM Enjoy!

September 29th, 2016

Posted In: Mac OS X Server

Tags: , , ,

By default, screenshots are pretty big on a retina display on a Sierra machine. Like about 4 times the size they should be. I haven’t found a defaults key I can use yet to reduce them, so I’ve been using this little screenshotting app called RetinaCapture, available at https://gumroad.com/l/retinacapture. Basically, when you’re running it, you just open it up and click on the Window button. There, you can select a window to screenshot. Screen Shot 2015-09-24 at 8.37.33 AM Once you’ve selected the window, you’ll be prompted to save it somewhere with a name. Screen Shot 2015-09-24 at 8.38.00 AM I don’t love having to use any 3rd party apps for my screenshotting workflow. In fact, it bugs the crap out of me. Screens get resized by publishers for books and so I’m really only using this for my site. But, hopefully it helps someone else along the way. Happy screenshotting!

September 28th, 2016

Posted In: Mac OS X

Tags: , , , , , ,

Installing OS X has never been easier than it got in Yosemite, when the installers were moved to the App Store. And since then it’s just gotten easier, and easier. In this article, we’ll upgrade a Mac from OS X 10.11 (El Capitan) to macOS Sierra (10.12), the latest and greatest. The first thing you should do is clone your system (especially if you’re upgrading a server). The second thing you should do is make sure you have a good backup. The third thing you should do is make sure you can swap back to the clone should you need to do so and that your data will remain functional on the backup. The fourth thing you should do is test that clone again… Once you’re sure that you have a fallback plan, let’s get started by downloading “Install macOS Sierra” from the App Store. Once downloaded, you’ll see Install macOS Sierra sitting in LaunchPad, as well as in the /Applications folder. screen-shot-2016-09-25-at-4-46-14-pm Open the app and click Continue (provided of course that you are ready to restart the computer and install Sierra). screen-shot-2016-09-25-at-4-48-53-pm At the licensing agreement, click Agree (or don’t and there will be no Sierra for you). screen-shot-2016-09-25-at-4-49-18-pm At the pop-up click Agree again, unless you’ve changed your mind about the license agreement in the past couple of seconds (I’m sure it happens). screen-shot-2016-09-25-at-4-49-35-pm At the Install screen, click Install and the computer will reboot. screen-shot-2016-09-25-at-4-49-39-pm And you’re done. Now for the fun stuff!

September 28th, 2016

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , , ,

Next Page »