In Xsan 2, MultiSAN was introduced. MultiSAN allows you to assign different sets of primary, secondary and tertiary metadata controllers to volumes. This provides a performance benefit for some environments that have saturated resources on a given metadata controller. However, MultiSAN does not allow you to build separate SANs. All of the volumes are still members of that single “Xsan”, meaning that volumes can be mounted and/or controlled for any of the clients. You can have 2 volumes, each with a dedicated metadata controller, but both sharing a single backup metadata controller. You can also have 2 volumes, each with a dedicated metadata controller that fails over to the other…
-
-
More repairPermissions
Yesterday I looked at using diskutil to repair the permissions on a boot volume. You can also use diskutil to repair the permissions on a non-booted volume provided that there is a valid Mac OS X installation on that volume. To do so you would simply provide the path to that volume rather than to the blessed boot volume. For example, if the disk that we mentioned in the previous article were called Seldon and it was in a host booted to target disk mode then you would simply provide the path /Volumes/Seldon as before: diskutil repairPermissions /Volumes/Seldon In the event that you are scripting and want to take into…
-
Verifying & Repairing Permissions
Disk Utility has a nifty little button to Verify Disk Permissions and another to Repair Disk Permissions. Many use this frequently over the course of basic Mac OS X troubleshooting. The underlying functionality is also exposed at the command line. Diskutil (located in /usr/sbin) has the verifyPermissions and repairPermissions, which roughly correspond to the buttons in Disk Utility. Because these can be run against different disks, each will need the volume indicated following the verb. For example, to run a Verify Disk Permissions against a volume called Seldon, you would use the following command: diskutil verifyPermissions /Volumes/Seldon To then run a Repair Disk Permissions on that same volume, you would…
-
Enabling RAID Mirrors Redux
When new versions of operating systems come out sometimes articles need to be updated. It’s always nice when someone else does the hard part. Recently, Ben Levy, an Apple Consultant from Los Angeles, did some work on an article I did awhile back. To quote Ben, the new procedure is to: 1. Boot from something other than your intended RAIDed boot drive, open Terminal and use diskutil list to identify the relevant disks and partitions. 2. diskutil appleRAID enable mirror disk0s2 – (assuming correctly identified slice, yours may be different) This command turns your primary disk into a RAID mirror without a mirror 3. Reboot back to your boot drive…
-
Programatically Secure Erasing Free Space
One of those security things that pops up every now and then is to use the secure erase feature of Mac OS X, located in Disk Utility. But you can access this same feature from the command line using the secureErase option in diskutil followed by the freespace option. The format of the command is: diskutil secureErase freespace [level] [device] The levels are as follows (per the man page as not all of these are specified in Disk Utility): Single-pass zero-fill erase Single-pass random-fill erase US DoD 7-pass secure erase Gutmann algorithm 35-pass secure erase US DoE algorithm 3-pass secure erase So for example, let’s say you had a volume…
-
Brace Yourself!
Brace yourself, ’cause I’m a tool (or don’t brace yourself if you’ve read much of my writing or met me since you already knew this to be the case). Classic cedge-fail moment that I just had to share. What do you do when you have a variable before a string of text but cannot have any spaces? You brace your variable. Basically, place the $ followed by the variable that is wrapped in the braces. For example, if I was going to put cedge as the content of a variable and then write a file called cedge.plist from the contents then I would use the following. user=cedge touch “${user}.plist” Big…
-
Don't Defrag the Whole SAN
I see a numer of environments that are running routine defragmentation scripts on Xsan volumes. I do not agree with this practice, but given certain edge cases I have watched it happen. When defragmenting a volume, there is no reason to do so to the entire volume. Especially if much of the content is static and not changing very often. And if specific files doesn’t have a lot of extents then they are easily skipped. Let’s look at a couple of quick ways to narrow down your defrag using snfsdefrag. The first is by specifying the path. In this case you would specify a -r option and follow that with…
-
Isolating iNodes in Xsan cvfsck Output
I’ve noticed a couple of occasions where data corruption in Xsan causes a perceived data loss on a volume. This does not always mean that you have to restore from backup. Given the cvfsck output, you can isolate the iNodes using the following: cat cvfsck.txt | grep *Error* | cut -c 27-36 > iNodeList.txt Once isolated you can then use the cvfsdb tool to correlate this to file names. For example, if you have an iNode of 0x20643c8 then you can convert this into a file name using the following: cvfsdb> show inode 0x20643c8 The output will be similar to the following: 000: 0100 8000 3f04 0327 5250 2daa 0000…
-
Command Line ALF Redux
Note: I had previously written this article for Mac OS X 10.5 but have put in a few updates and so thought it might be time to repost it. Mac OS X 10.5 and Mac OS X 10.6 have a multitude of ways to keep data from coming or going from a system. The traditional way is to use ipfw, although this isn’t the default way in 10.5 and above. Instead, you are meant to use the Application Layer Firewall (we’ll call it ALF for short), which is what you configure from the Security System Preference pane. You can enable the firewall simply enough by using the defaults command to…