25 Jul 2011

The Update to Lion

So I jumped in at the deep end and upgraded my home server to Lion. Theres no better way to learn what I'm up against for larger deployments than running into problems and fixing them. Not acceptable when people depend on your infrastructure but if my girlfriend even notices she can submit a ticket ;)

Upgrading to Lion
The app store process got in the way a little bit, but only because i didn't start the process in the way Apple expects. I assume that normally one would go to the app store click to buy Lion and then be prompted that you need the server app too and that the whole bundle would be x amount and would you like to buy them both.

I had already bought and downloaded both on another computer, had popped them on a usb stick and had tried to start the install. The app store recognised the Lion installer and noted that I had it installed but the Server App wasn't recognised. As such when running the installer I was faced with this error.
I clicked in the app store but it seemed to want me to buy both again and verify my payment details so I gave up there and decided to see how far I had to go to get both recognised. In the end I copied the Lion installer and the Server App to the Applications folder, added them both to the Dock for good measure and then logged out and back in again. The install procedure then started.

You can't run the server app in Snow Leopard
over 2 hours!
not even time can stand in the way of progress

The download of the additional server components was faster than expected and the installation restarted the computer. I was able to complete the Q and A part of the install over remote desktop to the server with the credentials of the local admin account.
And then the server rebooted into Lion...

I logged into the local admin account and fired up server. Oh Boy.
Web services were completely unconfigured, directory services were misbehaving, there are a complete lack of options for a lot of services.

The old server tools are a separate download and are needed to configure DNS and DHCP, among other services. The configurations for these remained unchanged. A little poking around revealed a Previous Systems folder in the computer's root directory which considerably had a copy of /etc and /Library from before the upgrade.

When upgrading from Snow Leopard Server use caution. Do not expect your services to work uninterrupted. Do not expect it to be easy to fix. All the tools you know are now different. Lots of options are gone and you will be left scratching your head. Turning to old friends doesn't yield much right now and potentially it never will. Right now The Admin recommends setting up Lion server on a separate machine and learning to duplicate what you currently do before moving away from Snow Leopard server.

Its all a bit wild west, but this is why I chose to upgrade at home first. With parallels to the recent final cut pro backlash not entirely lost on me I go forward. This is the beginning of the curve, lets crack out the Terminal.

21 Jul 2011


So I upgraded to Lion and the Snow Leopard Server admin tools were deleted from my hard drive. Uh ho. When trying to install the old Snow Leopard Server Admin tools you get the following:

Oh noes! You can't install Snow Leopard Server Admin Tools on Lion!.

Before freaking out I checked out Apple's downloads page and found Lion Server Admin Tools posted. I downloaded and tried out and thankfully they work and I can fully admin my 10.6 Servers again.

I will be upgrading them to Lion soon, and I intend to post gratuitously about it but at least I still have time to consider my migration strategy.

7 Jul 2011

Looking forward to Lion

So here we are with 10.6.8, at the beginning of July with Lion and the scary new, simplified server round the corner and while I hope I've re-made the net restore images for the last time it means there are some bugs in Snow Leopard Server that will always be in Snow Leopard Server. I'm going to dedicate this post to two particularly annoying ones.

The dreaded inherited ACL duplication issue

This issue is well documented here but its still annoying.
The gist is that if your users shuffle around and duplicate a lot of nested folders, like bundles (which means pages and numbers documents, applications and others), then eventually any ACLs, including inherited ones, will be duplicated over and over again geometrically (only linearly over AFP, thank god) and quickly hit the Finder's internal limit for the number of ACLs it can handle resulting in an "Error -41" when trying to do something to the item in the finder.

The fix?
chmod -R -N ./*
Which will remove all the ACLs on items in scope. Then re-propogate.

The Hot-Desking Carbon API Kerfuffle

So you have Open Directory set up and AFP remote home folders and your users are hot desking on managed machines. Only some of the time, and sometimes completely randomly the icons on the desktop don't show up, or the Finder will prompt that the /Network/Servers/yourserver.com/Users Alias has broken and needs fixing. There are loads of other odd symptoms that come and go even between logins.

Interestingly that directory path isnt an alias at all, but a mount point being managed by OS X's automounter. The thing is that the finder is still using a Carbon API to access at least this part of the file system and unlike OS X's BSD underpinnings, which see the file system as one whole tree with other volumes attached at certain folders, the Carbon API sees each device as a separate tree. The finder literally has no ability to process that traversing a folder might also traverse a volume.

The dirty hack is that these volume traversals within the file system are presented to Carbon applications as aliases. Something seems to be being cached between users which means that while the mount point changes with the user, whatever service the Finder is using to keep track of these mountpoint to alias conversions is getting stuck and reporting the prior alias, which becomes invalid with the new user's credentials.

Long story short means that for the most part everything is fine (and in fact the finder can still read the user's home folder and make changes) but the seemingly crufty Desktop Services part of the Finder trips up and bothers my users and my support ticked system is full of "No desktop icons" reports.

My Fix?

set Apple Remote Desktop to combo update all the machines each night until I can identify which cache I need to delete with a logout hook.