Another server upgrade – Part 1

There comes time, when Apple releases new OS X Server version and existing server is acting up. And that time is perfect for spring cleaning, updates and upgrades.

So this time came. Apple has OS X 10.6 Snow Leopard Server for quite some time now, with bunch of possible bugs and kinks worked out, with skinnier footprint and increased performance on existing hardware. Our existing server, which hosts DNS, DHCP acts as Open Directory Master and on top of that serves files via AFP and SMB, after multiple “hard resets” is not performing how it once did. It also, for some reasons, lost it’s “single sign-on” capabilities via AFP (while it’s OD Replica works just fine). And, on top of that all, time showed that having DHCP and DNS on the server that every now and then “freezes” and requires “hard reset” is not a practical idea – once server is “hung”, users cannot access network at all.

Read More

OS X Server in VMWare – part 4

This will be forth article in the series of articles about Mac OS X Server 10.5 setup under VMWare.

I would leave FileMaker Server installation for another time. Right now I want to talk about following services on the server which will replace existing server. Here is the situation, just a reminder:

I have live server which hosts websites and FileMaker databases. It also runs AFP services for access to files internally and FTP service for external developers access to those files. Our registration websites are secure websites with proper CA signed certificates. This server, once virtualization project is complete, would become host server, which will not have any services running, well maybe AFP, and will have VMware hosting guest machines. One machine would be new server with registration websites and FileMaker databases with same FTP and AFP services running as well. My challenge is to swap services of current server with new virtual server with least impact, as those registration websites are live 365 days a year and updating every now and then.

So, I’ve setup bare 10.5.7 server, called it promorphius and it would become twin of prometheus, our existing server. Next steps would include:

Setup web server.

First I moved all files from prometheus web server folder to promorphius. I set up site under web service in Server Admin with exact same settings as existing, except for folder location, it’s on separate virtual drive. I then need to make sure that this site is secured and all HTTP requests are going to HTTPS.

As I already have signed certificate on prometheus, I would request Reissue of the certificate from our CA. Follow links provided by your provider to the step where they ask you for CSR (Certificate Signing Request). On that page you would have text field for the CSR. On the new server, I’ve created new certificate with same information as on existing server, but it becomes Self Signed. No worries, Save and select this certificate and click on little gear icon in Server Admin, choose “Generate Certificate Signing Request  (CSR)… ” and window with instruction would appear. Select image of certificate and drag it over text box on the CA’s website. It will be filled with some gibberish, that’s exactly what we need. Follow all neccesary remaining steps. Once you get your certificate select that text copy and select your Self Signed certificate from Server Admin and under little gear icon choose “Add Signed or Renewed Certificate from Certificate Authority…” paste the text in this area now. That’s it, your certificate is signed now!

Next in web server setup, we want to choose our newely signed certificate for our secure server. Under Web service, in Server Admin, choose Sites, select your site (remember, it suppose to use port 443) and under Security check box next to “Enable Secure Sockets Layer (SSL)” and select your signed certificate.

Now, we want to make sure that all requests to our HTTP forward to HTTPS. For that we would duplicate our web site, select port 80 instead of 443 and deselect SSL checkbox in security. We now need to do a little hack to setup these forwarding. Open Terminal, type in su type in root password, type in cd /private/etc/apache2/sites do ls to view your files, you will see some files like type in pico using your own file name. This will open basic text browser. Scroll down to area with:

RewriteEngine On
RewriteRule .* - [F]

Edit this section to include:

RewriteRule ^/(.*)$$1 [R]

And either delete or comment out existing lines.
So final would look like this:

RewriteEngine On
##RewriteRule .* - [F]
RewriteRule ^/(.*)$$1 [R]

$1 would insure that if somebody types in they would be redirected to same subpage but HTTPS.

Now it’s time to check our server. Since we don’t want to change DNS settings for our domain as it will take up to 24hrs to propogate, we would use exisiting settings and swap IP addresses of old-real and new-virtual servers (you mapped both external and internal interfaces of your hardware to VMware, right? Instructions) Test your site, and everything should stay the same.

I’ve had issues with error messages on my php pages:

Warning: session_start() [function.session-start]: Cannot send session cache limiter – headers already sent

The reason for that is session_start() function in php file. Make sure it is at the very first line of the file.

OS X Server in VMWare – part 3

This will be third article in the series of articles about Mac OS X Server 10.5 setup under VMWare.

Once we finished battling through updates on the OS X Server (install 10.5.6 by downloading Combo update from first using VMware Fusion 2.0.4, then update to 10.5.7) we are ready to set up network interfaces.

My XServe is connected through 2 network cables to external world and internal network. One is public, external IP, other is internal IP.

Set up for my first server which will host registration websites, FileMaker Server and FTP/AFP access to it for developers, would include 1 public IP and 1 internal IP.

Let’s start.

First of al, I want to warn you that it is rather advanced setup to bridge two real network adapters to VM’s two virtual adapters. I hope it will work. I am referring to article on VMware community website.

First thing is download tokamak script from VMware community document by DaveP.

Make sure that all guest VMs are shutdown and VMware application is not running.

Follow instructions to install script. once script is installed, run configuration (remember to run it as root, easiest way to do it is to use su command):

./ --modify

This will take you through bunch of prompts, use as follows:

You have already setup networking.
Would you like to skip networking setup and keep your old settings as they are? (yes/no) [yes] n
Do you want networking for your virtual machines? (yes/no/help) [yes] y
Would you prefer to modify your existing networking configuration using the wizard or the editor? (wizard/editor/help) [wizard] e
The following virtual networks have been defined:
. vmnet1 is a host-only network on private subnet
. vmnet8 is a NAT network on private subnet
Do you wish to make any changes to the current virtual networks settings? (yes/no) [no] y
Which virtual network do you wish to configure? (0-99) 2
What type of virtual network do you wish to set vmnet2? (bridged,hostonly,nat,none) [none] b
Configuring a bridged network for vmnet2.
Your computer has multiple ethernet network interfaces available: en0, en1.
Which one do you want to bridge to vmnet2? [en0] en0
The following virtual networks have been defined:
. vmnet1 is a host-only network on private subnet
. vmnet2 is bridged to en0
. vmnet8 is a NAT network on private subnet
Do you wish to make additional changes to the current virtual networks settings? (yes/no) [yes] y
Which virtual network do you wish to configure? (0-99) 3
What type of virtual network do you wish to set vmnet3? (bridged,hostonly,nat,none) [none] b
Configuring a bridged network for vmnet3.
The following virtual networks have been defined:
. vmnet1 is a host-only network on private subnet
. vmnet2 is bridged to en0
. vmnet3 is bridged to en1
. vmnet8 is a NAT network on private subnet
Do you wish to make additional changes to the current virtual networks settings? (yes/no) [yes] n
VM@Work Tokamak 2.0.0: Display settings
The following virtual networks have been defined:
. vmnet1 is a host-only network on private subnet
. vmnet2 is bridged to en0
. vmnet3 is bridged to en1
. vmnet8 is a NAT network on private subnet
VM@Work Tokamak 2.0.0: Extended network scripting - Dave Parsons
Host-only/NAT networking on vmnet1 using is running
DHCP server on vmnet1 is running
Bridged networking on vmnet2 using en0 is running
Bridged networking on vmnet3 using en1 is running
Host-only/NAT networking on vmnet8 using is running
DHCP server on vmnet8 is running
NAT networking on vmnet8 is running

We are almost done.

Almost all of this is the same as document, with slight differences. We are linking XServe’s en0 interface to vmnet2 and en1 to vmnet3. One of them will be used for internal interface, one for external/public.

Next, as per document, open vmx file, I’ve modified it in BBedit, but use tool recommended on the same website. Now, here is where I wasted almost 2 hours trying to figure out why my VM does not see those interfaces.

See, this article and script have been tested on VMware Fusion 2.0.2 and I am using 2.0.4. Maybe it makes a difference, maybe not, but the bottom line is that my newly created interfaces were displaying fine in VMware (except for the message about custom configuration, which you can ignore), they are displaid as connected when VM is running, but Guest OS X Server does not see them.

I’ve searched every posting and forum on VMware community website and could not find anything. Unless I’ve noticed this string:

ethernet1.virtualDev = "e1000"

That string existed for each ethernet# created using VMware UI, but not for those custom added interfaces I’ve manually added to VMX file. By adding that string to those instructed in the article for each interface:

ethernet1.present = "TRUE"
ethernet1.connectionType = "custom"
ethernet1.vnet = "VMnet3"
ethernet1.virtualDev = "e1000"

to VMX file, Guest OS was loaded with two interfaces connected. I’ve assigned internal IP to one, and external IP to other. Next is installation of FileMaker Server (do not forget to take snapshot of the system)

OS X Server in VMWare – part 2

This will be second article in the series of articles about Mac OS X Server 10.5 setup under VMWare.

In the first part we’ve discussed setup of virtual machine and using image file instead of DVD to install OS X Server 10.5 on VMWare virtual machine (VM).

To remind, when creating image file from retail install DVD, do not use built in Disk Utility for image creation, use Toast instead. Choose Copy from the right hand menu, and under File menu, choose save as Image. Change extension to .iso, choose location and click Save.

Once image creation is completed, start VMWare, under new machine choose Mac OS X Server 10.5 (experimental) (I’m trying 64-bit right now), assign standard 40GB disk space (use more if necesary) and follow on-screen instructions.

Once server is installed, you will be prompted to OS X Server Assistant. Choose Advanced setup for custom configuration. Follow on-screen prompts to give your server a name, fully qualified DNS name (I used internal DNS name structure:

Once finished, VM would reboot and, upon logging in you will have your freshly installed Mac OS X 10.5 Virtual Server. Server Admin would automatically launch and… you will get error saying that server could not be found. Do not freak out, your server does not know fully qualified name just yet, you need to add it to your local DNS server and assign static IP to your new VM Server.

Run all updates and we will be ready for services setup.

It seems that updating Server to 10.5.7 breaks VMWare. After reboot, VM hangs on grey screen with Apple Logo. I am currently working on resolution by updating to 10.5.6 and seeing how it goes from there.

Update: updating to 10.5.6 first seems to work fine in 2.0.4. Updated to 10.5.7 after that. Moving on to part 3…

OS X Server in VMWare – part 1

After talking to Brian from agis, I’ve decided that the way to utilize our existing XServe that has nothing running on it but FileMaker 9 Server is to implement virtualization method.

The plan is beef it up with RAM and have core server installation hosting multiple VMWare machines.

The benefits of running virtual machine vs actual server include but not limited to:

– Less hardware to buy – you can better utilize Apple’s extra powerful 8, 16 and 32 core XServes
– Less hardware means more space on the rack and in the server room, smaller server rooms and less energy to burn
– Flexibility and expandability of virtual machines – increase size of virtual drive or re-allocate ram from one VM to another
– Easier backup solution – schedule VM shut down on the weekends, create scripts on mothership machine to backup those VM files and power them back on
– Kernel panic recovery – if VM gets Kernel panic, just restart it through the console, no need to come in to the office anymore
– Easy upgrade, recovery, installation of new machines – just create simple installation machine, save that file in the safe place and copy it to create new server when needed. Same for recovery, ready to apply updates but not sure if it will break anything? Power it off, copy image, update and if it didn’t work, toss it and get back to older one

For us it was the matter of spending $7,000 on new XServe with all backup drives for existing and new one or spend $1,700 on licensing and backup drives just for one. Choice is obvious.

So here I was, playing with freshly installed VMWare and freshly created DMG file in DiskUtility only to find out that VMWare does not like DMG. Fine, convert it to iso/cdr using hdiutil command. Nah, everytime I try to start VM I get BIOS read error. I’ve searched for it everywhere. So far instructions have been quite straight forward. Use install disc or iso image, if you have dmg – convert it using hdiutil…. But it does not work… in rare cases, when I do not get error, Please wait while DVD is loading message sits forever, and I mean forever without any changes. My home computer, after displaying that message for almost 8hrs, still has |/-|/- spinning.

Well, nowhere I found that dmg file and therefore converted iso from it, nor cdr created in Disk Utility work with VMWare. Anybody out there got it working, share with me. I had to use Toast.

Open Toast, load OS X Server Leopard Install Retail disc, select Copy from the left columns (Data, Audio, Video, Copy) and choose File->Save as Disc Image… navigate to the folder where you want to save it, change .toast extension to .iso and click Save.

Now, this ISO file is working file with which you can easily install Virtual Mac OS X Leopard Server, as I am doing right now.

Page 3 of 41234