Mac OS X Server successes

My first experiences of Mac OS X Server 10.5 were terrible due to it being riddled with bugs. After finishing one install, for example, the very first thing I saw was the Server Admin app trying to start up and then crashing horribly. Nevertheless, I persevered with it on the assumption that it would improve over time via software updates, and I’m pleased to say I was correct to assume this.

We’re on version 10.5.6 now and our office server runs fairly hitch-free, with only the occasional bit of weirdness. Unfortunately Apple still don’t seem to have fixed the leak in the Directory Service which causes the ‘Potential VM growth in DirectoryService’ error and which eventually makes the server grind to a halt. However, it’s easy to plug this leak by using cron to run this script as root every five minutes:

#!/bin/bash

if tail /var/log/system.log | 
grep "Potential VM growth in DirectoryService" > /dev/null ; then
  logger "VM growth problem occurring: restarting servermrgrd and DirectoryService"
  killall -HUP servermgrd
  killall -9 DirectoryService
fi

Over time I switched on more and more services on our office server and now we make good use of the following things, all of which are easily administered with the Server Admin GUI unless otherwise indicated:

  • DHCP – dynamic allocation of IP addresses to everyone. Simple to set up and works fine.
  • DNS – works well as a caching DNS server and also allows you to easily add extra entries for local domains.
  • File sharing – fairly standard stuff, with different folders available to different groups and so forth.
  • Mobile homes – more commonly known as ‘roaming profiles’ in the Windows world, this means that each user’s home directory is synced with its equivalent on the server so that all their personal data is backed up and they get the same environment no matter which workstation they log on to. Very handy. The settings for this are in Workgroup Manager and are not immediately obvious, but it’s easy enough once you’ve got it up and running.
  • Mail – all our incoming mail goes to the office server where it can be picked up via IMAP. Most of the mail system can be easily administered via Server Admin, even much of the advanced stuff, although it’s occasionally necessary to fiddle with the underlying components which are a fairly neat combination of Postfix, Cyrus IMAP, Spamassassin for spam processing, and ClamAV for virus scanning.
  • iChat – previously we used Bonjour for instant messaging, which was quick and convenient but had some shortcomings. The iChat server, however, works very nicely and can be accessed by everyone regardless of their location. It’s actually a Jabber server so will work happily with Adium and other instant messaging clients as well as with iChat.
  • iCal – the calendar server provides personal calendars for everyone as well as a group calendar. Group calendars are particularly handy for collaboration and they work nicely with iCal on the desktop.
  • Open Directory – the tangible benefit for users here is the Directory application on the desktop which works as a shared address book, although I think this would be much better if it was accessible directly from Address Book so that there’s no need to run the Directory app as well.
  • Web services – provides various things such as web mail, web calendar and personal blogs. We use this primarily for the wiki which is great for documentation.
  • Software Update – allows Macs to query this server for software updates instead of having to talk to Apple over the Internet, thus speeding things up significantly and saving lots of bandwidth. Works well and is nice and easy to administer (a million miles away from the Windows Update equivalent, which in my experience is staggeringly confusing and complicated).

All of this is running happily on a Mac mini. For a while I was just using Time Machine for backups, but then I decided it was time to get a more robust backup system in place. We investigated the option of migrating to a bigger server with hardware RAID, but the only option for that is a Mac Pro which is a big expense and overkill for our needs. This is yet another example of why it’s annoying that Apple don’t do a headless midrange tower, somewhere between the Mac mini and the Mac Pro.

I ended up getting two decent external FireWire drives. I went for G-Technology G-DRIVEs because they’re fast, robust, and have FireWire pass-through (necessary because the Mac mini only has one FireWire port). On a Mac you can use FireWire disks just as if they were internal disks, so I migrated everything onto one of the FireWire disks and am now booting off that and using that as the live disk (which also happens to be an improvement over the internal disk because it’s faster). Every night I use rsync to clone the live disk onto the second disk so that the second disk can be used as a warm spare. It’s not as smooth as a RAID solution (in the worst case scenario, we’d lose all new email and data since that morning’s backup) but it works well, it’s much cheaper than getting a Mac Pro, and it’s very flexible, even enabling us to use our other Mac mini as a spare office server should the actual server itself fail.

When doing a full clone of Mac OS X Server from one disk to another, there are a few directories you need to exclude, and you need to make sure that the Mail service is off whilst the backup is running so that you don’t end up with a corrupt IMAP database. Also, don’t forget that rsync needs the ‘-E’ flag on Mac systems, otherwise important extended attributes such as ACLs and resource forks won’t get copied over. Here’s the script I put together for the nightly backup:

#!/bin/bash

BDISK="/Volumes/backup_disk"

# Stop the mail services
/usr/sbin/serveradmin stop mail; sleep 60

# Clone system disk
/usr/bin/rsync -aE --delete --exclude-from=/usr/local/bin/daily_backup.exclusions 
/ $BDISK/

# Recreate excluded system folders if necessary
if [ ! -d $BDISK/Network ] ; then 
  mkdir $BDISK/Network
  chgrp wheel $BDISK/Network
fi
if [ ! -d $BDISK/Volumes ] ; then 
  mkdir $BDISK/Volumes
  chmod 777 $BDISK/Volumes
fi
if [ ! -d $BDISK/dev ] ; then
  mkdir $BDISK/dev
  chmod 555 $BDISK/dev
  chgrp wheel $BDISK/dev
fi
if [ ! -d $BDISK/home ] ; then
  mkdir $BDISK/home
  chmod 555 $BDISK/home
  chgrp wheel $BDISK/home
fi
if [ ! -d $BDISK/net ] ; then 
  mkdir $BDISK/net
  chmod 555 $BDISK/net
  chgrp wheel $BDISK/net
fi

# Start the mail services
/usr/sbin/serveradmin start mail

And this goes into the text file containing the list of exclusions (/usr/local/bin/daily_backup.exclusions):

/Network/
/Volumes/
/dev/
/home/
/net/
/private/var/tmp/*
/private/var/vm/*