Tag Archives: 10.5
title-icon-code

Introducing Counterpart: a live bootable clone tool for OS X

These days, backing up Mac OS X Server is easier than ever, with plenty of options available for taking incremental backups of system and service data, and great support from Time Machine’s ServerBackup process in making sure that databases and Open Directory are included in hourly backups.

All of these great options have one thing in common though: restoration. In a production environment, as lovely as backups are; admins are often hounded by management and users when hardware fails, and time elapses whilst operating systems are re-installed and service data rolled back from backup drives. To combat this downtime, I like to keep a fully bootable backup connected to each production server that is as up to date as possible. In many situations, this allows you to get a slightly data-delayed version of your environment up and running until you can schedule proper downtime to restore backed up data. For years, I utilised Mike Bombich‘s fantastic tool Carbon Copy Cloner, along with it’s excellent Scheduled Tasks functionality for this exact purpose. With it’s recent move to shareware, I decided that there really should be a free, open source script for cloning Mac OS X that can be scheduled with launchd, and provides proper logging and statistical data. It is with this that I announce the release of Counterpart; a wrapper script for rsync on OS X that is capable of producing bootable clones of live Mac systems. I have been using this for a little over 6 months to backup hundreds of OS X systems, and it has made my life so much easier a couple of times during hardware failures.

Counterpart utilises rsync, the fantastic data and synchronisation utility, and wraps it in a script that provides the correct settings and filesystem exceptions to create a bootable clone of a live Mac system, whilst error checking and providing comprehensive logging, statistics and monitoring data. It is bundled with detailed documentation and instructions on scheduling clones. Coming soon is a companion Nagios plugin script to monitor clones and provide performance data, meaning you can be sure clones are completing successfully, and get insights into your backup data like this:

Counterpart Clone Statistics

It should also be said that whilst Counterpart was first envisaged to backup Mac OS X Server instances, there is nothing stopping it being used to back up standard OS X clients, and it would be a great, fully scriptable, free way to create a bootable clone of your OS before an upgrade or significant modification to your system.

I have uploaded Counterpart as a new project on GitHub, and welcome any feedback that you may have on using it. I am also happy to answer any questions on getting it set up in your environment, and I am best contacted using this form.

Counterpart on GitHub

title-icon-code

Hosting mail on 10.5 server with a 10.7/10.8 Open Directory

In one of my deployments, an emotional connection to an ageing Xserve G5 has meant that mail services continue to be hosted on 10.5 server. With almost all stock packages ripped out replaced with up to date or custom variants (big shoutout to Topicdesk!), everything works very smoothly, and has done for many years.

With the advent of Lion server however, directory and collaboration services were moved to a new Mac mini running 10.7, and as the OD was old and messy, it was entirely rebuilt from scratch, with manual entry of users and groups in Server.app. As 10.5 mail services are keyed off a users shortname and not the GUID, mailboxes carried across nicely when the Xserve was bound to the new 10.7 directory.

An error was encountered however, when users attempted an IMAP login:

Mar 28 12:23:45 mail imaps[27929]: badlogin from: jeddambp [192.168.16.23]. CRAM-MD5 user: johnsmith. mail is not enabled for this user

Mail SACLs were set correctly for users, but the error persisted.

10.7, having omitted the Mail tab from Workgroup Manager, maintains no way to set individual user quotas, or set a user’s mail server from within the GUI. In doing so, the MailAttribute attribute is not created in a 10.7 directory by default, unless mail services are hosted on the same machine.

Mail service on the 10.5 server was therefore restored by re-defining a MailAttribute based on the following plist for each user you want a mailbox for:

<?xml version="1.0" encoding="UTF-8"?>
<dict>
<key>kAPOPRequired</key>
<string>APOPNotRequired</string>
<key>kAltMailStoreLoc</key>
<string></string>
<key>kAttributeVersion</key>
<string>Apple Mail 1.0</string>
<key>kAutoForwardValue</key>
<string></string>
<key>kIMAPLoginState</key>
<string>IMAPAllowed</string>
<key>kMailAccountLocation</key>
<string>your.server.hostname</string>
<key>kMailAccountState</key>
<string>Enabled</string>
<key>kPOP3LoginState</key>
<string>POP3Deny</string>
<key>kUserDiskQuota</key>
<string>0</string>
</dict>

You will need to define kMailAccountLocation as your mail server’s hostname, and have the ability to set individual user quotas for users with the kUserDiskQuota key.

Adding this attribute is fairly easy in Directory Utility by navigating to the Directory Editor Tab, and clicking the plus button in the horizontal divider. You could also do this for a larger number of users by using dscl. There is good article here that has some examples of doing similar things.