Posted: February 26th, 2010 | Author: jordan | Filed under: Mac OS X Server | 1 Comment »
I just battled this for the last three days and finally have a solution. If you’re like me, you don’t have 16 different Mac OS X server boxes in your infrastructure. You have one. I was using Lithium as a monitoring tool and recently have decided into install Daylite server so I can keep track of clients, sales leads, and what not.
After installing Daylite Server, the app would not run. Daylite kept exiting saying that it could not initialize the data storage environment and quoting an “error 300.” What I figured out thanks to James over at Lithium and Kamil from http://kamilkisiel.blogspot.com/ is Lithium has a post-flight script that jams a bunch of sysctl options into /etc/sysctl.conf. I erased those options, restarted my Mac OS X server and Daylite began to run afterwards.
I do not yet know the impact this has on Lithium, perhaps I could get James over at Lithium to comment on this.
Yay.
UPDATE: Ok just so you know, once the daylite database was created and setup I placed the sysctl options back in place and restarted my server, both lithium and daylite are A-OK.
Here’s the options to place back in, just copy and paste to a command line.
echo "" >> /etc/sysctl.conf echo "#Lithium 5.0.0 sysctl.conf additions" >> /etc/sysctl.conf echo "kern.sysv.shmmax=524288000" >> /etc/sysctl.conf echo "kern.sysv.shmmin=1" >> /etc/sysctl.conf echo "kern.sysv.shmmni=64" >> /etc/sysctl.conf echo "kern.sysv.shmseg=16" >> /etc/sysctl.conf echo "kern.sysv.semmns=130" >> /etc/sysctl.conf echo "kern.sysv.shmall=131072000" >> /etc/sysctl.conf echo "kern.sysv.maxproc=4096" >> /etc/sysctl.conf echo "kern.maxprocperuid=1024" >> /etc/sysctl.conf
Hey MarketCircle! It would be really great to get someone on your inside to follow up with me and resolve my unhappiness with your product support. I’d really appreciate a discount on the software because despite this hiccup I must say Daylite is amazing and I would love to deploy it in my infrastructure.
Posted: February 18th, 2010 | Author: jordan | Filed under: Free Geek | No Comments »
This isn’t really a whole post, more like a failure report.
I had such high hopes when I got to Free Geek about get the rack powered up and connected to our network. No we didn’t the 30A circuits wired in yet but I do have one 15A that will be able to power the 15A PDU I have installed. I got that all up and running, and quite proud that one of our two PDU’s has remote power management, however when it came to configuring the network it was a different story.
Enter the crusty 3COM switch. We have this old, and I mean old, 3COM switch that I swear to God moans as it passes packets. Our 3COM has one already configured LACP trunk heading the ’server room’ downstairs in the bathroom, what I wanted to do was setup another trunk to go to the new server rack. Nope, not happening. I fought and fought and fought with that 3COM on web interface, console interface, and smoke/blanket interface but to avail. It just would not allow more than one LACP trunk to be configured. Now I’m back to looking for a switch to replace it. There is a start-up in town that said they would graciously donate their old gigabit switch hardware, I hope they pull through on that. (If you guys do, I’ll give you a good plug here.)
While I’m waiting for the switches to magic themselves over to me I’m going to start with OS install and configuration but that will have to wait for part 3.
Posted: February 11th, 2010 | Author: jordan | Filed under: Free Geek | 2 Comments »
Old Server Room
Welp, so many people emailed me about my last post that I had to include this. Better late than ever, Ladies and Gentlemen! May I introduce you to the Free Geek server room. Now granted, I understand that this photo doesn’t look all too bad, but let me assure you this is its ‘good side.’ If we removed the angry Joshua, as well as a door we would find many horrible scene. Such as two APC UPS 1400, both with missing front bezels, only the PCB and connecting ribbon remains. Be careful, if you at them the wrong way, they turn off! Above them is the sink for the bathroom that has been turned into a shelf to hold up a 5 bay 160GB SCSI RAID box that is our ONLY backup.
So over the last couple days we’ve gotten in a decent 48 port switch built by extreme networks as well as two APC SmartUPS 3000’s. After we put these in I got to work building our new trunk back to an existing switch. As you can see from the pic to the side getting this cable from point A to B is going to be a little challenging. Not only does it have to get in behind that huge shelving unit, but that huge shelving unit is covered by more shelving 6ft deep.
This was the result! My whole body pinned between a crap load of iMacs and the upper shelf, it hurt like hell but at least I got an ab workout! 
Eventually I got the cables fished thru, crimped and nicely zap strapped in. At the end of the day Joshua and I were able to install:
2 x APC SmartUPS 3000 XL
2 x HP ProLiant DL360 G4’s
48 port Extreme Networks switch
10 port 1U 15A PDU
LACP trunk
Next up will be network configuration!
Posted: February 7th, 2010 | Author: jordan | Filed under: Free Geek | 2 Comments »
The Free Geek server room is not in the best of shape. It basically consists of about 9 desktop towers of varying speeds stacked in groups of 3 with plywood in between them. Oh! and it’s all housed inside of a bathroom. 
The power is being supplied by APC UPS’s with missing front bezels and malfunctioning controls…. they scream randomly. There’s no cooling, or even airflow and when the toilet’s water evaporates it begins to smell like dead fish. The gateway was just replaced with a dual core Xeon (thank you Joshua,) but the old one which ran like a trooper for 3 years was a Pentium II 366. A lot of the servers are beginning to show their age, failing hard drives, dead fans, strange smells. It’s time for a general overhaul.
Our New Rack Enclosure
The first thing to do is to plan power and figure out a location for the new server rack. We’ll be feeding in 2 20A circuits and 2 15A as well. We decided on placing the rack beside the lunch room because it was accessible enough to work on and also allowed to kinda show off to all the volunteers.
We then got this rack graciously donated to us to house all the new server that will be going in. It’s a 42U HP rack enclosure with removable doors and panels. Very nice rack inside, I would say even better than the standard APC Netshelter because the doors come off a lot easier and it’s nice and roomy to work inside of. However the only thing I did not like about this rack was the feet. To level it off I had to get an 11/16th wrench and from the bottom lower the feet where as on the APC Netshelter this is done inside the rack with a handy little Phillips screwdriver.
Now with the location for the rack picked out and rack itself chosen we can now do my favourite part. Cleaning. The first pic is of the dirt swept up in about 15sq ft around and under the rack location. After this is done the HP rack was put in place and then levelled out.
Since this rack was donated to Free Geek it had a lot of stuff in it already, therefore the stuff needed to be removed. These pictures were taken when most of the stuff had already been removed.
Now with the rack in place and cleaned up comes the fun part! Finding stuff to put in it!!! Free Geek has a lot of stuff to choose from. 
Mike and the big ass switch
Normally the first thing I would install and get working is the power and UPS, however we are currently waiting for a UPS to come in through donation and the circuits have not been laid in yet either. Instead the first thing I’m going to do is find a nice switch to install. First on the block was a Cisco 2948G. At first glance it seemed like a great choice. Lots of ports, Gigabit ethernet, however after the password recovery and seeing that the IOS version was 6.1 and there was no way of accessing the flash memory I quickly gave up. I then tried a 10/100 Linksys switch but it had a dead console port so there was no way to configure it. Then fate it seems smiled on me. I found a super high end, low profile, sleek / sexy HP switch pictured on the right! (j/k) No don’t worry we didn’t use this blade style switch. It looks as though we’re going to have to wait for the just the right switch to come rolling in the door. That’s the beautiful thing about Free Geek, at some point what you want will just magically appear!
Tedrek!!!
With the search for a switch being a bust I then went on a hunt for servers. Luckily we’ve been cacheing them over the last few months, we now have many many HP Proliant DL360 G3’s and G4’s that we’re going to put into production. They’re usually dual core Xeon 2.8GHz and 3.2GHz. Also with all the extra carcasses we have plenty of spare parts such as power supplies and hard drives sleds. Yes, they are SCSI and thanks to Jeff up in build we also have a LOT of 18.2 SCSI hard drives. Thanks to all within the Free Geek crew especially the now estranged Ifny who will be missed! Coming up next will be (hopefully) switch installation and trunking to the main network as well as installing OSes and configuring services. Stay tuned!!!
Posted: January 13th, 2010 | Author: jordan | Filed under: Insight, Work | No Comments »
So if you’ve been reading my blog you’ll know that a couple months ago I quit my 9-5 job. Since then to be honest, I haven’t done much in the way of systems administration. I’ve had a couple contracts here and there but nothing really big. I tell you what, do the skills dull quickly! I sat down the other day to help a friend with a pretty simple problem. He had 10.5 OSX Server and wanted to extend his LDAP schema…. I couldn’t remember how to do it! Or just little things, mostly in bash, like how to tell processes to stfu. Don’t get me wrong I know how to do it, its just not coming to me as quickly as I would like.
To any sysadmins out there thinking about quitting, make a list of things you think are cool and don’t want to forget. Cause soon after your notice, there won’t be anything upstairs!
Posted: December 15th, 2009 | Author: jordan | Filed under: AppleTV, Mac OS X Server, Media | No Comments »
First I’m going to take an overview of XBMC, the application that we’ll use to replace front row or AppleTV.
XBMC is great application. It has many features that put it above and beyond front row. First XBMC is a media manager and digital jukebox. It does not do any file system organization of files so it does require you to be a clean with your media. It is capable of playing most types of audio such as ogg and mp3 as well as able to play any video that you have a codec installed on your computer. It’s fully interoperable with the standard Apple remote and has a different yet still intuitive interface, (despite what Luke tells you.)
I’m going to show you how to customize XBMC to pull movies in from differing sources. First navigate into Movies and erase the sources that you won’t be using. Then click add new source and type in the location. Also you can specify an SMB server for XBMC to connect to, we’ll cover more on this later. My movies are located on my server and thus I will specify the SMB address along with a username and password. Then when I select on the source that I’ve just entered XBMC will make an SMB connection to my server and list all the movies I have. Now I can navigate to my Movies directory and select any movie I want.
Another great thing about XBMC is the control interface. Simply take you apple remote and press the play button, and on screen control appears. You can then navigate the controls and select whatever action you want with the play button. Or press menu to escape. Also while the movie is playing you can press the menu button and minimize the film so that you can browse for another, or if you want to return to the minimize film just keep pressing the menu button.
Now this can all be applied to the music and pictures features as well. Just specify the location of your music or pictures and XBMC will list them for you. Plus, thanks to a nifty iTunes plugin you can now load your iTunes playlists inside of XBMC so there’s no need to resort all your music!
But now for the piece de resistance. To replace front row altogether you want to enable the Apple remote to work with XBMC. To do so, in Settings, hit the Apple Remote section. If you’ve got a standard-issue Apple remote, set Mode to Standard. To start up XBMC instead of Front Row, check off “Always Running” in the Apple Remote section of XBMC’s Settings area.
You can download and install XBMC for your Mac from here or if you’re using an AppleTV please read this.
Posted: December 1st, 2009 | Author: jordan | Filed under: LDAP, Linux, Mac OS X Server, Snow Leopard | 1 Comment »
I have two linux machines at home and I want to be able to use my network home directory and network account from my Leopard Open Directory server. One is running Ubuntu 9.10 and the other OpenSuSE 11.2. Here’s what I had to do:
In this post I assume you already have an Open Directory environment and network based user accounts as well as AFP homes setup. In other words, a working Open Directory setup with bound AND working Mac clients.
Exporting User Home Directories with NFS
First we want to make sure that the home directories are being exported via NFS. Open Server Admin and connect to your OD master. At the top of Server Admin click on File Sharing and then your AFP home folder volume. Click on File Sharing up at the top and select your AFP home volume. The click on the “Share Point” button in the bottom pane and then “Protocol Options” (Note: if “Enable Automount” is not checked you either have the wrong volume selected or your configuration is incorrect)
In the Protocol Options drop down select the NFS tab and select a means by which to export the NFS share. I would recommend using subnet and if you know what you’re doing select a minimum security of “Kerberos v5 with data integrity and privacy” however you should only select this if you REALLY know what you’re doing. I will make a walk through for this at a later date. If you don’t know Kerberos like the back of your hand then I would select “Any” for now. Check Allow Subdirectory Mounting. Click OK and you’re done.
Ubuntu 9.10 Authentication
On the Ubuntu Linux client first install the necessary packages:
sudo apt-get install libpam-ldap libnss-ldap nss-updatedb libnss-db nfs-common nscd
In the following wizard just accept the default answers, they should be correct. Then edit /etc/ldap.conf and make it sure it contains the following lines. Note this is not a verbatim output of /etc/ldap.conf
host 192.168.1.1
base dc=example,dc=com # this is of course the ldap search base configured in the OD server
bind_policy soft
Now edit /etc/ldap/ldap.conf
BASE dc=example,dc=com
URI ldap://example.com
/etc/pam.d/common-account
account sufficient pam_ldap.so
account required pam_unix.so
/etc/pam.d/common-auth
auth sufficient pam_ldap.so
auth required pam_unix.so nullok_secure use_first_pass
/etc/pam.d/common-password
password sufficient pam_ldap.so
password required pam_unix.so nullok obscure min=4 max=8 md5
/etc/pam.d/common-session
session required pam_unix.so
session required pam_mkhomedir.so skel=/etc/skel/
session optional pam_ldap.so
/etc/nsswitch.conf
passwd: files ldap
group: files ldap
shadow: files ldap
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
openSuSE 11.2 Authentication
On the command line start yast
Navigate to Network Services and then LDAP client type in your LDAP server IP and search domain, unclick TLS and bam you’re done. God I love Novell
Ubuntu 9.10 & openSuSE 11.2 Automount
Create the directory /Network/Servers then all that is needed is to create the following line in /etc/auto.master
/Network/Servers /etc/auto.net
Restart autofs
sudo /etc/init.d/autofs restart
After this you should be able to log in and access your home folder.
Posted: November 26th, 2009 | Author: jordan | Filed under: SSH | 2 Comments »
So you’re in your favorite coffee shop cruising the net and doing some work. You’re downloading email and doing you thing. What some of you may not realize though is that you are broadcasting your data in the clear. Which means that anyone sitting close to you with a few simple tools can see everything you’re transmitting and receiving. I’m going to show you how to secure your data by encrypting it with an SSH tunnel.
Now this is one of my favorite tricks out there because you can not only encrypt your data but also redirect your Internet connection. Thus you can obscure your IP address and also because of GeoTracking can mask your country of origin. This is particularly useful when trying to watch content on a site and the site mistakenly thinks that you are not in the country you claim to be. Or if you’re behind a corporate firewall that blocks web access and you want to get a connection to the outside world.
What we need for this demonstration is two things, a: server capable of allowing SSH connections and b: Mozilla Firefox. Now you can use Safari but I find that Firefox works more consistently. If you do not have access to a server that allows SSH connections such as a web hosting provider you can use any of the services listed on the bottom of the screen. (http://www.red-pill.eu/freeunix.shtml)
First open your terminal application and type in the following command. ssh -D 8080, first the D flag states that the SSH connection Specifies a local “dynamic” application-level port forwarding. You can specify a bind address but since we’re leaving this blank it’s going to bind to the loopback address of the local computer. This works by allocating a socket to listen to port on the local side. The 8080 is the local port that we’re going to be using. Then we’re going to add the -Cfq and N switches. C requests tcp compression, f for sending ssh into the background, and q for quiet mode. The last switch N is what allows this to all be possible, it tells the ssh server to not execute any remote commands, such as bash and to just stay open. We then specify the SSH server that we’re connecting to, in this case it will be my very own webserver macandcheese.org
enter your password and you’re done.
Next, open Mozilla Firefox. In the url bar type in about:config. This is all the configuration options for Firefox, the ones we’re after are to do with proxies. So in the filter box enter “proxy” and hit return. You’ll notice a number of different settings here. The first one we’ll want to change is network.proxy.socks, we’re going to change this to our loopback address 127.0.0.1 this is the address that our SSH tunnel is bound to. Second network.proxy.socks_port change to 8080 which is the bind port specified earlier. Third we want to change the network.proxy.socks_remote_dns to true.
Now that we’re done those options Firefox is configured to connect via an SSH tunnel, aka a proxy. But it’s currently not using it, we can it on by switching the last option to 1 instead 0 and likewise when we’re finished with the tunnel can switch it back to 0.
I’m going to now open a connection to whatismyipaddress.com in Firefox which is hooked into our remote tunnel and then another connection using Safari. Noticed the how the IP address are different. This is because Safari is using my local IP where Firefox is using my hosting providers IP.
As another example of how you can pipe an application’s internet connection through an ssh tunnel we’re going to use Adium and connect to my msn and aol accounts. Just open Adium, then preferences, click on the account and go to proxies. Enter again the localhost and port 8080 and select SOCKSv5 proxy. You can use this trick with any application that will allow you to use a proxy. Now any chats I send and receive while here are encrypted.
Hope that helps!
Posted: November 23rd, 2009 | Author: jordan | Filed under: Insight | No Comments »
TEDxVancouver was simply an amazing event. The people and the lust for inspiration alone was something to behold, but of course the talks were of the spotlight that day. While all the speakers were breathtaking and I’m sure there are a lot of other sites out there that can give you a play by play I thought I would share what I took away from this day.
1. Take a concept with content and place your own context on it
2. Users will always get what they want to consume, it’s just a matter of time so there’s no point in trying to control it
3. Ask yourself, who am I that causes the eyes of the people around me not to shine?
4. Success could be graded on how many people’s eyes you make shine
5. The search for extra-terresterial life has gone unfruitful probably because any advanced civilization who came before us encountered the same problem as us. They destroyed their home and did not survive.
6. The world will not change and neither can you save it by typing on Twitter. Get off social media and commit to the message instead of just relaying it.
7. Framing a discussion for your target audience is key to convincing the business world to act on global climate change.
8. Having wind and land based solar energy options may not be enough to eradicate coal burning plants because they cannot provide base-load power. Nuclear may be a viable option.
9. Our fight or flight response causes rigidity and inflexibility. Learning to cope with the problem and find conflict resolution, no matter what that may be, is key to our evolution.
10. Respect the baby boomers, understand that they used to exist in a world where it was not “their oyster.” Today Gen Y’s and X’s are told to conquer, boomers were told to work hard, save, squander, and die.
11. Calorie restriction not only ties into longevity but also the environment.
12. Anxiety has a negative impact on our creative centres but is very useful for making us focus and to get a job done.
13. A lot of people in this world believe that we are our ethnicity, regardless of who we are. We wear our skin colour like a badge.
14. Vancouver has the highest percentage of mixed relationships in North America
15. “being black informs me to who I am, but does not define who I am.” – Barack Obama
16. Context is king, LIVE your message.
Posted: November 5th, 2009 | Author: jordan | Filed under: Insight, Work | No Comments »
I quit my job. It’s was a big step…. no, it was a huge step towards where I actually want to be in life. I wasn’t happy working a 9-5 day in and day out. I think it has something to do with that salary slave (being paid one flat rate for all my professional services) feeling. That did not jive with how I wanted to live.
However, this new found freedom and choice of working for myself comes with a price. Finding funding. Thankfully my first few months have been funded by some smart decisions on my part as well as person who has a lot of faith in me. You know who you are. My concern actually lies in my next round, which will need to be quite substantial comparatively. It’s at this point that I begin to see the similarities between owning a startup, and having a sign similar to the one on the left. You see, when I had a full time position I was taken care of, in fact the company that I used to work for took care of me and all its employees so well that it was a very difficult decision to leave. When I walked out for the last time and saw that door close behind me the first thing that raced through my mind was; “did I do the right thing?” “Did I just totally screw myself over?” “Can I do this?” For you see, now I have no extended medical, no extended dental, no automatic payment system into my bank account and worst of all no one to blame except myself. This is the price that I have to pay. The sacrifice of that umbilical cord, that lifeline. My cash flow will no longer come via automatically deposited, semi-monthly payments. Instead it will come by means of investors and angels.
It’s a big leap of faith on my part to go after what I dream and at the end of day I feel happier and more fulfilled. I’m sure it will be a big challenge and a huge adventure, and really why wouldn’t I go for it? As Seth Godin pointed out to me in Tribes, it was the fear of the possibility of failure that was holding me back. Once I wrapped my head around that, I quit.
