Today we kicked things off with file sharing. This seemed like a chapter that should have been in the Server Essentials class, but it still contained a lot of good information. We went over the 3 main filesharing methods in Mac OS X: AFP, SMB, and NFS. We discussed their strong and weak points, and their benefits and drawbacks as they are implemented in Mac OS X and on networks in general.
One interesting thing we covered was how OS X preserves resource forks across NFS shares. As many of us already know, on filesystems other than HFS+, apple creates shadow ._ files to preserve resource forks. This preserves the files, which is good, but can lead to an interesting issue. When writing to a HFS+ filesystem over NFS, the file manager will split the file into 2 parts, the data, and the ._ file to preserve the resource fork. If you access it over the network, and it goes back through the file manager, all you will see is the one file and it will work fine. But if you try to access that file on the server, which because it sees the volume as HFS+ will ignore the ._ file, you will have a file that looks broken. Nice huh? There’s some tricky stuff out there. Using a UFS formatted volume will prevent this.
We also went over auto mounting sharepoints to clients, which happens even if you’re not logged in as a user, for every computer subscribed to the domain master server. We auto-mounted application, and document folders, and described auto-mounting a library folder, for pushing out preferences, prefpanes, application support files and a bunch of other cool things.
We then went into permissions mapping. Up until 10.2.6, most administrators knew there was no way to change the default umask in OSX, so files on the server by default got group read only access. That’s a big pain. Thankfully you can now enforce the inherited permissions model more familiar to Mac OS users where files inherit their permissions from their containing folder. Then we were on to permissions mapping in AFP. Here’s a fun trick, log into an AFP server where you’re not a user in the open directory, and do an ls -al on some files you didn’t create but have permissions to. You’ll notice that it says that the files belong to you. But the group permissions have moved into the user permissions. This is AFP permissions mapping in action. I could explain this, but it would take a while. But it works, and that’s what’s important.
We briefly went over AFP over SSH which is a nice secure way to transfer files, but it should be noted that this method will sometimes fail silently and you’ll be transferring in the clear. Don’t rely on it for truly secure transfer. SCP is your friend.
If you’re using Mac OS X clients on an windows or linux SMB server, you might want to move that SMB filesharing over to a Mac OS X server. Why? Because even though the filemanager will split the resource fork correctly onto the server, if a windows user moves that file, it will loose the resource fork and break the file. This shouldn’t be a huge issue these days, but it’s something to keep in mind if you’re using files with resources.
We then covered Web services. 10.3 server is light years ahead of the 10.2 implementation. There is almost no reason to edit your httpd.conf anymore and setting up virtual domains is very easy. We set up a new virtual domain along with tikiwiki, turned on SSL for security and created custom reporting.
This is a kinda cool thing. Performance caching on web servers will screw up your reporting as it makes it look like hits are coming from the webserver itself. OS X uses some custom reporting fields that you can make apache use that will preserve the correct user agents and referrers. Considering that one of my recent articles on TechGoesBoom got about 60,000 hits, and pretty much all of them looked like they came from my web server. Wish I was using X server on that machine.
apachectl is our command line friend here.
We also went over WebObjects and JBoss J2EE. Mac OS X makes it really easy to get JBoss up and running. Really really easy.
Then we were on to performance tuning for web applications, making sure that you’re addressing bottlenecks between your web server, application server, and database server. We did a fun exercise using “ab” the apache benchmark tool, throwing a thousand requests at our server. Fast HDs and lots of RAM make for happy servers. Move that database into RAM.
That’s it for today. Tomorrow are the last few chapters and the test. From what I hear, the test is VERY difficult, and this will be the first one, so if there are a lot of bad questions, we get to make them better, but we still fail. But I do get to take it for free.