Archive for the ‘OSX’ Category

Ubuntu 18.04 upgrade

Saturday, December 28th, 2019

The LTS upgrade from Ubuntu 16.04 to 18.04 has largely gone smoothly.

Once again there are problems on the VNC side (logging in remotely, using VNC), particularly useful when accessing the server from an Mac (OSX) machine, where you “share screen…” with the Linux server. However, it appears that the upgrade to Ubuntu 18.04 probably changes the default desktop back to gdm3, which still appears not to support the VNC setup well according to the below:

https://askubuntu.com/questions/1033274/ubuntu-18-04-connect-to-login-screen-over-vnc/

Running the below command, and selecting to use lightdm as the desktop manager will get things back working again.

dpkg-reconfigure lightdm

It appears this changes the following symlink:

root@shuttle:/etc/systemd/system/multi-user.target.wants# ls -l /etc/systemd/system/display-manager.service
lrwxrwxrwx 1 root root 35 Dec 26 21:44 /etc/systemd/system/display-manager.service -> /lib/systemd/system/lightdm.service

Tags: , , ,
Posted in Linux, OSX | Comments Off

Ubuntu 16.04 upgrade

Friday, December 30th, 2016

This holiday saw me upgrade a home server from Ubuntu 14.04 to 16.04. I completed a similar upgrade on another machine recently, but this one has an ‘occasional use’ desktop GUI. The thing that I needed to bear in mind is that Ubuntu 16.04 (like Centos 7 and above) uses systemd instead of System V init or upstart, which affects numerous things (like logging, service restart, etc).

I find that staying behind the curve for upgrades, particularly where it is a must work machine, saves a fair amount of grief. Although I invariably have to track down problems, by the time I get around to an upgrade there tend to be other people who have found (and worked-around) similar issues. This means I can cherry-pick the preferred fix (rather than having to use the horrible hack someone has documented, or track down the real problem/fix).

During this upgrade, after rebooting the screen remained blank. After finding the machine was actually on the network, I tracked it down to this problem:
http://askubuntu.com/questions/792129/16-04-boot-stops-at-a-start-job-is-running-for-hold-until-boot-process-finish

Switching from the gdm3 desktop manager to lightdm fixed this issue; X usage is minimal so features are of minimal interest, as long as it works!

To get x11vnc (the common/standard desktop-agnostic Ubuntu VNC server for X) to start in 16.04 (and later), with systemd, you need the following:
https://help.ubuntu.com/community/VNC/Servers#Have_x11vnc_start_automatically_via_systemd_in_any_environment_.28Vivid.2B-.29

Following the instructions does not seem to cause VNC to start. There must be a better way, but the brute-force reboot caused
it to start a process on port 5900.

The side effect of switching away from gdm3 is that my VNC server configuration no longer functions … more work to do! By way of a reminder, the reason for VNC server is so that the user can connect to do admin tasks without having to physically connect KVM (keyboard/video/mouse) to the server. As OSX is the usual client, integration using Zeroconf (Avahi) makes a lot of difference!

To get Avahi notifying about the service, add the below config to a file (eg, rfb.service) to the /etc/avahi/services/ directory:

———-
<?xml version=”1.0″ standalone=’no’?><!–*-nxml-*–>
<!DOCTYPE service-group SYSTEM “avahi-service.dtd”>
<service-group>
<name replace-wildcards=”yes”>%h</name>
<service>
<type>_rfb._tcp</type>
<port>5900</port>
</service>
</service-group>

The above was shamelessly taken from holyarmy.org – why re-invent the wheel?

Let’s hope that other things haven’t boken, although TimeMachine integration breakage tends to happen on OSX upgrades!

Tags: , , ,
Posted in Linux, OSX | Comments Off

Linux server integration with Apple OSX (client)

Sunday, September 26th, 2010

Last weekend I finally got round to trying an AFP server on Linux and, aside from a few minor issues, things went well.

First of all, I’d like to say credit (and kudos) where it’s due – I used Matthias Kretschmann’s documentation of his experience as a guide for this work. It is great and easy-to-follow documentation (with pictures), so my additions serve to provide updated information as of 2010 and a couple of other scenarios.

My brother has a linux machine that he uses as a CIFS fileserver (for Windows & Mac/OSX) and a destination for Time Machine backups from his Apple Mac, amongst other things. He prefers to use a GUI to manage the machine.

The best available Linux solutions for these seem to be:

  • Samba (well – that’s already running)
  • Netatalk (for AFP filesharing – Time Machine backups are apparently more stable on Apple protocols)
  • x11vnc (VNC access to the X console)
  • Avahi (for Zeroconf/Bonjour)

A VNC server was chosen to view the X console because one is built into OSX (10.5 Leopard and after), so no additional software is required. If you wanted to do something similar from a Windows computer you could use an RDP server on the Linux machine (but I have not tried this).

The first step was upgrading the machine to Ubuntu Linux 10.4 – the latest LTS (long-term stable) release. The big benefit of this Ubuntu version over others is that the binary version of Netatalk in the repositories works with OSX.

Previous versions of Netatalk needed to be compiled with OpenSSL which had an incompatible licence (meaning that binaies of Netatalk could not be shipped with SSL support). This used to mean that if you needed to support OSX clients then you needed to recompile Netatalk .. which made non-SSL-capable binaries fairly pointless. This version uses GnuTLS libraries which allow SSL-capable binaries to be shipped legally. This saves a chunk of pain!

Additionally, Ubuntu 10.4 contains VNC server that works with the X console (display :0) without a user needing to be logged in – something that the old Xvnc Xserver used to be able to do on older versions of XF86/X11 (which didn’t work with the X11.org Xservers in the previous LTS release).

Finally, Avahi brings the AFP and VNC services to Apple mac (OSX) clients in an easy way, using Zeroconf/Bonjour.

The other oddity to be aware of is around server naming. Most services use the server’s hostname when advertising the services/protocols. This is normally fine. However, it seems that the OSX client (Finder) won’t allow a CIFS server (Samba on Linux) and an AFP server (Netatalk on Linux + Avahi for server advertisement) to be displayed – the CIFS server is not displayed.

The work-around I decided to use was to append “-afp” to the AFP servername. An alternative may have been to add a config to Avahi for the SMB server, but I didn’t try this (partly because the only visible difference between the two would then have been the icon).

Enough of the waffle – lets get down to it.

The following were the changes I needed to make to the default configs for Netatalk:

/etc/netatalk/AppleVolumes.default:

/data/timemachine/machines/     “Timemachine-backups” options:tm,upriv,usedots

Please read the Netatalk documentation for a description of the options, but “tm” makes the share time-machine compatible, “upriv” makes it use AFP3 (for additional features?), and “usedots” ensures that any dot-files (filenames or directory names that begin with a . and are deemed ‘hidden files’ in unix) keep their name rather than the “.” being percent-escaped.

The only change from the default for the afpd config file is so that the afp service has a different hostname. I’ve left the default (normally commented out in the config file, as shown here) in to demonstrate that it’s only the servername that is changed:

/etc/netatalk/afpd.conf

# default:
# – -transall -uamlist uams_dhx.so,uams_dhx2.so -nosavepassword
server01-afp -transall -uamlist uams_dhx.so,uams_dhx2.so -nosavepassword

You also need to ensure that the CNID_METAD service is started along with the AFP service. You need to change that service from “no” to “yes”, and that’s the only change required in the startup config:

/etc/default/netatalk

ATALKD_RUN=no
PAPD_RUN=no
CNID_METAD_RUN=yes
AFPD_RUN=yes
TIMELORD_RUN=no
A2BOOT_RUN=no

If you want to use any of the other services provided by Netatalk (such as Apple printing using PAPD, Appletalk using ATALKD, etc) then please see the Netatalk documentation for further details.

The AFP server can now be accessed, but to make it more user-friendly you should try to get it to show up in OSX’s Finder; this requires Zeroconf, as provided by Avahi.

Avahi required very little to provide visibility of the AFP service – just adding the following description file (note the “name” part has “-afp” appended to the hostname, so the service is advertised as server01-afp. If this isn’t wanted, just remove the -afp in the service name):

/etc/avahi/services/afpd.service

<?xml version=”1.0″ standalone=’no’?><!–*-nxml-*–>
<!DOCTYPE service-group SYSTEM “avahi-service.dtd”>
<service-group>
<name replace-wildcards=”yes”>%h-afp</name>
<service>
<type>_afpovertcp._tcp</type>
<port>548</port>
</service>
<service>
<type>_device-info._tcp</type>
<port>0</port>
<txt-record>model=Xserve</txt-record>
</service>
</service-group>

No restart is needed – Avahi (as configured in Ubuntu 10.4) picks this up immediately and advertises it.

You should now be able to connect to the AFP server through the OSX client Finder.

Finally I needed a VNC server that would allow someone to connect to the X server after bootup (before anyone has logged into it). x11vnc seems to be the best solution for this. It also has SSL support and the ability to authenticate with unix passwords (which I didn’t use in this initial test), and avahi support for zeroconf (which I did).

All that was required was to have the x11vnc server start when gdm starts. The x11vnc documentation covered this fairly concisely, and here is an example:

/etc/gdm/Init/Default (at the bottom before exit 0)

#UNIXPW_DISABLE_SSL=1
#UNIXPW_DISABLE_LOCALHOST=1
#x11vnc -o /var/log/x11vnc.log -unixpw -forever -bg
x11vnc -rfbauth /etc/x11vnc/x11vnc-passwd -o /var/log/x11vnc.log -forever -bg -avahi

You also need to create a VNC password for the above to work; that was done by:

x11vnc -storepasswd /etc/x11vnc/x11vnc-passwd

Given the time I would try to use SSL and probably unix password, as this would mean encrypted details and users just needing to know their login credentials which can be changed (rather than a more static shared password). Whether this is an option would depend on the “Screen Sharing” VNC client capability in OSX though. This is probably something for an update (or follow-up).



Tags: , ,
Posted in Linux, OSX | Comments Off

Problems with Time Machine network backups on OSX

Saturday, February 7th, 2009

Background

Time Machine was a major new feature of Apple’s OSX 10.5 (Leopard) – an easy-to-use backup system that anyone can use. This is great – something so simple that ‘your grandmother could use’, with a simple interface that makes it easy to restore data.

In addition to being able to backup to a local disk (connected by USB or firewire), you can backup over the network. Apple sell the Time Capsule NAS (network attached storage) primarily for network backups using Time Machine. Backups to local disk are simple file-based backups, whereas backups to a network drive utilise sparse-bundle images (another new feature in Leopard).

Configuration

I assume there is a way to backup to OSX servers (such as the Xserve), but there are numerous articles describing hacks for how to configure backups to an SMB (or NFS or AFP) fileshare.

Being a big proponent of open-source solutions, I looked around for a solution using Linux, Samba and/or Netatalk, preferably one that doesn’t require any special setup on the client machine; I managed to find one that makes the fileserver look like Apple hardware – something that I intend to try at some point!

First, though, I wanted to get a few Time Machine backups under my belt, so I started with the aforementioned hacks – backing up to a Samba fileshare (on Linux).

My Linux fileserver has mirrored disks and LVM, so it’s easy to create a new logical-volumes (similar to slices/partitions in other configurations), so I created a new LV for the backup and then configured samba:

[timemachine]
   comment = osx backups
   path = /BACKUPS/timemachine/machines
   public = no
   writable = yes

The root of the fileshare should contain a file called “.com.apple.timemachine.supported“, and the root of the fileshare needs to be writeable by the remote users (Time Machine creates a file there before it starts the backup).

On the OSX machine (Mac) you need to enter the following command into a Terminal window to allow backups to normal fileshares:

defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1

You then need to create a sparse-bundle disk image for Time Machine to backup to. This has a particular name based on the machine name and main (ethernet) NIC. Assuming the computer’s name is MBP and the hardware address of the NIC is 00:01:23:45:67:89 then the following command should create a 300GB sparse-bundle image:

hdiutil create -size 300g -fs HFS+J -volname “Time Machine” MBP_000123456789.sparsebundle

This command should be run on the local OSX machine and copied (eg using ‘rsync -avE‘ or ‘cp -r‘) to the fileshare [1]; it cannot be run to create the file directly on the fileshare, apparently.

At this point you should be able to configure Time Machine, select the fileshare you wish to use (I found that the fileshare had to be mounted by logging into it in the Finder), give a username and password and then it should be ready to start the backup.

A full backup of my 250GB disk (of which about 220GB gets backed up) took around 3 hours the first time, with a gig-e connected ethernet cable. For me, in the first 10-20 minutes Time Machine did not utilise much bandwidth.

[1] If, like me, you used rsync to copy the file but forgot the -E flag, then the resource-fork will not have been copied. (On a Linux box (ext3 fs) this resource-fork gets created as the file ._MBP_000123456789.sparsebundle in the above example.) If the resource-fork is not on the remote filesystem then the “sparsebundle” image will look like a directory rather than a disk image. From my limited use, this doesn’t appear to have made any difference to the workings of Time Machine (backups worked OK, a partial restore worked OK); the only downside was that, if using Finder to browse the fileshare, you cannot mount the sparsebundle image by double-clicking (but hdiutil, and Time Machine, mount it fine). I was able to correct this problem by copying across the blank image again (from OSX to the fileshare), to a temporary subdirectory on the fileshare this time to avoid overwriting the backup data, and moving the resource-fork file back to the time-machine directory (so that the populated sparsebundle image and the resource-fork file are in the same directory). This made the populated sparsebundle then show up as a disk image under Finder. The temporary subdirectory and contents can then be removed.

Failures

Corruption

Having had numerous failures whilst trying to backup with Time Machine, I decided to see if I could fix it rather than just delete and start again.

I took a look for a someone who had found and resolved the problem. Whilst there are loads of people who report failures (the forums are alight with them), I only found one that managed to recover the backup image. The instructions were the normal disk-recovery type things:

  1. attach the disk image (which checks and may fix some issues)
    • sudo hdiutil attach -nomount -readwrite /path/to/sparseimage
  2. verify/repair disk
    • in disk utility, select the (unmounted) backup volume, select the First Aid tab, and click on Repair Disk
  3. check the filesystem
    • sudo fsck_hfs /dev/disk-slice-name (eg disk1s2)

Unfortunately, stage 2 failed for me with “Invalid sibling link” whilst “Checking Catalog file.” As the Catalog was the problem, I ran with the -r fsck_hfs flag (check the man page) to rebuild the catalog, but this failed, saying “The volume Time Machine could not be repaired.

Hopefully the above will be useful to someone (including me, if I need to re-visit) – especially if you are used to unix but not necessarily ‘the depths of OSX’.

Time Machine on new backup device/file

Sometimes the backups don’t work properly and you have to delete the Time machine backup (eg sparse file) and start again.

I had got Time Machine working fine, backing up every hour, and then I needed to move some large files about temporarily. Rather than TM making huge backups for minimal benefit I turned off TM for a couple of days. When I turned it back on it sat ‘Preparing the backup’ for 15 hours or more (confirmed several times) – it just didn’t work. As a result the only thing I could think of doing was delete the disk image (sparsebundle), create a new one of the same name (as per the above instructions), and start again … losing all previous backups.

Following this, TM failed every time. Checking the logs (Applications -> Utilities -> Console)

06/03/2009 11:52:19 /System/Library/CoreServices/backupd[11312] Backup requested due to disk attach
06/03/2009 11:52:19 /System/Library/CoreServices/backupd[11312] Starting standard backup
06/03/2009 11:52:19 /System/Library/CoreServices/backupd[11312] Network mountpoint /Volumes/timemachine not owned by backupd... remounting
06/03/2009 11:52:20 /System/Library/CoreServices/backupd[11312] Network volume mounted at: /Volumes/timemachine-1
06/03/2009 11:52:20 /System/Library/CoreServices/backupd[11312] Volume at path /Volumes/timemachine-1 does not appear to be the correct backup volume for this computer.  (Cookies do not match)
06/03/2009 11:52:25 /System/Library/CoreServices/backupd[11312] Backup failed with error: 18
06/03/2009 11:52:25 /System/Library/CoreServices/backupd[11312] Ejected Time Machine network volume.

The relevant (and problematic) part is “(Cookies do not match)“. This appears to be along the lines of the fact that a cookie is kept on the TM machine (that is being backed up), and in the disk image (for the backup), and they are not in sync. To fix this you need to go into Time Machine, select the disk to use, and select “none“. Then select the relevant disk/share. This appears to reset the cookie (or whatever) and allow you to run Time Machine backups again.

Links

There are numerous similar articles around the Internet, including one article mentioning problems with sparse files  I considered a bit obvious. Sparse images/bundles only take up the amount of disk space of the files contained in them (so if you create a 100GB sparse-image and put in 10GB of files, the sparse-image will only use up 10GB of disk space. The good point about this is that you can use the remainder of the disk space for other things … for the time being. Of course, if you do not keep an eye on available space then you could have problems! The aforementioned article describes a problem that Time Machine had with people who used this ’spare disk space’ on the server, causing (backup) data loss. Fortunately it sounds like this bug has been fixed, but it is something to bear in mind!

Note

As with all these kind of hacks, the author is not responsible for any loss of data or problems when following the instructions. That said, I would like to hear if you had problems, you can think of a better way to do this, or any other constructive feedback.

Update – 2009-07-08

By way of an update, after Konstantin’s comment, things have been working stably for me over the past few months.

Soon after writing this blog posting I noticed an error I had in my smb.conf file. I had “locking = no” on the share, for some reason (probably due to copying config from another share and not properly checking the options). I removed the line in smb.conf, created a new sparse-bundle image, and errors happened less frequently (although they still did happen for a bit).

For information, I am currently running OSX 10.5.7 (I was running 10.5.6 when it wasn’t working, and during the time it has been working), and Samba 3.0.25b (quite old, really). Samba has not been updated either, so I’m at a bit of a loss as to why things “suddenly” became stable.

Tags: ,
Posted in OSX | 3 Comments »