10.6 Server upgrades

Posted on September 14, 2009 by
This weekend I upgraded some of my home servers to 10.6(.1) server, using the developer keys. I wouldn’t say that it went ‘without a hitch’ or even smoothly, but overall it wasn’t bad.
The first machine to get 10.6 was the one with the most complex setup. It was an OD master, mail server, and web server. In order to provide a fallback plan, I CCC’d the boot drive to a firewire device _and_ performed the 10.6 upgrade on another piece of hardware. I let the server migration assistant attempt to move all the settings over to the new machine. It did an okay job, but there were issues.
First of all the OD master info wasn’t moved, or at least not into a working state. This was a bit troubling, but not so much for this install, as there are only about 5 users. Investigation discovered that the OD info was moved and the users were there, but the kerberos setup was bogus. I spend some time trying to re-import, etc. and then decided to go back to the 10.5 server for a while until I could figure it out — then I discovered that while the local service was working on the old server, kerberos was actually non-functional on that machine as well. Since I wasn’t sure when it had failed or for what reason, I went back to the 10.6 install and rebuilt the OD master and recreated the 5 accounts, keeping their UIDs the same. This actually turned out to be a mistake, I’ll explain why later on.
Mail was migrated okay, or so it seemed, but there were problems here as well. There were only 3 users with mail, so again it wasn’t a big deal, but one of them was me, and the mail dated back to 2001, so I certainly didn’t want to loose it. 10.6.1 seemed to fix the common amavis mail conversion issue, so that wasn’t a problem. All the proper domains weren’t picked up as aliases, including the primary one ‘soward.net’, so no new mail was able to come in, this was easily spotted and fixed though. What wasn’t so readily repaired was the fact that existing 10.5 clients seemed confused about the mailbox layout and numbers of unread messages. Configuring a new 10.6 Mail.app client or using webmail showed that the server did have all the mailboxes and the counts were valid, but things couldn’t sync up on 10.5. I removed the mail account and re-added it, then let it sync back (which takes a while for 100,000 messages), and it seems okay. I’ll try a few more configurations over the next few days.
Push services for mail didn’t seem to work either, there was a missing directory. Once it was created push started working. Note that push mail as of the time of this writing (10.6.1 and iPhone OS 3.1) is only available on 10.6 desktop mail.app clients. No iPhone push for anything but exchange, yahoo, and me.com.
The web services was another interesting migrate. It wasn’t able to use a ‘default’ certificate nor did it generate any new self-signed ones, though it did pick up my one non-self signed cert. Once I told everything to use that one in SA, all was mostly okay. It also copied over my docs, and here’s the interesting part….I had modified the apple standard home page to include some different text and options, it brought that over — but the default apple home page (and various js functions inside it) changed, so nothing really worked and looked like junk…The real, new, apple default page was out there as ‘index.html.default’ so moving that into place works temporarily.
Moving on I upgraded the Xsan MDC and vmware host. This one went pretty well, but I took precautions. I promoted the machine I had just upgraded to be an MDC — I had installed Xsan 2.2 on all the xsan machines a week prior. Then I removed the to-be-upgraded machine from the san entirely. I did the upgrade (to 10.6.1), installed the newest build of xsan 2.2, joined it to the OD, and added it back to the san. No real problems here, except that Xsan keeps things by uuid, not uid, and while I had preserved the uid of the OD users, I had not kept the uuid, so all the permissions, ACLs, quotas, etc were useless. Again not a big deal with 5 users and very few ACLs, etc. so 15 mins of work, but if this were a big install, it could take days to recreate such.
When I went to setup the second machine as an OD replica, things went south. SA tells me that it ‘cannot be a replica’ because the master ‘contains Augment records’ and that I should consult the documentation for more information. I have not created any Augment records, and I can verify that the Augment section is empty. The documentation has no information. So for now I have an OD that works, but has no replica. I’m still working on this issue, and I suppose it’s possible that I may have to tear down the OD again, though at this point what is there should be pretty vanilla.
This entry was posted in OS X, apple, sysadm

Leave a Reply