MacOS 10.2 Server Problems
(Experiences with Mac OS 10.2 Jaguar server)
Author: Jeremy Parsons
Date: 26th November, 2003 and February 2004
Contents
Introduction
In early 2003, Paradigm-Therapeutics bought a X Serve RAID server with
1 TB disk space, a dual processor Xserve compute server, and a
uniprocessor Fibre Channel X Serve file server. The plan was to use all
the new powerful hardware as the core of the new Linux and Macintosh
infrastructure but we have encountered a few problems with OS X
configuration tools and documentation that delayed the centralised
infrastructure rollout. We have not had the benefit of "Apple's
legendary ease of use".
Most of the items below are complaints and issues which Apple should
have dealt with. However, we got no support despite repeated requests.
Apple would have provided basic support if we had paid another $1000 or
so but we naively thought we could get the system working ourselves. We
subsequently discovered that Apple charges even more for integration support,
many times more, and you have to pay extra for all the OS upgrades, eg from 10.2 to 10.3
I would advise that no-one should ever buy a Macintosh server for use in
a heterogeneous environment - they barely work, they are worse and more
expensive than anything from Sun or a Linux roll-your-own. Client Macs
are a different matter and have worked fairly reliably however it looks like the bugs and problems only
get worse
with OS X 10.3 Panther server .
Serious bugs in
MacOS 10.2 server
- After 6-months of wasted attempts, our uniprocessor MacOS 10.2
server has been abandoned
- We tried five different OS installations with different
configurations. Complete reinstalls with formatted disks just to ensure we did everything properly
- We tried using Net Info and LDAP
- We tried using AFP and NFS. However NFS is almost useless as there is no NFS file locking which you get for free with even older linux distros and has been available for a decade for Solaris.
You need file locking to do something as simple as share a home directory for someone who uses KDE or GNOME !
- Our server was unable to stay up for more than a few days any
time anyone was using it as a file server for the RAID array
- Our HFS+ journalled filesystem became corrupted every time it was nearly full
- It could not be repaired with Apple disk tools (though it said it
had)
- Could not be repaired by two commercial tools (though Disk warrior seems useful for other disk repairs)
- Needed completely wiping and rebuilding.
- Automounting using AFP was never reliable however using NFS is better though there are issues around DNS lookups in the boot process which we circumvented by explicitly listing NFS servers in Netinfo "machines" on each Mac OS X client.
- Our UFS filesystem could not be journalled so an fsck on only one
partition took twenty minutes with an empty file system after each of
the common crashes !
- We had kernel panics multiple times on some days if we transferred large files
- The server configuration tools were so flakey, and the logging so
poor that it was impossible to tell whether hardware or software was
broken.
The general reliability seems to be much less than 10.1 though we never tried automounting or NFS with 10.1.
Mac OS X Unleashed for 10.2 is a really good book which I'd highly recommend but it has a few things to say about mounts: "You may need to disable the automounter to get your machine to properly mount NFS directories. This was not the case under earlier versions of OS X"
"No we aren't fans of the automounter at all, and we generally have it turned off on our system just as a matter of principle. We won't tell you that that you have to turn it off, and for lack of documentation, we aren't even sure what unusual twists Apple might have woven into their version."
Flakey administration tools
- Administration tasks are split between many applications which
are piled into a Utilities directory along with client utility
programs.
A variety of "Assistants" help with initial configuration, and a number
of other programs help with susbsequent maintenance: Disk Utility,
Server Status, Server Monitor, Server Settings, NetInfo Manager,
Workgroup Manager and Directory Access. It is inititially hard to know
which tool to use for a particular task.
- Partitioning (via Disk Utility) needs to be started from a
special menu in one of the first screens in the initial installation
assistant, there is no direct question about partitioning so it may be
inadvertently missed until it is too late to correct.
- The Disk Utility is clearly broken and it is easy to enter
partition sizes with a sum greater than the hard disk size ! No warning
is given, the partition size locking does not work, and the actual
partitions created will not match any of the sizes shown in the Disk
Utility GUI.
- Going backwards to the DNS configuration, in the initial
installation assistant, one can only delete characters, not type new
ones in. When going forwards it is possible to enter IP addresses so
that must be a bug specific to going back ?
- The config tools are generally client server so even working
directly off the X Serve still requires logging-in with each tool
separately however, the undocumented "key chain" can store passwords
for
a particular user.
- "Unexpected Error" was frequently encountered whilst trying to
use the configuration tools.
- Workgroup Manager often hangs and needs to be killed via Process
Manager as it does not respond itself
- The error message from the Workgroup Manager crashes is not in
the Mac-> help system: "Error of type -14130 on line 1988 of
PMMUGSearchController.mm"
- There is a confusion between NetInfo and LDAP and their apparent
independence in the "Directory Access" configuration menus: If
information is entered into a NetInfo directory it appears to be
automatically propogated to an LDAP domain but why are they listed
separately ?
- Using Directory Access allows deletion of an LDAP domain or
changing its type from Open Directory to RFC 2307 but doing so elicits
no warning whatsoever even though it disables all user logins and
destroys user configuration information. The NetInfo information is
deleted even though it was LDAP configuration that was selected.
- What are the security and access implications of the little SSL
tickbox in Directory Access LDAP configuration ?
Policy to
obscure and hide both logging and feedback
- A unique UNIX File system hierarchy, quite different from Solaris
and Linux makes it hard to know where to examine the server
configuration.
- Booting on a server defaults to a blank screen with a little
rotating grey cog - surely that could only make sense for a client
computer with a particularly nervous user, not a server !
- Very little feedback in logfiles, no error messages stored
from the many crashes of the server configuration client server tools.
- No XML/plist editor in standard OS 10.2 server installation
- System Log says NetInfo is backed up but does not say how or to
where.
Poor configuration
guidance
- No mention of utility of Alt key to control boot disk selection -
this was essential to us !
- No relative comparison between alternative file systems.
- No mention of the need for a DHCP server to configure the RAID
system
- No warning of the dangers of doing anything whilst the system is
installing updates. Our fileserver became completely unusuable, and
failed to boot from a CD after I changed USB devices during an
automatic
update. Our installation was so completely corrupted that we finally
had
to remove our fibre-channel connection to the RAID system to get the
X-Serve to boot from its own CD drive (whilst holding down the C key).
- Confusion between LDAP "Open Directory" and RFC 2307. No
explanation of the suitability of either.
- Will Apple LDAP schema changes cause problems with non-Apple
clients in the future ?
- Is there a GUI interface to import an /etc/hosts file ?
- What does the "Apply to all subfolders" permissions configuration
options in NFS exporting mean ?
- Is there an easy way to make a group of NFS clients to which a
number of disks can be exported with identical configuration or do we
need to type everything in individually in the GUI ?
- Does an administrator need to type "createhomedir" to make home
directories ?
- Is there a list of command-line tools that one might want to use
to complement the GUI utilities ?
- No help integrating our Mac OS 10.2 server with 10.2 clients and
RedHat 9.0 clients using LDAP as specified in RFC 2307.
- Using MacOS 10.2 as the server for linux clients does not seem to
be covered to any depth in the existing MacOS X documentation.
Lack of integration
overview
- Poor explanation of the kinds of applications that will need to
be used to make a Mac a central server for UNIX boxes, or vice versa.
- Which files will be affected by installation options, which files
need to be backed up, can the configuration be copied.
- How to set up UNIX computers to use OS X for authentication, home
directory sharing
- Security issues involved in offering services.
Lack of documentation
balance
- No mention of write speed reduction that can happen if switching
to the Journaling option on HFS+ Extended in the document entitled "Mac
OS X Server Technologies File System Journaling"
- Why does the Linux World use JFS, XFS, and ext 3 whilst this Mac
comes with only the relatively unknown HFS+ extended ?