NetBoot Part 4
So this is going great. I have a really solid Base OS Install, and a whole buttload of packages now. Packages that set everything from network settings to custom and specialized users. I can build a typical system in about 45 minutes, and I can do most of the building from my office (or any other computer in the lab that has ARD installed).
I'm also getting fairly adept at making packages. A good many of my packages are just scripts that make settings to the system, so I'm getting pretty handy with the bash and quite intimate with dscl. But, perhaps most importantly, I'm learning how to make all sorts of settings in Leopard via the command-line that I never knew how to do.
The toughest one so far has been file sharing. In our lab we share all our Work partitions to the entire internal network over AFP and SMB. In the past we used SharePoints to modify the NetInfo database to do so, but this functionality has all been moved over to Directory Services. To complicate matters, SAMBA no longer relies simply on standard SMB configuration files in standard locations, and the starting and stopping of the SMB daemon is handled completely by launchd. So figuring this all out has been a headache. But I think I've got it!
Setting Up AFP
Our first step in this process is setting up the share point for AFP (AppleFileshareProtocol) sharing. This wasn't terribly difficult to figure out, especially now that I've been using Directory Services to create new users. To create an AFP share in Leopard, you use dscl. Once you grok the syntax of dscl it's fairly easy to use. It basically goes like this:
The "Data Source" is the thing you're actually operating on. I like to think of it as a plist entry in the database — like a hierarchically structured file — which it basically is, or sometimes I envision the old-style NetInfo structures. To get the needed values for my new share, I used dscl to look at a test share I'd created in the Sharing Preferences:
The output looked like this:
Okay. So I needed to use dscl to create a record in the SharePoints data source with all these values. Fortunately, the "sharepoint_group_id" is not required for the share to work, because I'm not yet sure how to generate that number. But create the share with all the other values and you should be okay:
This series of commands will create a share called "My-Share" out of the drive called "HardDrive."
After modifying the Directory Services database, it's always smart to restart it:
And we need to make sure AFP is running by starting the daemon and reloading the associated Launch Daemons:
Not the easiest process, but not too bad. SMB was much tougher to figure out.
Setting Up SMB
Setting up SMB works similarly, but everything is in a completely different and not-necessarily standard place. To wit, Leopard has two different smb.conf files: one that's auto-generated (and which you should not touch) in /var/db, and one in the standard /etc location. Fortunately, it turned out, I didn't have to modify either of these. But still, it led to some confusion. The way SMB is managed in Leopard is rather roundabout and interdependent. Information about SMB share is stored in flat files — one per share — in /var/samba/shares. So, to create our "my-share" share, we need a file named for the share (but all lower-case):
And in that file we need some basic SMB info to describe the share:
Next — and this was the tough part to figure out — we need to modify one, single, very important preference file that basically informs Launch Services that SMB should now be running:
This command modifies the file com.apple.smb.server.plist in our /Library/Preferences/SystemConfiguration folder. That file is watched by launchd such that when it is modified thusly, launchd knows to start and run the smbd daemon in the appropriate fashion. Still, for good measure, I like to reload the LaunchDaemon for the SMB server by hand. Don't need to, but it's a nice idea:
That's pretty much it! There are a few oddities: For one, the new share will not initially appear in the Sharing Preferences pane, nor will the Finder show it as a Shared Folder when you open the window.
But the share will be active, and all will be right with the world after a simple reboot. (Isn't it always!) Also, if you haven't done it already, you may have to set permissions on your share using chmod in order for anyone to see it.
I was kind of surprised at how hard it was to set up file sharing via the command-line. But I'm glad I stuck with it and figured it out. It's good knowledge to have.
Hopefully someone else will find it useful as well.
I'm also getting fairly adept at making packages. A good many of my packages are just scripts that make settings to the system, so I'm getting pretty handy with the bash and quite intimate with dscl. But, perhaps most importantly, I'm learning how to make all sorts of settings in Leopard via the command-line that I never knew how to do.
The toughest one so far has been file sharing. In our lab we share all our Work partitions to the entire internal network over AFP and SMB. In the past we used SharePoints to modify the NetInfo database to do so, but this functionality has all been moved over to Directory Services. To complicate matters, SAMBA no longer relies simply on standard SMB configuration files in standard locations, and the starting and stopping of the SMB daemon is handled completely by launchd. So figuring this all out has been a headache. But I think I've got it!
Setting Up AFP
Our first step in this process is setting up the share point for AFP (AppleFileshareProtocol) sharing. This wasn't terribly difficult to figure out, especially now that I've been using Directory Services to create new users. To create an AFP share in Leopard, you use dscl. Once you grok the syntax of dscl it's fairly easy to use. It basically goes like this:
command node -action Data/Source valueThe "Data Source" is the thing you're actually operating on. I like to think of it as a plist entry in the database — like a hierarchically structured file — which it basically is, or sometimes I envision the old-style NetInfo structures. To get the needed values for my new share, I used dscl to look at a test share I'd created in the Sharing Preferences:
dscl . -read SharePoints/TESTThe output looked like this:
dsAttrTypeNative:afp_guestaccess: 1
dsAttrTypeNative:afp_name: TEST
dsAttrTypeNative:afp_shared: 1
dsAttrTypeNative:directory_path: /Volumes/TEST
dsAttrTypeNative:ftp_name: TEST
dsAttrTypeNative:sharepoint_group_id: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX
dsAttrTypeNative:smb_createmask: 644
dsAttrTypeNative:smb_directorymask: 755
dsAttrTypeNative:smb_guestaccess: 1
dsAttrTypeNative:smb_name: TEST
dsAttrTypeNative:smb_shared: 1
AppleMetaNodeLocation: /Local/Default
RecordName: TEST
RecordType: dsRecTypeStandard:SharePointsOkay. So I needed to use dscl to create a record in the SharePoints data source with all these values. Fortunately, the "sharepoint_group_id" is not required for the share to work, because I'm not yet sure how to generate that number. But create the share with all the other values and you should be okay:
sudo dscl . -create SharePoints/my-share
sudo dscl . -create SharePoints/my-share afp_guestaccess 1
sudo dscl . -create SharePoints/my-share afp_name My-Share
sudo dscl . -create SharePoints/my-share afp_shared 1
sudo dscl . -create SharePoints/my-share directory_path /Volumes/HardDrive
sudo dscl . -create SharePoints/my-share ftp_name my-share
sudo dscl . -create SharePoints/my-share smb_createmask 644
sudo dscl . -create SharePoints/my-share smb_directorymask 755
sudo dscl . -create SharePoints/my-share smb_guestaccess 1
sudo dscl . -create SharePoints/my-share smb_name my-share
sudo dscl . -create SharePoints/my-share smb_shared 1This series of commands will create a share called "My-Share" out of the drive called "HardDrive."
After modifying the Directory Services database, it's always smart to restart it:
sudo killall DirectoryServiceAnd we need to make sure AFP is running by starting the daemon and reloading the associated Launch Daemons:
sudo AppleFileServer
sudo launchctl unload /System/Library/LaunchDaemons/com.apple.AppleFileServer.plist
sudo launchctl load -F /System/Library/LaunchDaemons/com.apple.AppleFileServer.plist
Not the easiest process, but not too bad. SMB was much tougher to figure out.
Setting Up SMB
Setting up SMB works similarly, but everything is in a completely different and not-necessarily standard place. To wit, Leopard has two different smb.conf files: one that's auto-generated (and which you should not touch) in /var/db, and one in the standard /etc location. Fortunately, it turned out, I didn't have to modify either of these. But still, it led to some confusion. The way SMB is managed in Leopard is rather roundabout and interdependent. Information about SMB share is stored in flat files — one per share — in /var/samba/shares. So, to create our "my-share" share, we need a file named for the share (but all lower-case):
sudo touch /var/samba/shares/my-shareAnd in that file we need some basic SMB info to describe the share:
#VERSION 3
path=/Volumes/HardDrive
comment=HardDrive
usershare_acl=S-1-1-0:F
guest ok=yes
directory mask=755
create mask=644
path=/Volumes/HardDrive
comment=HardDrive
usershare_acl=S-1-1-0:F
guest ok=yes
directory mask=755
create mask=644
Next — and this was the tough part to figure out — we need to modify one, single, very important preference file that basically informs Launch Services that SMB should now be running:
sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server "EnabledServices" '(disk)'
This command modifies the file com.apple.smb.server.plist in our /Library/Preferences/SystemConfiguration folder. That file is watched by launchd such that when it is modified thusly, launchd knows to start and run the smbd daemon in the appropriate fashion. Still, for good measure, I like to reload the LaunchDaemon for the SMB server by hand. Don't need to, but it's a nice idea:
sudo launchctl unload /System/Library/LaunchDaemons/com.apple.smb.server.preferences.plist
sudo launchctl load -F /System/Library/LaunchDaemons/com.apple.smb.server.preferences.plist
That's pretty much it! There are a few oddities: For one, the new share will not initially appear in the Sharing Preferences pane, nor will the Finder show it as a Shared Folder when you open the window.
Shared Folder: This Won't Show Without a Reboot
(click image for larger view)
(click image for larger view)
But the share will be active, and all will be right with the world after a simple reboot. (Isn't it always!) Also, if you haven't done it already, you may have to set permissions on your share using chmod in order for anyone to see it.
I was kind of surprised at how hard it was to set up file sharing via the command-line. But I'm glad I stuck with it and figured it out. It's good knowledge to have.
Hopefully someone else will find it useful as well.
Labels: Lab, Leopard, MacOSX, NetBoot, NIX, Server
This entry was posted
on Monday, March 31, 2008 at 5:11 PM.
You can skip to the end and leave a response.
7:48 PMNice work, unfortunately Apple doesn't provide the same nice tool, called "sharing", on Mac OS X as they provide it on Mac OS X Server. This one is very handy as it creates the sharepoints elements in one command, doing all the dirty stuff for you. Same, to enable/disable some elements, you also have the serveradmin command on Mac OS X Server.
Anyway, I've never been a big fan of sharing from a workstation as I have servers for that, but in some cases it's useful and being able to manage them with scripts is useful. I like packages that are scripts too :-)
7:58 PM
I wasn't aware of the "sharing" command on server, but I had a feeling there might be something like that — something server-only. I'll have to check it out.
I've always been a bit annoyed that Apple provides certain commands on the server-side only. I understand it, but it sure does make client-side management that much more trying. Oh well. I guess that's the fun of it.
We share all our workstations internally. That way, if you have a file you were working on on Computer A and you need to move to Computer B, you can easily get that file if you happened to forget it. I recently discovered that people actually use this functionality way more than I realized, so it's worthwhile to me to keep implementing it.
Who'd have thought "packages that are scripts" would be such a hot topic. Cool!
-systemsboy
7:40 PM
Same here, somme server-only commands would be so useful...
As for packages that are scripts, I have some to configure some computers I use for testing and for preso that I want configured the way I like and I'm too lazy to go through all the settings each time. That and also some apps I want on these computers, that's why I have a nice package on my USB stick :-)
Thanks for your infos, btw...
1:19 PM
The best implementation of AFP is AFPd on the iPhone. I know, I am so off topic. But I love my iPhone. :)
Sharing individual workstations seems like a disaster waiting to happen, but if central sotrage and backup are not your concern then it may work beautifully in your situation. Keep up the great posts.
11:05 AM
You, sir, are an iPhone addict. What's AFPd?
We only share a Work partition — totally separate from our system partition, and totally temporary storage that gets deleted every week. And this is, of course, in addition to central storage. It's been working fine for many years now.
Thanks for the comments folks!
-systemsboy
P.S. Just a heads up that LANrev InstallEase — a utility that builds packages from snapshots — is now available for free. Just now trying it out, so I don't know if it's any good, but thought you might want to know.
2:39 AM
AFPd is an app which puts Bonjour-enabled Mac file sharing (AFP) on your iPhone.
http://www.eecs.berkeley.edu/~job/afpd/AFP_File_Server_on_your_iPhone.html
Works like a charm. :)
11:11 AM
You've jailbroken your iPhone! Sneaky!
I actually haven't had the time to mess with it. And I've been happy enough with the iPhone as-is, I haven't really been that motivated. When I need a Terminal — and if no one builds one for sale — then I'll probably jailbreak. 'Til then, probably not.
AFPd sounds pretty cool, though.
-systemsboy
10:56 AM
This is what I did with NetInfo, that I'm trying to duplicate with dscl.
nidump -r /config/SharePoints . > /Volumes/FileRAID/SharePoints/shrpts.txt
sed 's/files.coxnc.com/files2.coxnc.com/' shrpts.txt > shrpts2.txt
niload -d -r /config/SharePoints . < /Volumes/FileRAID/SharePoints/shrpts2.txt
Sharing looks like it gives the same output as nidump, but I don't know that it can take it in.
It looks like I'm going to have to loop a dscl list for sharepoints, read each one >> textfile.txt, then write to the second server.
Fun.
BTW, on server, I just use:
serveradmin stop afp
serveradmin stop smb
run script
serveradmin start afp
serveradmin start smb
Much easier than unloading/loading kexts.
» Post a Comment