While I was home for Christmas I decided it was time to upgrade Tsunami to the next generation. For a number of years now, I’ve had the luxury of having a colocated server to catch my mail, provide a home for my web space, and other such things. Tsunami has provided this service for me, and has had a home at both Peak and Kattare.
Since I am essentially a guest at Kattare, I decided that it might be a good idea to reduce the footprint of Tsunami. Before I was running an AMD Athlon XP based system in a 4U generic rack mount case. This was rather large for the things I was running. The first thing that came to my mind was the possibility of moving to a Mac Mini instead. It had a lot of attributes that were very attractive. It’s small. It has a fairly powerful Intel Core 2 Duo processor in it. The amount of memory it can take is quite sufficient for a small server. The price was also decent, considering my student discount for such a thing.
I ended up picking up one at the University of Oregon Bookstore in Eugene. It turned out that they had a floor model that they were getting rid of, and were giving an additional $100 off the price. This was a really good deal since I ended up paying like $400 for the thing. Not a bad price for a server with a 1.83 GHz dual core with 1Gb of memory. The disk is a little small, and it’s the slow laptop sized drives, but for the traffic that Tsunami typically runs, it’s not a big deal. I’m planning on throwing an additional gig of memory in it since it’s fairly cheap, and adding some external USB 2.0 or Firewire storage to it (I want to see if I can pick up a MiniStack from NewerTech). There was a small problem in getting it since I forgot my UO ID in Springfield, and they didn’t want to really accept my WNEC ID. They ended up calling Apple to make sure I wasn’t trying to scam them. It’s surprising that they had to run this through their Apple rep, and it took a couple of days to clear. I would imagine that Apple would have things in good enough order that there would be a toll-free number, or a web page to consult for this stuff. The Apple Store never really has an issue with my purchases.
Once I got the hardware figured out, I had a decision to make regarding software. The AMD based Tsunami was running Gentoo Linux, and I’ve used it for a long time on my servers (ever since I switched from FreeBSD about five years ago). Gentoo worked fine, and the security updates were fairly good on it. The install process is necessarily complex since Gentoo is targeted towards a “roll your own” mentality. My problem is that I’ve become very lazy in my old age, and I’m getting tired of tinkering with things quite so much. With law school going on, and having to do work for Kattare, I don’t have the time or inclination to be fixing my server all the time. Especially when my e-mail is so important to me. While Gentoo was pretty stable and such, it required some intricate futzing to make work correctly all the time. I realized that MacOS X Server was very similar to my setup on Gentoo. The e-mail that ships with MacOS was in essence the same as what I was running on Gentoo: Postfix for an MTA, Cyrus IMAPd for a store, and a LDAP store for users. What was attractive is that there were some nice clicky buttons to set up all of the options for e-mail. Spam filtering with SpamAssassin was a check box in Server Administrator. Adding users was as easy as slamming in them into Workgroup Manager. Likewise, Apache server was doing the web duties for both MacOS and Gentoo. And, again, the ease of setting up Apache on MacOS was impressive.
So, I decided that I’d try out MacOS to see if I could make it work for my server. So far, it works fairly well. The nice thing about most of the stuff is that if you don’t like the choices that Server Manager gives you, you can always ditch it and edit the files directly. I’ve been resisting doing that for various reasons, but, honestly, the only thing I can think of that I’m missing is the ability to add SPF records to my DNS server. I have some security concerns with the granularity of the clicky buttons in the Apache configuration, but it’s certainly not a show stopper. The stability of the machine has been comparable to my Gentoo server in every way.
One of the huge advantages that I like about running MacOS instead is the ability to VNC in and get a standard MacOS interface. It allows me to install graphical programs that I’d normally use on my workstation. I ran into some problems getting it working 100%. The big issue is with Apple’s LDAP implementation: Open Directory. In the default configuration, Open Directory users are not able to log in via VNC. Unfortunately, the iCal Server (which is pretty nice) requires that its users be in the directory, and not as local users. After doing a lot of research, I learned that the only way to really get OD users to authenticate with VNC is to change the settings via Apple Remote Desktop 3.0. This was kind of an annoyance, but once I discovered the trick, wasn’t too much of a problem to set up.
I’ve also had some issues with runaway processes. Once it seemed like it was Clam Antivirus (which is used in the E-Mail server), and the other, sshd. I’ll be watching things a little more closely to see why these things were going crazy. As usual with UNIX based stuff, killing off the processes solved the problems without a reboot of the entire machine.
Another nice thing I found by accident with the box is the firewalling. It turns out that MacOS X has a daemon that runs and watches the authentication logs to see if there’s any authentication failures. When it finds excessive amounts, it will throw that IP address in the firewall for a period of time. This shipped on by default, and I didn’t have to do anything to set it up. This is really smart, and impresses me a lot. If you’re interested, check out emond and afctl.
I’ll have more updates about what I encounter a they come up.
0 responses so far ↓
There are no comments yet...Kick things off by filling out the form below.
You must log in to post a comment.