Another Stab at using OS X Server

I’ve had a few run-ins (as I like to call them) with OS X Server in the course of my career. I’ve been very comfortable with UNIX/Linux machines for a long time (I compiled my own Linux kernels when I was right out of college) and found them to be quite reliable and highly configurable. The lack of a GUI didn’t scare me and I thought it was a plus as there are tons of options for services like Apache and named (DNS) and a there was no way that a GUI could expose all of them.

In one of my contract positions, we were using a Linux box until a new IT person came in and bought an Xserve with OS X Server thinking that since he was comfortable with OS X, the server was the next logical step. While OS X Server runs on UNIX, the friendly GUI hides lots of options, some of which are necessary to running a successful server and some of which are needed when the server does something stupid. So now you have the GUI modifying settings and devs modifying settings via the command line in order to work around deficiencies in the GUI. It was just a recipe for disaster. After awhile, we resigned the Xserve to specific tasks and put the more important services on a Linux box.

My next run in with OS X Server came a few years later when the company I contracted for and then went to work for already had an investment in 4 or so Xserves. They were chosen because the lead IT guy was more comfortable with OS X than with UNIX/Linux (he was more of a desktop support guy and not a server guy). In this setup, we had to use Open Directory and I managed to unify the boxes and spread out the services. Open Directory was a nightmare because sometimes it just returned errors with no way to fix them. Again, the GUI hid things (including ways to fix problems) that would have been simple using a command line. We eventually put a few Linux boxes on the network and ran more core services on those; the Xserves still handled FileMaker Server (that’s another nightmare for another day) and Open Directory. The only saving grace for Open Directory was the GUI for user management as sending LDAP commands to populate it was probably worse than dealing with OS X Server.

I had completely put OS X Server behind me when Apple announced Xcode Server at the last WWDC. It intrigued me, but I ignored it until last week when I went ahead and created a Mavericks virtual machine and put Server on it. It was quite painless and actually looked like it had some useful features. Xcode Server, VPN, and Caching were the primary things that I couldn’t do from OS X out of the box. (I already had FTP, for my scanner, and Apache going on my media center.) After I ran the VM for a day or so, I decided to take a leap of faith and install server right on my media center and not in a VM. I was reassured in this decision after seeing some articles on how to remove it. In the olden days, OS X Server was as a separate install and couldn’t be removed. I’ve been running Mavericks Server for about a week now and it has been great, unlike my previous run-ins with the product. While it is still not perfect (Xcode Server needs some work), it is looking good. I had have to hack on a config file for the web server to do proxying as my security system runs a local service on port 8000 and in order to protect it with SSL, I had to setup SSL on the web server and proxy it, but that was just a matter of adding:

<IfModule mod_proxy_balancer.c>
     ProxyPass / balancer://balancer-group/
     ProxyPassReverse / balancer://balancer-group
     <Proxy "balancer://balancer-group">
          BalancerMember http://localhost:8000
     </Proxy>
</IfModule>

to the config file for the site. The downside is that if I touch the site setup, my changes will get blown away.

While playing around with the Profile Manager today, I think I discovered the biggest problem with OS X Server in the past…Open Directory. In order to do MDM (Mobile Device Management) in Profile Manager, you have to turn on Open Directory. I quickly cancelled out of that and ended that experiment. I mentioned Open Directory to a co-worker who also used to do IT and he had the exact same feeling about Open Directory that I do; I hate it. I know that’s pretty strong, but that service has had many, many problems that I’m unwilling to risk my server to turn that on as I have no use for it. Maybe a company that has a dedicated IT guy has no problem with IT, but if you leave Open Directory out of OS X Server, I think Apple has a fine small business server product.

For developers, OS X Server is now free and if you’re like most geeks, you already have a machine running all the time, so might as well install OS X Server and take advantage of the caching and maybe play around with Xcode Server.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.