Justin Rummel . com

Professional Bio/Resume site for Justin Rummel

Using .p12 or JKS Files With OS X

| Comments

Overview

My test CrashPlan PROe (CPPe, a.k.a “Black”) environment has been troubled with this VMware Fusion bug where linking a shared folder has some issues with read/write. The end result was anytime a client (Mac or Windows) running CrashPlan PROe had to restart, CrashPlan PROe Server would go into a deep prune session that would last for days (more info in the logs, but you get the idea). Not very reassuring when dealing with backups.

It took some time, but with the help of Code42 support the best recommended route was to remove my VMware Fusion VMs from the equation and run direct on my VM host, a couple of 2010 MacMini Servers. The process was pretty easy by:

  • Prep the CPPe database
  • Do a database dump
  • Find/replace some settings (done by Code42 support)
  • Install CPPe Server on host
  • launchclt unload /Library/LaunchDaemons/com.crashplan.proserver.plist
  • place converted db in /Library/Application\ Support/CrashPlan/PROServer/db/
  • launchclt load /Library/LaunchDaemons/com.crashplan.proserver.plist

Certificates

So WHY is this titled referencing .p12 and .jks files? I originally used this script to generate JKS files in Ubuntu Server. This allowed me to create the JKS, import the RootCA, IntermediateCA, CSR, and then finally copy the signed cert to a single file that was then imported into CPPe’s management console. When migrating to OS X, I had already had a signed certificate for the server (web services)… so starting from the beginning wasn’t an option.

Exporting from the System Keychain has been an issue since the 10.5 days. You think the file is exported properly with both the public and private key… but it was always missing the private key for some reason.

The solution is to enable root on your server. You can enable root by launching Directory Utility ( /System/Library/CoreServices/Directory\ Utility.app ) or by following Apple’s kbase.

Login as root, find and select BOTH the public and private certificate in Keychain Access and export to a .p12. This process will ask you to use a password to make sure things are secure as you are EXPORTING THE PRIVATE KEY.

Once you have the .p12, this simple one-line will convert the .p12 to a .jks so you can import into CPPe’s management console.

1
keytool -importkeystore -destkeystore NEW-SERVER.jks -deststorepass Pass#word -srckeystore certificate-export.p12 -srcstoretype PKCS12 -srcstorepass Pass#word

As a best practice, I usually create .jks, .p12, or even .cer files with the server’s FQDN to make things easy to read in the future. Hope this helps someone from pulling out their hair.

VPP 2.0 Presentation

| Comments

Yesterday I was able to present to the local DC, VA, MD Mac User Group MacDMV on VPP. I felt it was a great success for our first knowledge focus event, and glad things are now in-gear. As I mentioned during my presentation, I’ve uploaded my slides to GitHUB so you can download the Markdown source.

Yes… Markdown slides!

I wanted to do something a little different than Keynote (and no PowerPoint is not an option). I didn’t want Keynote as I wanted to share my information for everyone, not just Mac users who happen to have Keynote installed on their machine. I could have done PDF, but if other’s wanted to copy/paste… again it’s not as easy if you are not using a Mac. With my enjoyment of using Markdown as a note taking tool (along as the blog posts for this site), I wanted to find something that would parse Markdown syntax and make it a “presentation”. I found landslide.

The README file explains landslide’s features pretty well. What I want to jot down is a quick step-by-step to get my presentation from markdown to your machine in the way everyone else was able to see it on Wednesday night.

1
2
3
4
5
6
7
8
9
10
11
12
cd ~/Desktop/
git clone https://github.com/adamzap/landslide.git
cd landslide
python setup.py build
sudo python setup.py install

# At this point you now have the landslide command line utility

cd ~/Desktop/
git clone https://github.com/justinrummel/MacDMV.git
cd MacDMV/VPP-2.0/
landslide slides.md -t themes/light/; open presentation.html

And you are done! You should now be able to see my presentation.

MacDMV: New DC, MD, VA Mac Admin Group

| Comments

Last Friday I was feeling a little jealous of the San Francisco area Mac Admin’s group Macbrained on getting a group of individuals together to discuss new items in the Apple world (Mavericks and iOS7). I know many Mac Admin’s in the DC Metro area and believe that a DC group would thrive! I was venting my frustrations to @natewalck on ##osx-server of which he replied: “make one!”. Tom happened to be in the channel as well… and in about 10 minutes we purchased a domain, established email accounts, and created a twitter user for future broadcasts.

We are still in the beginning stages, but we are targeting to find a good location in January to host the first meeting. At this time, we need to find out the level of interest from the DC, MD, VA (DMV) area so we can find a suitable venue. If there are items you would like to discuss, let us know! Anything is open! iOS 7 changes, Mavericks changes, security, CLI, Government (or other high security requirement areas) focus topics… you name it, lets talk about it.

So please sign up for more information at MacDMV, or email/tweet Tom or myself with questions or concerns.

Source

2013 Berryman Adventure Race

| Comments

Over the weekend of September 28th, 2013 I had the opportunity to do the Berryman Adventure race with my Brother-in-law Shawn which is a multi-sport race for Run, Bike, and Canoe… BUT you have to take everything with you. Food, water, clothes, paddles, etc. The Berryman Adventure races is an orienteering race where the night before we get a list of lat/long locations that we have to find using traditional methods of locating things; a map and a compass. Between each checkpoints you do not have the luxury of nice foot paths that are carved to take you from point “A” to point “B”. You have to “Bushwhack” your way through trees, streams, animals, twigs, brush, poison ivy, etc, and make your own path.

“The Berryman Adventure is a TRUE backwoods, old school adventure race - offering a single course taking teams 12 to 16 hours to complete”.

While we were bushwhacking, biking, and canoeing through the Mark Twain National Forest, I was trying to keep a mental list of all the interesting items we experienced or witnessed throughout the day. However, once I started reviewing the list… I soon realized that I was creating a list of misery, horror, and epic proportions of PAIN which would most likely scare anyone from trying to do these types of races in the future. So while you are reading a list, just remember I’m glad these things happened and that I was able to overcome the obstacles and finish the race.

List of in order of time to the best of my memory:

  • To the guys who cranked the Licensed to Ill Beasty Boys album at 6am, THANKS! The loud music blasting from your truck set the fun atmosphere and attitude for the rest of the day.
  • Upon “GO”, it was interesting to watch 57 teams comprising of almost 150 people split into two different directions. Over the past year doing Triathlons where there is only one way to go… this was different.
  • And in about 15 seconds our mass group split again with one taking the gravel car path while we, team Roadkill, decided to jump off that path and bushwhack straight up the hilltop.
  • While bushwhacking I was educated in what poison ivy looks like. No not the bad way, but just that it was everywhere. Also, when you are attacked by a swarm of bees (and not SyncServer mac nerds) you don’t care how you dance, or sound when you scream (not us, but witnessed).
  • We finished the first five checkpoints (of 39 checkpoints total) in about an hour, and that is when I realized that waterproof socks are required. Running in wet socks (and shoes) is a perfect mix to generate blisters on your feet, and I felt it starting after the first hour. Luckily we came to the section of the multi-sport where I felt confident I could excel, the bike.
  • I thought Missouri was flat. I was wrong.
  • Once we were finished with the 18 mile ride, we got to the canoes. We had to arrange our bikes on the canoe and TAKE THEM WITH US to the next several checkpoints.
  • From this point we had done all three sports, the rest of the trip went
    • Bike
    • Canoe
    • Bushwhack
    • Canoe
    • Bike

It was great to finish. However the downpour at 4pm really put a damper on the spirits and at that time the goal shifted to “just finish the race” vs. catching more checkpoints. Maybe I should looking into doing a Half Ironman now that I know I can take an entire day of physical (and mental) punishment.

UPDATE 2013-10-02

I just remembered a couple of items that I did learn from my first race that I wanted to write down so I can review for next year:

  • In-addition to some waterproof socks, if you want to do ANY night work get a decent front headlight on your bike to see the roads. Are there ones with Fog options? Bring a hand flashlight along with the headlamp.
  • Need better pants to protect my legs. The compression socks did OK (better than nothing), but I’m still in ITCHING HELL from my knees to my ankles.
  • To the guy that passed us peddling uphill, JEALOUS! FYI; he has a “42” on his rear cog. That would be nice.
  • If you want to see a map of our adventure, it’s available via this Google Map link. You’ll notice at the beginning the GPS tracker had a little trouble finding us while we were standing still… but once we started moving on the bikes it locked on.

Also, if you want to read about the race from other racers, I found:

  • Rock Racing Xtreme Adventure that has some pictures and a video clip of the downpour in the canoes
  • Emily Korsch’s Outdoor Adventure who was also on the 2nd place team Alpine Shop, PLUS she is competing at USARA National Championships starting TOMORROW in Nashville, IN.

Casper Suite 9: JDS Ubuntu Server Install Example

| Comments

Overview

In the last article Casper Suite 9: Cloud and JDS Distribution Points I gave you information about things to take into consideration before installing a JAMF Distribution Server (JDS) into your Casper Suite 9 environment. In this article I’ll take you through an example install of a JDS in Ubuntu.

JAMF Distribution Server (JDS) Install

I’m going to measure my success in this example by the brevity of the article. So here it goes!

Step 1; Get an install of Ubuntu

I am using Ubuntu Server 12.04 LTS as it’s one of the items identified that is supported for a JDS. You can install the JDS on:

  • Ubuntu 10.04 LTS Server
  • Ubuntu 12.04 LTS Server
  • Red Hat Enterprise Linux (RHEL) 6  1
  • OS X Server with Server.app 2.2  2

First thing I did is Download Ubuntu Server 12.04 LTS AMD64 ISO file. With the “Server” edition there is no GUI, so I hope you are ready for some Command Line navigation.

I then used the ISO to create a new VM, and YES Fusion could make this easy for me, but I like going through the steps of the installer so I can set the hostname and configure other detailed options that are prompted for me (such as installing SSH at the end).

Step 2; Run the script

Once your VM is running (with proper networking, DNS, hostname), copy JAMF’s JDS Linux install script file to your server and run!

There you go! I did this twice (JDS1 and JDS2) and now my JSS reports both distribution points.

JDS installed on JSS screenshot

Summary

The output gist log has some very interesting output items and shows you how much JAMF is working for you to make things easy.

  • Validating JDS is being installed on a supported OS
  • Validating JDS space requirements
  • Validating JDS component paths (as listed on JAMF’s kb Components Installed on JDS Instances)
  • Install Apache if needed
  • Install OpenSSL if needed
  • Installing PHP and enabling the mod for Apache
  • Apache rewrite rules and other .conf items

Hidden from the display output, the script is also doing:

  • Utilizing machine based SSL certificates for Secure JSS/Client to JDS communication
  • Installing the jamfds binary

If you really want to go digging, once your run the script and are prompted for your JDS name… STOP. Search in the same directory and you’ll find a new directory called “base”. Inside that is all the scripts that are emebedded into JAMF’s “.run” file.

Notes


  1. Red Hat Linux (RHL) Support is something new for JAMF.  

  2. There is an interesting Discussion on JAMF Nation as the Admin Guide states Lion and Server 2.2, but Server 2.2 is not available for Lion.