A few weeks ago I had an old 10.9 open directory master server crash on me and I was unable to restart, luckily I had a good backup of my server which I created using Carbon Copy Cloner on a schedule. If your not using Carbon Copy Cloner I highly recommend doing so its one of the best backup utilities for OSX Server as it runs in the background and can backup and clone multiple directories and or the entire hard drive.
In my case I was using it with Safety Net enabled and was able to restore the entire drive which took under an hour. Once restored I realized the best option for me was to move from 10.10 server from 10.9. In my environment I had 1 open directory master and 2 replicas. All running on 10.9 server, however close to 90% of my user base is running on 10.10 so I decided that it would be beneficial for those users to authenticate against Yosemite’s server.
The process is pretty simple so Im just using this blog post as a form of documentation and education for those who are looking for a quick guide. Per Apples own documentation the open directory master can be exported or archived 2 different ways. Via the server.app or via the command line. Lets review the steps for both.
You can archive Open Directory data from the command line.
To archive Open Directory data, open the Terminal app (located in the Other folder in Launchpad), then enter the following command:
$ sudo slapconfig -backupdb /full/path/to/archiveFor example, /full/path/to/archive could be /Volumes/Data/myODArchive.
Enter a password to encrypt the disk image. Encrypting the image protects the sensitive data in the Open Directory database.
The archive file will have the file extension “.sparseimage”.
Now that we have the open directory exported as a sparse disk bundle DMG file and has been password protected we can take that from our 10.9 server and import it into our 10.10 server. The next step for me was to wipe the server, install 10.10. I then ran all the updates. I purchased and downloaded 10.10 Server to my system and I set it up with my hostname, and let the setup wizard finish the server setup. When done you should have a copy of OSX Server running on 10.10 with a valid hostname, external IP address port forwarded and DNS setup and configured.
If DNS is not configured I recommend changing the hostname of your server and when it asks you if you want OSX Server to setup DNS choose to let it do so, it is the cleanest method for setting up OSX Server DNS initially and as most Apple administrators know its the one critical item that can make or break your open directory functionality. Now we are ready to import our Open Directory archive file. There are again 2 methods for doing so.
To restore Open Directory data, open the Terminal app (located in the Other folder in Launchpad), then enter the following command:
sudo slapconfig -restoredb /full/path/to/archive.sparseimageFor example, /full/path/to/archive.sparseimage could be /Volumes/Data/myODArchive.sparseimage.
If you entered a password to encrypt the data when you archived it, enter that password when prompted.
If everything processed correctly you should now be looking at a fully functional and migrated OSX Open Directory. But this got me thinking there has got to be a better way to backup and restore an Open Directory master, or better yet a better way to migrate open directory masters from a specific moment in time. I wrote a script a while ago that allowed people to setup a cron job and auto-backup their Open Directory using the command line sparsediskimage dump. The script which can be found here worked great for older server installs but not so great on 10.10.
I started researching and found this an automated set of scripts that works with all major server releases and will auto-dump securely your open directory so that you can restore from a known moment in time. Per their own Documentation here is how it works.
Bender is provided as a simple PKG installer. Once installed, Bender will create a Backup directory in the root of the boot drive. Each evening at 10PM Bender creates the following files:
As you can see not only does it dump the OSX Databases but it also dumps and saves the settings for all of the OSX Services, how cool is that! I installed it on all my servers and it works great. It dumps the settings and database files into a folder at the root level of the drive and I use Carbon Copy Cloner to backup that directory instead of the entire operating system to a folder on an external file share. This will make future migrations and restores faster since I already have a known good base image for OSX Server and can simply re-import the server settings and open directory any time I need.
Here is a brief overview again pulled from their own documentation.
/sbin/ifconfig | /usr/bin/grep -m 1 ether | /usr/bin/awk '{print $2}' | /usr/bin/sed 's/://g' | /usr/bin/cut -c 5-For the current release of Bender
system_profiler SPHardwareDataType | awk '/Hardware UUID/{print $3}'Note: There is currently no restore option in Server.app in 10.8 or later, so use the command line:
sudo slapconfig -restoredb /path/to/your/archive.sparseimagesudo serveradmin settings < /path/to/your-sa_backup-allservices.backupsudo serveradmin settings < /path/to/your-sa_backup-servicename.backupHelpful Hint: Terminal in OS X supports drag & drop, so you can simply drag the plist you want to restore instead of typing in the full path.
This has been one of the best addons to my server in a long while and I highly recommend it usage. If you found my overview of the steps I took to migrate my Open Directory server from 10.9 to 10.10 please leave a comment!
