We try to make Mac servers "just work"
Mac Mini Vault is division of CyberLynk , a data center company located near Milwaukee, WI. We have over a thousand Macs in our data centers (Milwaukee and Phoenix). Right now we are at over a fifteen dedicated 48U cabinets that do nothing but host Mac servers. Each of which can hold up to 140 Mac mini or 48 Mac Pro servers.
Normally colocation is hands-off from the view point of the data center. The customer owns the equipment and ultimately runs their own show. Our approach is slightly different. We have free hands-on support hours. We also do a lot of testing. The testing that we do revolves around making our customer's lives easier and automating the living hell out of any manual task. Manual tasks can be messy, include typos, and most unfortunately can render a machine dead in the water.
We've also created many (15+) different operating system 'images' for the 2011, 2012, and 2014 Mac mini hardware. This includes 6+ distributions of Linux, Windows Server 2k8/2k12, VMware ESXi 5.5/6.0, and even OS X 10.6 and 10.6 Server (10.6 will only run on 2011 or older hardware & some of these images have been retired). We've also created little apps or scripts that automate tasks that we regularly see customers struggle with.
We have taken a few scripts that we've complied and put them in this GitHub project to further develop and grow them.
MMV MySQL Script
This script downloads and installs MySQL on OS X 10.7 or newer. Note that if you have ever had MySQL installed, this script may not work. Running it is as simple as copying and pasting this bash line into terminal:
NOTE: READ THE README FILE BEFORE RUNNING! WE DO NOT RECOMMEND USING THIS SCRIPT ON OS X 10.11 OR HIGHER (SEE README FOR ALTERNATIVE)
bash <(curl -Ls http://git.io/eUx7rg)
MMV MySQL Password Reset Script
Did you install MySQL on OS X using our script and forget the root password? Our script displays the password during installation and also places a file on the desktop with it. Don't worry - this script will restart MySQL and reset the root password. It'll show the password and place a file on the desktop again containing the file. Running it is as simple as copying and pasting this bash line into terminal:
NOTE: READ THE README FILE BEFORE RUNNING!
bash <(curl -Ls http://git.io/9xqEnQ)
VPN Script
This script sets up a VPN server on a Mac running 10.8, 10.9, 10.10, or 10.11 with Server.app. Be sure to read the vpnscript-README file first. This script automates the VLAN, DNS, Firewall, and VPN configuration steps. Running it is as simple as copying and pasting this bash line into terminal:
NOTE: READ THE README FILE BEFORE RUNNING!
bash <(curl -Ls http://git.io/1UlbJQ)
MMV Wordpress Script
This script blasts out a WordPress install in seconds. It needs OS X 10.8, 10.9, 10.10 or 10.11 with Server.app setup and running. It also requires MySQL to be installed, we have a tutorial on how to do that. It automates 95% of the process, allowing you to to a WordPress install up and running that allows for WordPress updates, plugin installs, media and theme uploads from within the WordPress backed. Currently there is a manual step required which is to create the website entry in Server.app. Be sure to read the mmvwordpress-README file first. Running it is as simple as copying and pasting this bash line into terminal:
NOTE: READ THE README FILE BEFORE RUNNING!
bash <(curl -Ls http://git.io/KQ_dvw)
Disable Bonjour Script
By default Macs advertise their existence on the network they are connected to with a DNS Multicast protocol. This allows one Mac to see and easily connect to other Macs and devices on the network. This doesn't work so well when you have hundreds of Macs on the same network and businesses, schools, and data centers regularly disable this functionality. It can be done by edited a plist file and adding in a specific flag. If this file is not edited properly, the Mac can cease to resolve DNS or may no longer boot. This script quickly detects the version of OS X and makes sure the flag is not currently sets and painlessly edits the plist file. Be sure to read the disablebonjour-README file first. Running it is as simple as copying and pasting this bash line into terminal:
NOTE: READ THE README FILE BEFORE RUNNING!
bash <(curl -Ls http://git.io/q9j5Zw)
Change SSH Port Script
Enabling remote SSH access on a Mac is simplistic and easy. Under the sharing preferences there is a 'Remote Login' option that requires a single click to be activated. This allows for some powerful remote access via the command line. SFTP file transfers and remotely diagnosing a distressed Mac with non-functioning VNC/ARD access are two prime examples for enabling Remote Login.
If this machine is live on the internet and port 22 is not being filtered by a firewall then you may run into some unwanted attention. Bots and scanners crawl the web looking for responses on port 22. The majority of the time this results in no harm, as they have to randomly guess login credentials. For the peace of mind and a little added security, running SSH on a non-standard port is just a good idea. Running it is as simple as copying and pasting this bash line into terminal:
NOTE: READ THE README FILE BEFORE RUNNING!
bash <(curl -Ls http://git.io/_9fF7g)
To connect to the server just add the port number to your ssh command. If your alternative port was 9222, the command would be:
ssh -p9222 user@server.example.com
Disabling Maverick's Unicast ARP Cache Validation Script
There is a new security function in OS X 10.9 Mavericks that performs validation of the ARP cache. Basically, it's trying to attempt to see if the network gateway (router) is being spoofed/redirected. Unfortunately it interprets our redundant routers as an issue and causes network performance, lag, and packet loss.
Not many Macs are in this scenario, but we happen to have a lot. Each Mac mini cabinet in our data center uses redundant Cisco 6509's as gateways. There are multiple fiber paths that are one hop away from the upstream internet connections.
To disable this function in OS X 10.9 we've written a script. It's reversible in the future, but in the mean time it'll stop you from pulling your hair out. Macs on high availability networks found in data centers and enterprise environments can be affected. Running it is as simple as copying and pasting this bash line into terminal:
NOTE: READ THE README FILE BEFORE RUNNING!
bash <(curl -Ls http://git.io/6YzLCw)
More to come!
We have some more scripts to write and will add to the collection as we develop them further.
Support or Contact
http://www.macminivault.com is our website. We support these scripts for our customers, but if you have questions and are not our customer we can try to lend a helping hand. If you ever have a need to place a Mac in a secure location with a lot of bandwidth, fire suppression, security, and backup power - be sure to look us up.