I've been running a Mac Mini server from my home as a central point for use by my family, who is spread around the world, a few tech-unsavvy friends who would prefer to have me set things up for them, and my friends who would prefer not to pay for services that generally require a bit of money. It is also a great way for my friends to share huge files with each other without worry. Since the time I bought it, it's been running Mac OS X Snow Leopard Server 10.6, which, at the time, was a big part of the cost of the Mac Mini Server.
Shortly after it was released, I decided to buy and install OS X Lion Server 10.7, an OS that was Apple's first to be released entirely through it's internet-based Mac App Store. And unlike its expensive predecessors, this release was a mere $50 (in addition to the OS, which I had already bought for my laptop, for $30).
I made two good backups of the server, notified any users who are still relatively active, and began the upgrade process. I had a hiccup or two with the actual installation process, but the real nightmare came after the OS was installed in its entirety. All non-admin accounts disappeared, making the share points a mess, several services were completely removed, and a few others listed in my post, "Issues Upgrading to Lion". After a few days of trying to correct the issues with brute force, I reluctantly restored from my second backup.
In the months that followed, my server was always looming in my head. Security updates would not be addressed, new services could not be pushed out, and the steps required for upgrading would get bigger with each new update of Lion. Unlike the Windows ecosystem where people can successfully continue using an OS like XP for years and years, Mac OS updates are generally always a good idea.
And then last week Apple released the iPhone 4S, and one of the main selling points for iOS 5, the new mobile operating system on which the iPhone 4S ran, was iCloud, Apple's solution to storing things in the cloud. Naturally, I wanted to have it.
But iCloud requires Lion 10.7.2 to be on all of your devices before even migrating from MobileMe or really committing to a new iCloud account, which meant I had no choice — I needed to update my server OS.
I decided to take a different approach this time. Rather than making a bootable backup, a Time Machine backup, and hoping the upgrade process "just works", I decided to export everything from each respective service. I analyzed the services I really needed versus the things that were somewhat legacy or an experiment from when I first started playing with OS X Server. For me, that amounted to (roughly in order):
- Filesharing. This is the big one. On Snow Leopard Server, I used AFP, SMB, and FTP. AFP was without a doubt the most necessary, but several of my Windows friends used SMB, and FTP is a good universal-even-if-a-pain protocol for sharing files.
- VPN. This is very important as well, not only for me to access the network from anywhere, but also for several of my friends in China who use this to get around the internet censorship — the "Great Firewall" — in China.
- Various means of access for me, such as Screen Sharing (VNC) or SSH. These are easy to configure, and only I use them, so it would be no issue to set up from scratch if need be.
- Time Machine. My wife and I use this machine for Time Machine backups of our other computers. This sort of fits in the filesharing, but is related also to user accounts and permissions.
- iCal hosting. For events that require extra coordination, such as our wedding in China last year, I set up calendars for people to subscribe to. Sure, I could do this on MobileMe or Google Calendar or any other number of things, but I like doing it here.
And the things I previously had but realized I no longer need:
- Wiki. Seriously?
- Mail. Again, seriously? I've got so many freaking email addresses the last thing I need is to maintain another that is solely my responsibility.
- iChat. I can see how this is a great service for some, but I have enough ways to communicate with other users.
For everything in the first list, I exported all of the settings from Server Admin.app. The app makes it remarkably easy to export configuration files, which can later be imported. Using the upgrade guide Apple released, I also made several com.apple. ... .plist backups from the System Library.
And then I pressed go.
I had mostly the same errors as I did back in July, which surprised me, seeing as how they've already had a number of "bugfix" updates. And when the installation was complete, sure enough, the user accounts were gone, and half of the services were disabled. But rather than trying to correct all the problems at one time — say, by restoring files in System Library from my backup — I addressed each service as needed:
I reimported the user accounts from the exported list, as well as the groups, I removed any previous NAT port-mapping settings I had made with Snow Leopard on my Time Capsule router, verified the sharepoints, etc.
The only thing that gave me a bit of trouble was enabling the L2TP VPN, as Apple had disabled-by-default the less secure but more convenient and universal PPTP. After too long searching the web for reasons why canyouseeme.org couldn't see port 1701, L2TP's port, I found this little nugget on Apple's Forums from J15BIG suggesting it wasn't the port, but the devices connecting to it refusing the connection because I don't have an SSL certificate:
The issues I was having acutally had nothing to do with my ports, it was my SSL certificate. I didn't pay anyone for a certificate so I didn't have one setup. However, once I setup my server with a self signed certificate, and I added a profile to my phone that told the phone to trust the self signed certificate, the VPN worked flawless.
And huzzah! That fixed it.
And so, I learned quite a bit from the OS X Lion Server adventure. First, Apple is trying very hard to make the gap between Server & Client smaller. Second, Lion Server seems like it'd be perfect for a normal guy who decides one day he wants the benefits of a Server, but really sucks for people who had gone through the effort to configure everything they needed on Snow Leopard. And third, sometimes breaking a big problem into a bunch of small problems makes the whole process painless and educational.
I'm happy it's over.