25 Sep 2010
Mac mini server (mid 2010) setup notes
I recently bought a unibody Mac mini. Because I wanted a pair of fast drives, I got the server edition. Although it's somewhat pricier than the base version, you get a faster CPU (2.66 GHz Intel core 2 duo T8800), 4GB of RAM, and two 500GB 7200rpm drives (Hitachi travelstar 7K500).
For the most part, setting it up was smooth, but a few annoying things stood out.
Firstly, snow leopard was already installed on the machine, but inexplicably, the drives were partitioned as two separate volumes. It would have made more sense to have shipped the mini with the drives combined in a RAID volume. Instead, I had to repartition and reinstall snow leopard again to get a single RAID 0 volume. It took several attempts at booting the install DVD before I figured out that the boot ROM doesn't like keyboards that are connected via USB hubs. After plugging in my keyboard directly into the mini, holding down "C" boots the mini from the DVD drive. (Here's a boot modifier list and a here's a handy list of mac keyboard shortcuts).
The next interesting fact about snow leopard server - the firewall config is quite different from regular Mac OS. Rather than accessing the firewall pane in the "Security" section of the system preferences (that's where the help points you), you start up the "server admin" app. You enable "Firewall" as a service. The firewall service then appears as a running service, and you can then configure that. The good news is that this "server admin" gives you visibility into the firewall details, rather than an unhelpful list of services/applications. You can see the rules being applied to what I'm guessing is ipfw. Unfortunately, ipfw doesn't seem to do statefulness in the way that I expect. For example, enabling outgoing udp packets with statefulness should be sufficient to make traceroute work. However, it seems that ipfw isn't matching the returning ICMP "TTL exceeded" packets against the outbound UDP state. So I had to also enable extra incoming ICMP types before traceroute worked. Other stateful firewalls like pf do the right thing in this regard without needing the extra ICMP rules.
The final bit of fun for the week was getting time machine to backup to a remote samba drive. Time machine is great example of what Mac OS does very well. You normally configure it by pointing it at a backup drive, and it works without any further attention from you (in fact, as I'm typing, time machine is happily doing an incremental backup in the background). However, in their wisdom, Apple doesn't support backing up to remote drives other than time capsules or other mac machines. A bunch of people have written up workarounds. From these notes, it looks like you need to do:
defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1
- create a sparsebundle disk image. You can use hdiutil, but a sparsebundle created by Disk Utility worked for me.
- create a .plist that binds your machine's UUID with that backup.