Information Technologies • 54:52
Managing more than a few computers requires thinking like a system administrator. Discover IT skills, habits, and philosophies that can save you time and effort and avoid frustration as your network grows. See what goes on behind the GUI tools, embrace the command-line interface, and learn other valuable techniques that can help you succeed as a system administrator.
Speaker: Fred Licht
Unlisted on Apple Developer site
Transcript
This transcript has potential transcription errors. We are working on an improved version.
Hello and thank you for coming to WWDC. First off I want to say wow, this is a lot of people. I didn't expect this much. So, thank you for coming to this session. This is a session on learning to become an effective System Admin. I'll be discussing about the concept of shifting between the Admin to the SysAdmin.
How do you as an individual do your job better? So, things I'm going to be covering are an introduction, describe who I am, why I'm here, why I'm talking to you guys I'm going to discuss how do you scale the SysAdmin and how to go beyond the GUI.
We'll wrap all this up with a whole bunch of Q and A. If you'll do me a favor, if you have any questions save them to the end. I believe there are some microphones that are around the isles and around the back. At the end feel free to stand up in front of the microphones to answer any of those questions you may have. Before I go much further I want to do one thing and set some expectations here. This was a session that I came up with and I think is very valuable here for Apple Computer.
I want to start out by saying a lot of the content that's going to be in this session is targeted towards 10.4 even though this is WWDC and we have a lot about Leopard. This session will empower you today when you walk out of this session so you can do more.
The other expectation I'd like to set for everybody here is this is going to be content for individuals that are either junior Admins, senior Admins have been working with Microsoft Windows, or people that have been working with even Mac OS 9 and are still trying to cross that bridge into Mac OS X.
Can I have hands real quick, how many people are still running Mac OS 9 in the audience? How many people are Microsoft Windows that are new to the Macintosh platform? How many are not new to the Macintosh platform but still have a handful of computers? Okay. Even if you are a senior Admin, if I can ask, if you please stay, one of the important things that I try to communicate in this session that I'm going to go over is the discussion that even if some of this content might be review for you that is really important for the resources are your peers. I'll get back to this at the end of my session. So, even if you find that some of this stuff might be a little junior for you, please stay there's stills stuff that I think will be valuable for you guys.
So without further ado, who am I? My name is Fred Licht. I'm a system engineer at Apple computer. I maintain upwards of 170 servers for Apple's IT department. I've been everything from your Mac support guy to the Mac Admin to the Mac SysAdmin throughout my entire career. I've been and Admin for 13 years and I've been a SysAdmin for about half that amount of time.
One of the things I want to discuss is what's the difference between the Mac Admin and the Mac SysAdmin? There's been a lot of terminology and people have connotations of what that means in the real world. A Mac Admin is someone that maintains maybe a whole bunch of individual workstations, who may have a handful of Mac OS X servers. But, they're not integrated. And they want to automate things, empower things, do things better.
So, as a Mac SysAdmin you then become empowered to be able to automate steps to, excuse me, to be able to automate the steps to be able to integrate all the different systems, and more importantly be able to do more with less. So, one of the things I'll discuss in this presentation is how to make some of that transition.
Before I go much further, I don't know if any of you've necessarily been around in the days of 10.3 but there was a little teaser movie in the technical training department. There was a guy that said. Hi my name's Fred and I'm an Apples certified technical coordinator. If you guys saw that little teaser, officially speaking I'm an Apple certified technical system administrator.
So, some of you may happen to know this picture off hand. So, I've been a private consultant. I've worked at Apple as SysAdmin. I've worked as an Admin. So, I'm here today to show you things that I've learned and encountered throughout my experience evolving into a Macintosh SysAdmin.
So, before we go too much further, two of the terms that I'd like to bring out here, one is the consumer. Everyone is sort of aware of what the consumer is. That's the target audience the Macintosh generally is made for. Another one that I'd like to come up with is a new term that I'd like to put out into the public. It's called the Office-umer.
We are all aware that whenever you support someone at the home if their computer's not working and it's down for four hours the worse case is that their computers down for four hours. In an office environment that's not the same thing. In an office environment of the computer is down for an hour that's an individual that's not doing their job. So, the way you support an Office-umer is very different than how you support your consumer. So, I will be referencing this term further along the lines in my presentation.
Before I get into discussing the theory of how you can be a more effective SysAdmin, there's some one liners that I'd like to discuss with you guys that I think will be very valuable in your role as being an Admin or a SysAdmin. And the first one is solve social problems socially and solve technical problems technically.
What do I mean by that? Well, if you are having a problem with your web server provider and their systems are constantly going offline. Is it worthwhile for you to build servers, bring them in, house, support them yourself, become liable, and take care of those systems? Maybe. But, maybe the real answer is to address the real problem.
The real problem being that the ISP is not doing their job. Solve your problem, social problems socially. Don't solve them with technology. You'll find that as much as you put them in place it is a little bit of a false sense of confidence. It doesn't mean stop doing that, just remember solve the social problem socially.
Another one that's really important, we're all IT people. And we all understand that if a server had to be rebuilt that could take a day, two days recover from back up. It can take a lot of time. There's a lot of people outside of the IT departments that don't understand how long it takes to be able to set up a Mac OS X server or rebuild a mail system.
So the important thing to apply whenever you consider anything with your IT job is that metrics equal proof. Make sure that your tools, your systems, whatever you've implemented include a way of gauging them. How good or poorly they are working whether or not it's to communicate outside your IT department or with others within your department.
So, scaling, as a SysAdmin, there's a whole bunch of different areas that you can be more effective. I can sit here for hours and just discuss how to be more effective in many ways. So, I'm going to scale this down and I'm going to, excuse me, just discuss how to be a more effective Admin in terms of scaling.
Now, I'm going to take that and further reduce that down. And not say scaling as an IT department, we always know if you need more stuff done hire more staff. I'm going to be discussing here how do I scale you the individual SysAdmins that are here in the audience. How do I make you be able to scale? And that's what I'm going to be discussing here. So, there we go.
In terms of scale I had a client that was over on the East Coast, Graphics House. They had over 40 different gra@phics users and 20 Office-umers. There was ten servers that they had. Most were Macintosh they had a few Linux. They were all independent servers. There was no integration between all of them. There was one guy that supported all of these computers. I was brought in as a consultant to try to help him out so that he could take care of all these systems.
He would spend more than 80 hours a week just trying to maintain all of these computers. To put something in scale here, I don't know if this is a formal statistic but this is a number that I have come up with. You notice how it says 40 graphics users. For anyone that's had any experience you always know that a graphics user seems to take about three times the amount of support of a normal Office-umer.
I know how many times try to recover that 500 gig drive that other computer. So, putting this perspective then really in perspective, he didn't have 60 people in his office. He had 140 users in his office that he was trying to take care of himself as if they were individual users. This is what I mean by how do you shift from being a Mac Admin to being a Mac SysAdmin. How to move this paradigm from just becoming, I'm going to support one computer, or excuse me, a bunch of individual computers into supporting an entire office of computers.
So, perfect segue. We're discussing here workstations and an office. If in the Mac OS 9 days we had a whole bunch of individual computers, there was no way to administrate them very easily to be able to maintain them, support them, things like that. Well, we're not Mac OS 9 anymore. We're in, now moving into 10.5. So it's time to consider a new shift in how you support things.
Scale, don't support a whole bunch of individual systems. Use tools and infrastructure that'll allow you to do more. I'll get into this here in a moment. One of the biggest things whenever you deal with your job, and I probably am preaching to choir when I say this, is you spend so much time doing support.
Computers are good at repetitive tasks, automation. So if you can find ways of automating your support, you've found yourself more time to get more things done. So, saving time is one method of being able to be more effective. I'm going to walk through an example here that I imagine all of you have been in.
How many of you have been sitting in your office, probably working on some project, and you have some manager that walks in and says, I have a new hire starting tomorrow morning can you please set up the computer for me? That's what I figured. So, we've all been in that situation. You might be able to find a computer in the cobwebs of some back closet, try to put the software on it. And of course they need to have that user ready and working by the afternoon.
So, I'm going to discuss through the steps of how do you automate the tasks of setting up a new hire. And this is going to be an application of how do you scale yourself as an Admin. So, one person can do this not just for one new hire but for a whole bunch. So first is purchasing hardware.
Sorry, I can't automate that. They haven't designed that just yet. But, if you want I think I probably have a few sales engineers that either in the audience or just outside, I can be happy to give you their business cards. They would love if you want to go buy a computer from them every three months or so. So, skipping on the past purchasing hardware for automation. We're going to go into purchasing software.
How do you purchase software in a way that would be automated? You can buy it from a provider. How do you automate this process? Well, there's two ways to do so. The first one is with site license software. Rather than having to manage and maintain a whole bunch of individual serial numbers, get a site licensed serial number from the manufacturer. This means you can set up one installer that you can apply to all the different systems.
Additionally you'll find out that if you have software licenses this will save you on costs of money. You don't need media for every single workstation. You just need the license for it. So, if you have this automated, if you need more software you can purchase site licenses over the Internet and have it ready by the next day.
After that we have the setup, the actual time it takes to set up a given workstation. How do we automate this? Apple has a whole bunch of tools. Some include Package Maker. We have Apple Remote Desktop to deploy software to other systems. Disc images, NetInstall, NetBoot if any of you have played with Mac OS X server. Imagine if anyone has begun to do any kind of imaging they may have heard of a tool called NetRestore made by a gentleman called Mike Bombich. And that's Bombick not Bombbitch.
( Applause )
When I was in the Apple training group I even used that to help set up the classrooms, very, very useful tool to be able to do the imaging. These are examples of tools that you can script, you can perform the set up. And the automation can be in place to speed up the time it takes to set up these computers.
Another thing to consider is an integrated system that companies, third party companies, are starting to establish and build. The concept and the term is called managed deployment. There's no former definition to this. It's generally the concept of controlled and integrated deployment of all the systems. Some, for example, are LandRev, FileWave, Radmind, LANDDesk, and a few others. These are third party tools that have done a lot of work, again, to solve the problem of doing software deployment.
So, we have the users, we have the computer, we've set up the computer. But, it's not we're not done. We have to actually help the user in terms of using the computer. How do we help them do that? And the way we can do that is with documentation or self-paced training. Everyone hates documentation, documentation, documentation.
But it's not that difficult. And I'm happy to say I get to change my speech slightly here to say we have a very, very impressive Wiki server. It's very good for being able to have documentation. By the time you have a document it's always considered stale. Now you can have a living document on a Wiki for your entire staff to be able to access, search and find the information.
Another concept, which I don't know if everyone has necessarily heard, it's called screencasting. I know all of you have heard about podcasting, video podcasting. Well, this is screencasting. This would be a voiceover of a screen shot of your computer. And thanks to the new tool, I believe it is forgive me Jason it's Podcast Producer, thank you.
You can then take this content and wrap it together and create instruction for your users on how to set up your email, how to take care of getting the VPN so you can get into the office. The more that you can empower of your staff and the individuals within your company the less interrupt you get, the more you are able to do your job and be available for exceptions as opposed to the norm.
Skipped one here, the last one, jumped ahead here, sorry guys, is blog. One of the really important things whenever you communicate to staff is how do you give them timely information. Quick raise of hands, how many people have sent out an email that the server's going to be down and the user never read the email? Using something like a blog or something like this as a communication, we know users aren't going to check the email because we know that they're going to filter that out.
That's a communication on an individual level. If it's not important to them they won't read it. If you set up a blog or a system that has timely information and timely news, just like people checking into CNN or other websites, they then can get timely information to help them get their, be able to do their job or find out about events that are going on within the company.
After we take care of supporting the user there's going on. So, we have their new hire. They've set up their computer. They've used it for a day. But, now they're having some difficulty with getting the VPN to work again because they forgot where the settings were, how to re download those settings, or, hmm trying to think of a really good example here.
How many people with their computers have, forgive me I'm forgetting here my example off hand. So, I'm going to precede a little bit further here. whenever they try to ask for help, how to empower the individuals to solve their own problems whether or not the system might be crashing, how to recover from back up if your office has a policy on going over the system to recover your files.
The way that you can automate this is create some tools that allow you to communicate better. First is a ticketing system for you IT so that way you can not only have all of them come in. You have collaboration between your other members. More importantly, as I was saying earlier about metrics equal proof, that if you have a ticketing system you then have a way of scoring and telling how many calls that you get a day or tickets or issues, how many times. Oh here's another one of my favorite scenarios.
How many of you have that one guy that no matter how often you help them they keep asking the same question again and again? And you always want to tell your boss this guy asked me all the same stuff all the time. He's the one that's using all my money trying to support everyone in the office. Having something like a ticketing system gives you that metric to communicate to those MBA type, that they can then understand, oh you're spending all your time in this area.
Oh jumped ahead again, sorry. Create a knowledge base, something that's a new, an interesting concept. If you have a knowledge base people can access this information when you're not available. People can be at home. Things are not working correctly. If you empower them with some documentation or some help on how to troubleshoot their own problem they can then solve some of their own problems when you're not even around.
Lastly, for the situations where it's during the day when they need to ask for some help, Apple remote desktop by controlling their computer remotely, excuse me, you can then assist them even if they're in a different building or outside of the office assuming network permitting. Automating this you can then speed up the time that it takes to be able to do the support for all these individuals.
So, I discussed the workstation of how do you scale the workstations, the office. But that's not always the case. Well what about the servers? People have labs of just data centers of servers. The same idea of scale can apply to this as well. I'm not going to get into too many examples here.
But, to give you some basic ideas, if you have a whole bunch of servers that have accounts in all these systems create a central directory system. Put all the accounts in one place. If you have staff that either comes or goes out of the company it's very easy to remove or promote access just within one place as opposed to many systems.
Servers have logs. The dreaded logs, none of us like combing through but we know it's a requirement of our job. It's finding out what's wrong with the system, how to solve it, maybe even a clue as to what we need to fix. If you create a central Syslog server you can connect all the systems into one place and be able to search one log as opposed to all of your different systems.
Another thing to consider is if we have systems or security monitoring. It always takes forever to be able to take the time to read the logs to check to see if someone has compromised your system. There are third party tools that will do this monitoring and notifications for you. Some I'd like to mention real quick. You have InterMapper as a notification system. They've recently just added a logging facility. A new one to the market, that, I don't know if many of you have necessarily heard yet it is Lithium, lithiumcorp.com.
Sounds like a few people have heard of it before. It allows for not only notifications, they now even have a Cocoa front end to be able to view and monitor all your systems from a dashboard. So, create tools that will scale, that will minimize the amount of time it takes to do a test. Automating these things is what's valuable and what's important. So, why do we want to scale? The goal is to reduce our support cost, reducing costs. Everyone's happy especially those MBA types.
Do that mental shift between being an Admin to a SysAdmin. Don't walk around with a fire wire drive trying to fix 500 computers or install software. Set it up in a central location so that you can manage many systems at one time. Leverage tools that scale, I know I've mentioned this many times, but it's really important to consider. Great, if you can find a tool that can solve the one problem on hand but if it requires you going to that person's computer to fix it you've already wasted time.
So scale, how do we take this further? I'm going to use one of the examples as how to use the command line. So, I'm just going to say here going beyond the GUI. How many people here said that they were Microsoft Windows Admins? How many of you guys use the command line in Microsoft windows? Actually pretty good number of them, cool, the one thing to remember is that as much as the GUI has power that the command line tends to have more power.
It can be cryptic. It can seem a little intimidating because where are the instructions. Where do we go? How do we deal with all of that? So, I'm going to walk us through here of why it's not that bad to use the command line and how it can scale even though we're only going to do commands on a single system.
So, how do we scale the command line? Automation, we're going to get into, I'm going to go across some thing of how you can script all the different command line commands, that it's not very difficult. I would like to take a moment and give credit to a class that happened earlier this morning in regards to scripting for the SysAdmin. I want to say it was a wonderful class, yeah, I was.
( Applause )
If you haven't had an opportunity or you weren't there to go over the session. I believe all the content will be on.
( Talking in background )
Thank you AFP548.com. H Where you can then find out more information about the details if you missed that session. Some of the other values of the scaling with the command line is that you can do parallel work.
Where everyone thinks that you use a command on a single computer, if you use scripts and tie them all together you can then do multiple, or excuse me, one command on many systems at the same time. Remember I was talking about how to save time. If you can do 50 computers at Pone time you now have improved how quickly and effective you are at being at your role. Something that many people don't realize at first, if they tend to work in the world of the GUI, is the command line has much lower amount of resources to be able to use.
If you're in a high, high heavy loaded environment, if you have a web server that gets a lot of traffic, if you log in with the command, excuse me, with the GUI you'll find that it takes a while, the memory, the CPU to be able to log in with the finder to launch applications, it might take a very long time.
If you log in with a command line you'll find you have all of the same amount of power as you do with the GUI but it won't impact your system nearly as much. Great also for if you're trying to dial-up over a dial-up modem. Try to fix those servers.
So, scaling with the command line, benefits, command line interface you have more options at the command line than you do at the GUI. You can chain all the different commands together with what's called shell scripting. I want to take a side not here about scripting I don't know if anyone's necessarily given you a definition of scripting versus programming. We have World Wide Developer Conference, we have a lot of programmers. Scripting, one common thread that I've found in all of scripting is that the code that you write is in text.
Its human readable. It's not compiled. It's not a binary. Some tools for scripting, you can then compile them into a binary but generally speaking you'll find that they're just text. You can get to these files then from any text editor. So, we're going to discuss in this with shell scripting as many other kinds of scripting Pearl, Python, Ruby on Rails is another common popular one. The, but I'm going to be discussing shell scripting in this case.
Command line, it has the ability of advanced tools. Remember as I mentioned earlier, the GUI, you only have as many options as the author of that GUI application has created. There's many more commands at the intermediate and at advance level to be able to troubleshoot and fix problems.
The single most valuable thing that I have ever found about the command line is how many times have I wanted to run software update and a user is logged into the computer. I couldn't do things. I want to wait for them to log out of the computer but then you have to walk over to the computer to run software update.
Command line doesn't require a user to be logged in to be able to perform tasks. I'll even take a moment here to give credit where credit's due. The gentlemen this morning even had a little clever trick of how to have no one log in from the systems when you wanted to do work. You can do this at the command line. Perform your tasks. You don't need to be at the GUI.
Now, I discussed the power of where the command line can be extremely useful. Great you have the power of the command line. But, how do I have the ease of the GUI? And the answer is you can. I don't know if any of you had an opportunity to play with Apple Remote Desktop, or some of the other automation tools like Automator for example. You can have all of these commands or scripts located on the system and you can call them from the GUI tool. You have the ease of the GUI and the power of the command line. You have the power of two.
So, we're discussing about the command line. How do I get to it? Everyone has said Mac OS X has the power of Unix. The power of Unix is underneath Mac OS X. Where is it? How do you get to it? So the first thing, they way you get there is a program called Terminal. It's located in applications/utilities/terminal.
For those Windows gentlemen, I don't know how much opportunity you had to play in the world of Unix so forgive me if this is being repetitive. Unix notation, whenever you give a path in directories you denote it with the first beginning slash. For those that live in the world of GUI it's the same thing as double clicking on the hard drive on your computer.
So, double click the hard drive on your computer, applications, utilities, and the program is called Terminal. Here is an example of the Terminal interface and the icon so it's easier for you guys to find. Again, for clarification this is the 10.4 version of the icons and the interface.
So, we know where the application is. We now know where to find Unix. We now know where the command line is. Well, we know where all the applications are in the GUI. It's, they're in one location and where are the ones for the command line? Well let me show you where.
So, we have a GUI, we have the command line, we have user-based applications and system related applications. So let's start with the GUI. We know they're in /Applications. They also can be found in what's called ~/Applications for those again who don't know necessarily the world of Unix. The "~" implies the location based on the user that's logged into the computer. So that would be ~/Applications.
For the system files can be located in /Applications/Utilities. They are also located in /System/Library/CoreServices. Recommendation, unless you get really comfortable with the Mac I don't recommend to go into the later locations for some of these applications. Some don't have a GUI interface or some are for just very advanced troubleshooting or tweaking.
So where do I find those on the command line? Command line has very similar corresponding locations. You can find a lot of the basic commands in /bin and /usr/bin. Notice I said user even though its spelled USR. If you ever move your computer right now and look in your finder you're going to find these directors are not visible. Apple has intentionally hid them from your normal consumer and Office-umer because we don't want to confuse them.
If you open up the command line you'll find that you'll see the files are located there. The system files are located in /sbin and /usr/sbin. There are sometimes other locations where you find where Unix programs are installed. These are where you will generally find where those applications can be.
So, we know how to get to the command line. We know where the applications are. But, how do I find out about them? If I have a GUI I just go up to the menu bar it says help ,I click on that, type whatever I want. There's no menu bar. How do I find out information about the commands at the command line? And the way you do that is with a simple command called man. Its short for man pages.
The simple way to use it is type man and the commands you wish to use. If you want to find out how to use the command pages for example you can type man man. Great. Now we know where the applications are. We can go find out about those particular programs. But, what if I don't know what program I want to find? Man pages has an ability of searching for a key word.
It's very basic but it's able to search for key words. So let's say we wanted to find out about Kerberos. Well I can type man -k Kerberos. It'll find all the man pages that happen to have that key word on the man pages and I can get an idea of which commands I should be interacting with.
Sometimes commands on the command line have built-in usage help. And you can call that by usually running the command by either a suffix of a -h or a, if you notice very closely I don't know if you guys can see it from the back of the room, that's actually a --help. So it's either one or the other. So it's either -h or --help. You can find out information about how to run the command.
For Mac OS X server, with all of the GUI tools and technologies there is a document that Apple has presented on how to interact with all of the Mac OS 10 technologies from the command line. If you got to www.apple.com/server/documentation, you'll find a document called command line administration. There's a whole bunch of other documents there as well. You'll find this in regards to other technologies. The command line will show you how to do everything you can do with the GUI at the command line.
So we know where the applications are but, and I know how to use them. But why, why would I want to use them? I can just do everything at the GUI. Well, a simple example, and again to clarify this is 10.4 here we're looking at, a tool to use to interact with your service is called Server Admin. Apple has created an equivalent counter part at the command line, which coincidently is called serveradmin.
I want to make sure for those who haven't necessarily played with the command line, notice that the command for this command line doesn't have any capital letter or any spaces. It's a subtle but very important distinction. Every thing that you can do with the Server Admin GUI you can do with this command line tool. Another example, everyone needs to run software, softwareupdate. Apple tool is going to be an Apple command line equivalent and Apple's done a very good job of keeping things simple and straight forward and consistent. Software Update? softwareupdate. No spaces, no command line. Excuse me, no capitals.
Another one that's very important that people have interacted with is. How do you install software? It doesn't have to be through the GUI. You can do I through the command line. So, you have installer for your GUI interface and you can have installer for the command line. To show you that this isn't always the case, for technologies that aren't related to Apple-based technologies there are other tools that the command line has that are similar to the GUI tools. A common one that I imagine some people played with for troubleshooting is Activity Monitor, excuse me.
Where activity monitor gives you CPU usage, memory usage, different programs, tasks, there's a whole bunch of, there's a handful of different command line tools that perform the same function. top, I don't know if any of you have necessarily played with this. You have ps, which is for processes. iostat will show you disc IO usage, if you want to find out how much reading and writing to your drive you're doing at that very moment.
We know where the applications are. We know how to get to the command line. We know how to find out about these applications. And now, you're starting to see that there's some value of why you want to use the command line where you don't need to have the GUI. So, how do we take this a step further? Well, you tie it with shell scripting. Before I get into the shell scripting, though, there's one piece of information that I'd like to empower you all with so that you don't get confused when you see this.
In the OS world we have Mac OS X we have Microsoft Windows. Two different (unclear) of software they do two different things. More importantly the environments are different so you have to treat the environments differently. The shell environment is exactly the same way. There are different kinds of shell environments. Each are different. Each have their strengths and each have their weaknesses.
There isn't necessarily a fundamental reason why any one is better than the other. So, if you speak to a Unix Admin he'll probably disagree with me off hand, probably have a preference of one over the other. For the sake of conversation here that I'm going to have in this session I'm going to focus mostly on bash.
And the only reason why I even mentioned tcsh here is the fact that those are the defaults that have been in Mac OS X. To go through the list real quick so that you're aware they have bash, tcsh, csh, zsh, sh, and ksh. Again we're going to be focusing mostly here on bash in the demonstration and everything I'm going to be giving you because that's the default shell environment on Mac OS X.
So, shell script, shell script is a wrapper that you put around a whole bunch of individual commands on the command line. So, you can run just basic commands, put this wrapper around it, and ta da. You've done shell scripting. Well, in order to do that there's a few points that we have to remember when we create a text shell script.
The first thing is, is on a shell script file you have to give it a header. And this header starts with what the Unix people call shebang. It's the # and !, then you put /bin/bash in the case that we're doing bash coding here. It is to the command line interpreter where to find the shell environment.
In your shell script it's always wise, it's the difference between a good scripter and a bad scripter is whether or not you leave notes for yourself. We all know that command line can be cryptic. Leave notes for yourself so that you know when you come back later you'll be able to find things.
Adding comments is very useful. Some common things to be able to put in here, whenever you're, excuse me I'm jumping ahead. Whenever you add comments you always want to preface those comments with the # and the command line knows to ignore those settings. We working here, there we go.
Very important thing to always put at the top of you shell scripts, I know this is probably old, old, old, knowledge for Unix Admins. The idea is to add who the author is and the date at which you wrote the script. Some people even add an extra line if they modify the script who modified it and the date, very useful for troubleshooting or finding out if things have changed.
I always, it never hurts as well to add the title of what this is, the shell, excuse me at the top of the shell script. It makes it very useful especially with Spotlight if you want to find your commands for shell scripts you'll be able to look in these files and find the title of what your shell script is.
Lastly, not that it's terribly important, it's handy for us as we are humans and we are mere mortal, that if you name your shell script genuinely with a ".sh". The command line doesn't require it. It's handy for if you need to do searches or find things. Some people even use the notation of ".bash". For the sake of my presentations I'm going to just be using ".sh".
So at this time I'm going to walk you through a demo here on introduction of how to use the command line and how we can tie all of this together. Excuse me I forgot one thing real quick. Jason if you can hand me my badge I left some of my notes there. Thank you.
Okay, so, I'm going to show you here on this computer how we're going to be able to interact with the command line and how to tie it all together. Before I go too much further, one thing I'd like to clarify for all of those that are in the room.
I'm going to be typing in several of the commands. Some of them are going to be cryptic and I want you not to get caught up in how I'm typing the command or the syntax of the command but the general flow that I'm going to be giving you of these commands.
So, before I can do anything on the command line I have to find Terminal and launch it. I do so by Tiger, double-clicking on the hard drive, Applications. Scroll down here to Utilities. And we can find Terminal. Yes I know it's in the doc. I was doing this for those who didn't know how to find it. So we launch Terminal. Okay, to make sure everyone can see this here.
( Typing on keyboard )
( Applause )
Thank you, thank you, oh, oh okay we're back to the speech right, oh okay sorry. Got a little sidetracked. Okay, so we're here at the command line. And we started, we launched terminal.
And let's say the first thing I want to do is, great, we have software update. Mac OS X has this tool that automatically updates software. We don't want the user to automatically do it. I want to take some control. So, the first command I want to do is I want to turn off that automatic check by software update. And the command is software update as we found earlier. And that scheduler, excuse me schedule, and off, ta da. I ran the command. I turned this off. I didn't require the GUI.
This tool happens to give a little feedback letting me know that I successfully turned off that software update. The next one I want to do is I have some users that want to use the zoom function but they don't know where to find that in the preferences. So, I want to enable that in default on all my systems. So, I'm going to use a command called defaults Defaults is a Mac OS X technology command line that allows you to edit Mac OS X preference files.
So, I'm going to say defaults. I want to write the settings here and that would be com., it's always frustrating at the command line because I always have these typos. universalaccess and close, see. Did I type that right? universalaccess, see this is command line why some people don't necessarily like to use this. So, universal ccess and its closeViewDriver value is 0.
Ta da. I typed a command, took me a little while but I did it. Okay, so I now turned off that setting. I also want to turn off one more setting. I have people with laptops and I have these Office-umers. They always seem to leave more than one finger on the track pad and it always confuses them. So I want to turn off that double finger ability of clicking.
So I'm going to turn that off with a defaults write and the syntax will be .GlobalPreferences com.apple.trackpad, God typos they're always frustrating, preferences com.apple.enableSecondaryclick, God this is taking forever, ta da. I just sent that command. So I spent all this time and energy in writing all these commands. Now if I tried to do this over 50 or 100 compuPters it would take me forever.
Especially how many times did I make a typo here? And I did that intentionally so you guys could see that the value of command line.
( Laughter )
Why, great of the command line had these problems, why would I want to use it? Well, this is the value of a shell script. Not only can we minimize the human error with things, we can speed up this process. So, I'm going to walk through the steps here of making the very same steps and commands. And we're going to make a shell script.
So, in order to do so, I need a text editor. Everyone may have their favorite preference of which text editor. There's BBEdit there's TextMate, there's a whole bunch of other GUI text editors. I'm going to discuss here for this that there are command line text interpreters. I personally like to use them because they're always on the computer and I can work on the remote system without having to launch another program. Commonly some people have heard of VI, Emacs, maybe even Pico, which is now being replaced with Nano. For the sake of the demonstration I'm going to stick with Nano.
So, going to launch the program called Nano. And the reason why I sort of use this is that even thought it's a command line tool it's a little bit more helpful with some of the instructions on how to interact with the Nano editor. So, following the instructions that we discussed we're going to have #!/bin/bash. Put in the author of who this is. Written by Fred Licht and today's date.
And we're going to put a title here. This is an example for session 510 at WWDC. Okay, so we now have an author, we have a date, we have a title, we have the #!. So, we have everything ready now to start our shell script. So, the next step that we're going to do is, well, I'm not going to type the command. I'm going to be useful, I'm going to add a comment to tell me what it is that I wanted to do.
The first thing we wanted to do is disable software update. And just type in, just like I did earlier, the exact command that I typed at the command line. Software update, assuming I can spell it correctly, schedule off. Okay, what was the other command I ran, which was I wanted to enable the zoom feature.
going to type in that command defaults write, let's make sure I type this correctly, com .apple.universalaccess closeViewDriver 0. Okay and lastly what we said is we want to disable the right click on the laptops. So, again, disable right click on laptops. Same command, I'm not changing anything different from what I was typing earlier and this was the syntax of global preferences, excuse me, globalpreference and com.apple. There's a reason why we have computers with built in spell checking.
And com.apple.trackpad.enableSecondary
( Typing on keypad )
And the value of 0, so here's our whole command. Let's make sure. Did I type all that right? Write right stop globalpreference com.apple track., okay. Looks right. Am I doing, did anyone catch something I did spell that right? Okay good. Okay so, written the shell script. Write all the commands in. They're all correct. I can double check it without running the commands and maybe writing something I shouldn't be writing to the system.
In Nano in order to save a file you use the command with the control key and the letter O. If you notice on the screen there's a little carrot symbol. That's the notation for using the control key. So, I'm going to do control+O for writing the file. I'm going to call it changesettings.sh.
And to exit I do a control+X. Great. I've wrote a shell script. It's right here in the same location of where I entered in the text editor. And I want to run that shell script. In order to call that shell script I call the shell environment. Some Unix people may say just run the command as is. I have found that it's very useful to run the shell environment directly, so /bin/bash, because we're calling the bash environment. And I'm going to call my change setting script. Now if you guys are ready. Now watch this.
Done. Took a lot less time. This is the value of having a shell script. Goes faster, doesn't have human error assuming you type it in correctly to begin with. And you can then take this shell script, apply it to a whole bunch of different systems and run it at the same time.
So I've not taken the power of the command line wrapped so that I have the ease and the power that I may even to be able to pass to a junior Admin, have him take care of these tasks. He doesn't need to know the syntax of the commands. And then you can automate this by distributing it to a whole bunch of systems.
So, that's the demo that I have here. If we switch back to the presentation, that was the command line. That was shell scripting and how easy it is to take some basic commands you may already know or you might Google or AFP548.com, that you found. Here's a little fix.
You can wrap them in a shell script and you can automate it and speed up the time it takes to run those commands. So, great, I showed you where the applications for the command line are, where to find them, how to find more information. You're comfortable where you see some of the value.
In my experience as I have become a SysAdmin, up here are a whole bunch of commands that I have encountered that are very useful in my progression into being a SysAdmin. You saw me earlier using the defaults command. That's for changing plist files, the preference files for Mac OS X.
A very useful one that's one of my favorites is called fs_usage. It taps into the similar technologies that Spotlight can use. Excuse me, where if you started to launch this program and you were watching live what was changing on your file system, if you ran a tool or a system GUI tool and you wanted to know what files it was changing you could see those files being read or written to using this tool. It's really handy to find out what gets changed sometimes. lsof, it stands for list of open files.
How many of you have ever tried to install some software on a disc image, sorry I can't inject the disc image file is in use, or excuse me, volume is in use? Well, the way you can find those files is by running this command. It'll give you a list in the full path so you can find out what application might be running a file that you think is closed but may not necessarily be closed.
An interesting piece is the launchd. Where launchd is a daemon and a process and a core of the OS. The way you interact with it actually is the tool launch control. That's launchctl. This tool is interactive it replaces a whole bunch of other Unix tools such as cron such as watchdog, xnet d, even Mac OS X start up server.
These tools are to automate and schedule things, great for running your scripts. Another favorite one that I've encountered is the open command. It seems, very, very, very simple even though we're here at the command line you always still seem to work in the GUI. If you ever do an "open .", it'll open the directory you're in, in the Finder.
And there's always times you've run around, you found the directory but you wanted to open it up in your GUI text editor but you wanted to navigate to that path. And you're already there in the terminal "open .", it opens that up, very easy to use. Once you get more comfortable with the command line there are some tools that help do with searching and text editing. That would be grep, awk, and sed.
I suggest go ahead and do Google on them there's tons of research on those three commands. I could probably spend a week on those alone. Lastly as I mentioned earlier the text editors that come built into Mac OS X so they're always available. More importantly they're free. So it's always available and you always know they're there is vi, emacs, and Nano also know as Pico at least the older versions were.
So, with all of this discussion we were talking about how to be a more effective SysAdmin. We discussed how scaling the individual, your tools, your functions, how you as an individual can do more, empower yourself to do more with sometimes less. We discussed how you can use the command line.
The power of the command line beyond what the GUI has. Remember the command line's free. GUI applications may be shareware, they may cost money, command line is always there. You don't have to wait for developers to create a GUI interface. And lastly is scripting. Sometimes programming can be overbearing. It might be intimidating. It's not hard to take these shell commands wrap them together with a shell script and you've created yourself automation.
So, scaling do more with computers. You can grow your IT model if you're a manager. You can then create these tools and empower your staff to be able to do the tasks. You can stay ahead of the growth curve, something I know all of us fight. We never have enough time to get all of the jobs we want to get done. Save time. You'll have more time available to work on other things.
Command lines. Get your hands dirty. I know it's very intimidating. It's about half a dozen years ago I was afraid of the command line. It was so scary. And today, looking back, I don't know what I was thinking. There is so much power I couldn't be able to do my job today if it wasn't for the command line.
With the command line you also have extra features, indepth or advanced tools to fix things since Mac OS X is based on a lot of open source tools. Those are the very advanced. You can dig in deeper to solve problems without the infamous "woo..., I don't know how to fix the computer its time to reinstall the OS". Something I know everyone dreads having to consider.
Scripting, tie it all together. Automation, do all the tasks at the same time on multiple systems. Empower you as the SysAdmin. To find out more information about the command line and how to interact with it you can go to developer.apple.com. The search system you can search up any of the command line commands, they'll be there for you just like the man pages. As I mentioned earlier the www.apple.com/server/documentation.
For those that probably heard of AFP548.com, I want to take a moment and applaud. ( Applause ) It's one of my favorite sites. Another one is macenterprise.org. They have webcasts to teach you about technology, third party software, as you can see a step below they even have an email list. It's very important for communication not just within your own company but outside with other Mac Admins.
Another interesting one is mac-mgrs.org. Notice that the subtle little typing in syntax they use there for Mac Managers. A little bit of warning, Mac Managers has their own little etiquette for their own little meeting lists or excuse me their email list. Do me a favor read their instructions before you apply any questions, excuse me ask any questions. They have an archive you can do a full search through.
So, we talked about the resources of where you can finance this. But what happens if you find an answer and you don't know what to do with it? Apple has a website called bugreporter.apple.com. So, let me ask a quick question. How many of you in this room consider yourselves programmers? Okay, we got a handful.
So, Bug Reporter, don't, programs have bugs. So, isn't that a programmers tool? And the answer's no, Bug Reporter, despite its name, is for all of us. If you encounter problems, if you have a feature request, if you would like something changed in Mac OS X in the OS, or a command is not working the way it should. This is the website you need to go to an fill out this information. If you don't communicate back to Apple via this method, Apple won't know to fix these problems.
I know one of the hardest things is. How do we tell Apple, we need this, this would be useful, this isn't working? Here's your method of how you can tell Apple how to fix or change those things. So, if you walk away with one thing at least remember bugreport.apple.com. You can have feature requests, bug reports, and other ideas.
Lastly, in order to be a more effective SysAdmin it requires communication. So, this is quote that I'd like to put out there. It's called networking, networking, networking, make new friends. If all of you would do me a favor right now while I'm talking, pull out your business cards. Right now. Pull them out.
No joke, I'm not, this is not just a little speech I'm standing here. Pull out your business cards. Hand one to the gentleman to your right or woman and one to your left and in front and in back. The most important thing with any of this is networking make friends. Everyone in this room is your friend. It's your best resource.
( Crowd talking )
So, I've gone through this whole speech. I know some of it is highlight some of it is review. If you guys have any questions feel free to contact me. I'm at [email protected]. I know that there's a lot more depth in any of this concept that I can go further in. I'd be happy to answer anyone's questions. If I don't know how to answer their question I'll do the honor the best to be able to forward them in the right direction. Or if I can, no promises, find any answers for them if I discover any.