Yosemite Open Directory Replicas

Summertime is the ideal time do to some heavy duty system maintenance. Lots of people are out of office, and those that are in house don’t mind a few hours of planned downtime. So today I finally upgraded our root- and fileservers from OS X Mavericks to OS X Yosemite. Finally, because it’s been I year since Yosemite was first released. But since our fileserver is an Open Directory replica of our root server, updating one means updating the other, and combined with all the DiscoveryD issues that plagued OS X these last few months, I didn’t really dare to update any one of them.

Currently, when updating OS X server from one OS to another, we need to update its core OS first, which disables all server services. Only then can you download the new server.app for this new OS, which upgrades all server services and hopefully launches successfully afterwards.

But OS X Server 5.0, which is being developed in tandem with El Capitan, will be the first Server app that can be installed on a previous system, without the need to upgrade OS X first. Getting all our servers on OS X 10.10.4 now, means upgrading from Server 4 to 5 in the fall will be as easy as moving from Server 4.0 to 4.1.

Luckily the upgrades went smoothly this time without any major problems. And in less than three hours, which was far less than I expected.

A quick note on Open Directory Replicas

Our two main servers are replicas of each other to spread the load over multiple servers. But after upgrading them according to Apple’s own guidelines, I somehow still destroyed our Open Directory Master-Slave link.

Turns out: If you have passwords policies on your Open Directory Master, and your diradmin’s password does not comply with these policies, the Open Directory Replication will fail. The solution: either change your diradmin password —and create an avalanche of permission troubles— or easier: temporarily disable your policies before relinking both servers.