How to rebuild Xsan in OS X Yosemite 10.10.5 from scratch

With OS X 10.10 Yosemite and Xsan 4, Apple decided to remove Xsan Admin and put the Xsan config and client management into OpenDirectory/LDAP. Removing Xsan Admin was a good idea, but I’m not so sure about the whole OpenDirectory/LDAP and profile idea though. I actually think it would just as easy to handle client configuration manually, but enough about that.

Let’s say have an Xsan environment, where Open Directory (OD) for some reason got corrupted. Just to make things worse, let’s assume you don’t even have a backup of your OD Master, and that your replica can’t be promoted to OD Master. Yes, it can happen.

This is how to rebuild OpenDirectory and Xsan in OS X Yosemite 10.10.5 from scratch. If you used OpenDirectory for Users & Groups, you could maybe manage to grab your authdata using slapcat on your replica, but I won’t go into detail about that here.

If you use Active Directory for authentication/users/groups and all you use OD for is the Xsan config, then you should be good to go with this guide.

1. Backup /Library/Preferences/Xsan on all MDCs before proceeding.

cd /Library/Preferences
sudo tar -zcvf Xsan-config.tar.gz Xsan

2. Remove Xsan profile from all clients

3. Stop all Xsan volumes

4. Quit the server app and stop the Xsan service via the command line on both MDCs

sudo serveradmin stop san

5. Stop and destroy the OpenDirectory/LDAP server on both MDCs

sudo /usr/sbin/slapconfig -stopldapserver
sudo /usr/sbin/slapconfig -destroyldapserver

6. Remove the Xsan profile in System Preferences > Profiles on both MDCs
(this deletes the contents of /Library/Preferences/Xsan)

7. Start the Server app on the primary MDC, start and setup Xsan as a new SAN (it would make sense to name it the same as before)

8. Change the SAN network from from public to private by running the following command.
(Hit cmd+R in the Server app Xsan pane to see the changes.)

sudo xsanctl changeIP oldIP newIP


9. Find extract your Xsan config backup files. Copy the Xsan volume config .cfgp files in addition to fsmlist, automount.plist and notifications.plist back into /Library/Preferences/Xsan

Make sure the config file permissions are root/wheel and 644

10. Update the SAN config and push config back into LDAP/OD

sudo xsanctl sanConfigChanged 
sudo xsanctl pushConfigUpdate

11. Start the volume(s) and see that everything looks normal.

12. Start the Server app on the secondary MDC, configure Xsan and join it to the existing SAN (make sure the metadata IP is correct)

13. Create a new Xsan profile for clients

14. Push new profile to clients and see that everything is back to normal

15. Create a backup of the OD master 😉

Please let me know if anything here is unclear.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s