With OS X 10.10 Yosemite and Xsan 4, Apple decided to remove Xsan Admin and put the Xsan config and client management into OpenDirectory/LDAP. Removing Xsan Admin was a good idea, but I’m not so sure about the whole OpenDirectory/LDAP and profile idea though. I actually think it would just as easy to handle client configuration manually, but enough about that.
Let’s say have an Xsan environment, where Open Directory (OD) for some reason got corrupted. Just to make things worse, let’s assume you don’t even have a backup of your OD Master, and that your replica can’t be promoted to OD Master. Yes, it can happen.
This is how to rebuild OpenDirectory and Xsan in OS X Yosemite 10.10.5 from scratch. If you used OpenDirectory for Users & Groups, you could maybe manage to grab your authdata using slapcat on your replica, but I won’t go into detail about that here.
If you use Active Directory for authentication/users/groups and all you use OD for is the Xsan config, then you should be good to go with this guide.
1. Backup /Library/Preferences/Xsan on all MDCs before proceeding.
cd /Library/Preferences sudo tar -zcvf Xsan-config.tar.gz Xsan
2. Remove Xsan profile from all clients
3. Stop all Xsan volumes
4. Quit the server app and stop the Xsan service via the command line on both MDCs
sudo serveradmin stop san
5. Stop and destroy the OpenDirectory/LDAP server on both MDCs
sudo /usr/sbin/slapconfig -stopldapserver sudo /usr/sbin/slapconfig -destroyldapserver
6. Remove the Xsan profile in System Preferences > Profiles on both MDCs
(this deletes the contents of /Library/Preferences/Xsan)
7. Start the Server app on the primary MDC, start and setup Xsan as a new SAN (it would make sense to name it the same as before)
8. Change the SAN network from from public to private by running the following command.
(Hit cmd+R in the Server app Xsan pane to see the changes.)
sudo xsanctl changeIP oldIP newIP
*** DO NOT CREATE ANY NEW VOLUMES ***
9. Find extract your Xsan config backup files. Copy the Xsan volume config .cfgp files in addition to fsmlist, automount.plist and notifications.plist back into /Library/Preferences/Xsan
Make sure the config file permissions are root/wheel and 644
10. Update the SAN config and push config back into LDAP/OD
sudo xsanctl sanConfigChanged sudo xsanctl pushConfigUpdate
11. Start the volume(s) and see that everything looks normal.
12. Start the Server app on the secondary MDC, configure Xsan and join it to the existing SAN (make sure the metadata IP is correct)
13. Create a new Xsan profile for clients
14. Push new profile to clients and see that everything is back to normal
15. Create a backup of the OD master 😉
Please let me know if anything here is unclear.