Quickly add a userset to many Sun Grid Engine queues

This will be the first (of many??) posts to spill outside the topics one would think you’d find on a site with the name “Your Mac Guy”. You’ve been warned.

Back in January my primary work responsibilities shifted from Mac servers and desktops (and all that entailed) to Linux servers and desktops and the multitude of new things that entails (at least here where I work). One of the new tasks I’ve picked up is user administration of our Sun Grid Engine (SGE) 500-node cluster. New or existing users who want to submit jobs to the cluster need to be added to custom groups or, in SGE-speak, usersets. We create usersets for each lab, so if the user is part of a lab that doesn’t currently have access to submit jobs, I need to create a new userset and add that userset to each of 16 separate queues.

That last part, adding usersets to queues, is the most tedious part. So tedious, in fact, that it forced my hand into developing a scripted solution. I likely could have found an existing script to accomplish the task for me, but then I wouldn’t have had an excuse to brush up on my 3-years dormant perl skills.

Read the rest of this entry »

New Tool: AD Password Monitor

A fellow Mac admin has improved upon my solution to Active Directory password expiration management and has made his project available on Google Code. Password Monitor is an app that lives in your menu bar and unobtrusively displays the number of days remaining until your AD password expires.

Anyone who is either already using one of my scripts or widget or is just looking into a way to solve the AD password expiration problem should definitely give this a look. One key difference with this solution is that you must set the expiration age of AD passwords manually. Since this information is easy to obtain from your AD admin, it should not be an issue. Here’s what the preferences window looks like.

Keep in mind that the project is in its early stages, but it is quite useable now.

Test for 64-bit capability

UPDATE (10/8/08): The following one-liner will work on ppc or intel boxes and will return 1 if the computer is 64-bit capable or 0 if it is not. UPDATE 2 (12/11/08):  Reader Ted suggested suppressing stderr for cleaner output. I amended the code below to include his suggestion.

sysctl hw.optional 2> /dev/null | awk -F': ' '/64/ {print $2}'

The arch tool is an easy way to test whether a Mac’s processor is intel or ppc, but it does not draw a distinction between the different types of intel processors. It will return i386 whether it’s a Core Duo, Core 2 Duo, or Xeon. We can use the fact that the Core Duo is only intel processor found in Macs incapable of running 64-bit code to write a script that extend arch to test for 64-bit capability.

    #!/bin/bash

    proc=$(/usr/sbin/system_profiler SPHardwareDataType | \
    /usr/bin/awk -F': ' '/Processor Name:/ {print $2}')

    if [ "$(/usr/bin/arch)" == "i386" ]; then
        if [ "$proc" != "Intel Core Duo" ]; then
            /bin/echo $(/usr/bin/arch)-64
        else
            /bin/echo $(/usr/bin/arch)-32
        fi
    else
        /bin/echo $(/usr/bin/arch)
    fi

This script will return i386-32 for intel processors limited to 32 bits, i386-64 for 64-bit capable intel processors, and ppc for non-intel processors.

I’ve called this script archbits and made it downloadable here.

Keep your Mac and Windows Boot Camp clocks in sync

If you manage dual-boot Macs, or even just have your own dual-boot Mac, you may have noticed the annoying tendency of your Mac clocks to be incorrect when you reboot from Windows into Mac OS. This occurs because the Windows internal clock uses the local time zone to manage its time while Mac OS internal clock uses GMT.

As posted in various forums and sites, the solution is to modify the Windows Registry as follows.

1. Launch regedit.exe.
2. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation.
3. Create a new key called RealTimeIsUniversal (case-sensitive!)
4. Give the key a DWORD Value (displays as REG_DWORD) of 1.

If you’re not comfortable modifying the registry by hand, I’ve created a registry patch file that, when double-clicked in Windows, will make the modification for you. (You can verify the contents of the patch by opening it in Notepad.) Download the patch here.

networksetup – change network settings from the command line

UPDATE (8/12/08): I simplified the awk portion of the command.

Mac OS X comes with a very convenient tool called networksetup that makes it relatively easy to view or change network settings from the command line. In Leopard, the command is readily available at /usr/sbin/networksetup. Since /usr/sbin exists in the default path, you can access the command directly. In Tiger, Panther, and Jaguar, the command is not anywhere in the default path, but lives buried within the bundled ARD Agent at /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/networksetup. (If you’re not using Leopard, be sure to include the full path to the executable in all of your commands.) Apple’s man page for networksetup covers all the available options but it’s short on real examples of its use.

Read the rest of this entry »

Easily change your server’s default NetBoot image from the command line

I have five different NetInstall/NetRestore images living on an Xserve that I use for deployment purposes. I find myself using Server Admin pretty often to change the default NetBoot image so I can boot computers to that image while holding down option-N. I was starting to find it pretty tedious to do this via the GUI. After launching the application, it takes seven clicks to change a default image in Server Admin (Tiger and Leopard). The times that I wasn’t at my computer and wanted to change the default image were starting to pile up, too.

So, what does any intrepid admin do at a time like this? That’s right. We take it to the command line. And, gosh darn it, we’ll find a way to script it — even if the time taken perfecting that script vastly overshadows the amount of time we’ll save by using it. My goal now was to create a script that I could easily run (from any computer) after ssh’ing into the server.

Read the rest of this entry »

shotshadows – quick script to enable or disable screenshot shadows

If you’ve taken screenshots of windows in Tiger and Leopard using the command-shift-4+space trick, you’ll have noticed that Leopard will include the window’s (rather large) drop shadows in the resulting image. Depending on your point of view this can be good, bad, or a mixed blessing. I’m in the latter camp. They can be nice for blog posts, but if you’re creating documentation, for example, they can take up precious space on the page.

Using this hint as a starting point, I wrote the following bash script to make the process of disabling and enabling those shadows quick and painless:

#!/bin/bash

usage ()
{
    /bin/echo "Usage: shotshadows [off|on]"
    exit 1
}

if [ $# == 1 ]; then
    if [ $1 == "off" ]; then
	    /bin/echo "Disabling drop shadows in screenshots and restarting SystemUIServer"
	    /usr/bin/defaults write com.apple.screencapture disable-shadow -bool true
	    /usr/bin/killall SystemUIServer
    elif [ $1 == "on" ]; then
        /bin/echo "Enabling drop shadows in screenshots and restarting SystemUIServer"
        /usr/bin/defaults delete com.apple.screencapture disable-shadow
        /usr/bin/killall SystemUIServer
    else
        usage
    fi
else
	usage
fi

Save this script as shotshadows — or download it here — make it executable, and drop it somewhere in your path. (I use /usr/local/bin.) Now you can turn screenshot shadows on and off with the simple terminal commands shotshadows on and shotshadows off. The change takes effect instantly.

Create a Tiger to Leopard Upgrade NetInstall Image

adminertia : an admin at rest tends to stay at rest and an admin in motion tends to want to return to rest as soon as possible.

When Leopard was first released, I was almost grateful that it didn’t work reliably with Active Directory since that flaw provided me with a valid excuse for not having an upgrade procedure ready to roll when upgrade requests started trickling in from my users. I knew that by the time Apple got around to releasing an update that made Leopard work well with AD, the number of requests would have increased significantly. I needed to have a method of handling them in a timely manner.

Walking around the building with an installer DVD or a FireWire drive in hand doesn’t exactly rank as timely, nor does it rank as anything close to what I want to be doing with my time. NetBooting from a copy of the installer DVD is a slightly better option, but that would require applying a handful of OS and security updates after the initial install in order to bring each computer up-to-date. NetBooting with a NetRestore set created with Mike Bombich’s (otherwise) excellent software is not an option because it can’t upgrade a computer, only overwrite it.

Because I have chosen not to use Radmind in my environment, it seemed my options for creating a more or less automated upgrade to take Macs running 10.4.x directly to the latest version of Leopard were severely limited. After much despair, head scratching, and a little behind-the-scenes investigation, I discovered that Leopard’s System Imaging Utility could be wrangled to accomplish my goal.

Read the rest of this entry »