Moving from Linux to MacOS – first steps

Few years ago I moved from Linux desktop to MacOS for my business, day to day work. There were 2 main reasons for that:

  1. Corporations don’t like Linux – they can’t manage it, they can’t support it, so they blocked it with “Security policy”, ISO20001, or other nonsense.
  2. Actually they’re partially right but in different place – many business collaboration applications don’t work well on LInux (or they don’t work at all)
    • Skype for Business – there’s open source alternative but to get full support you have to pay for additional codecs (as far as I remember) – it’s not working stable even in paid version
    • Outlook and calendar support – I love Thunderbird and I use it for years, but calendar invitations didn’t work nice (honestly, they didn’t work nice even between different Outlook versions…)
    • Corporate VPN apps – Christ, I always was able to get it working eventually, but… why bother

I’m older, maybe lazier, maybe smarter – I don’t like to spend my time resolving problems that don’t give me any value. That’s how I switched to MacOS – for business purposes only. Privately I still prefer Linux.

After the switch I’ve found some differences. Annoying stuff like different behavior of home/end buttons, etc. So right now, on every Mac that I’m working with, I’m making it to work more like Linux desktop. I’ve found those information useful to few my friends too. I decided to publish this because I received too many questions about what to do, how to start?

If you think I’m missing something important or I did something really bad way – please comment, I will updated it.

FAQ

Q: How to make screnshots (full screen/partial/desktop recording)?

A: https://support.apple.com/pl-pl/HT201361

Q: How to change screenshot save localisation?

A: By default screenshots are saved on desktop which will turn into mess quickly. It’s possible to change default save localization for created screenshots: https://discussions.apple.com/docs/DOC-9081

Q: Keyboard and keyboard shortcuts….

A: Polish keyboard layout is terrific, location of tilde and backslash buttons cause both Left Shift and Enter to be really far from normal hands position – in my case it’s causing pain in hands after few hours of use  Another problem is location of Right Alt, it’s hidden deeply under hand during writing so it’s not convenient to write polish letters like ąśłóćź, etc. Maybe it will be possible to remap few keys to make this layout more usable but right now experience is terrific.

This is really big issue. Because on Mac Win/CMD key is used a lot switch to normal keyboard doesn’t help. Use of most common shortcuts really overload my thumbs.

Best solutions I’ve found is Karabiner-Elements. It allow to remap keys (ex. switch right alt/cmd) and you can define different options per device (internal/external keyboard). It’s also very useful to make standard PC keyboards to be mapped like Apple keyboard.

Q: Special function keys do not work from external keyboard (it’s not Mac compatible )

A: I don’t know if it’s possible to configure them. With Karabiner-Elements it’s possible to add support for some of them.

Q: Keyboard shortcuts are totally different than on Windows or Linux

A: Here you could find introduction to most typical shortcuts: https://www.apple.com/support/pages/shortcuts/body.html
No other way – you have to learn them.

Few of my favorites, I use everyday:

  • Cmd + Space – Spotlight search – think about it like ‘Win’ key in Gnome 3, you can start writing app or file name to start/open it
  • Ctrl + Left/Right – switch Desktop on specific screen (full screen apps use “whole desktop” so it’s easy way to see what you have there or start new empty desktop)
  • Ctrl + Up – shows all active windows, desktops, etc. Useful if you’re searching specific window

Q: Problem with bash completion on linux boxes

-bash: warning: setlocale: LC_CTYPE: cannot change locale (UTF-8)
-bash: warning: setlocale: LC_CTYPE: cannot change locale (UTF-8)

A: I solved it by marking option in iTerm2 to always set language system variables.

Q: Bash completion do not work well on Mac, there are no completions for hosts configured in ssh_config or /etc/hosts

A: I initially tried this one: http://davidalger.com/development/bash-completion-on-os-x-with-brew/ – it generally works but only for some common tools, ex, svn requires manual download of:

http://svn.apache.org/repos/asf/subversion/trunk/tools/client-side/bash_completion to /usr/local/etc/bash_completion.d/svn

Right now I thing that Brew makes this even easier, because it’s installing a lot of bash_completion configs.

Q: How to add bash completion for docker?

A: Those two commands will solve problem:

curl -L https://raw.githubusercontent.com/docker/compose/master/contrib/completion/bash/docker-compose -o /usr/local/etc/bash_completion.d/docker-compose
curl -L https://raw.githubusercontent.com/docker/docker-ce/blob/master/components/cli/contrib/completion/bash/docker -o /usr/local/etc/bash_completion.d/docker

Q: SSH agent for key management does not work by default

A: There is a Keychain application installed on MacOS by default, it’s responsible for storing keys and managing access to them. To add ssh key to Keychain you have to run:

ssh-add -K

and provide password to unlock key.

Sadly this works only one time, I have to manually add key to keychain every time I login by:

ssh-add ~/.ssh/id_rsa

Q: How to automatically unlock private SSH keys on login (how to keep SSH private key password in OS X Keychain)?

A: It’s all nice described here: https://apple.stackexchange.com/a/250572

Q: How to write to multiple terminal panes in iTerm2?

A: use cmd + shift + i to write to all panes on all tabs, or cmd + alt + i to write to all panes on current tab only

Q: Blurry fonts on external monitors

A: Fonts on external monitors are really blurry – they’re badly anti-aliased or hinting is bad. I’ve found, that MacOS disable hinting on external monitors. It’s possible to enable it back. Check below and play with it to get what would work for you.

https://www.howtogeek.com/358596/how-to-fix-blurry-fonts-on-macos-mojave-with-subpixel-antialiasing/

Q: Jump word left/right (Ctrl+left/right) shortcut don’t work on console (iTerm2)

A: You have to configure special escape sequences for Alt+left/right, described here: http://apple.stackexchange.com/a/136931

Q: Packages on MacOS are outdated and updates arrive later than on Linux

A: Yes, that’s sad true. When I have Ansible 2.3 on Jenkins server for MacOS only version 2.2 was available. Version 2.3 will arrive but some time later. This is causing problems in compatibility of code (newer features/options on Jenkins cause problems during deployment and I’m not able to test this all on my workstation before real release). Another problem connected to that is that some command line tool on Mac have different switches than on Linux, ex. date –rfc-3339=s is not available, causing scripts to broke on Mac when working on Linux, this also makes testing harder.

MacOS also use quite old version of bash. As a result .bashrc won’t be parsed, you have to put everything to .bash_profile which will slow down starting of each new terminal session (ex. python virtual envs can add significant delay).

Q: End/Home keys behave differently on MacOS

A: Generally you won’t find Home/End keys on typical MacBook keyboad – by default on Mac you have Command + Right keyboard shortcut to mimic End, and Command + Left to mimic Home.

But… by default Home/End will move you to the end of page, not line. If you want this behavior back in most of your apps you could try to change keybinding:

One option is to create ~/Library/KeyBindings/ and save a property list like this as ~/Library/KeyBindings/DefaultKeyBinding.dict:

{
  "\UF729"  = moveToBeginningOfLine:;
  "\UF72B"  = moveToEndOfLine:;
  "$\UF729" = moveToBeginningOfLineAndModifySelection:;
  "$\UF72B" = moveToEndOfLineAndModifySelection:;
}

Quit and reopen applications to apply the changes. Note that DefaultKeyBinding.dict is not supported by some applications like Xcode or Firefox.

https://apple.stackexchange.com/questions/18016/can-i-change-the-behavior-of-the-home-and-end-keys-on-an-apple-keyboard-with-num

Q: I can’t use X forwarding with MacOS ssh client and Linux on second end

A: There’s additional X11 server app that you can install on MacOS (it’s called XQuartz. I tried it for short time but I don’t need it anymore.

Q: I have problems working with terminator on Mac

For example:

  • it’s running as python process but it’s not available in Lunchpad (not easy to switch with Cmd + Tab
  • keyboard shortcuts are different than on Linux, so this is not making switch easier

I’ve found iTerm2, which is “state of the art” terminal for MacOS. It’s popular, well supported and feature complete.

Useful key shortcuts:

  • Cmd + T – new tab
  • Cmd + D – spit vertically
  • Cmd + Shift + D – split horizontally
  • Cmd + Opt + Left/Right/Up/Down – move between shell windows (after split)
  • Cmd + Left/Right – prev/next tab
  • Ctrl + Cmd + Left/Right/Up/Down – change size of windows after split

How to stole ssh session when you’re root

It happen to me all the time that one of developers notifies me about some kind of problem that I can’t confirm from my account. Sometimes it was because of bad ssh keys configuration, other times file permissions, mostly such stuff. It’s sometimes convenient to “enter into someone’s shoes” to see what’s going on there.

If you’re root on machine you may do that like this:

su developer -

Easy one but that’s not enough for all cases. When you use bastion host (or similar solutions) sometimes users have connection problems and it’s harder to check. When such user have ForwardAgent ssh option enabled you may stole this session to check login problems. After you switch to such user, you may wan’t to hide history (it’s optional 😉 ) – disable history like that:

export HISTFILESIZE=0
export HISTSIZE=0
unset HISTFILE

Now you may stole ssh session, but first check if you have your dev is logged on:

$ ls -la /tmp/ | grep ssh
drwx------   2 root     root          4096 Apr 27 20:56 ssh-crYKv29798
drwx------   2 developer developer    4096 Apr 27 18:03 ssh-cVXFo28108

Export SSH_AUTH_SOCK with path to developer’s agent socket:

SSH_AUTH_SOCK=/tmp/ssh-cVXFo28108/agent.28108

Finally you may try to login via ssh as developer and see with his eyes what’s now working.

pip – uninstall package with dependencies

Virtualenvs in python are cheap but from time to time you will install something with pip on your system and when time comes removing all this crap could be difficult. I found this bash snippet that will uninstall package with all dependencies:

for dep in $(pip show python-neutronclient | grep Requires | sed 's/Requires: //g; s/,//g') ; do sudo pip uninstall -y $dep ; done
pip uninstall -y python-neutronclient

Source: http://stackoverflow.com/a/32698209/4828478

Daily MySQL backups with xtrabackup

I’ve been using standard MySQL dumps as backup technique on my VPS for few years. It works fine and backups were usable few times when I needed them. But in other places I’m using xtrabackup. It’s faster when crating backups and a lot faster when restoring them – they’re binary so there is no need to reevaluate all SQL create tables/inserts/etc. Backups also include my.cnf config file so restoring on other machine should be easy.

After I switched from MariaDB to Percona I have Percona repos configured, so I will use latest version of xtrabackup.

apt-get install -y percona-xtrabackup

Prerequisities

xtrabackup requires configured user to be able to make backups. One way is to write user and password in plaintext in ~/.my.cnf. Another is using mysql_config_editor to generate ~/.mylogin.cnf file with encrypted credentials. To be honest I didn’t check what kind of security provides this encryption but it feels better than keeping password in plaintext.

I do not want to create new user for this task – I just used debian-sys-maint user. Check password for this user like this:

grep password /etc/mysql/debian.cnf

Now create encrypted file:

mysql_config_editor set --login-path=client --host=localhost --user=debian-sys-maint --password

Hit enter and copy/paste password. File .mylogin.cnf should be created with binary content. We may check this with:

# mysql_config_editor print 
[client]
user = debian-sys-maint
password = *****
host = localhost

Looks OK.

Backuping

Now backup script. I placed it directly in cron.daily dir ex: /etc/cron.daily/zz-percona-backup with content:

#!/bin/bash
DATE=`date +%F-%H%M%S`
DIR=/backup/xtrabackup
DST=$DIR/${DATE}.tar.xz

# this will produce directories with compresses files
# mkdir -p $DST
# xtrabackup --backup --compress --target-dir=$DST

# this will produce tar.xz archives
xtrabackup --backup --stream=tar | xz -9 > $DST

# delete files older than 30 days
find $DIR -type f -mtime +30 -delete

I prefer to have single archive with backup because I’m transferring those files to my NAS (for security). But for local backups directories are more convenient and faster when restoring. Also tar archives have to be decompressed with -ioption.

Restoring

First time I saw it it scared me a little but after all worked fine and without problems…

service mysql stop
rm -rf /var/lib/mysql
mkdir /var/lib/mysql

Now prepare backup, if you used directory backups it’s easy, ex:

xtrabackup --decompress --target-dir=/backup/xtrabackup/2016-03-14-214233
xtrabackup --prepare --target-dir=/backup/xtrabackup/2016-03-14-214233
xtrabackup  --copy-back --target-dir=/backup/xtrabackup/2016-03-14-214233

But if you used tar archives it’s little more messy… You have to create temporary dir and extract archive there:

mkdir /tmp/restore
tar -xvif /backup/xtrabackup/2016-03-14-214233.tar.xz -C /tmp/restore
xtrabackup --prepare --target-dir=/tmp/restore
xtrabackup  --copy-back --target-dir=/tmp/restore

We have to fix ownership of restored files and db may be started:

chown -R mysql:mysql /var/lib/mysql
service mysql start

If your backup is huge you should reorder commands to shutdown database after backup decompression

Source: https://www.percona.com/doc/percona-xtrabackup/2.3/xtrabackup_bin/xtrabackup_binary.html http://dev.mysql.com/doc/refman/5.7/en/mysql-config-editor.html https://www.percona.com/doc/percona-xtrabackup/2.1/innobackupex/streaming_backups_innobackupex.html