Seth Galitzer | 25 Apr 22:53 2012

HA samba?

Can anybody point me to recent docs on how to go about setting this up? 
  I've found several much older posts, but not much current with any 
kind of helpful detail.

This one has a couple of good tips, but doesn't have much depth:
http://linux-ha.org/wiki/Samba

This one has a lot of detail, but do I really need to use GFS and CTDB 
if I just use a common shared FS for both nodes to get locking data from?:
http://techwithjim.blogspot.com/2012/04/high-availability-windows-share-using.html

I should note that I'm using DRBD+LVM for my node shared storage and 
also exporting FS shares via NFS (I run heterogeneous systems here with 
both Linux and Windows clients, so need both available).

Thanks.
Seth

--

-- 
Seth Galitzer
Systems Coordinator
Computing and Information Sciences
Kansas State University
http://www.cis.ksu.edu/~sgsax
sgsax <at> ksu.edu
785-532-7790
_______________________________________________
Linux-HA mailing list
Linux-HA <at> lists.linux-ha.org
http://lists.linux-ha.org/mailman/listinfo/linux-ha
(Continue reading)

William Seligman | 25 Apr 23:40 2012

Re: HA samba?

On 4/25/12 4:53 PM, Seth Galitzer wrote:
> Can anybody point me to recent docs on how to go about setting this up? 
>   I've found several much older posts, but not much current with any 
> kind of helpful detail.
> 
> This one has a couple of good tips, but doesn't have much depth:
> http://linux-ha.org/wiki/Samba
> 
> This one has a lot of detail, but do I really need to use GFS and CTDB 
> if I just use a common shared FS for both nodes to get locking data from?:
> http://techwithjim.blogspot.com/2012/04/high-availability-windows-share-using.html
> 
> I should note that I'm using DRBD+LVM for my node shared storage and 
> also exporting FS shares via NFS (I run heterogeneous systems here with 
> both Linux and Windows clients, so need both available).

Are you running DRBD+LVM primary-secondary or primary-primary?

If it's the former, I suggest using the configuration described in "Clusters
From Scratch":

<http://www.clusterlabs.org/doc/en-US/Pacemaker/1.1/html/Clusters_from_Scratch/>

the only difference being that instead of running Apache you'd run Samba and
NFS. If you're exporting your filesystems read/write, I think that's the
recommended configuration.

I'm running primary-primary and exporting filesystems via NFS (I'm running Samba
too, but inside a KVM virtual machine exporting its internal filesystem).
However, I'm exporting them read-only.
(Continue reading)

Seth Galitzer | 26 Apr 00:23 2012

Re: HA samba?

On 04/25/2012 04:40 PM, William Seligman wrote:
> On 4/25/12 4:53 PM, Seth Galitzer wrote:
>> Can anybody point me to recent docs on how to go about setting this up?
>>    I've found several much older posts, but not much current with any
>> kind of helpful detail.
>>
>> This one has a couple of good tips, but doesn't have much depth:
>> http://linux-ha.org/wiki/Samba
>>
>> This one has a lot of detail, but do I really need to use GFS and CTDB
>> if I just use a common shared FS for both nodes to get locking data from?:
>> http://techwithjim.blogspot.com/2012/04/high-availability-windows-share-using.html
>>
>> I should note that I'm using DRBD+LVM for my node shared storage and
>> also exporting FS shares via NFS (I run heterogeneous systems here with
>> both Linux and Windows clients, so need both available).
>
> Are you running DRBD+LVM primary-secondary or primary-primary?

This setup is primary/secondary.

>
> If it's the former, I suggest using the configuration described in "Clusters
>  From Scratch":
>
> <http://www.clusterlabs.org/doc/en-US/Pacemaker/1.1/html/Clusters_from_Scratch/>
>
> the only difference being that instead of running Apache you'd run Samba and
> NFS. If you're exporting your filesystems read/write, I think that's the
> recommended configuration.
(Continue reading)

Dimitri Maziuk | 26 Apr 00:12 2012
Picon

Re: HA samba?

On 04/25/2012 03:53 PM, Seth Galitzer wrote:
> Can anybody point me to recent docs on how to go about setting this up? 
>   I've found several much older posts, but not much current with any 
> kind of helpful detail.

If you're running active/passive DRBD, it's what the wiki page calls
"mounted on one node at a time". That one's simple: use drbdlinks to
keep everything incl. /etc/samba on the drbd filesystem and fire up smbd
and nmbd after drbdlinks -- pretty much like any other daemon backed by
drbd storage.

--

-- 
Dimitri Maziuk
Programmer/sysadmin
BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu

_______________________________________________
Linux-HA mailing list
Linux-HA <at> lists.linux-ha.org
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems
Seth Galitzer | 26 Apr 00:28 2012

Re: HA samba?

On 04/25/2012 05:12 PM, Dimitri Maziuk wrote:
> On 04/25/2012 03:53 PM, Seth Galitzer wrote:
>> Can anybody point me to recent docs on how to go about setting this up?
>>    I've found several much older posts, but not much current with any
>> kind of helpful detail.
>
> If you're running active/passive DRBD, it's what the wiki page calls
> "mounted on one node at a time". That one's simple: use drbdlinks to
> keep everything incl. /etc/samba on the drbd filesystem and fire up smbd
> and nmbd after drbdlinks -- pretty much like any other daemon backed by
> drbd storage.
>

I see how that will get all the locking and user data and that should be 
easy enough to configure.  But I'm also doing ADS integration instead of 
winbind, and that also seems to be a problem as only one node can be 
joined to the AD at a time, even with a shared IP.  Any suggestions for 
that?

Thanks.
Seth

--

-- 
Seth Galitzer
Systems Coordinator
Computing and Information Sciences
Kansas State University
http://www.cis.ksu.edu/~sgsax
sgsax <at> ksu.edu
785-532-7790
(Continue reading)

Serge Dubrouski | 26 Apr 00:38 2012
Picon

Re: HA samba?

On Wed, Apr 25, 2012 at 4:28 PM, Seth Galitzer <sgsax <at> ksu.edu> wrote:

> On 04/25/2012 05:12 PM, Dimitri Maziuk wrote:
> > On 04/25/2012 03:53 PM, Seth Galitzer wrote:
> >> Can anybody point me to recent docs on how to go about setting this up?
> >>    I've found several much older posts, but not much current with any
> >> kind of helpful detail.
> >
> > If you're running active/passive DRBD, it's what the wiki page calls
> > "mounted on one node at a time". That one's simple: use drbdlinks to
> > keep everything incl. /etc/samba on the drbd filesystem and fire up smbd
> > and nmbd after drbdlinks -- pretty much like any other daemon backed by
> > drbd storage.
> >
>
> I see how that will get all the locking and user data and that should be
> easy enough to configure.  But I'm also doing ADS integration instead of
> winbind, and that also seems to be a problem as only one node can be
> joined to the AD at a time, even with a shared IP.  Any suggestions for
> that?
>

Currently there is no official RA for smbd and nmbd daemons. You can try to
create one, and include joining domain there into a stat function, though I
don't need why you'd need it because AFAIK "join domain" is a one time
action unless you want to re-register your server in the domain.

So you can try to "anything" RA to control smbd and nmbd daemons, or you
can use LSB samba agent for that.

(Continue reading)

Andrew Beekhof | 27 Apr 03:37 2012
Picon

Re: HA samba?

On Thu, Apr 26, 2012 at 8:38 AM, Serge Dubrouski <sergeyfd <at> gmail.com> wrote:
> On Wed, Apr 25, 2012 at 4:28 PM, Seth Galitzer <sgsax <at> ksu.edu> wrote:
>
>> On 04/25/2012 05:12 PM, Dimitri Maziuk wrote:
>> > On 04/25/2012 03:53 PM, Seth Galitzer wrote:
>> >> Can anybody point me to recent docs on how to go about setting this up?
>> >>    I've found several much older posts, but not much current with any
>> >> kind of helpful detail.
>> >
>> > If you're running active/passive DRBD, it's what the wiki page calls
>> > "mounted on one node at a time". That one's simple: use drbdlinks to
>> > keep everything incl. /etc/samba on the drbd filesystem and fire up smbd
>> > and nmbd after drbdlinks -- pretty much like any other daemon backed by
>> > drbd storage.
>> >
>>
>> I see how that will get all the locking and user data and that should be
>> easy enough to configure.  But I'm also doing ADS integration instead of
>> winbind, and that also seems to be a problem as only one node can be
>> joined to the AD at a time, even with a shared IP.  Any suggestions for
>> that?
>>
>
> Currently there is no official RA for smbd and nmbd daemons.

Really? I thought tim had one.  He was heavily into samba at one point.

> You can try to
> create one, and include joining domain there into a stat function, though I
> don't need why you'd need it because AFAIK "join domain" is a one time
(Continue reading)

Tim Serong | 27 Apr 05:41 2012

Re: HA samba?

On 04/27/2012 11:37 AM, Andrew Beekhof wrote:
> On Thu, Apr 26, 2012 at 8:38 AM, Serge Dubrouski <sergeyfd <at> gmail.com> wrote:
>> On Wed, Apr 25, 2012 at 4:28 PM, Seth Galitzer <sgsax <at> ksu.edu> wrote:
>>
>>> On 04/25/2012 05:12 PM, Dimitri Maziuk wrote:
>>>> On 04/25/2012 03:53 PM, Seth Galitzer wrote:
>>>>> Can anybody point me to recent docs on how to go about setting this up?
>>>>>    I've found several much older posts, but not much current with any
>>>>> kind of helpful detail.
>>>>
>>>> If you're running active/passive DRBD, it's what the wiki page calls
>>>> "mounted on one node at a time". That one's simple: use drbdlinks to
>>>> keep everything incl. /etc/samba on the drbd filesystem and fire up smbd
>>>> and nmbd after drbdlinks -- pretty much like any other daemon backed by
>>>> drbd storage.
>>>>
>>>
>>> I see how that will get all the locking and user data and that should be
>>> easy enough to configure.  But I'm also doing ADS integration instead of
>>> winbind, and that also seems to be a problem as only one node can be
>>> joined to the AD at a time, even with a shared IP.  Any suggestions for
>>> that?
>>>
>>
>> Currently there is no official RA for smbd and nmbd daemons.
> 
> Really? I thought tim had one.  He was heavily into samba at one point.

I wrote the CTDB RA, but not a Samba one.  There is a Samba RA which
came from RedHat/rgmanager, which is present in the resource-agents repo
(Continue reading)

Seth Galitzer | 1 May 00:04 2012

Re: HA samba?

This was a bit trickier to get worked out, but I have made some 
progress.  It turns out just putting the metadata on a shared disk 
resource and symlinking wasn't quite enough.  nmbd (the netbios 
management daemon that samba uses) complained that the symlink to its 
working directory wasn't a real directory.  On top of that, you can 
specify the path for the nmbd working dir, but only at compile time, not 
at run time.  To work around this, I added a bind mount for that dir 
(/var/run/samba for debian/ubuntu) and now samba will start.  It will 
even fail over if I put the primary into standby.  So there's the progress.

However, a client still can't reconnect to the share once the node has 
failed over until I rerun "net ads join" on the secondary (new primary). 
  I've been running the join command using the dns name for the floating 
IP, but maybe that's not good enough.  I'll look more deeply into net 
tomorrow, and see if I can specify the IP, too.

The other new oddity is that after I've put the primary into standby and 
everything has failed over to the secondary, as soon as I bring the 
primary back online, the resources try to switch back, i.e. they don't 
stay on the secondary (new primary) as expected.  Granted, if I setup 
STONITH, this shouldn't be an immediate problem, but it still will be 
when I go to bring the node back online.  I believe this is only the 
case with the samba resource enabled, but I'll test this more tomorrow 
to make sure.

I'm starting to wonder if samba is practical for failover or not.  I 
don't really have much choice about using it.  Because of my mixed 
environment, I need to be able to export nfs and samba shares from this 
server.  Manual failover is better than what I have now, which is no 
redundancy at all.  At least I'd be able to get my users back up more 
(Continue reading)

Dimitri Maziuk | 1 May 00:42 2012
Picon

Re: HA samba?

On 04/30/2012 05:04 PM, Seth Galitzer wrote:
> This was a bit trickier to get worked out, but I have made some 
> progress.  It turns out just putting the metadata on a shared disk 
> resource and symlinking wasn't quite enough.  nmbd (the netbios 
> management daemon that samba uses) complained that the symlink to its 
> working directory wasn't a real directory.

Why not use your AD controller (or whatever they call it) to be browse
master and netbios name server?

> The other new oddity is that after I've put the primary into standby and 
> everything has failed over to the secondary, as soon as I bring the 
> primary back online, the resources try to switch back, i.e. they don't 
> stay on the secondary (new primary) as expected.

As I recall clusters from scratch have a paragraph on that. (Basically,
it's configurable, it may be desirable if e.g. you're using a
low-powered back-up node.)

(I can't be more specific because I'm using "R1" configs here, not crm.)

--

-- 
Dimitri Maziuk
Programmer/sysadmin
BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu

_______________________________________________
Linux-HA mailing list
(Continue reading)

Seth Galitzer | 1 May 18:59 2012

Re: HA samba?

On 04/30/2012 05:42 PM, Dimitri Maziuk wrote:
> On 04/30/2012 05:04 PM, Seth Galitzer wrote:
>> This was a bit trickier to get worked out, but I have made some
>> progress.  It turns out just putting the metadata on a shared disk
>> resource and symlinking wasn't quite enough.  nmbd (the netbios
>> management daemon that samba uses) complained that the symlink to its
>> working directory wasn't a real directory.
>
> Why not use your AD controller (or whatever they call it) to be browse
> master and netbios name server?

As I understand it, nmbd needs to be running on the samba host so that 
it can respond to netbios/cifs queries.  I've not yet found a way to 
separate the two.

>
>> The other new oddity is that after I've put the primary into standby and
>> everything has failed over to the secondary, as soon as I bring the
>> primary back online, the resources try to switch back, i.e. they don't
>> stay on the secondary (new primary) as expected.
>
> As I recall clusters from scratch have a paragraph on that. (Basically,
> it's configurable, it may be desirable if e.g. you're using a
> low-powered back-up node.)
>
> (I can't be more specific because I'm using "R1" configs here, not crm.)
>
>

Per another post, I was able to resolve this by setting the "resource 
(Continue reading)

Tim Serong | 1 May 03:37 2012

Re: HA samba?

On 05/01/2012 08:04 AM, Seth Galitzer wrote:
> This was a bit trickier to get worked out, but I have made some 
> progress.  It turns out just putting the metadata on a shared disk 
> resource and symlinking wasn't quite enough.  nmbd (the netbios 
> management daemon that samba uses) complained that the symlink to its 
> working directory wasn't a real directory.  On top of that, you can 
> specify the path for the nmbd working dir, but only at compile time, not 
> at run time.  To work around this, I added a bind mount for that dir 
> (/var/run/samba for debian/ubuntu) and now samba will start.  It will 
> even fail over if I put the primary into standby.  So there's the progress.
> 
> However, a client still can't reconnect to the share once the node has 
> failed over until I rerun "net ads join" on the secondary (new primary). 
>   I've been running the join command using the dns name for the floating 
> IP, but maybe that's not good enough.  I'll look more deeply into net 
> tomorrow, and see if I can specify the IP, too.

Have you got "/var/lib/samba" on shared storage (or linked to, or
"private dir" in smb.conf set to some directory on shared storage)?
IIRC when you do "net ads join", various secrets and whatnot are saved
somewhere in that directory.  If that's not persistent across failover,
it'd explain what you're seeing.

> 
> The other new oddity is that after I've put the primary into standby and 
> everything has failed over to the secondary, as soon as I bring the 
> primary back online, the resources try to switch back, i.e. they don't 
> stay on the secondary (new primary) as expected.  Granted, if I setup 
> STONITH, this shouldn't be an immediate problem, but it still will be 
> when I go to bring the node back online.  I believe this is only the 
(Continue reading)

Seth Galitzer | 1 May 18:53 2012

Re: HA samba?

On 04/30/2012 08:37 PM, Tim Serong wrote:
> On 05/01/2012 08:04 AM, Seth Galitzer wrote:
>> This was a bit trickier to get worked out, but I have made some
>> progress.  It turns out just putting the metadata on a shared disk
>> resource and symlinking wasn't quite enough.  nmbd (the netbios
>> management daemon that samba uses) complained that the symlink to its
>> working directory wasn't a real directory.  On top of that, you can
>> specify the path for the nmbd working dir, but only at compile time, not
>> at run time.  To work around this, I added a bind mount for that dir
>> (/var/run/samba for debian/ubuntu) and now samba will start.  It will
>> even fail over if I put the primary into standby.  So there's the progress.
>>
>> However, a client still can't reconnect to the share once the node has
>> failed over until I rerun "net ads join" on the secondary (new primary).
>>    I've been running the join command using the dns name for the floating
>> IP, but maybe that's not good enough.  I'll look more deeply into net
>> tomorrow, and see if I can specify the IP, too.
>
> Have you got "/var/lib/samba" on shared storage (or linked to, or
> "private dir" in smb.conf set to some directory on shared storage)?
> IIRC when you do "net ads join", various secrets and whatnot are saved
> somewhere in that directory.  If that's not persistent across failover,
> it'd explain what you're seeing.

The following dirs are all on shared storage:
/var/cache/samba
/var/lib/samba
/var/log/samba
/var/run/samba

(Continue reading)

Ulrich Windl | 27 Apr 08:29 2012
Picon

Antw: Re: HA samba?

>>> Andrew Beekhof <andrew <at> beekhof.net> schrieb am 27.04.2012 um 03:37 in Nachricht
<CAEDLWG0eas2g9nnOYbLuszNHNq7TCYvX4vfrFT0op485qV4WdA <at> mail.gmail.com>:
> On Thu, Apr 26, 2012 at 8:38 AM, Serge Dubrouski <sergeyfd <at> gmail.com> wrote:
> > On Wed, Apr 25, 2012 at 4:28 PM, Seth Galitzer <sgsax <at> ksu.edu> wrote:
> >
> >> On 04/25/2012 05:12 PM, Dimitri Maziuk wrote:
> >> > On 04/25/2012 03:53 PM, Seth Galitzer wrote:
> >> >> Can anybody point me to recent docs on how to go about setting this up?
> >> >>    I've found several much older posts, but not much current with any
> >> >> kind of helpful detail.
> >> >
> >> > If you're running active/passive DRBD, it's what the wiki page calls
> >> > "mounted on one node at a time". That one's simple: use drbdlinks to
> >> > keep everything incl. /etc/samba on the drbd filesystem and fire up smbd
> >> > and nmbd after drbdlinks -- pretty much like any other daemon backed by
> >> > drbd storage.
> >> >
> >>
> >> I see how that will get all the locking and user data and that should be
> >> easy enough to configure.  But I'm also doing ADS integration instead of
> >> winbind, and that also seems to be a problem as only one node can be
> >> joined to the AD at a time, even with a shared IP.  Any suggestions for
> >> that?
> >>
> >
> > Currently there is no official RA for smbd and nmbd daemons.
> 
> Really? I thought tim had one.  He was heavily into samba at one point.

Hi!
(Continue reading)

Seth Galitzer | 1 May 18:55 2012

Re: Antw: Re: HA samba?

On 04/27/2012 01:29 AM, Ulrich Windl wrote:
>>>> Andrew Beekhof<andrew <at> beekhof.net>  schrieb am 27.04.2012 um 03:37 in Nachricht
> <CAEDLWG0eas2g9nnOYbLuszNHNq7TCYvX4vfrFT0op485qV4WdA <at> mail.gmail.com>:
>> On Thu, Apr 26, 2012 at 8:38 AM, Serge Dubrouski<sergeyfd <at> gmail.com>  wrote:
>>> On Wed, Apr 25, 2012 at 4:28 PM, Seth Galitzer<sgsax <at> ksu.edu>  wrote:
>>>
>>>> On 04/25/2012 05:12 PM, Dimitri Maziuk wrote:
>>>>> On 04/25/2012 03:53 PM, Seth Galitzer wrote:
>>>>>> Can anybody point me to recent docs on how to go about setting this up?
>>>>>>     I've found several much older posts, but not much current with any
>>>>>> kind of helpful detail.
>>>>>
>>>>> If you're running active/passive DRBD, it's what the wiki page calls
>>>>> "mounted on one node at a time". That one's simple: use drbdlinks to
>>>>> keep everything incl. /etc/samba on the drbd filesystem and fire up smbd
>>>>> and nmbd after drbdlinks -- pretty much like any other daemon backed by
>>>>> drbd storage.
>>>>>
>>>>
>>>> I see how that will get all the locking and user data and that should be
>>>> easy enough to configure.  But I'm also doing ADS integration instead of
>>>> winbind, and that also seems to be a problem as only one node can be
>>>> joined to the AD at a time, even with a shared IP.  Any suggestions for
>>>> that?
>>>>
>>>
>>> Currently there is no official RA for smbd and nmbd daemons.
>>
>> Really? I thought tim had one.  He was heavily into samba at one point.
>
(Continue reading)

Dimitri Maziuk | 26 Apr 00:44 2012
Picon

Re: HA samba?

On 04/25/2012 05:28 PM, Seth Galitzer wrote:

> I see how that will get all the locking and user data and that should be 
> easy enough to configure.  But I'm also doing ADS integration instead of 
> winbind, and that also seems to be a problem as only one node can be 
> joined to the AD at a time, even with a shared IP.  Any suggestions for 
> that?

I've user-level security, samba accounts in OpenLDAP, and no AD, so no
suggestions on that. (To me the howto reads like you need to make sure
you register the cluster ip (not node ip) in AD and then you shouldn't
need to re-join the domain on failover.)

--

-- 
Dimitri Maziuk
Programmer/sysadmin
BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu

_______________________________________________
Linux-HA mailing list
Linux-HA <at> lists.linux-ha.org
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems

Gmane