Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Linux-HA: Users

HA samba?

 

 

Linux-HA users RSS feed   Index | Next | Previous | View Threaded


sgsax at ksu

Apr 25, 2012, 1:53 PM

Post #1 of 14 (2391 views)
Permalink
HA samba?

Can anybody point me to recent docs on how to go about setting this up?
I've found several much older posts, but not much current with any
kind of helpful detail.

This one has a couple of good tips, but doesn't have much depth:
http://linux-ha.org/wiki/Samba

This one has a lot of detail, but do I really need to use GFS and CTDB
if I just use a common shared FS for both nodes to get locking data from?:
http://techwithjim.blogspot.com/2012/04/high-availability-windows-share-using.html

I should note that I'm using DRBD+LVM for my node shared storage and
also exporting FS shares via NFS (I run heterogeneous systems here with
both Linux and Windows clients, so need both available).

Thanks.
Seth

--
Seth Galitzer
Systems Coordinator
Computing and Information Sciences
Kansas State University
http://www.cis.ksu.edu/~sgsax
sgsax [at] ksu
785-532-7790
_______________________________________________
Linux-HA mailing list
Linux-HA [at] lists
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems


seligman at nevis

Apr 25, 2012, 2:40 PM

Post #2 of 14 (2337 views)
Permalink
Re: HA samba? [In reply to]

On 4/25/12 4:53 PM, Seth Galitzer wrote:
> Can anybody point me to recent docs on how to go about setting this up?
> I've found several much older posts, but not much current with any
> kind of helpful detail.
>
> This one has a couple of good tips, but doesn't have much depth:
> http://linux-ha.org/wiki/Samba
>
> This one has a lot of detail, but do I really need to use GFS and CTDB
> if I just use a common shared FS for both nodes to get locking data from?:
> http://techwithjim.blogspot.com/2012/04/high-availability-windows-share-using.html
>
> I should note that I'm using DRBD+LVM for my node shared storage and
> also exporting FS shares via NFS (I run heterogeneous systems here with
> both Linux and Windows clients, so need both available).

Are you running DRBD+LVM primary-secondary or primary-primary?

If it's the former, I suggest using the configuration described in "Clusters
From Scratch":

<http://www.clusterlabs.org/doc/en-US/Pacemaker/1.1/html/Clusters_from_Scratch/>

the only difference being that instead of running Apache you'd run Samba and
NFS. If you're exporting your filesystems read/write, I think that's the
recommended configuration.

I'm running primary-primary and exporting filesystems via NFS (I'm running Samba
too, but inside a KVM virtual machine exporting its internal filesystem).
However, I'm exporting them read-only.

--
Bill Seligman | Phone: (914) 591-2823
Nevis Labs, Columbia Univ | mailto://seligman [at] nevis
PO Box 137 |
Irvington NY 10533 USA | http://www.nevis.columbia.edu/~seligman/
Attachments: smime.p7s (4.39 KB)


dmaziuk at bmrb

Apr 25, 2012, 3:12 PM

Post #3 of 14 (2329 views)
Permalink
Re: HA samba? [In reply to]

On 04/25/2012 03:53 PM, Seth Galitzer wrote:
> Can anybody point me to recent docs on how to go about setting this up?
> I've found several much older posts, but not much current with any
> kind of helpful detail.

If you're running active/passive DRBD, it's what the wiki page calls
"mounted on one node at a time". That one's simple: use drbdlinks to
keep everything incl. /etc/samba on the drbd filesystem and fire up smbd
and nmbd after drbdlinks -- pretty much like any other daemon backed by
drbd storage.

--
Dimitri Maziuk
Programmer/sysadmin
BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu
Attachments: signature.asc (0.25 KB)


sgsax at ksu

Apr 25, 2012, 3:23 PM

Post #4 of 14 (2339 views)
Permalink
Re: HA samba? [In reply to]

On 04/25/2012 04:40 PM, William Seligman wrote:
> On 4/25/12 4:53 PM, Seth Galitzer wrote:
>> Can anybody point me to recent docs on how to go about setting this up?
>> I've found several much older posts, but not much current with any
>> kind of helpful detail.
>>
>> This one has a couple of good tips, but doesn't have much depth:
>> http://linux-ha.org/wiki/Samba
>>
>> This one has a lot of detail, but do I really need to use GFS and CTDB
>> if I just use a common shared FS for both nodes to get locking data from?:
>> http://techwithjim.blogspot.com/2012/04/high-availability-windows-share-using.html
>>
>> I should note that I'm using DRBD+LVM for my node shared storage and
>> also exporting FS shares via NFS (I run heterogeneous systems here with
>> both Linux and Windows clients, so need both available).
>
> Are you running DRBD+LVM primary-secondary or primary-primary?

This setup is primary/secondary.

>
> If it's the former, I suggest using the configuration described in "Clusters
> From Scratch":
>
> <http://www.clusterlabs.org/doc/en-US/Pacemaker/1.1/html/Clusters_from_Scratch/>
>
> the only difference being that instead of running Apache you'd run Samba and
> NFS. If you're exporting your filesystems read/write, I think that's the
> recommended configuration.

I've read through that multiple times. Very good general documentation.
I guess what I'm looking for is a more specific howto doc with example
configs. I find that personally, that helps me to understand what's
going on better.

>
> I'm running primary-primary and exporting filesystems via NFS (I'm running Samba
> too, but inside a KVM virtual machine exporting its internal filesystem).
> However, I'm exporting them read-only.

So GFS is only really recommended for a primary/primary setup since both
nodes need to write to it at the same time? With my DRBD
primary/secondary setup, other FS (ext4, xfs, etc.) should be fine, correct?

I already have pacemaker with the following resources configured and
working, with appropriate prereqs for each "layer":
ip
drbd
lvm
filesystem
exportfs/nfsd

I guess I view the resources as being "stacked", each one adding a new
layer, depending on the previous one. So what I'm trying to do now is
add the samba layer, which is probably parallel to exportfs/nfsd in this
stack. Adding the resource is simple enough, and it seems to fail over
correctly, but I see that I need to be able to manage samba's locking
database and other administrata for a seamless failover.

I'm also finding that I might have to do something tricky with "net ads
join" for the nodes, as when you register one, it overwrites the IDs on
the other one in the AD. I guess I didn't mention this also needs Active
Directory integration instead of winbind for client authentication, so
that's another wrinkle.

Thanks.
Seth

--
Seth Galitzer
Systems Coordinator
Computing and Information Sciences
Kansas State University
http://www.cis.ksu.edu/~sgsax
sgsax [at] ksu
785-532-7790
_______________________________________________
Linux-HA mailing list
Linux-HA [at] lists
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems


sgsax at ksu

Apr 25, 2012, 3:28 PM

Post #5 of 14 (2336 views)
Permalink
Re: HA samba? [In reply to]

On 04/25/2012 05:12 PM, Dimitri Maziuk wrote:
> On 04/25/2012 03:53 PM, Seth Galitzer wrote:
>> Can anybody point me to recent docs on how to go about setting this up?
>> I've found several much older posts, but not much current with any
>> kind of helpful detail.
>
> If you're running active/passive DRBD, it's what the wiki page calls
> "mounted on one node at a time". That one's simple: use drbdlinks to
> keep everything incl. /etc/samba on the drbd filesystem and fire up smbd
> and nmbd after drbdlinks -- pretty much like any other daemon backed by
> drbd storage.
>

I see how that will get all the locking and user data and that should be
easy enough to configure. But I'm also doing ADS integration instead of
winbind, and that also seems to be a problem as only one node can be
joined to the AD at a time, even with a shared IP. Any suggestions for
that?

Thanks.
Seth

--
Seth Galitzer
Systems Coordinator
Computing and Information Sciences
Kansas State University
http://www.cis.ksu.edu/~sgsax
sgsax [at] ksu
785-532-7790
_______________________________________________
Linux-HA mailing list
Linux-HA [at] lists
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems


sergeyfd at gmail

Apr 25, 2012, 3:38 PM

Post #6 of 14 (2331 views)
Permalink
Re: HA samba? [In reply to]

On Wed, Apr 25, 2012 at 4:28 PM, Seth Galitzer <sgsax [at] ksu> wrote:

> On 04/25/2012 05:12 PM, Dimitri Maziuk wrote:
> > On 04/25/2012 03:53 PM, Seth Galitzer wrote:
> >> Can anybody point me to recent docs on how to go about setting this up?
> >> I've found several much older posts, but not much current with any
> >> kind of helpful detail.
> >
> > If you're running active/passive DRBD, it's what the wiki page calls
> > "mounted on one node at a time". That one's simple: use drbdlinks to
> > keep everything incl. /etc/samba on the drbd filesystem and fire up smbd
> > and nmbd after drbdlinks -- pretty much like any other daemon backed by
> > drbd storage.
> >
>
> I see how that will get all the locking and user data and that should be
> easy enough to configure. But I'm also doing ADS integration instead of
> winbind, and that also seems to be a problem as only one node can be
> joined to the AD at a time, even with a shared IP. Any suggestions for
> that?
>

Currently there is no official RA for smbd and nmbd daemons. You can try to
create one, and include joining domain there into a stat function, though I
don't need why you'd need it because AFAIK "join domain" is a one time
action unless you want to re-register your server in the domain.

So you can try to "anything" RA to control smbd and nmbd daemons, or you
can use LSB samba agent for that.

Also if you want just Samba you probably don't need exportfs and nfsd.


>
> Thanks.
> Seth
>
> --
> Seth Galitzer
> Systems Coordinator
> Computing and Information Sciences
> Kansas State University
> http://www.cis.ksu.edu/~sgsax
> sgsax [at] ksu
> 785-532-7790
> _______________________________________________
> Linux-HA mailing list
> Linux-HA [at] lists
> http://lists.linux-ha.org/mailman/listinfo/linux-ha
> See also: http://linux-ha.org/ReportingProblems
>



--
Serge Dubrouski.
_______________________________________________
Linux-HA mailing list
Linux-HA [at] lists
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems


dmaziuk at bmrb

Apr 25, 2012, 3:44 PM

Post #7 of 14 (2336 views)
Permalink
Re: HA samba? [In reply to]

On 04/25/2012 05:28 PM, Seth Galitzer wrote:

> I see how that will get all the locking and user data and that should be
> easy enough to configure. But I'm also doing ADS integration instead of
> winbind, and that also seems to be a problem as only one node can be
> joined to the AD at a time, even with a shared IP. Any suggestions for
> that?

I've user-level security, samba accounts in OpenLDAP, and no AD, so no
suggestions on that. (To me the howto reads like you need to make sure
you register the cluster ip (not node ip) in AD and then you shouldn't
need to re-join the domain on failover.)

--
Dimitri Maziuk
Programmer/sysadmin
BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu
Attachments: signature.asc (0.25 KB)


andrew at beekhof

Apr 26, 2012, 6:37 PM

Post #8 of 14 (2311 views)
Permalink
Re: HA samba? [In reply to]

On Thu, Apr 26, 2012 at 8:38 AM, Serge Dubrouski <sergeyfd [at] gmail> wrote:
> On Wed, Apr 25, 2012 at 4:28 PM, Seth Galitzer <sgsax [at] ksu> wrote:
>
>> On 04/25/2012 05:12 PM, Dimitri Maziuk wrote:
>> > On 04/25/2012 03:53 PM, Seth Galitzer wrote:
>> >> Can anybody point me to recent docs on how to go about setting this up?
>> >>    I've found several much older posts, but not much current with any
>> >> kind of helpful detail.
>> >
>> > If you're running active/passive DRBD, it's what the wiki page calls
>> > "mounted on one node at a time". That one's simple: use drbdlinks to
>> > keep everything incl. /etc/samba on the drbd filesystem and fire up smbd
>> > and nmbd after drbdlinks -- pretty much like any other daemon backed by
>> > drbd storage.
>> >
>>
>> I see how that will get all the locking and user data and that should be
>> easy enough to configure.  But I'm also doing ADS integration instead of
>> winbind, and that also seems to be a problem as only one node can be
>> joined to the AD at a time, even with a shared IP.  Any suggestions for
>> that?
>>
>
> Currently there is no official RA for smbd and nmbd daemons.

Really? I thought tim had one. He was heavily into samba at one point.

> You can try to
> create one, and include joining domain there into a stat function, though I
> don't need why you'd need it because AFAIK "join domain" is a one time
> action unless you want to re-register your server in the domain.
>
> So you can try to "anything" RA to control smbd and nmbd daemons, or you
> can use LSB samba agent for that.
>
> Also if you want just Samba you probably don't need exportfs and nfsd.
>
>
>>
>> Thanks.
>> Seth
>>
>> --
>> Seth Galitzer
>> Systems Coordinator
>> Computing and Information Sciences
>> Kansas State University
>> http://www.cis.ksu.edu/~sgsax
>> sgsax [at] ksu
>> 785-532-7790
>> _______________________________________________
>> Linux-HA mailing list
>> Linux-HA [at] lists
>> http://lists.linux-ha.org/mailman/listinfo/linux-ha
>> See also: http://linux-ha.org/ReportingProblems
>>
>
>
>
> --
> Serge Dubrouski.
> _______________________________________________
> Linux-HA mailing list
> Linux-HA [at] lists
> http://lists.linux-ha.org/mailman/listinfo/linux-ha
> See also: http://linux-ha.org/ReportingProblems
_______________________________________________
Linux-HA mailing list
Linux-HA [at] lists
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems


tserong at suse

Apr 26, 2012, 8:41 PM

Post #9 of 14 (2323 views)
Permalink
Re: HA samba? [In reply to]

On 04/27/2012 11:37 AM, Andrew Beekhof wrote:
> On Thu, Apr 26, 2012 at 8:38 AM, Serge Dubrouski <sergeyfd [at] gmail> wrote:
>> On Wed, Apr 25, 2012 at 4:28 PM, Seth Galitzer <sgsax [at] ksu> wrote:
>>
>>> On 04/25/2012 05:12 PM, Dimitri Maziuk wrote:
>>>> On 04/25/2012 03:53 PM, Seth Galitzer wrote:
>>>>> Can anybody point me to recent docs on how to go about setting this up?
>>>>> I've found several much older posts, but not much current with any
>>>>> kind of helpful detail.
>>>>
>>>> If you're running active/passive DRBD, it's what the wiki page calls
>>>> "mounted on one node at a time". That one's simple: use drbdlinks to
>>>> keep everything incl. /etc/samba on the drbd filesystem and fire up smbd
>>>> and nmbd after drbdlinks -- pretty much like any other daemon backed by
>>>> drbd storage.
>>>>
>>>
>>> I see how that will get all the locking and user data and that should be
>>> easy enough to configure. But I'm also doing ADS integration instead of
>>> winbind, and that also seems to be a problem as only one node can be
>>> joined to the AD at a time, even with a shared IP. Any suggestions for
>>> that?
>>>
>>
>> Currently there is no official RA for smbd and nmbd daemons.
>
> Really? I thought tim had one. He was heavily into samba at one point.

I wrote the CTDB RA, but not a Samba one. There is a Samba RA which
came from RedHat/rgmanager, which is present in the resource-agents repo
(https://github.com/ClusterLabs/resource-agents), but I haven't tried it
myself.

>> You can try to
>> create one, and include joining domain there into a stat function, though I
>> don't need why you'd need it because AFAIK "join domain" is a one time
>> action unless you want to re-register your server in the domain.

Correct, you wouldn't want to an AD join on resource start. You only
need to do it once, and anyway, if you scripted it, that'd probably mean
having some domain admin password lying around in a config file or
script or something. Yuck.

You should be able to run Samba under Pacemaker using the LSB script.
Provided your smb.conf ensures all the samba state directories (private
dir, lock dir, etc.) is on shared storage (or use drbdlinks), you can
have Pacemaker start Samba, then on the node on which it's running, do
"net ads join". You want to end up with your floating IP address and
"netbios name" added to AD, *not* the physical IP or hostname of one of
the nodes. Your samba instance and floating IP then look like a single
host to the outside world, whichever physical node they're active on.

I realise now I scribbled a little about this at least once before:

http://lists.linux-ha.org/pipermail/linux-ha/2010-March/039876.html

HTH,

Tim
--
Tim Serong
Senior Clustering Engineer
SUSE
tserong [at] suse
_______________________________________________
Linux-HA mailing list
Linux-HA [at] lists
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems


sgsax at ksu

Apr 30, 2012, 3:04 PM

Post #10 of 14 (2269 views)
Permalink
Re: HA samba? [In reply to]

This was a bit trickier to get worked out, but I have made some
progress. It turns out just putting the metadata on a shared disk
resource and symlinking wasn't quite enough. nmbd (the netbios
management daemon that samba uses) complained that the symlink to its
working directory wasn't a real directory. On top of that, you can
specify the path for the nmbd working dir, but only at compile time, not
at run time. To work around this, I added a bind mount for that dir
(/var/run/samba for debian/ubuntu) and now samba will start. It will
even fail over if I put the primary into standby. So there's the progress.

However, a client still can't reconnect to the share once the node has
failed over until I rerun "net ads join" on the secondary (new primary).
I've been running the join command using the dns name for the floating
IP, but maybe that's not good enough. I'll look more deeply into net
tomorrow, and see if I can specify the IP, too.

The other new oddity is that after I've put the primary into standby and
everything has failed over to the secondary, as soon as I bring the
primary back online, the resources try to switch back, i.e. they don't
stay on the secondary (new primary) as expected. Granted, if I setup
STONITH, this shouldn't be an immediate problem, but it still will be
when I go to bring the node back online. I believe this is only the
case with the samba resource enabled, but I'll test this more tomorrow
to make sure.

I'm starting to wonder if samba is practical for failover or not. I
don't really have much choice about using it. Because of my mixed
environment, I need to be able to export nfs and samba shares from this
server. Manual failover is better than what I have now, which is no
redundancy at all. At least I'd be able to get my users back up more
quickly on the cloned node. It just won't be as smooth as I'd like with
automated failover. It still seems like it should be doable, I just
haven't found the proper incantation just yet.

Any further advice is welcome.

Thanks.
Seth

On 04/26/2012 10:41 PM, Tim Serong wrote:
> On 04/27/2012 11:37 AM, Andrew Beekhof wrote:
>> On Thu, Apr 26, 2012 at 8:38 AM, Serge Dubrouski<sergeyfd [at] gmail> wrote:
>>> On Wed, Apr 25, 2012 at 4:28 PM, Seth Galitzer<sgsax [at] ksu> wrote:
>>>
>>>> On 04/25/2012 05:12 PM, Dimitri Maziuk wrote:
>>>>> On 04/25/2012 03:53 PM, Seth Galitzer wrote:
>>>>>> Can anybody point me to recent docs on how to go about setting this up?
>>>>>> I've found several much older posts, but not much current with any
>>>>>> kind of helpful detail.
>>>>>
>>>>> If you're running active/passive DRBD, it's what the wiki page calls
>>>>> "mounted on one node at a time". That one's simple: use drbdlinks to
>>>>> keep everything incl. /etc/samba on the drbd filesystem and fire up smbd
>>>>> and nmbd after drbdlinks -- pretty much like any other daemon backed by
>>>>> drbd storage.
>>>>>
>>>>
>>>> I see how that will get all the locking and user data and that should be
>>>> easy enough to configure. But I'm also doing ADS integration instead of
>>>> winbind, and that also seems to be a problem as only one node can be
>>>> joined to the AD at a time, even with a shared IP. Any suggestions for
>>>> that?
>>>>
>>>
>>> Currently there is no official RA for smbd and nmbd daemons.
>>
>> Really? I thought tim had one. He was heavily into samba at one point.
>
> I wrote the CTDB RA, but not a Samba one. There is a Samba RA which
> came from RedHat/rgmanager, which is present in the resource-agents repo
> (https://github.com/ClusterLabs/resource-agents), but I haven't tried it
> myself.
>
>>> You can try to
>>> create one, and include joining domain there into a stat function, though I
>>> don't need why you'd need it because AFAIK "join domain" is a one time
>>> action unless you want to re-register your server in the domain.
>
> Correct, you wouldn't want to an AD join on resource start. You only
> need to do it once, and anyway, if you scripted it, that'd probably mean
> having some domain admin password lying around in a config file or
> script or something. Yuck.
>
> You should be able to run Samba under Pacemaker using the LSB script.
> Provided your smb.conf ensures all the samba state directories (private
> dir, lock dir, etc.) is on shared storage (or use drbdlinks), you can
> have Pacemaker start Samba, then on the node on which it's running, do
> "net ads join". You want to end up with your floating IP address and
> "netbios name" added to AD, *not* the physical IP or hostname of one of
> the nodes. Your samba instance and floating IP then look like a single
> host to the outside world, whichever physical node they're active on.
>
> I realise now I scribbled a little about this at least once before:
>
> http://lists.linux-ha.org/pipermail/linux-ha/2010-March/039876.html
>
> HTH,
>
> Tim

--
Seth Galitzer
Systems Coordinator
Computing and Information Sciences
Kansas State University
http://www.cis.ksu.edu/~sgsax
sgsax [at] ksu
785-532-7790
_______________________________________________
Linux-HA mailing list
Linux-HA [at] lists
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems


dmaziuk at bmrb

Apr 30, 2012, 3:42 PM

Post #11 of 14 (2277 views)
Permalink
Re: HA samba? [In reply to]

On 04/30/2012 05:04 PM, Seth Galitzer wrote:
> This was a bit trickier to get worked out, but I have made some
> progress. It turns out just putting the metadata on a shared disk
> resource and symlinking wasn't quite enough. nmbd (the netbios
> management daemon that samba uses) complained that the symlink to its
> working directory wasn't a real directory.

Why not use your AD controller (or whatever they call it) to be browse
master and netbios name server?

> The other new oddity is that after I've put the primary into standby and
> everything has failed over to the secondary, as soon as I bring the
> primary back online, the resources try to switch back, i.e. they don't
> stay on the secondary (new primary) as expected.

As I recall clusters from scratch have a paragraph on that. (Basically,
it's configurable, it may be desirable if e.g. you're using a
low-powered back-up node.)

(I can't be more specific because I'm using "R1" configs here, not crm.)

--
Dimitri Maziuk
Programmer/sysadmin
BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu
Attachments: signature.asc (0.25 KB)


tserong at suse

Apr 30, 2012, 6:37 PM

Post #12 of 14 (2276 views)
Permalink
Re: HA samba? [In reply to]

On 05/01/2012 08:04 AM, Seth Galitzer wrote:
> This was a bit trickier to get worked out, but I have made some
> progress. It turns out just putting the metadata on a shared disk
> resource and symlinking wasn't quite enough. nmbd (the netbios
> management daemon that samba uses) complained that the symlink to its
> working directory wasn't a real directory. On top of that, you can
> specify the path for the nmbd working dir, but only at compile time, not
> at run time. To work around this, I added a bind mount for that dir
> (/var/run/samba for debian/ubuntu) and now samba will start. It will
> even fail over if I put the primary into standby. So there's the progress.
>
> However, a client still can't reconnect to the share once the node has
> failed over until I rerun "net ads join" on the secondary (new primary).
> I've been running the join command using the dns name for the floating
> IP, but maybe that's not good enough. I'll look more deeply into net
> tomorrow, and see if I can specify the IP, too.

Have you got "/var/lib/samba" on shared storage (or linked to, or
"private dir" in smb.conf set to some directory on shared storage)?
IIRC when you do "net ads join", various secrets and whatnot are saved
somewhere in that directory. If that's not persistent across failover,
it'd explain what you're seeing.

>
> The other new oddity is that after I've put the primary into standby and
> everything has failed over to the secondary, as soon as I bring the
> primary back online, the resources try to switch back, i.e. they don't
> stay on the secondary (new primary) as expected. Granted, if I setup
> STONITH, this shouldn't be an immediate problem, but it still will be
> when I go to bring the node back online. I believe this is only the
> case with the samba resource enabled, but I'll test this more tomorrow
> to make sure.

Do you have any constraints that make the resources prefer one node?
Also look at resource stickiness.

>
> I'm starting to wonder if samba is practical for failover or not. I
> don't really have much choice about using it. Because of my mixed
> environment, I need to be able to export nfs and samba shares from this
> server. Manual failover is better than what I have now, which is no
> redundancy at all. At least I'd be able to get my users back up more
> quickly on the cloned node. It just won't be as smooth as I'd like with
> automated failover. It still seems like it should be doable, I just
> haven't found the proper incantation just yet.
>
> Any further advice is welcome.

It is (or should be) ultimately possible. I have actually done it
before, just not for rather a while, which is why I'm being a bit vague
(sorry!)

Regards,

Tim


> Thanks.
> Seth
>
> On 04/26/2012 10:41 PM, Tim Serong wrote:
>> On 04/27/2012 11:37 AM, Andrew Beekhof wrote:
>>> On Thu, Apr 26, 2012 at 8:38 AM, Serge Dubrouski<sergeyfd [at] gmail> wrote:
>>>> On Wed, Apr 25, 2012 at 4:28 PM, Seth Galitzer<sgsax [at] ksu> wrote:
>>>>
>>>>> On 04/25/2012 05:12 PM, Dimitri Maziuk wrote:
>>>>>> On 04/25/2012 03:53 PM, Seth Galitzer wrote:
>>>>>>> Can anybody point me to recent docs on how to go about setting this up?
>>>>>>> I've found several much older posts, but not much current with any
>>>>>>> kind of helpful detail.
>>>>>>
>>>>>> If you're running active/passive DRBD, it's what the wiki page calls
>>>>>> "mounted on one node at a time". That one's simple: use drbdlinks to
>>>>>> keep everything incl. /etc/samba on the drbd filesystem and fire up smbd
>>>>>> and nmbd after drbdlinks -- pretty much like any other daemon backed by
>>>>>> drbd storage.
>>>>>>
>>>>>
>>>>> I see how that will get all the locking and user data and that should be
>>>>> easy enough to configure. But I'm also doing ADS integration instead of
>>>>> winbind, and that also seems to be a problem as only one node can be
>>>>> joined to the AD at a time, even with a shared IP. Any suggestions for
>>>>> that?
>>>>>
>>>>
>>>> Currently there is no official RA for smbd and nmbd daemons.
>>>
>>> Really? I thought tim had one. He was heavily into samba at one point.
>>
>> I wrote the CTDB RA, but not a Samba one. There is a Samba RA which
>> came from RedHat/rgmanager, which is present in the resource-agents repo
>> (https://github.com/ClusterLabs/resource-agents), but I haven't tried it
>> myself.
>>
>>>> You can try top
>>>> create one, and include joining domain there into a stat function, though I
>>>> don't need why you'd need it because AFAIK "join domain" is a one time
>>>> action unless you want to re-register your server in the domain.
>>
>> Correct, you wouldn't want to an AD join on resource start. You only
>> need to do it once, and anyway, if you scripted it, that'd probably mean
>> having some domain admin password lying around in a config file or
>> script or something. Yuck.
>>
>> You should be able to run Samba under Pacemaker using the LSB script.
>> Provided your smb.conf ensures all the samba state directories (private
>> dir, lock dir, etc.) is on shared storage (or use drbdlinks), you can
>> have Pacemaker start Samba, then on the node on which it's running, do
>> "net ads join". You want to end up with your floating IP address and
>> "netbios name" added to AD, *not* the physical IP or hostname of one of
>> the nodes. Your samba instance and floating IP then look like a single
>> host to the outside world, whichever physical node they're active on.
>>
>> I realise now I scribbled a little about this at least once before:
>>
>> http://lists.linux-ha.org/pipermail/linux-ha/2010-March/039876.html
>>
>> HTH,
>>
>> Tim
>


--
Tim Serong
Senior Clustering Engineer
SUSE
tserong [at] suse
_______________________________________________
Linux-HA mailing list
Linux-HA [at] lists
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems


sgsax at ksu

May 1, 2012, 9:53 AM

Post #13 of 14 (2287 views)
Permalink
Re: HA samba? [In reply to]

On 04/30/2012 08:37 PM, Tim Serong wrote:
> On 05/01/2012 08:04 AM, Seth Galitzer wrote:
>> This was a bit trickier to get worked out, but I have made some
>> progress. It turns out just putting the metadata on a shared disk
>> resource and symlinking wasn't quite enough. nmbd (the netbios
>> management daemon that samba uses) complained that the symlink to its
>> working directory wasn't a real directory. On top of that, you can
>> specify the path for the nmbd working dir, but only at compile time, not
>> at run time. To work around this, I added a bind mount for that dir
>> (/var/run/samba for debian/ubuntu) and now samba will start. It will
>> even fail over if I put the primary into standby. So there's the progress.
>>
>> However, a client still can't reconnect to the share once the node has
>> failed over until I rerun "net ads join" on the secondary (new primary).
>> I've been running the join command using the dns name for the floating
>> IP, but maybe that's not good enough. I'll look more deeply into net
>> tomorrow, and see if I can specify the IP, too.
>
> Have you got "/var/lib/samba" on shared storage (or linked to, or
> "private dir" in smb.conf set to some directory on shared storage)?
> IIRC when you do "net ads join", various secrets and whatnot are saved
> somewhere in that directory. If that's not persistent across failover,
> it'd explain what you're seeing.

The following dirs are all on shared storage:
/var/cache/samba
/var/lib/samba
/var/log/samba
/var/run/samba

The last is a bind mount, the rest are symlinks. Turns out that in
debian, /var/run is a symlink to /run. In my fs resource for the bind
mount, I indicated /var/run/samba as the target, but for some reason,
the system mounted it at /run/samba instead. This meant that when I
tried to failover the resource, it wouldn't unmount and silently fail.
I changed the resource to use /run/samba as the target and now it fails
over smoothly. Not sure who to blame for this behavior, but I've at
least got it working now.

>
>>
>> The other new oddity is that after I've put the primary into standby and
>> everything has failed over to the secondary, as soon as I bring the
>> primary back online, the resources try to switch back, i.e. they don't
>> stay on the secondary (new primary) as expected. Granted, if I setup
>> STONITH, this shouldn't be an immediate problem, but it still will be
>> when I go to bring the node back online. I believe this is only the
>> case with the samba resource enabled, but I'll test this more tomorrow
>> to make sure.
>
> Do you have any constraints that make the resources prefer one node?
> Also look at resource stickiness.

Thanks for the tip. I set the stickiness on the LVM+fs+samba+exportfs
group to 100 and that seems to have done the trick.

>
>>
>> I'm starting to wonder if samba is practical for failover or not. I
>> don't really have much choice about using it. Because of my mixed
>> environment, I need to be able to export nfs and samba shares from this
>> server. Manual failover is better than what I have now, which is no
>> redundancy at all. At least I'd be able to get my users back up more
>> quickly on the cloned node. It just won't be as smooth as I'd like with
>> automated failover. It still seems like it should be doable, I just
>> haven't found the proper incantation just yet.
>>
>> Any further advice is welcome.
>
> It is (or should be) ultimately possible. I have actually done it
> before, just not for rather a while, which is why I'm being a bit vague
> (sorry!)
>
> Regards,
>
> Tim
>
>

Thanks for the help. I'm still plugging away at it.

Seth

--
Seth Galitzer
Systems Coordinator
Computing and Information Sciences
Kansas State University
http://www.cis.ksu.edu/~sgsax
sgsax [at] ksu
785-532-7790
_______________________________________________
Linux-HA mailing list
Linux-HA [at] lists
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems


sgsax at ksu

May 1, 2012, 9:59 AM

Post #14 of 14 (2261 views)
Permalink
Re: HA samba? [In reply to]

On 04/30/2012 05:42 PM, Dimitri Maziuk wrote:
> On 04/30/2012 05:04 PM, Seth Galitzer wrote:
>> This was a bit trickier to get worked out, but I have made some
>> progress. It turns out just putting the metadata on a shared disk
>> resource and symlinking wasn't quite enough. nmbd (the netbios
>> management daemon that samba uses) complained that the symlink to its
>> working directory wasn't a real directory.
>
> Why not use your AD controller (or whatever they call it) to be browse
> master and netbios name server?

As I understand it, nmbd needs to be running on the samba host so that
it can respond to netbios/cifs queries. I've not yet found a way to
separate the two.

>
>> The other new oddity is that after I've put the primary into standby and
>> everything has failed over to the secondary, as soon as I bring the
>> primary back online, the resources try to switch back, i.e. they don't
>> stay on the secondary (new primary) as expected.
>
> As I recall clusters from scratch have a paragraph on that. (Basically,
> it's configurable, it may be desirable if e.g. you're using a
> low-powered back-up node.)
>
> (I can't be more specific because I'm using "R1" configs here, not crm.)
>
>

Per another post, I was able to resolve this by setting the "resource
stickiness" value for the group.

Thanks.
Seth


--
Seth Galitzer
Systems Coordinator
Computing and Information Sciences
Kansas State University
http://www.cis.ksu.edu/~sgsax
sgsax [at] ksu
785-532-7790
_______________________________________________
Linux-HA mailing list
Linux-HA [at] lists
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems

Linux-HA users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.