How To Build A Standalone File Server With Nexenta 3.0 Beta2 - Page 4

Want to support HowtoForge? Become a subscriber!
 
Submitted by dfed (Contact Author) (Forums) on Tue, 2010-05-04 16:37. ::

5 Samba Services and zfs:

Start the service:

root@server1:/# svcadm enable -r smb/server

If the following warning is issued, you can ignore it:

svcadm: svc:/milestone/network depends on svc:/network/physical, which has multiple instances

Set the workgroup name:

root@server1:/# smbadm join -w SHARING

After joining SHARING the smb service will be restarted automatically.
Would you like to continue? [no]: yes
Successfully joined SHARING

Great. Now we can enable shares for the users. User share rights in this setup are directly related to unix file permission settings. If I share /export/home/newuser then I must connect as newuser because ownership of that directory is newuser:newuser. Let's set up a share. First, the directory we create this share on needs to be empty. If we are sharing the whole of a user's directory (and not a folder in it) we need to move files in the directory out:

root@server1:/# mkdir /opt/tmp/
root@server1:/# mv /export/home/newuser/* /opt/tmp/; mv /export/home/newuser/.* /opt/tmp/

Verify the files all moved:

root@server1:/# ls -lha /export/home/newuser/; ls -lha /opt/tmp/

total 3.0K
drwxr-xr-x 2 newuser newuser 2 Apr 22 15:51 .
drwxr-xr-x 4 root    root    4 Apr 22 15:16 ..
total 9.5K
drwxr-xr-x 2 root    root       8 Apr 22 15:51 .
drwxr-xr-x 3 root    sys        3 Apr 22 15:50 ..
-rw-r--r-- 1 newuser newuser  220 Apr 22 15:16 .bash_logout
-rw-r--r-- 1 newuser newuser 2.9K Apr 22 15:16 .bashrc
-rw-r--r-- 1 newuser newuser  964 Apr 22 15:16 .profile
-rw-r--r-- 1 newuser newuser 1.1K Apr 22 15:16 local.cshrc
-rw-r--r-- 1 newuser newuser  988 Apr 22 15:16 local.login
-rw-r--r-- 1 newuser newuser 1002 Apr 22 15:16 local.profile

Ok, let's create the zpool and share it:

root@server1:/# zfs create -o compression=gzip-9 -o dedup=on -o quota=100g -o casesensitivity=mixed -o nbmand=on -o sharesmb=on pool1/newuser

Let's talk about some of the triggers in that command. The trigger "-o dedup=on" sets deduplication on allowing multiple instances of the same file to only have to exist one time. From a filesystem user perspective you'll not notice this, however it can save a lot of space. The trigger "-o compression=gzip-9" sets the filesystem compression to use the gzip libraries and sets it to maximum compression, or 9. 1 is lowest, 9 is highest. These settings may impact performance on heavy writes to disk. You should consider how fast your disks are and how powerful your processor and ram are before enabling these settings. The trigger "-o quota=100g" sets the user's home directory to grow no more than 100g. This setting is optional, but handy to know.

Move the files back:

mv /opt/tmp/* /export/home/newuser/; mv /opt/tmp/.* /export/home/newuser/

Verify the pool:

root@server1:/# zpool list

NAME      SIZE  ALLOC   FREE    CAP  DEDUP  HEALTH  ALTROOT
pool1    3.97T   239K  3.97T     0%  1.00x  ONLINE  -
syspool   127G  1.31G   126G     1%  1.00x  ONLINE  -

root@server1:/# zfs list

NAME                     USED  AVAIL  REFER  MOUNTPOINT
pool1                    136K  3.91T    31K  /export/home
pool1/newuser             21K  3.91T    21K  /export/home/newuser
syspool                 2.34G   123G    26K  none
syspool/rootfs-nmu-000  1.31G   123G  1007M  legacy
syspool/swap            1.03G   124G    16K  -

Verify the share is up:

root@server1:/# sharemgr show -vp

default nfs=()
zfs
    zfs/pool1/newuser smb=()
          /export/home/newuser
                  pool1_newuser=/export/home/newuser     smb=(abe="false" guestok="false")

Now you should be able to connect to that share from another machine (you'll need to authenticate as the correct user, of course.)

smb://(ip address or host name)/export/home/newuser

Everything is up for Samba. Repeat this process to create users and shares as needed.

 

6 NFS Setup:

This one's pretty easy. If you want an NFS server to share all home directories, do the following:

root@server1:~# zfs set sharenfs=on pool1

It's that easy. If you want to share specific pools, like the one we created for newuser, it would be:

root@server1:~# zfs set sharenfs=on pool1/newuser

Verify the share is up:

root@server1:/# sharemgr show -vp

default nfs=()
zfs
    zfs/pool1 nfs=()
          /export/home

I should point out that the UID and GID of the client connecting should match, otherwise you won't be able to connect/read/write. I am not going to go into how to set up a NIS master server here, as out of the box Nexenta doesn't include the network/nis/server, network/nis/passwd, network/nis/update, network/nis/xfr services. These could be installed as packages from Sun/OpenSolaris but I haven't looked into this yet. As long as the client you're using (whether it's OS X, Services For UNIX on Windows, or Linux) can either translate or match the UID/GID of the user on the server, you won't run into connection problems. I'll look more into this and write a new tutorial for creating a NIS master server and attaching Samba to an Active Directory Domain in the future.


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Aristotle Jones (not registered) on Mon, 2010-08-09 20:57.

This is a great run down of getting a samba and NFS server up and running.  I wish I had this guide when I built mine, could have saved me a LOT of work.  I would like to add that one will run into trouble if they are trying to create a share for multiple users, specifically when using ACL's from windows.

 As the tutorial really only goes over sharing home folders, you would be fine, but if you create one share, available to several users or groups, and they are writing from windows, you are in for trouble without understanding the ACL's

For Owner full access, read to everyone else use this:
(Note: i used chown on the root of the my share first  i.e. chown -R chris /share)

chmod -R A=\

owner@:wACpdDo:d:allow,\

owner@:wACpdDo:f:allow,\

everyone@:rxaARWcs:d:allow,\

everyone@:raARWcs:f:allow \

/share/

Make sure to TEST!
 
For multiple groups / users on a specific folder, and then recursively add the ACL’’s to any child objects:

chmod -R A=\

owner@:full_set:d:allow,\

owner@:full_set:f:allow,\

user:Bob:full_set:d:allow,\

user:Bob:full_set:f:allow,\

everyone@:rxaARWcs:d:allow,\

everyone@:raARWcs:f:allow \

/share/

The above command gives the owner and the user “Bob” full permissions, the everybody else group has read only access. If you want to add a group then just use group: instead of user: at the start.

This gives full access to myself and Bob, but deny’s access to everyone else;

chmod -R A=\

owner@:full_set:d:allow,\

owner@:full_set:f:allow,\

user:chris:full_set:d:allow,\

user:chris:full_set:f:allow,\

user:Bob:full_set:d:allow,\

user:Bob:full_set:f:allow,\

everyone@:full_set:d:deny,\

everyone@:full_set:f:deny \

/share/photos/

 Hope this helps get you going faster.

Submitted by Anonymous (not registered) on Mon, 2011-02-07 11:20.
Remember if you give the full_set to files they are also executable ..... you might not want that on every file ;) especially if you propagate this to every new file in the future.