Setting Up A Standalone Storage Server With GlusterFS And Samba On Debian Squeeze - Page 3

Want to support HowtoForge? Become a subscriber!
 
Submitted by shofer (Contact Author) (Forums) on Mon, 2013-01-14 20:29. ::

6 Configuring Samba

In this case, we assume that we have 3 departments.
Every employee has got access to his home directory, and to the public directory in company.
First, we need to install SAMBA
run:

node1/node2

apt-get install samba

Next, we need to configure /etc/samba/smb.conf on both nodes:

node1/node2

cp /etc/samba/smb.conf /etc/samba/smb.conf_orig
cat /dev/null > /etc/samba/smb.conf
vi /etc/samba/smb.conf

[global]
netbios name = CLUSTER

[public]
comment = Public directory
path = /home/public
force user = nobody
force group = nogroup
read only = No
create mask = 0664
directory mask = 0775
guest ok = Yes

[homes]
comment = Home directory %S
valid users = %S
read only = No
create mask = 0700
directory mask = 0700
browseable = No

[Dep_1]
comment = Department 1
path = /home/Dep_1
guest ok = no
browseable = yes
writeable = yes
create mask = 0660
directory mask = 0770
write list = @Dep_1

[Dep_2]
comment = Department 2
path = /home/Dep_2
guest ok = no
browseable = yes
writeable = yes
create mask = 0660
directory mask = 0770
write list = @Dep_2

[Dep_3]
comment = Department 3
path = /home/Dep_3
guest ok = no
browseable = yes
writeable = yes
create mask = 0660
directory mask = 0770
write list = @Dep_3

Create users groups on both nodes:

node1/node2

groupadd Dep_1
groupadd Dep_2
groupadd Dep_3

Create the directories and set privileges (only on node1):

on node1

mkdir /home/public
mkdir /home/Dep_1
mkdir /home/Dep_2
mkdir /home/Dep_3
chmod 0770 /home/Dep_1
chmod 0770 /home/Dep_2
chmod 0770 /home/Dep_3
chown root:Dep_1 /home/Dep_1
chown root:Dep_2 /home/Dep_2
chown root:Dep_3 /home/Dep_3

Make sure, that all is fine...
... run ...

ls -l /home/

... as result, you should se:

drwxrwx--- 2 root Dep_1 4096 12-25 13:50 Dep_1
drwxrwx--- 2 root Dep_2 4096 12-25 13:50 Dep_2
drwxrwx--- 2 root Dep_3 4096 12-25 13:50 Dep_3
drwxrwxrwx 2 root root 4096 12-25 13:50 public

 

7 Custom scripts and settings to make life easier ;)

How many times did You hear "where is my very important file?" Sometimes users remove wrong files of their shares. With samba, we can “avoid” this. At least we can recover that file, if we were using the "recycle" module.

Append following lines into the /etc/samba/smb.conf in global section

node1/node2

vi /etc/samba/smb.conf

[global]
...
#RECYCLE BIN
recycle:repository = /home/TRASH/%u_%I_%S
recycle:keeptree = TRUE
recycle:versions = TRUE
recycle:touch = TRUE
...

And next append following line in section [homes]:

[homes]
...
vfs objects = recycle  
...

Create TRASH directory:

mkdir /home/TRASH

Of course after that we need to restart SAMBA, thats mean We have to login on every one node and run command like:

/etc/init.d/samba restart

It would be easier if We don't need to login twice. We may do that in few simple steps:
First we need to decide which node is more important, let’s say it will be node1.
Next run following command on node1:

on node1

ssh-keygen -t rsa

Command ssh-keygen -t rsa generate two files, one of them contains private key and another contain public key.
Now we have to move public key to the another node, and change filename into "authorized_keys".
Run that command:

cp /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys
scp /root/.ssh/authorized_keys root@node2:~/authorized_keys

and on node2 run following command:

on node2

mkdir /root/.ssh
mv /root/authorised_keys /root/.ssh

That's it, now we may run on node1 following command, and we dont have to enter any passwords:

ssh node2 /etc/init.d/samba restart

 

8 The very last part

To make sure that both nodes could be accessed via SMB, and there are the same users accounts, we need to add Linux and Samba users accounts on both nodes. Of course we don't want to let users login to any node shell. We can do it in that way (run following command):

on node1

Remember, be nice and say hello to every new user.

mkdir /root/skel
touch /root/skel/hello
echo "Hello My Friend" > /root/skel/hello

Next we create a useful script.

touch /root/add_user.sh
chmod 700 /root/add_user.sh
vi /root/add_user.sh

#!/bin/bash
backup_time=`date +%Y.%m.%d_%H:%M`
USER=$1
DEPARTMENT=$2
PASSWORD=$3

#Add Linux user account
/usr/sbin/useradd  -d /home/$DEPARTMENT/$USER -g $DEPARTMENT -G users,$DEPARTMENT -m -k /root/skel -s /bin/false  $USER

#Setup directory permission
chmod 700 /home/$DEPARTMENT/$USER

#Setup SAMBA user - password
echo -ne "$PASSWORD\n$PASSWORD\n" | smbpasswd -s -a $USER

#Make a copy, and move on node2
cp /etc/passwd /root/passwd.copy.$backup_time
cp /etc/group /root/group.copy.$backup_time
tar czvf /root/tdb_$backup_time.tgz /var/lib/samba
ssh node2 /etc/init.d/samba stop
scp /etc/passwd node2:/etc/passwd
scp /etc/group node2:/etc/group
scp -r /var/lib/samba/* node2:/var/lib/samba/
ssh node2 /etc/init.d/samba start

From now, if you want to add next user, just run ...

cd /root
./add_user.sh john Dep_1 john25

 

Let’s make some tests:

On MS Windows client:

Press START -> Run -> and try to get access to \\192.168.20.106

If everything ok, do it on node2: \\192.168.20.107

On both servers you should have access to John’s directory and public directory.
Now try to create a file being logged on node1 //192.168.20.106, next login to node2 //192.168.20.107 and make sure that your new file is there.
After that open again John’s home directory on node1 and remove last created file.
After that login on node1 server via SSH, and run following command...

ls /home/TRASH

... you should see that result ...

john_192.168.20.7_Dep_1

... next run ...

ls /home/TRASH/john_192.168.20.7_Dep_1

... you should see all removed files and directories.

Of course You may want to use CTDB Cluster to manage the Samba, and You probably should.
I didn't use CTDB because I have only two nodes and I want to be able (in feature) to use both servers separately, with no errors (with no connection between them).
Let me know, if You have better option. ;)

 

References


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Murgulet Iulian (not registered) on Wed, 2013-01-30 09:07.
From point of view of Windows clients, the following setup is better(in my oppinion):

- you can use ucarp(http://www.pureftpd.org/project/ucarp): UCARP allows a couple of hosts to share common virtual IP addresses in order to provide automatic failover.

- the 2 servers(one nod is master, and the second is slave/backup) will share a VIP(cluster IP);

- on VIP up or down, ucarp it is capabile to run some scripts(in this case /etc/init.d/samba start on ucarp interface is up, and /etc/init.d/samba stop on ucarp interface is down);

- in  /etc/samba/smb.conf you can declare that the samba can use only localhost and ucarp(VIP) interfecaces;

  In this way, at any time you have only one samba daemon up(it is good for Windows browsing list, and you can use netbios name, \\CLUSTER) on the node where you have VIP(ucarp interface)  up. In case of problemens(on master node, who has ucarp up), ucarp begin to proceed(takeover) to stop samba, move the VIP on second nod, and start the samba (on second node). The takeover process complete in almost 5 seconds.

    The second improvment of this setup if you use ucarp, it is that you can extend the samba functions with: master domain, wins server, and so on. For master domain it is necessary to keep sa same SIDs on both samba(keep the /var/lib/samba on top of glusterfs).  

Have a nice ... cluster with samba, glusterfs and ucarp

 

Submitted by Mihai (not registered) on Wed, 2013-01-30 23:00.

True, i was thinking as you at ucarp. Maybe in addition ... one can use monit to monitor the sambe process (it may happen that the server is up, but samba is no longer responding) and restart the daemon in case it is not responding.

 Nice tutorial!

Submitted by Piotr Opara (not registered) on Wed, 2013-01-30 20:37.
Yes You have right, from the point of view of Windows users it is much easier,  and more comfortable to use only one IP address or hostname like You said. And I'm sure that there is more options to do that, for example - CTDB or Heartbeat. But in my case, I had reason to not use virtual IP. In my real system, nodes of cluster are in different locations, i mean two branches in different ends of city. There are different subnets and nodes are connected together via IPsec VPN. That's the reason, why I didn't use VIP. I schould said it in my article, then it would be clear. Thank's for suggestion to use UCARP. I didn't know that before, so I have to try it :)