Cette documentation est le résultat d une R&D personnel, mise a disposition pour information sur les possibilité offerte par un cluster samba serveur de fichiers.

Nous ne garantissons pas son utilisations en production

Configuration de base

cluster samba avec haute disponibilitée

• le disque xvdb sera utilisé par glusterfs

node1

echo "deb http://samba.tranquil.it/jessie64/stable/   ./" > /etc/apt/sources.list.d/tissamba.list
apt-get update
apt-get install glusterfs-server ctdb samba winbind libnss-winbind krb5-user

vi /etc/hosntmane
node1.mondomaine.lan

vi /etc/hosts
192.168.0.20 node1.mondomaine.lan node1

 vi /etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
	address	192.168.0.20
	netmask	255.255.255.0
	gateway	192.168.0.254

auto eth1
iface eth1 inet static
	address	10.0.0.1
	netmask	255.255.255.0

mkfs.ext4 /dev/xvdb
mkdir /gluster
echo "/dev/xvdb      /gluster               ext4    defaults 0       0"  >> /etc/fstab
mount -a
service glusterfs-server start
mkdir /gluster/samba
systemctl disable smbd nmbd winbind
ifup eth1

node2

echo "deb http://samba.tranquil.it/jessie64/stable/   ./" > /etc/apt/sources.list.d/tissamba.list
apt-get update
apt-get install glusterfs-server ctdb samba winbind libnss-winbind krb5-user

vi /etc/hosntmane
node2.mondomaine.lan

vi /etc/hosts
192.168.0.21 node2.mondomaine.lan node2

 vi /etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
	address	192.168.0.21
	netmask	255.255.255.0
	gateway	192.168.0.254

auto eth1
iface eth1 inet static
	address	10.0.0.2
	netmask	255.255.255.0

mkfs.ext4 /dev/xvdb
mkdir /gluster
echo "/dev/xvdb      /gluster               ext4    defaults 0       0"  >> /etc/fstab
mount -a
service glusterfs-server start
mkdir /gluster/samba
systemctl disable smbd nmbd winbind
ifup eth1

Configuration réplication glusterfs

sur node1

gluster peer probe 10.0.0.2
gluster volume create samba replica 2 10.0.0.1:/gluster/samba 10.0.0.2:/gluster/samba/
gluster volume start samba
gluster volume info
gluster peer status
mkdir /samba
echo "10.0.0.1:samba	/samba glusterfs defaults,x-systemd.automount 0 0" >> /etc/fstab
mount -a
ssh-keygen -t rsa -b 2048
ssh-copy-id -i ~/.ssh/id_rsa.pub root@10.0.0.1
ssh-copy-id -i ~/.ssh/id_rsa.pub root@10.0.0.2

sur node2

mkdir /samba
echo "10.0.0.2:samba	/samba glusterfs defaults,x-systemd.automount 0 0" >> /etc/fstab
mount -a
ssh-keygen -t rsa -b 2048
ssh-copy-id -i ~/.ssh/id_rsa.pub root@10.0.0.1
ssh-copy-id -i ~/.ssh/id_rsa.pub root@10.0.0.2

Configuration ctdb

Configuration a mettre sur les 2 nodes

vi /etc/ctdb/ctdb.conf
CTDB_RECOVERY_LOCK=/samba/.lock
CTDB_NODES=/etc/ctdb/nodes
CTDB_PUBLIC_ADDRESSES=/etc/ctdb/public_addresses
CTDB_MANAGES_SAMBA=yes
CTDB_MANAGES_WINBIND=yes
CTDB_LOGGING=file:/var/log/log.ctdb

vi /etc/ctdb/nodes
10.0.0.1
10.0.0.2

vi /etc/ctdb/public_addresses
192.168.0.22/24 eth2
192.168.0.23/24 eth2

Jonction au domaine

• toujour déposer la meme configuration sur les 2 nodes

vi /etc/krb5.conf

[libdefaults]
  dns_lookup_realm = false
  dns_lookup_kdc = true
  default_realm = MONDOMAINE.LAN
  clockskew = 3600

kinit administrator
klist

vi /etc/samba/smb.conf

• bien laisser le même netbios name sur les 2 nodes

[global]
   netbios name = smbcluster
   workgroup = MONDOMAINE
   security = ADS
   realm = MONDOMAINE.LAN
   encrypt passwords = yes
   winbind separator = +
   idmap config *:backend = autorid
   idmap config *:range = 70001-80000
   idmap config MONDOMAINE:backend  = rid
   idmap config MONDOMAINE:range  = 10000-70000
   winbind enum users = yes
   winbind enum groups = yes
   vfs objects = acl_xattr
   map acl inherit = Yes
   store dos attributes = Yes
   winbind trusted domains only = no
   winbind use default domain = yes
   template homedir = /home/homes/%U

   clustering = yes
   idmap backend = tdb2

[partages]
   path = /samba/partages
   read only = no

vi /etc/nsswitch.conf

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat winbind
group:          compat winbind
shadow:         compat winbind

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

Jonction de la machine au domaine

net ads join -U administrator

Il est conseillé de faire un reboot afin de vider les caches du nsswitch.

Affectation des droits d'administration des partages au groupe "domain admins" sur srvfichiers (la commande se fait sur le serveur de fichier, pas le contrôleur de domaine)

net sam rights  grant  "MONDOMAINE\\domain admins" SeDiskOperatorPrivilege

Vérification des droits

net rpc rights list accounts -U Administrator

Création du partage

mkdir /samba/partages
chown administrator:"domain admins" /samba/partages

lancement ctdb

onnode -p all service ctdb start
onnode -q all ctdb ping

ctdb status
ctdb ip
ctdb ping -n all

Sur le serveur AD

Ajouter un champ dns A pour chaque virtual IP vers le netbios name

192.168.0.22   A    smbcluster
192.168.0.23   A    smbcluster

résultat

• depuis un serveur Windows:

\\smbcluster\partages

donne accès au partages

• sur les 2 nodes

smbstatus

doit retourner des informations identiques