Samba

Introduction
These (regrettably short) notes are intended to aid in the creation of Linux-HA/Pacemaker based Samba file servers. Here we are talking about active/passive configurations (i.e. one node running Samba, another node takes over if the first dies). For active/active, you need to use CTDB.

Basic Configuration

 * Configure some shared storage (DRBD, a SAN, whatever) on all nodes in the cluster.
 * If the filesystem is going to be mounted on all nodes, you need to use a clustered filesystem such as GFS2 or OCFS2 (in which case, you need to run Pacemaker on top of OpenAIS, not Heartbeat).
 * If it's only going to be mounted on one node at a time, any filesystem will do, but something that supports POSIX ACLs might do nicer (for interop via Samba with Windows ACLs).
 * Configure a shared/virtual IP address resource.
 * Configure Samba identically on all nodes in the cluster (/etc/samba/smb.conf, etc. needs to be the same on all nodes).
 * Make sure you set lock directory and private dir to a directory on your shared filesystem, or Bad Things Will Happen.
 * Only create Samba shares for directories on your shared filesystem.
 * Use the crm shell or GUI to create a Samba resource, using the smb LSB init script.
 * You probably also want to do the same for nmb and winbind.
 * Configure colocation and ordering constraints such that samba and friends run on the same node as your filesystem and IP address, and start after them.
 * Voila! You should now be able to access the samba shares via the virtual IP from client systems.
 * If one node fails, another will take over.

Active Directory Integration

 * Set netbios name in smb.conf to the name you want your Samba resource to have (make sure it's the same on all nodes).
 * On whichever node is currently running the Samba resource, join the AD domain (net ads join, etc. - refer to the Samba documentation for specifics).
 * That Samba instance should now be a member of the AD domain, and also be in the DNS (assuming your AD server is your DNS server).
 * Edit the DNS on the AD server and remove the node's physical IP address (only the virtual IP should be associated with the name).

This gives your resource a "virtual name" (to use the MSCS term).

Frequently Asked Questions
 Is failover possible without dropping client connections?Not with an active/passive configuration. You need to use CTDB and/or the tickle ACK feature in the portblock RA. I have configured a cluster as described here and would like to contribute my deployment notes to this extremely helpful documentation effort. How can I do this?Talk to tserong, or make some noise on the IRC channel or mailing list. 