These (regrettably short) notes are intended to aid in the creation of Linux-HA/Pacemaker based Samba file servers. Here we are talking about active/passive configurations (i.e. one node running Samba, another node takes over if the first dies). For active/active, you need to use CTDB.
- Configure some shared storage (DRBD, a SAN, whatever) on all nodes in the cluster.
- If the filesystem is going to be mounted on all nodes, you need to use a clustered filesystem such as GFS2 or OCFS2 (in which case, you need to run Pacemaker on top of OpenAIS, not Heartbeat).
- If it's only going to be mounted on one node at a time, any filesystem will do, but something that supports POSIX ACLs might do nicer (for interop via Samba with Windows ACLs).
- Configure a shared/virtual IP address resource.
- Configure Samba identically on all nodes in the cluster (/etc/samba/smb.conf, etc. needs to be the same on all nodes).
- Make sure you set lock directory and private dir to a directory on your shared filesystem, or Bad Things Will Happen.
- Only create Samba shares for directories on your shared filesystem.
- Use the crm shell or GUI to create a Samba resource, using the smb LSB init script.
- You probably also want to do the same for nmb and winbind.
- Configure colocation and ordering constraints such that samba and friends run on the same node as your filesystem and IP address, and start after them.
- Voila! You should now be able to access the samba shares via the virtual IP from client systems.
- If one node fails, another will take over.
Active Directory Integration
- Set netbios name in smb.conf to the name you want your Samba resource to have (make sure it's the same on all nodes).
- On whichever node is currently running the Samba resource, join the AD domain (net ads join, etc. - refer to the Samba documentation for specifics).
- That Samba instance should now be a member of the AD domain, and also be in the DNS (assuming your AD server is your DNS server).
- Edit the DNS on the AD server and remove the node's physical IP address (only the virtual IP should be associated with the name).
This gives your resource a "virtual name" (to use the MSCS term).
Frequently Asked Questions
- Is failover possible without dropping client connections?
- Not with an active/passive configuration. You need to use CTDB and/or the tickle ACK feature in the portblock RA.
- I have configured a cluster as described here and would like to contribute my deployment notes to this extremely helpful documentation effort. How can I do this?
- Talk to tserong, or make some noise on the IRC channel or mailing list.