21.8.14
19.8.14
complicated shadows
coincidence - confusion - family
today a vivid flashback
Patio de la Casa Cuartel de Conde Duque, Madrid. 13 July, 1996
today a vivid flashback
Patio de la Casa Cuartel de Conde Duque, Madrid. 13 July, 1996
17.8.14
romería sin romero
polop de la marina 16 agosto 2014 - 27º - storm threatening
Never done this in a happy state of mind. But made a bad start. Couldn't find any romero. I wanted my own romero. Anyway, sin romero, we set off at a fast pace following no fewer than 6 bands with people interspersed looking decidedly hot; mainly girls in heavy dresses. The pace slowed as we hit the slopes via Plaza Purisima. You have to go back to where you started. And carry romero on a stick. It says it in the rules. So with superstition not on our side, we finally made the 3 hour round trip, spared a thought for the musicians blowing and tapping in the humidity and got back to where we started.
Never done this in a happy state of mind. But made a bad start. Couldn't find any romero. I wanted my own romero. Anyway, sin romero, we set off at a fast pace following no fewer than 6 bands with people interspersed looking decidedly hot; mainly girls in heavy dresses. The pace slowed as we hit the slopes via Plaza Purisima. You have to go back to where you started. And carry romero on a stick. It says it in the rules. So with superstition not on our side, we finally made the 3 hour round trip, spared a thought for the musicians blowing and tapping in the humidity and got back to where we started.
16.8.14
iTunes sync
tolerance quiz
Read the following passage concerning iPad skills. Then answer the simple questions which follow.
A. It hasn't gone into music.
B. What?
A. I can't get it into music.
B. Why not?
A. It says to sign in.
B. Well sign in then.
A. It won't let me.
B. Why?
A. It says try again. I do it and it doesn't let me.
B. How many times have you tried?
A. All day. It says I have to wait 8 hours.
B. Let me have a go.
(pause, keyboard activity)
What was the name of your first pet?
A. What pet?
B. Your first pet. What was its name?
A. I didn't have one.
(pause) Hang on, my Mother had a cat.
B. OK then. What was the cat's name?
A. She called it Busby.
B. No, that's not it.
A. What do you mean it's not it?
B. That's not the name of your first pet. It's not what the iPad thinks it is anyway.
(pause, keyboard activity)
What's your Mother's maiden name?
A. Allen. Why?
(pause, keyboard activity)
B. Is that, A L L A N?
A. I think so.
B. Nope. That's not it either.
A. Yes it is.
B. It's not what the iPad thinks it is.
A. What are you doing?
B. Getting the song onto the iPad.
A. Why? I just want it in music.
B. That's what I'm doing.
A. Why is it asking my pet's name?
B. Are you sure it was Allen?
(pause)
OK. Look, do you have another e-mail address?
A. Yes.
B. What is is?
A. mary@yahoo.co.uk
B. No, not that one. A different one.
A. I used to have one, but I can't remember it.
B. OK.
(long pause, keyboard activity)
OK. What was the name of your first pet?
A. I didn't have a pet.
B. What about the cat?
A. Busby.
B. Perfect. Now, what is your Mother's maiden name? Allen with an E?
A Yes.
B. Perfect.
(long pause)
OK then. I've changed your password to Creamtea42
A. I'll never remember that.
B. Right. It says that this iTunes account is not valid on this iPad
A. What's iTunes account?
B. It's what I need to get the song onto the iPad.
A. I just want it in music.
B. OK. Look, what do you do when you buy a song?
A. Marie does it.
B. So you've never bought a song.
A. No. Marie does it. She got me that Michael Jackson.
B. OK. Can you call her and ask her for her password? Tell her she can change it afterwards.
A. She says what password are you talking about.
B. (long pause, taking the 'phone)
No, no. Not that one. Your iTunes password. You can always change it afterwards.
(pause)
She can't remember it.
Questions
- Estimate a time scale for the above events.
- Who set up the iPad in the first instance?
- Using your answer to (2) above, or otherwise give:
a. The person to whom we should attribute pet ownership.
b. The person referred to when asked for maiden name.
c. The relationship between character A and Marie.
d. A possible identity for character B.
Your score:
0-30%, mostly D's: You are good at relationships
30-60%, mostly F's etc. etc.
14.8.14
ubuntu cluster with sssd
winbind is not necessary for ctdb to function correctly. We can leave it sitting there but it does not need to be used for PAM nor nss. So, let's convert our ctdb cluster with winbind to our ctdb cluster with SSSD. The cluster we are converting is this one.
**EDIT: Now with startup script automation. Here are the relevant changes:
- install ubuntu ctdb and sssd
Edit and create the following files:
/usr/local/samba/etc/smb.conf
[global]
workgroup = ALTEA
realm = ALTEA.SITE
security = ADS
kerberos method = secrets and keytab
netbios name = SMBCLUSTER
clustering = Yes
ctdbd socket = /var/lib/run/ctdb/ctdbd.socket
pid dirctory = /var/run/samba
[users]
path = /cluster/users
read only = No
[profiles]
path = /cluster/profiles
read only = No
ln -s /usr/local/samba/etc/smb.conf /etc/samba
mkdir -p /var/lib/samba
/etc/init/samba.conf
description "SMB/CIFS File and Active Directory Server"
author "Jelmer Vernooij <jelmer@ubuntu.com>"
start on (local-filesystems and net-device-up)
stop on runlevel [!2345]
expect fork
normal exit 0
pre-start script
[ -r /etc/default/samba4 ] && . /etc/default/samba4
install -o root -g root -m 755 -d /var/run/samba
install -o root -g root -m 755 -d /var/log/samba
end script
exec samba -D
disable it:
echo manual | sudo tee /etc/init/samba.override
/etc/init.d/samba
#!/bin/sh
### BEGIN INIT INFO
# Provides: samba
# Required-Start: $network $local_fs $remote_fs
# Required-Stop: $network $local_fs $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Should-Start: slapd
# Should-Stop: slapd
# Short-Description: start Samba daemons (nmbd and smbd)
### END INIT INFO
# Description of this script:
#
# This script comes initially from a Debian Squeeze machine on
# which samba 3.x was installed with "apt-get install samba". The script
# was modified/adjusted so it points to the correct paths of a default
# samba4 installation (/usr/local/samba).
#
# Installation instructions:
# (1) copy the content of this script into your clipboard or download it
# (2) save the content into /etc/init.d/samba of your samba4 host.
# (3) execute "chmod +x /etc/init.d/samba" to have the script executable
# (4) execute "update-rc.d samba defaults" to install auto-start function.
# smbd+nmbd will automatically being started after earch system start/reboot
#
# Modified by local@#samba~irc.freenode.net at 06th March 2013
# The script was successfully tested on Debian GNU/Linux Squeeze+Wheezy
# Defaults
RUN_MODE="daemons"
# Reads config file (will override defaults above)
[ -r /etc/default/samba ] && . /etc/default/samba
PIDDIR=/var/run/samba
NMBDPID=$PIDDIR/nmbd.pid
SMBDPID=$PIDDIR/smbd.pid
# clear conflicting settings from the environment
unset TMPDIR
# See if the daemons are there
test -x /usr/local/samba/sbin/nmbd -a -x /usr/local/samba/sbin/smbd || exit 0
. /lib/lsb/init-functions
case "$1" in
start)
log_daemon_msg "Starting Samba daemons"
# Make sure we have our PIDDIR, even if it's on a tmpfs
install -o root -g root -m 755 -d $PIDDIR
NMBD_DISABLED=`testparm -s --parameter-name='disable netbios' 2>/dev/null`
if [ "$NMBD_DISABLED" != 'Yes' ]; then
log_progress_msg "nmbd"
if ! start-stop-daemon --start --quiet --oknodo --exec /usr/local/samba/sbin/nmbd -- -D
then
log_end_msg 1
exit 1
fi
fi
if [ "$RUN_MODE" != "inetd" ]; then
log_progress_msg "smbd"
if ! start-stop-daemon --start --quiet --oknodo --exec /usr/local/samba/sbin/smbd -- -D; then
log_end_msg 1
exit 1
fi
fi
log_end_msg 0
;;
stop)
log_daemon_msg "Stopping Samba daemons"
log_progress_msg "nmbd"
start-stop-daemon --stop --quiet --pidfile $NMBDPID
# Wait a little and remove stale PID file
sleep 1
if [ -f $NMBDPID ] && ! ps h `cat $NMBDPID` > /dev/null
then
# Stale PID file (nmbd was succesfully stopped),
# remove it (should be removed by nmbd itself IMHO.)
rm -f $NMBDPID
fi
if [ "$RUN_MODE" != "inetd" ]; then
log_progress_msg "smbd"
start-stop-daemon --stop --quiet --pidfile $SMBDPID
# Wait a little and remove stale PID file
sleep 1
if [ -f $SMBDPID ] && ! ps h `cat $SMBDPID` > /dev/null
then
# Stale PID file (nmbd was succesfully stopped),
# remove it (should be removed by smbd itself IMHO.)
rm -f $SMBDPID
fi
fi
log_end_msg 0
;;
reload)
log_daemon_msg "Reloading /usr/local/samba/etc/smb.conf" "smbd only"
start-stop-daemon --stop --signal HUP --pidfile $SMBDPID
log_end_msg 0
;;
restart|force-reload)
$0 stop
sleep 1
$0 start
;;
status)
status="0"
NMBD_DISABLED=`testparm -s --parameter-name='disable netbios' 2>/dev/null`
if [ "$NMBD_DISABLED" != "Yes" ]; then
status_of_proc -p $NMBDPID /usr/local/samba/sbin/nmbd nmbd || status=$?
fi
if [ "$RUN_MODE" != "inetd" ]; then
status_of_proc -p $SMBDPID /usr/local/samba/sbin/smbd smbd || status=$?
fi
if [ "$NMBD_DISABLED" = "Yes" -a "$RUN_MODE" = "inetd" ]; then
status="4"
fi
exit $status
;;
*)
echo "Usage: /etc/init.d/samba {start|stop|reload|restart|force-reload|status}"
exit 1
;;
esac
[sssd]
services = nss, pam
config_file_version = 2
domains = altea.site
[nss]
[pam]
[domain/altea.site]
ad_hostname = smbcluster.altea.site
ad_domain = altea.site
id_provider = ad
access_provider = ad
auth_provider = ad
ldap_id_mapping = false
/etc/default/ctdb
CTDB_NODES=/etc/ctdb/nodes
CTDB_PUBLIC_ADDRESSES=/etc/ctdb/public_addresses
CTDB_MANAGES_SAMBA=yes
CTDB_SYSLOG=yes
CTDB_DEBUGLEVEL=NOTICE
CTDB_SERVICE_SMB=samba
/etc/ctdb/events.d/50.samba
#!/bin/sh
# ctdb event script for Samba
[ -n "$CTDB_BASE" ] || \
export CTDB_BASE=$(cd -P $(dirname "$0") ; dirname "$PWD")
. $CTDB_BASE/functions
detect_init_style
case $CTDB_INIT_STYLE in
suse)
CTDB_SERVICE_SMB=${CTDB_SERVICE_SMB:-smb}
CTDB_SERVICE_NMB=${CTDB_SERVICE_NMB:-nmb}
;;
debian)
CTDB_SERVICE_SMB=${CTDB_SERVICE_SMB:-samba}
CTDB_SERVICE_NMB=${CTDB_SERVICE_NMB:-""}
;;
*)
# Use redhat style as default:
CTDB_SERVICE_SMB=${CTDB_SERVICE_SMB:-smb}
CTDB_SERVICE_NMB=${CTDB_SERVICE_NMB:-""}
;;
esac
service_name="samba"
loadconfig
ctdb_setup_service_state_dir
service_start ()
{
# make sure samba is not already started
service "$CTDB_SERVICE_SMB" stop > /dev/null 2>&1
if [ -n "$CTDB_SERVICE_NMB" ] ; then
service "$CTDB_SERVICE_NMB" stop > /dev/null 2>&1
fi
killall -0 -q smbd && {
sleep 1
# make absolutely sure samba is dead
killall -q -9 smbd
}
killall -0 -q nmbd && {
sleep 1
# make absolutely sure samba is dead
killall -q -9 nmbd
}
# start Samba service. Start it reniced, as under very heavy load
# the number of smbd processes will mean that it leaves few cycles
# for anything else
net serverid wipe
if [ -n "$CTDB_SERVICE_NMB" ] ; then
nice_service "$CTDB_SERVICE_NMB" start || die "Failed to start nmbd"
fi
service "$CTDB_SERVICE_SMB" start || die "Failed to start samba"
}
service_stop ()
{
service "$CTDB_SERVICE_SMB" stop
if [ -n "$CTDB_SERVICE_NMB" ] ; then
service "$CTDB_SERVICE_NMB" stop
fi
}
######################################################################
# Show the testparm output using a cached smb.conf to avoid delays due
# to registry access.
smbconf_cache="$service_state_dir/smb.conf.cache"
testparm_foreground_update ()
{
_timeout="$1"
if ! _out=$(timeout $_timeout testparm -v -s 2>/dev/null) ; then
if [ -f "$smbconf_cache" ] ; then
echo "WARNING: smb.conf cache update failed - using old cache file"
return 1
else
die "ERROR: smb.conf cache create failed"
fi
fi
_tmpfile="${smbconf_cache}.$$"
# Patterns to exclude...
pat='^[[:space:]]+(registry[[:space:]]+shares|include|copy|winbind[[:space:]]+separator)[[:space:]]+='
echo "$_out" | grep -Ev "$pat" >"$_tmpfile"
mv "$_tmpfile" "$smbconf_cache" # atomic
return 0
}
testparm_background_update ()
{
_timeout="$1"
testparm_foreground_update $_timeout >/dev/null 2>&1 </dev/null &
}
testparm_cat ()
{
testparm -s "$smbconf_cache" "$@" 2>/dev/null
}
list_samba_shares ()
{
testparm_cat |
sed -n -e 's@^[[:space:]]*path[[:space:]]*=[[:space:]]@@p' |
sed -e 's/"//g'
}
list_samba_ports ()
{
testparm_cat --parameter-name="smb ports" |
sed -e 's@,@ @g'
}
###########################
ctdb_start_stop_service
is_ctdb_managed_service || exit 0
###########################
case "$1" in
startup)
ctdb_service_start
;;
shutdown)
ctdb_service_stop
;;
monitor)
testparm_foreground_update 10
ret=$?
smb_ports="$CTDB_SAMBA_CHECK_PORTS"
if [ -z "$smb_ports" ] ; then
smb_ports=$(list_samba_ports)
[ -n "$smb_ports" ] || die "Failed to set smb ports"
fi
ctdb_check_tcp_ports $smb_ports || exit $?
if [ "$CTDB_SAMBA_SKIP_SHARE_CHECK" != "yes" ] ; then
list_samba_shares | ctdb_check_directories || exit $?
fi
if [ $ret -ne 0 ] ; then
testparm_background_update 10
fi
;;
*)
ctdb_standard_event_handler "$@"
;;
esac
exit 0
**EDIT: The original post with ctdb built from source follows:
So, on both nodes.
1. Remove the winbind lines from the PAM stack at /etc/pam.d
2. Install sssd
sudo apt-get install sssd
sudo pam-auth-update
choose sssd
3. Create /etc/sssd/sssd.conf
[sssd]
services = nss, pam
config_file_version = 2
domains = altea.site
[nss]
[pam]
[domain/altea.site]
ad_hostname = smbcluster.altea.site
ad_domain = altea.site
id_provider = ad
access_provider = ad
auth_provider = ad
ldap_id_mapping = false
4. minimise smb.conf
/usr/local/samba/etc/smb.conf[global]
workgroup = ALTEA
realm = ALTEA.SITE
security = ADS
kerberos method = secrets and keytab
netbios name = SMBCLUSTER
clustering = Yes
ctdbd socket = /usr/local/var/run/ctdb/ctdbd.socket
[users]
path = /cluster/users
read only = No
[profiles]
path = /cluster/profiles
read only = No
[shared]
path = /cluster/shared
force create mode = 0770
read only = No
5. create the keytab
remove any old /etc/krb5.keytab
then:
net ads keytab create -UAdministrator
6. edit the kerberos method line in smb.conf
kerberos method = secrets only
7. substitute sss for winbind in /etc/nsswitch.conf
passwd: files sss
group: files sss
7. Create a start-up script (don't laugh)
#!/bin/bash
#!/bin/bash
case $1 in
start)
echo tearing down apparmor
sudo service apparmor stop
sudo service apparmor teardown
echo startng sssd
sudo rm /var/lib/sss/db/*
sudo service sssd restart
ps aux|grep sssd
echo starting cluster node 1
echo mounting the cluster partition
sudo drbdadm primary r0
mount /dev/drbd1 /cluster
echo loading ctdbd
sudo ctdbd --dbdir=/usr/local/var/lib/ctdb --dbdir-persistent=/usr/local/var/lib/ctdb/persistent --event-script-dir=/usr/local/etc/ctdb/events.d --public-addresses=/usr/local/etc/ctdb/public_addresses --socket=/usr/local/var/run/ctdb/ctdbd.socket --logfile=/var/log/syslog
echo sleeping
sleep 2
echo starting smbd
sudo smbd
sleep 1
echo starting winbindd
sudo winbindd
echo waiting for cluster, tailing log:
sudo tail -f /var/log/syslog
;;
stop)
echo stopping cluster
sudo umount /cluster
sudo killall ctdbd smbd winbindd
sudo service sssd stop
ps aux|grep ctdbd
ps aux|grep smbd
ps aux|grep winbindd
ps aux|grep winbindd
echo "done"
;;
esac
8. bring it on
** EDIT: now it's just: sudo service ctdb start
** EDIT: now it's just: sudo service ctdb start
sudo ./ctdbcluster start
node 1 |
a Lubuntu client |
13.8.14
ubuntu samba4 cluster: CTDB ocfs2 DRBD
Mr. Shuttleworth and the packagers at Ubuntu do a great job, but clustering is not one of them. Their samba packages are not built with cluster support and their ctdb is broken. To make matters even worse, the latest samba4 comes without winbind AD support. If that hasn't put you off yet, you then find out that the ctdb source doesn't use standard locations for its directories. Open Source at its very best.
conclusion
On Ubuntu, clustering means build it yourself. It can be done and when it's up, it's bulletproof. So, here goes. Breathe deeply and. . .
reference
This guide is an ubuntuified version of our openSUSE cluster post. If you think it's missing here, it'll be there instead.
hardware
Each node needs a minimum of 2 physical network interface cards, one for the cluster traffic between the nodes and the other that goes out to the domain. Here, we use 2 real cards and a virtual bond for the third.
for domain: altea.site
DC: palmera, 192.168.1.132
DNS: palmera, bind9_dlz master for altea.site forwarding 192.168.1.1
node 1: uc1 192.168.1.82, 192.168.1.80, 192.168.1.81 and 192.168.0.10
node 2: uc2 192.168.1.83, 192.168.1.80, 192.168.1.81 and 192.168.0.11
gateway: 192.168.1.1
eth0: domain traffic. nic is disabled
eth1: cluster traffic, no route out
bond0: domain and local traffic bound to eth0
cluster disk
You will need a second disk drive for your cluster data. We have a spare disk installed on each of the nodes which is recognised by fdisk as /dev/sdb. We have partitioned it as /dev/sdb1. We have used sdb1 as the shared storage. Under DRBD the cluster device becomes /dev/drbd1. /dev/drbd1 is formatted with ocfs2. We have drbd primary:primary with both nodes up and mounted.
DNS
Get this right and the rest is easy.
/etc/hosts
127.0.0.1 localhost
192.168.0.10 uc1
192.168.0.11 uc2
If you know the ifup syntax for bonding and you want to mount the cluster partition on boot:
sudo apt-get install ifenslave-2.6
/etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet manual
bond-master bond0
auto eth1
iface eth1 inet static
address 192.168.0.10
netmask 255.255.255.0
auto bond0
iface bond0 inet static
address 192.168.1.82
gateway 192.168.1.1
netmask 255.255.255.0
dns-nameserver 192.168.1.132
bond-slaves none
If not, use the pretty pictures to set up DNS as follows. Here are the screenshots for setting up networkmanager for uc1 on node1. Repeat for uc2 but using the second set of IPs from above. But be warned that you will have to use ifup if you want to mount the o2cb startup stuff.
install the cluster and kerberos stuff
sudo apt-get install drbd8-utils linux-server ocfs2-tools build-essential libattr1-dev krb5-user libblkid-dev gdb libgnutls-dev libreadline-gplv2-dev python-dev autoconf python-dnspython pkg-config pam-krb5utils libpopt-dev apparmor-utils ldap-utils libsasl2-modules-gssapi-mit
download and unpack ctdb-2.5.3.tar.gz
then it's just:
./configure && make
and install it:
sudo make install
configure the fs
partition the spare disk
use fdisk to end up with /dev/sdb1 where:
fdisk -l
gives something like:
Disk /dev/sda: 12.9 GB, 12884901888 bytes, 25165824 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x000f1bbc
Device Boot Start End Blocks Id System
/dev/sda1 2048 1525759 761856 82 Linux swap / Solaris
/dev/sda2 * 1525760 25165823 11820032 83 Linux
Disk /dev/sdb: 2147 MB, 2147483648 bytes, 4194304 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x000ab2e5
Device Boot Start End Blocks Id System
/dev/sdb1 2048 4194303 2096128 83 Linux
create the drbd metadata on both nodes
sudo drbdadm create-md r0
sudo drbdadm up r0
sync the nodes
Be careful. If you have data you wish to keep on either node then choose that node to begin the sync.
sudo drbdadm primary --force r0
wait for
cat /proc/drbd
to stabilise, then make it active
sudo drbdadm primary r0
format the partition
Unless you just want fail-over, you must use something that doesn't crash if mounted simultaneously.
winbind
create a domain user
'posixify' the group Domain Users
gidNumber: 20513
start smbd
sudo smbd
join the domain
on one node only:
net ads join -UAdministrator
start winbind
sudo winbindd
check
add the round robin A records for the cluster to the DC
sudo ctdb status
conclusion
On Ubuntu, clustering means build it yourself. It can be done and when it's up, it's bulletproof. So, here goes. Breathe deeply and. . .
reference
This guide is an ubuntuified version of our openSUSE cluster post. If you think it's missing here, it'll be there instead.
hardware
Each node needs a minimum of 2 physical network interface cards, one for the cluster traffic between the nodes and the other that goes out to the domain. Here, we use 2 real cards and a virtual bond for the third.
for domain: altea.site
DC: palmera, 192.168.1.132
DNS: palmera, bind9_dlz master for altea.site forwarding 192.168.1.1
node 1: uc1 192.168.1.82, 192.168.1.80, 192.168.1.81 and 192.168.0.10
node 2: uc2 192.168.1.83, 192.168.1.80, 192.168.1.81 and 192.168.0.11
gateway: 192.168.1.1
eth0: domain traffic. nic is disabled
eth1: cluster traffic, no route out
bond0: domain and local traffic bound to eth0
cluster disk
You will need a second disk drive for your cluster data. We have a spare disk installed on each of the nodes which is recognised by fdisk as /dev/sdb. We have partitioned it as /dev/sdb1. We have used sdb1 as the shared storage. Under DRBD the cluster device becomes /dev/drbd1. /dev/drbd1 is formatted with ocfs2. We have drbd primary:primary with both nodes up and mounted.
DNS
Get this right and the rest is easy.
/etc/hosts
127.0.0.1 localhost
192.168.0.10 uc1
192.168.0.11 uc2
If you know the ifup syntax for bonding and you want to mount the cluster partition on boot:
sudo apt-get install ifenslave-2.6
/etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet manual
bond-master bond0
auto eth1
iface eth1 inet static
address 192.168.0.10
netmask 255.255.255.0
auto bond0
iface bond0 inet static
address 192.168.1.82
gateway 192.168.1.1
netmask 255.255.255.0
dns-nameserver 192.168.1.132
bond-slaves none
If not, use the pretty pictures to set up DNS as follows. Here are the screenshots for setting up networkmanager for uc1 on node1. Repeat for uc2 but using the second set of IPs from above. But be warned that you will have to use ifup if you want to mount the o2cb startup stuff.
install the cluster and kerberos stuff
sudo apt-get install drbd8-utils linux-server ocfs2-tools build-essential libattr1-dev krb5-user libblkid-dev gdb libgnutls-dev libreadline-gplv2-dev python-dev autoconf python-dnspython pkg-config pam-krb5utils libpopt-dev apparmor-utils ldap-utils libsasl2-modules-gssapi-mit
download and unpack ctdb-2.5.3.tar.gz
then it's just:
./configure && make
and install it:
sudo make install
configure the cluster
/usr/local/etc/ctdb/nodes
192.168.0.10
192.168.0.11
/usr/local/etc/ctdb/public_addresses
192.168.1.80/24 bond0
192.168.1.81/24 bond0
/etc/drbd.conf
global {
usage-count yes;
}
common {
net {
protocol C;
}
}
resource r0 {
net {
allow-two-primaries;
after-sb-0pri discard-zero-changes;
after-sb-1pri discard-secondary;
after-sb-2pri disconnect;
}
startup { become-primary-on both; }
on uc1 {
device /dev/drbd1;
disk /dev/sdb1;
address 192.168.0.10:7789;
meta-disk internal;
}
on uc2 {
device /dev/drbd1;
disk /dev/sdb1;
address 192.168.0.11:7789;
meta-disk internal;
}
}
/etc/ocfs2/cluster.conf
node:
ip_port = 7777
ip_address = 192.168.0.10
number = 1
name = uc1
cluster = ocfs2
node:
ip_port = 7777
ip_address = 192.168.0.11
number = 2
name = uc2
cluster = ocfs2
cluster:
node_count = 2
name = ocfs2
configure the fs
sudo dpkg-reconfigure ocfs2-tools
Setting cluster stack "o2cb": OK
Starting O2CB cluster ocfs2: OK
partition the spare disk
use fdisk to end up with /dev/sdb1 where:
fdisk -l
gives something like:
Disk /dev/sda: 12.9 GB, 12884901888 bytes, 25165824 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x000f1bbc
Device Boot Start End Blocks Id System
/dev/sda1 2048 1525759 761856 82 Linux swap / Solaris
/dev/sda2 * 1525760 25165823 11820032 83 Linux
Disk /dev/sdb: 2147 MB, 2147483648 bytes, 4194304 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x000ab2e5
Device Boot Start End Blocks Id System
/dev/sdb1 2048 4194303 2096128 83 Linux
create the drbd metadata on both nodes
sudo drbdadm create-md r0
sudo drbdadm up r0
sync the nodes
Be careful. If you have data you wish to keep on either node then choose that node to begin the sync.
sudo drbdadm primary --force r0
wait for
cat /proc/drbd
to stabilise, then make it active
sudo drbdadm primary r0
format the partition
Unless you just want fail-over, you must use something that doesn't crash if mounted simultaneously.
mkfs -t ocfs2 -N 2 -L ubuntucluster /dev/drbd1
mount it
sudo mkdir /cluster
sudo mkdir /cluster
sudo mount /dev/drbd1 /cluster
cd /cluster
sudo mkdir users && sudo mkdir profiles && sudo chmod 1777 profiles
samba
download and unpack the latest samba (ATM 4.1.11.tar.gz)
./configure --with-cluster-support --without-ad-dc --with-shared-modules=idmap_ad --with-ads && make
install it:
sudo make install
/usr/local/samba/etc/samba/smb.conf
[global]
workgroup = ALTEA
netbios name = SMBCLUSTER
realm = ALTEA.SITE
security = ADS
kerberos method = secrets only
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nss info = rfc2307
idmap config * : backend = tdb
idmap config * : range = 19900-19999
idmap config ALTEA : backend = ad
idmap config ALTEA : range = 20000-4000000
idmap config ALTEA : schema_mode = rfc2307
clustering = Yes
ctdbd socket = /usr/local/var/run/ctdb/ctdb.socket
[users]
path = /cluster/users
read only = No
[profiles]
path = /cluster/profiles
read only = No
install it:
sudo make install
/usr/local/samba/etc/samba/smb.conf
[global]
workgroup = ALTEA
netbios name = SMBCLUSTER
realm = ALTEA.SITE
security = ADS
kerberos method = secrets only
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nss info = rfc2307
idmap config * : backend = tdb
idmap config * : range = 19900-19999
idmap config ALTEA : backend = ad
idmap config ALTEA : range = 20000-4000000
idmap config ALTEA : schema_mode = rfc2307
clustering = Yes
ctdbd socket = /usr/local/var/run/ctdb/ctdb.socket
[users]
path = /cluster/users
read only = No
[profiles]
path = /cluster/profiles
read only = No
winbind
create the stack at /etc/pam.d:
auth sufficient pam_winbind.so
auth [success=2 default=ignore] pam_unix.so nullok_secure
auth requisite pam_deny.so
auth required pam_permit.so
auth optional pam_cap.so
account sufficient pam_winbind.so
account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so
account requisite pam_deny.so
account required pam_permit.so
account sufficient pam_localuser.so
create the winbind links:
sudo ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/libnss_winbind.so
sudo ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
sudo cp /usr/local/samba/lib/security/pam_winbind.so /lib/security
create the winbind links:
sudo ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/libnss_winbind.so
sudo ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
sudo cp /usr/local/samba/lib/security/pam_winbind.so /lib/security
start the cluster
sudo ctdbd --dbdir=/usr/local/var/lib/ctdb --dbdir-persistent=/usr/local/var/lib/ctdb/persistent --event-script-dir=/usr/local/etc/ctdb/events.d --public-addresses=/usr/local/etc/ctdb/public_addresses --socket=/usr/local/var/run/ctdb/ctdbd.socket --logfile=/var/log/syslog
(tail the logs and wait for them to stabilise)
sudo ctdbd --dbdir=/usr/local/var/lib/ctdb --dbdir-persistent=/usr/local/var/lib/ctdb/persistent --event-script-dir=/usr/local/etc/ctdb/events.d --public-addresses=/usr/local/etc/ctdb/public_addresses --socket=/usr/local/var/run/ctdb/ctdbd.socket --logfile=/var/log/syslog
(tail the logs and wait for them to stabilise)
sudo ctdb status
Number of nodes:2
pnn:0 192.168.0.10 OK (THIS NODE)
pnn:1 192.168.0.11 DISCONNECTED|UNHEALTHY|INACTIVE
Generation:2138318810
Size:1
hash:0 lmaster:0
Recovery mode:NORMAL (0)
Recovery master:0
create a domain user
uidNumber: 3000016
loginShell: /bin/bash
homeDrive: Z:
homeDirectory: \\smbcluster\users\stevep
profilePath: \\smbcluster\profiles\stevep
unixHomeDirectory: /cluster/users/stevep
'posixify' the group Domain Users
gidNumber: 20513
start smbd
sudo smbd
join the domain
on one node only:
net ads join -UAdministrator
start winbind
sudo winbindd
check
id stevep
uid=3000016(stevep) gid=20513(domain users) groups=20513(domain users),19903(BUILTIN\users)
add the round robin A records for the cluster to the DC
host smbcluster
smbcluster.altea.site has address 192.168.1.81
smbcluster.altea.site has address 192.168.1.80
ping smbcluster
PING smbcluster.altea.site (192.168.1.80) 56(84) bytes of data.
64 bytes from smbcluster (192.168.1.80): icmp_seq=1 ttl=64 time=0.863 ms
finally
sudo chgrp Domain\ Users /cluster/users && sudo chgrp Domain\ Users /cluster/profiles
finally
sudo chgrp Domain\ Users /cluster/users && sudo chgrp Domain\ Users /cluster/profiles
Linux client:
sudo mount.cifs //smbcluster/users /cluster/users -osec=krb5,username=cifsuser,multiuser
sudo mount.cifs //smbcluster/users /cluster/users -osec=krb5,username=cifsuser,multiuser
su stevep
Password:
stevep@uc1:/home/steve$ cd ~
stevep@uc1:~$ touch cluster.txt
stevep@uc1:~$ ls -l
total 0
-rw-r--r-- 1 stevep domain users 0 ago 13 10:51 cluster.txt
stevep@uc1:~$ exit
stevep@uc1:~$ exit
bring up the other node
sudo ctdbd --dbdir=/usr/local/var/lib/ctdb --dbdir-persistent=/usr/local/var/lib/ctdb/persistent --event-script-dir=/usr/local/etc/ctdb/events.d --public-addresses=/usr/local/etc/ctdb/public_addresses --socket=/usr/local/var/run/ctdb/ctdbd.socket --logfile=/var/log/syslog
sudo drbdadm primary r0
mount /dev/drbd1 /cluster
sudo ctdb enable
sudo ctdbd --dbdir=/usr/local/var/lib/ctdb --dbdir-persistent=/usr/local/var/lib/ctdb/persistent --event-script-dir=/usr/local/etc/ctdb/events.d --public-addresses=/usr/local/etc/ctdb/public_addresses --socket=/usr/local/var/run/ctdb/ctdbd.socket --logfile=/var/log/syslog
sudo drbdadm primary r0
mount /dev/drbd1 /cluster
sudo ctdb enable
sudo ctdb status
Number of nodes:2
pnn:0 192.168.0.10 OK (THIS NODE)
pnn:1 192.168.0.11 OK
Generation:569123968
Size:2
hash:0 lmaster:0
hash:1 lmaster:1
Recovery mode:NORMAL (0)
Recovery master:0
disable node 1
sudo ctdb disable && sudo ctdb status
Number of nodes:2
Number of nodes:2
pnn:0 192.168.0.10 DISABLED (THIS NODE)
pnn:1 192.168.0.11 OK
Generation:569123968
Size:2
hash:0 lmaster:0
hash:1 lmaster:1
Recovery mode:NORMAL (0)
Recovery master:0
(tail the logs and wait for the takeover to finish)
(tail the logs and wait for the takeover to finish)
kill smbd on node 1
killall smbd
killall smbd
ps aux|grep smbd
steve 18577 0.0 0.1 7124 840 pts/5 S+ 11:07 0:00 grep --color=auto smbd
(wait for the log activity to stabilise)
Back to the Linux workstation, check the fail-over:
stevep@uc1:~$ touch cluster2.txt
stevep@uc1:~$ touch cluster2.txt
stevep@uc1:~$ ls -l
total 0
-rw-r--r-- 1 stevep domain users 0 ago 13 11:09 cluster2.txt
-rw-r--r-- 1 stevep domain users 0 ago 13 10:51 cluster.txt
You now admire your work as you fail-over and fail-back time and time again convincing yourself that it does indeed work. At first, you just don't believe it.
More graphical examples below with both Linux and XP clients working on the same data.
You now admire your work as you fail-over and fail-back time and time again convincing yourself that it does indeed work. At first, you just don't believe it.
More graphical examples below with both Linux and XP clients working on the same data.
Suscribirse a:
Entradas (Atom)