Status |
---|
colour | Yellow |
---|
title | IN PROGRESS |
---|
|
NotesWe no longer support DRBD on the base file system. We always install with LVM for maintenance purposes. We use the whole disk, so increasing size is done using LVM by adding new disks. It is recommended to create the STORE machine without the disk for the storage being mounted by the installation routines. Creation StepsCreate LVM Physical Volume, Volume Group and Logical Volume (Both Nodes)The commands below assume that /dev/sdb will be used for the DRBD on top of LVM configuration, and that the disks are EXACTLY the same size. Code Block |
---|
# Create the phsyical volume - this is based on sdb assuming it is the second drive on the system
lvm pvcreate /dev/sdb
# Create the volume group
lvm vgcreate "vg_drbd_jtelshared" /dev/sdb
# Create the logical volume
lvm lvcreate -l +100%FREE vg_drbd_jtelshared -n lv_drbd_jtelshared |
Code Block |
---|
# Prepare the firewall
firewall-cmd --zone=public --add-port=7788-7799/tcp --permanent
firewall-cmd --reload |
Prepare Mount Point (Both Nodes) The data should be mounted to the directory /srv/jtel/shared. The following commands prepare for this: Code Block |
---|
| mkdir /srv/jtel
mkdir /srv/jtel/shared
chown -R jtel:jtel /srv/jtel |
Install ELrepo and DRBD (Both Nodes)We now install DRBD 9. This requires using the ELrepo. Code Block |
---|
| dnf -y install https://www.elrepo.org/elrepo-release-8.el8.elrepo.noarch.rpm
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
dnf -y install drbd90-utils kmod-drbd90
systemctl enable drbd
systemctl start drbd |
DRBD must be configured with static ip addresses and correct hostnames. The IP addresses below must be modified: Status |
---|
colour | Yellow |
---|
title | CAUTION IP ADDRESSES |
---|
|
Status |
---|
| |
---|
colour | Yellow |
---|
title | CAUTION HOSTNAMES |
---|
|
Code Block |
---|
# Configure DRBD
cat <<EOFF > /etc/drbd.d/jtelshared.res
resource jtelshared {
protocol C;
meta-disk internal;
device /dev/drbd0;
syncer {
verify-alg sha1;
}
net {
allow-two-primaries;
}
on acd-store1.jtel.local {
disk /dev/vg_drbd_jtelshared/lv_drbd_jtelshared;
address 10.1.1.1:7789;
}
on acd-store2.jtel.local {
disk /dev/vg_drbd_jtelshared/lv_drbd_jtelshared;
address 10.1.1.2:7789;
}
startup {
become-primary-on both;
}
}
EOFF |
Code Block |
---|
# Create metadata and start DRBD
drbdadm create-md jtelshared
drbdadm up jtelshared |
Make ONE Node Primary Code Block |
---|
# Make ONE node primary
drbdadm primary jtelshared --force |
DRBD will now sync. This might take some time, however, you do not have to wait, as long as you make sure the primary is active in the PCS cluster below. Install Samba (BOTH NODES)These commands install the samba server and client and lsof. Translations Ignore |
---|
Code Block |
---|
dnf -y install samba samba-client lsof |
|
The following creates a samba configuration file with a minimum configuration. Translations Ignore |
---|
Code Block |
---|
# SMB Conf
cat <<EOFF > /etc/samba/smb.conf
[global]
workgroup = JTEL
security = user
passdb backend = tdbsam
min protocol = SMB3
[shared]
comment = jtel ACD Shared Directory
public = no
read only = no
writable = yes
locking = yes
path = /srv/jtel/shared
create mask = 0644
directory mask = 0755
force user = jtel
force group = jtel
acl allow execute always = True
EOFF |
|
Setup SeLinux and the FirewallThe following command sets up selinux for the smb service and opens the necessary ports in the firewall:
Translations Ignore |
---|
Code Block |
---|
setsebool -P samba_enable_home_dirs=on samba_export_all_rw=on use_samba_home_dirs=on use_nfs_home_dirs=on
firewall-cmd --zone=public --add-port=445/tcp --add-port=139/tcp --add-port=138/udp --add-port=137/udp --permanent
firewall-cmd --reload |
|
Manually link /home/jtel/sharedLink the /home/jtel/shared folder. Translations Ignore |
---|
Code Block |
---|
ln -s /srv/jtel/shared /home/jtel/shared |
|
Setup Access to the Samba Serverjtel User AccessThe following command creates the smb credentials for the jtel user. Status |
---|
colour | Red |
---|
title | Caution Password |
---|
|
Translations Ignore |
---|
Code Block |
---|
printf '<password>\n<password>\n' | smbpasswd -a -s jtel
|
|
Further User AccessIf necessary, add further users to samba - replacing password with the actual password for the user. Here, for example, the windows administrator user: Status |
---|
colour | Red |
---|
title | Caution Password |
---|
|
Translations Ignore |
---|
Code Block |
---|
useradd -m Administrator
printf '<password>\n<password>\n' | smbpasswd -a -s Administrator
|
|
TODO ...
|