We no longer support DRBD on the base file system. We always install with LVM for maintenance purposes.

We use the whole disk, so increasing size is done using LVM by adding new disks.

It is recommended to create the STORE machine without the disk for the storage being mounted by the installation routines. 

Disk and DRBD Setup

Create LVM Physical Volume, Volume Group and Logical Volume (Both Nodes)

The commands below assume that /dev/sdb will be used for the DRBD on top of LVM configuration, and that the disks are EXACTLY the same size.

Code Block
# Create the phsyical volume - this is based on sdb assuming it is the second drive on the system
lvm pvcreate /dev/sdb
# Create the volume group
lvm vgcreate "vg_drbd_jtelshared" /dev/sdb
# Create the logical volume
lvm lvcreate -l +100%FREE vg_drbd_jtelshared -n lv_drbd_jtelshared

Configure Firewall for DRBD (Both Nodes)

Code Block
# Prepare the firewall
ufw allow 7788:7799/tcp

Prepare Mount Point (Both Nodes)

The data should be mounted to the directory /srv/jtel/shared.

The following commands prepare for this:

Code Block
mkdir /srv/jtel
mkdir /srv/jtel/shared
chown -R jtel:jtel /srv/jtel

Install DRBD (Both Nodes)

We now install DRBD. The kernel package is included in debian, but the tools must be installed.

Code Block
apt-get -y install drbd-utils

Configure DRBD (Both Nodes)

DRBD must be configured with static ip addresses and correct hostnames.

The IP addresses below must be modified:


Code Block
# Configure DRBD
cat <<EOFF > /etc/drbd.d/jtelshared.res
resource jtelshared {
    protocol C;
    meta-disk internal;
    device /dev/drbd0;
    syncer {
        verify-alg sha1;
    net {
    on acd-lb1.jtel.local {
        disk   /dev/vg_drbd_jtelshared/lv_drbd_jtelshared;
    on acd-lb1.jtel.local {
        disk   /dev/vg_drbd_jtelshared/lv_drbd_jtelshared;

Start and Enable Kernel Module (Both Nodes)

Code Block
modprobe drbd
systemctl enable drbd
systemctl start drbd

Create Metadata and Start (Both Nodes)

Code Block
# Create metadata and start DRBD
drbdadm create-md jtelshared
drbdadm up jtelshared

Make ONE Node Primary

Code Block
# Make ONE node primary
drbdadm primary jtelshared --force

Wait for Sync

DRBD will now sync. This might take some time, however, you do not have to wait, as long as you make sure the primary is active in the PCS cluster below.

Note: with DRBD9 we currently have no options to tune the transfer.

You can watch the initial sync with the following command:

Code Block
drbdadm status jtelshared

You will see outbout like this:

Code Block
jtelshared role:Primary
  acd-store2 role:Secondary
    replication:SyncSource peer-disk:Inconsistent done:7.19

This means the following:

  • The local machine is primary.
  • The disk in the local machine is up to date.
  • acd-store2 is secondary
  • It is inconsistent and syncing, 7.19% done

You can continue, but usually it is best to wait for it to complete.

Make Second Node Primary (SECOND NODE ONLY)

Code Block
drbdadm primary jtelshared

Create the Filesystem (FIRST NODE ONLY)

Code Block
mkfs.ext4 /dev/drbd/by-res/jtelshared/0

Create fstab entry for file system (Both Nodes)

This command adds a line to /etc/fstab

Code Block
cat << EOFF >> /etc/fstab
/dev/drbd/by-res/jtelshared/0  /srv/jtel/shared         ext4 noauto,noatime,nodiratime  0   0


Now, we can test the DRBD setup.

Mount the file system (FIRST Node)

Code Block
mount /srv/jtel/shared

Create a test file and Unmount (FIRST Node) 

Code Block
cat <<EOFF > /srv/jtel/shared/test.txt
test 123
umount /srv/jtel/shared

Mount the file system and check test file (SECOND Node)

Code Block
mount /srv/jtel/shared
cat /srv/jtel/shared/test.txt

# Check contents of file before proceeding  
rm /srv/jtel/shared/test.txt
umount /srv/jtel/shared


Do not proceed unless you can see the contents of the test file.

Comment Mount out in fstab (BOTH nodes) and disable DRBD

Code Block
sed -i '/jtelshared/s/^/#/' /etc/fstab
systemctl disable drbd
umount /srv/jtel/shared

Install PCS Cluster (BOTH NODES)


If you have not installed Pacemaker / Corosync on both LB machines, do this now - see here: Redundancy - Installing PCS Cluster

Install and Configure Samba 

Installation (BOTH NODES)

These commands install the samba server and client and lsof.

Code Block

Code Block
dnf -y install samba samba-client lsof

Configure Samba (BOTH NODES)

The following creates a samba configuration file with a minimum configuration.

Code Block

Code Block
# SMB Conf
cat <<EOFF > /etc/samba/smb.conf
    workgroup = JTEL
    security = user
    passdb backend = tdbsam
    min protocol = SMB3
    reset on zero vc = yes
    comment = jtel ACD Shared Directory
    public = no
    read only = no
    writable = yes
    locking = yes
    path = /srv/jtel/shared
    create mask = 0644
    directory mask = 0755
    force user = jtel
    force group = jtel
    acl allow execute always = True

Setup SeLinux and the Firewall (BOTH NODES)

The following command sets up selinux for the smb service and opens the necessary ports in the firewall:

Code Block

Code Block
setsebool -P samba_enable_home_dirs=on samba_export_all_rw=on use_samba_home_dirs=on use_nfs_home_dirs=on
firewall-cmd --zone=public --add-port=445/tcp --add-port=139/tcp --add-port=138/udp --add-port=137/udp --permanent
firewall-cmd --reload

Link /home/jtel/shared (BOTH NODES)

Link the /home/jtel/shared folder. 

Code Block

Code Block
ln -s /srv/jtel/shared /home/jtel/shared

Setup Access to the Samba Server

jtel User Access (BOTH NODES)

The following command creates the smb credentials for the jtel user.

titleCaution Password

Code Block

Code Block
printf '<password>\n<password>\n' | smbpasswd -a -s jtel

Further User Access (BOTH NODES)

If necessary, add further users to samba - replacing password with the actual password for the user. Here, for example, the windows administrator user:

titleCaution Password

Code Block

Code Block
useradd -m Administrator
printf '<password>\n<password>\n' | smbpasswd -a -s Administrator

Configure Cluster Resources

Now all resources will be configured in the pacemaker cluster.

Setup virtual IP (One Node Only!)

Change the following to set the virtual IP which should be shared between the nodes.

titleCaution IP Address

Code Block

Configure PCS Resources for DRBD Mount, DRBD Primary / Secondary, Samba and Virtual IP Address (One Node Only!)

Configure the PCS resources with the following commands:

Code Block
# Configure using a file jtel_cluster_config
pcs cluster cib jtel_cluster_config
# DRBD Primary Secondary
pcs -f jtel_cluster_config resource create DRBDClusterMount ocf:linbit:drbd drbd_resource=jtelshared op monitor interval=60s
pcs -f jtel_cluster_config resource promotable DRBDClusterMount promoted-max=1 promoted-node-max=1 clone-max=2 clone-node-max=1 notify=true
# DRBD File System Mount
pcs -f jtel_cluster_config resource create DRBDClusterFilesystem ocf:heartbeat:Filesystem device="/dev/drbd/by-res/jtelshared/0" directory="/srv/jtel/shared" fstype="xfs"
# Colocation of File System Mount with Primary DRBD instance
pcs -f jtel_cluster_config constraint colocation add DRBDClusterFilesystem with DRBDClusterMount-clone INFINITY with-rsc-role=Master
# Promote first, then start filesystem
pcs -f jtel_cluster_config constraint order promote DRBDClusterMount-clone then start DRBDClusterFilesystem
# Resource for Samba
pcs -f jtel_cluster_config resource create Samba systemd:smb op monitor interval=30s 
# Resource for virtual IP
pcs -f jtel_cluster_config resource create ClusterIP ocf:heartbeat:IPaddr2 ip=${JT_VIP} cidr_netmask=32 op monitor interval=30s
# Samba must be with active DRBD filesystem
pcs -f jtel_cluster_config constraint colocation add Samba with DRBDClusterFilesystem INFINITY
# Cluster IP must be with Samba
pcs -f jtel_cluster_config constraint colocation add ClusterIP with Samba INFINITY
# Start DRBD File system then start Samba
pcs -f jtel_cluster_config constraint order DRBDClusterFilesystem then Samba
# Start Samba then start Cluster IP
pcs -f jtel_cluster_config constraint order Samba then ClusterIP

Check the configuration:

Code Block
# Check the config file
pcs -f jtel_cluster_config config

Push the configuration to the cluster:

Code Block
# Push the config to the cluster
pcs cluster cib-push jtel_cluster_config --config


Test pcs status

First of all, we test the cluster status:

Code Block
pcs status

You should see output similar to this:

Code Block
Cluster name: jtel_cluster
Cluster Summary:
  * Stack: corosync
  * Current DC: acd-lb1 (version 2.0.3-5.el8_2.1-4b1f869f0f) - partition with quorum
  * Last updated: Sat Oct  3 12:59:34 2020
  * Last change:  Sat Oct  3 12:31:22 2020 by root via cibadmin on acd-lb2
  * 2 nodes configured
  * 5 resource instances configured

Node List:
  * Online: [ acd-lb1 acd-lb2 ]

Full List of Resources:
  * Clone Set: DRBDClusterMount-clone [DRBDClusterMount] (promotable):
    * Masters: [ acd-lb1 ]
    * Stopped: [ acd-lb2 ]
  * DRBDClusterFilesystem       (ocf::heartbeat:Filesystem):    Started acd-lb1
  * Samba       (systemd:smb):  Started acd-lb1
  * ClusterIP   (ocf::heartbeat:IPaddr2):       Started acd-lb1

Daemon Status:
  corosync: active/enabled
  pacemaker: active/enabled
  pcsd: active/enabled

Make sure all of the resources are started and both nodes are online.

Test File Mount

You should now be able to access \\acd-store\shared from the windows machines for example. 

If you want to test from linux, you will need to mount STORE as described here: Mounting STORE - All Linux except for STORE (CentOS8/Win2019)

Test Failover and Failback

You can test failover and failback with any of the following commands:

Standby and Unstandby

Code Block
pcs node standby acd-lb1


pcs node unstandby acd-lb1


pcs node standby acd-lb1


pcs node unstandby acd-lb1


Stop Cluster Node

Code Block
pcs cluster stop acd-lb1


pcs cluster start acd-lb1


pcs cluster stop acd-lb2


pcs cluster start acd-lb2



Rebooting is also a good way to test.

Power Off

This is the best way to test, but be aware, you may cause split brain on DRBD and need to repair it.
