Versions Compared

Old Version 6

changes.mady.by.user user-45924

Saved on

compared with

New Version Current

changes.mady.by.user jtel Support

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Content imported from a Scroll Translations translation file.
Sv translation
languageen

Create LVM Physical Volume, Volume Group and Logical Volume (Both Nodes)

The commands below assume that /dev/sdb will be used for the DRBD on top of LVM configuration, and that the disks are EXACTLY the same size.

Translations Ignore


Code Block
# Create the phsyical volume - this is based on sdb assuming it is the second drive on the system
lvm pvcreate /dev/sdb

# Create the volume group
lvm vgcreate "vg_drbd_jtelshared" /dev/sdb

# Create the logical volume
lvm lvcreate -l +100%FREE vg_drbd_jtelshared -n lv_drbd_jtelshared



Configure Firewall (Both Nodes) 

Translations Ignore


Code Block
# Prepare the firewall
firewall-cmd --zone=public --add-port=7788-7799/tcp --permanent
firewall-cmd --reload



Install elrepo to yum (Both Nodes)

Translations Ignore


Code Block
# Install elrepo
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm



Install and enable DRBD (Both Nodes)

Translations Ignore


Code Block
# Install DRBD
yum -y install drbd84-utils kmod-drbd84 lsof
# Enable drbd at boot, and in this session
systemctl enable drbd
systemctl start drbd



Configure DRBD (Both Nodes)

NOTE: The following commands requires the hostname of both machines and the IP Address. These are obtained as follows:

Translations Ignore


Code Block
ip addr
hostname



Create a DRBD config file for jtelshared on /dev/sdb

Translations Ignore


Code Block
title/etc/drbd.d/jtelshared.res
# Configure DRBD
cat <<EOFF > /etc/drbd.d/jtelshared.res
resource jtelshared {
    protocol C;
    meta-disk internal;
    device /dev/drbd0;
    syncer {
        verify-alg sha1;
    }
    net {
        allow-two-primaries;
    }
    on acd-store1.jtel.local {
        disk   /dev/vg_drbd_jtelshared/lv_drbd_jtelshared;
        address 10.42.14.98:7789;
    }
    on acd-store2.jtel.local {
        disk   /dev/vg_drbd_jtelshared/lv_drbd_jtelshared;
        address 10.42.14.198:7789;
    }
    startup {
        become-primary-on both;
    }
}
EOFF



Note: it has been observed, that the fully qualified host name is required in the configuration file.

Create Metadata and start (Both Nodes)

Translations Ignore


Code Block
# Create metadata and start DRBD
drbdadm create-md jtelshared
drbdadm up jtelshared



Make one node primary (First Node)

Translations Ignore


Code Block
drbdadm primary jtelshared --force



Tune the transfer (Second Node)

Translations Ignore


Code Block
drbdadm disk-options --c-plan-ahead=0 --resync-rate=110M jtelshared



Wait for initial sync to complete (Either Node)

Translations Ignore


Code Block
cat /proc/drbd
 
-->
 
# When not yet done:
 
version: 8.4.10-1 (api:1/proto:86-101)
GIT-hash: a4d5de01fffd7e4cde48a080e2c686f9e8cebf4c build by mockbuild@, 2017-09-15 14:23:22

 1: cs:SyncTarget ro:Secondary/Primary ds:Inconsistent/UpToDate C r-----
    ns:0 nr:3955712 dw:3950592 dr:0 al:8 bm:0 lo:5 pe:0 ua:5 ap:0 ep:1 wo:f oos:264474588
        [>....................] sync'ed:  1.5% (258272/262132)M
        finish: 2:08:08 speed: 34,388 (25,652) want: 112,640 K/sec


-->

# When done:

version: 8.4.10-1 (api:1/proto:86-101)
GIT-hash: a4d5de01fffd7e4cde48a080e2c686f9e8cebf4c build by mockbuild@, 2017-09-15 14:23:22

 1: cs:Connected ro:Secondary/Primary ds:UpToDate/UpToDate C r-----
    ns:0 nr:15626582 dw:284051762 dr:0 al:8 bm:0 lo:0 pe:0 ua:0 ap:0 ep:1 wo:f oos:0



Untune the transfer and make primary (Second Node)

Translations Ignore


Code Block
drbdadm adjust jtelshared
drbdadm primary jtelshared



Create filesystem (First Node)

Translations Ignore


Code Block
mkfs.xfs -L data /dev
/drbd0

...

/drbd/by-res/jtelshared/0



Create fstab entry for file system (Both Nodes)

Add the following line to /etc/fstab

Translations Ignore


Code Block
/dev/drbd/by-res/jtelshared/0  /srv/jtel/shared         xfs noauto,noatime,nodiratime  0   0



Mount the file system (First Node)

Translations Ignore


Code Block
mkdir /srv/jtel
mkdir /srv/jtel/shared
chown -R jtel:jtel /srv/jtel
mount /srv/jtel/shared

...



Create a test file

...

and

...

Unmount (First Node) 

Translations Ignore


Code Block
mkdir /srv/jtel mkdir
cat <<EOFF > /srv/jtel/shared/test.txt
chown -R jtel:jtel /srv/jtel drbdadm primary jtelshared mount
test 123
EOFF
umount /srv/jtel/shared



Mount the file system and check the test file (Second Node)

Translations Ignore


Code Block
mkdir /srv/jtel
mkdir /srv/jtel/shared
chown -R jtel:jtel /srv/jtel
mount /srv/jtel/shared
cat /srv/jtel/shared/test.txt
 
# Check contents of file before proceeding
 
rm /srv/jtel/shared/test.txt
umount /srv/jtel/shared



Install Samba and lsof (Both Nodes)

Translations Ignore


Code Block
titleInstall SAMBA
yum -y install samba samba-client lsof



Configure Samba (Both Nodes)

Translations Ignore


Code Block
titleConfigure SAMBA
cat <<EOFF > /etc/samba/smb.conf
[global]
        workgroup = SAMBA
        security = user
        passdb backend = tdbsam
        printing = cups
        printcap name = cups
        load printers = yes
        cups options = raw
        min protocol = NT1
        ntlm auth = yes

[homes]
        comment = Home Directories
        valid users = %S, %D%w%S
        browseable = No
        read only = No
        inherit acls = Yes

[printers]
        comment = All Printers
        path = /var/tmp
        printable = Yes
        create mask = 0600
        browseable = No

[print$]
        comment = Printer Drivers
        path = /var/lib/samba/drivers
        write list = root
        create mask = 0664
        directory mask = 0775

[shared]
    comment = jtel ACD Shared Directory
    read only = no
    public = yes
    writable = yes
    locking = yes
    path = /srv/jtel/shared
    guest ok = yes
    create mask = 0644
    directory mask = 0755
    force user = jtel
    force group = jtel
    acl allow execute always = True

EOFF



Setup SeLinux, jtel User access and Firewall for Samba (Both Nodes)

Replace <password> with the actual password for the jtel user:

Translations Ignore


Code Block
titleSeLinux, jtel User, Firewall
setsebool -P samba_enable_home_dirs=on samba_export_all_rw=on use_samba_home_dirs=on use_nfs_home_dirs=on
printf '<password>\n<password>\n' | smbpasswd -a -s jtel
firewall-cmd --zone=public --add-port=445/tcp --add-port=139/tcp --add-port=138/udp --add-port=137/udp --permanent
firewall-cmd --reload



If necessary, add further users to samba:

Translations Ignore


Code Block
titleMore SAMBA users
useradd -m Administrator
printf 'F1r3B²11\nF1r3B²11\n' | smbpasswd -a -s Administrator



Test SAMBA (Both Nodes)

This test should be performed on the node which currently has /srv/jtel/shared mounted:

Translations Ignore


Code Block
titleTest SAMBA
mount /srv/jtel/shared
service nmb start
service smb start

 
# Now check access to the SMB share via (for example) one of the windows machines.
 
service smb stop
umount /srv/jtel/shared
 
# do same again on other node



Unmount and disable SAMBA (Both Nodes)

Translations Ignore


Code Block
titleUnmount
service smb stop
umount /srv/jtel/shared
systemctl disable smb



Install PCS Services (Both Nodes)

See Redundancy - Installing PCS Cluster.

Setup virtual IP (One Node Only!)

Change the following to set the virtual IP which should be shared between the nodes.

Translations Ignore


Code Block
titleSet virtual IP
KE_VIP=10.4.8.22



Configure PCS Resources (One Node Only!)

Configure the PCS resources with the following commands:

Translations Ignore


Code Block
titleConfigure PCS Resources
pcs resource create ClusterDataJTELSharedMount ocf:heartbeat:Filesystem device="/dev/drbd/by-res/jtelshared/0" directory="/srv/jtel/shared" fstype="xfs" --group=jtel_portal_group
pcs resource create ClusterIP ocf:heartbeat:IPaddr2 ip=${KE_VIP} cidr_netmask=32 op monitor interval=30s --group=jtel_portal_group
pcs resource create samba systemd:smb op monitor interval=30s --group=jtel_portal_group
pcs constraint order start ClusterDataJTELSharedMount then ClusterIP
pcs constraint order start ClusterIP then samba



Test

Test as follows:

Translations Ignore


Code Block
titleTest pcs status
pcs status
 
--> shows the status of the newly created resources on both nodes, one node should be active. 
 
Cluster name: portal
Stack: corosync
Current DC: uk-acd-store2 (version 1.1.16-12.el7_4.8-94ff4df) - partition with quorum
Last updated: Mon Mar 19 15:40:24 2018
Last change: Mon Mar 19 15:40:16 2018 by root via cibadmin on uk-acd-store1

2 nodes configured
3 resources configured

Online: [ uk-acd-store1 uk-acd-store2 ]

Full list of resources:

 Resource Group: jtel_portal_group
     ClusterDataJTELSharedMount (ocf::heartbeat:Filesystem):    Started uk-acd-store1
     ClusterIP  (ocf::heartbeat:IPaddr2):       Started uk-acd-store1
     samba      (systemd:smb):  Started uk-acd-store1

Daemon Status:
  corosync: active/enabled
  pacemaker: active/enabled
  pcsd: active/enabled



Test the file mount:

Translations Ignore


Code Block
titleTest file mount
# From the windows machines:
 
dir \\uk-acd-store\shared




Test manual failover:

Translations Ignore


Code Block
titleTest file mount
# Failover to node 2
pcs cluster standby uk-acd-store1 
 
# ... (wait)
 
pcs status
 
# Then test the availability of the files from the windows machines.
# Create a new file before failing back (to make sure DRBD working ok).
 
# Fail back to node 1
pcs cluster unstandby uk-acd-store1
pcs cluster standby uk-acd-store2
 
# ... (wait)

pcs status

# Then test the availability of the files from the windows machines.
# Check that the new file created above is available.
 
# Unstandby node 2

pcs cluster unstandby uk-acd-store2




Manually link /home/jtel/shared (Both Nodes)

Translations Ignore


Code Block
titlelink /home/jtel/shared
ln -s /srv/jtel/shared /home/jtel/shared





Sv translation
languagede

Status
colourRed
titleThis page is only available in English

Sv translation
languagefr

Créer un volume physique, un groupe de volumes et un volume logique LVM (les deux nœuds)

Les commandes ci-dessous supposent que /dev/sdb sera utilisé pour le DRBD en plus de la configuration LVM, et que les disques sont EXACTEMENT la même taille.

Translations Ignore


Code Block
# Create the phsyical volume - this is based on sdb assuming it is the second drive on the system lvm pvcreate /dev/sdb # Create the volume group lvm vgcreate "vg_drbd_jtelshared" /dev/sdb # Create the logical volume lvm lvcreate -l +100%FREE vg_drbd_jtelshared -n lv_drbd_jtelshared



Configurer le parefeu (les deux nœuds) 

Translations Ignore


Code Block
# Préparez le pare-feu firewall-cmd --zone=public --add-port=7788-7799/tcp --permanentfirewall-cmd --reload



Installer elrepo à yum (les deux nœuds)

Translations Ignore


Code Block
# Install elrepo rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm



Installer et activer DRBD (les deux nœuds)

Translations Ignore


Code Block
# Install DRBD yum -y install drbd84-utils kmod-drbd84 lsof # Enable drbd at boot, and in this session systemctl enable drbd systemctl start drbd



Configurer DRBD (les deux nœuds)

NOTE : Les commandes suivantes nécessitent le nom d'hôte des deux machines et l'adresse IP. Ceux-ci sont obtenus comme suit :

Translations Ignore


Code Block
ip addr hostname



Créer un fichier de configuration DRBD pour jtelshared sur /dev/sdb

Translations Ignore


Code Block
title/etc/drbd.d/jtelshared.res
# Configure DRBD cat <<EOFF > /etc/drbd.d/jtelshared.res resource jtelshared { protocol C; meta-disk internal; device /dev/drbd0; syncer { verify-alg sha1; } net { allow-two-primaries; } on acd-store1.jtel.local { disk /dev/vg_drbd_jtelshared/lv_drbd_jtelshared; address 10.42.14.98:7789; } on acd-store2.jtel.local { disk /dev/vg_drbd_jtelshared/lv_drbd_jtelshared; address 10.42.14.198:7789; } startup { become-primary-on both; } } EOFF



Note : il a été observé que le nom d'hôte entièrement qualifié est requis dans le fichier de configuration.

Créer des métadonnées et démarrer (les deux nœuds)

Translations Ignore


Code Block
# Create metadata and start DRBD drbdadm create-md jtelshared drbdadm up jtelshared



Faire un nœud primaire (premier nœud)

Translations Ignore


Code Block
drbdadm primary jtelshared --force



Régler le transfert (deuxième nœud)

Translations Ignore


Code Block
drbdadm disk-options --c-plan-ahead=0 --resync-rate=110M jtelshared



Attendre la fin de la synchronisation initiale (l'un ou l'autre des nœuds)

Translations Ignore


Code Block
cat /proc/drbd   -->   # Quand ce n'est pas encore fait:   version: 8.4.10-1 (api:1/proto:86-101) GIT-hash: a4d5de01fffd7e4cde48a080e2c686f9e8cebf4c build by mockbuild@, 2017-09-15 14:23:22 1: cs:SyncTarget ro:Secondary/Primary ds:Inconsistent/UpToDate C r----- ns:0 nr:3955712 dw:3950592 dr:0 al:8 bm:0 lo:5 pe:0 ua:5 ap:0 ep:1 wo:f oos:264474588 [>....................] sync'ed: 1.5% (258272/262132)M finish: 2:08:08 speed: 34,388 (25,652) want: 112 640 K/sec --> # Quand c'est fait : version : 8.4.10-1 (api:1/proto:86-101) GIT-hash: a4d5de01fffd7e4cde48a080e2c686f9e8cebf4c build by mockbuild@, 2017-09-15 14:23:22 1: cs:Connected ro:Secondary/Primary ds:UpToDate/UpToDate C r----- ns:0 nr:15626582 dw:284051762 dr:0 al:8 bm:0 lo:0 pe:0 ua:0 ap:0 ep:1 wo:f oos:0



Désaccorder le transfert et faire le primaire (Second Node)

Translations Ignore


Code Block
drbdadm adjust jtelshared drbdadm primary jtelshared



Créer un système de fichiers (premier nœud)

Translations Ignore


Code Block
mkfs.xfs -L data /dev/drbd/by-res/jtelshared/0



Créer une entrée fstab pour le système de fichiers (les deux nœuds)

Ajouter la ligne suivante à /etc/fstab

Translations Ignore


Code Block
/dev/drbd/by-res/jtelshared/0 /srv/jtel/shared xfs noauto,noatime,nodiratime 0 0



Monter le système de fichiers (premier nœud)

Translations Ignore


Code Block
mkdir /srv/jtel mkdir /srv/jtel/shared chown -R jtel:jtel /srv/jtel mount /srv/jtel/shared



Créer un fichier test et le démonter (premier nœud) 

Translations Ignore


Code Block
cat <<EOFF > /srv/jtel/shared/test.txt test 123 EOFF umount /srv/jtel/shared



Monter le système de fichiers et vérifier le fichier test (Second Node)

Translations Ignore


Code Block
mkdir /srv/jtel mkdir /srv/jtel/shared chown -R jtel:jtel /srv/jtel mount /srv/jtel/shared cat /srv/jtel/shared/test.txt   # Check contents of file before proceeding   rm /srv/jtel/shared/test.txt umount /srv/jtel/shared

...



Installer Samba

...

et lsof (

...

Install

les deux nœuds)

Translations Ignore


Code Block
title
Installer SAMBA
yum -y install samba samba-
client lsof

Configure Samba (Both Nodes)

Configure 
client lsof



Configurer Samba (les deux nœuds)

Configurer Samba (les deux nœuds)

Translations Ignore


Code Block
title
Configurer SAMBA
cat <<EOFF > /etc/samba/smb.conf
 [global]
 workgroup = SAMBA
 
security = user
 
passdb backend = tdbsam
 
printing = cups
 
printcap
name = cups 
 name = cups load printers = yes
 
cups options = raw
 min protocol = NT1
 ntlm auth = yes
 [homes]
 
comment = Home Directories
 valid users = %S, %D%w%S
 
browseable = No
 
read only =
No 
 No inherit acls = Yes
 [printers]
 
comment = All Printers
 
path = /var/tmp
 printable = Yes
 
create mask = 0600
 
browseable = No
 [print$]
 
comment = Printer Drivers
 
path = /var/lib/samba
/drivers 
/drivers write list = root
 
create mask = 0664
 
directory mask = 0775
 [shared]
 comment = jtel ACD Shared Directory
 
read only = no
 
public = yes
 
writable = yes
 
locking = yes
 
path = /srv/jtel/shared
 
guest ok = yes
 
create mask = 0644
 
directory mask = 0755
 
force user = jtel
 force group = jtel
 acl allow execute always = True
EOFF sed -i -e "s/MYGROUP/WORKGROUP/g" /etc/samba/smb.conf

...

User Firewall
 EOFF



Configuration de SeLinux, jtel Accès utilisateur et pare-feu pour Samba (les deux nœuds)

Remplacez <password> par le mot de passe réel de l'utilisateur de jtel :

Translations Ignore


Code Block
titleSeLinux, utilisateur jtel
,
parefeu
setsebool -P samba_enable_home_dirs=on samba_export_all_rw=on use_samba_home_dirs=on use_nfs_home_dirs=on
 printf '
fireball
<password>\
nfireball
n<password>\n' | smbpasswd -a -s jtel
 firewall-cmd --zone=public --add-port=445/tcp --add-port=139/tcp --add-port=138/udp --add-port=137/udp --permanent
 firewall-cmd --reload

...

More users



Si nécessaire, ajoutez d'autres utilisateurs à samba :

Translations Ignore


Code Block
title
Plus d'utilisateurs de SAMBA
useradd -m Administrator
 printf 'F1r3B²11\nF1r3B²11\n' | smbpasswd -a -s Administrator

...



Tester SAMBA (

...

les deux nœuds)

...

Ce test doit être effectué sur le nœud qui a actuellement /srv/jtel/shared

...

Test

monté :

Translations Ignore


Code Block
title
Tester SAMBA
mount /srv/jtel/shared
 service nmb start
 service smb start
  
 # Now check access to the SMB share via (for example) one of the windows machines.
  
 service smb stop
service
nmb stop 
umount /srv/jtel/shared
  
 # do same again on other node

...



Démonter et désactiver SAMBA (

...

Unmount

les deux nœuds)

Translations Ignore


Code Block
title
Démonter
service smb stop
service
nmb stop 
umount /srv/jtel/shared
 systemctl disable smb

...



Installer les services PCS

...

(

...

les deux nœuds)

...

Voir Redundancy - Installing PCS Cluster.

...

Configurer l'IP

...

virtuel (un seul nœud !)

Change the following to set the virtual IP which should be shared between the nodes.

Set virtual

Modifiez les éléments suivants pour définir l'IP virtuel qui doit être partagé entre les nœuds.

Translations Ignore


Code Block
title
Définir l'IP virtuel
KE_VIP=10.4.8.22

...



Configurer les ressources PCS

...

(un seul nœud !)

...

Configure Resources

Configurez les ressources PCS à l'aide des commandes suivantes :

Translations Ignore


Code Block
title
Configurer les ressources PCS
pcs resource create ClusterDataJTELSharedMount ocf:heartbeat:Filesystem device="/dev/drbd/by-res/jtelshared/0" directory="/srv/jtel/shared" fstype="xfs" --group=jtel_portal_group
 pcs resource create ClusterIP ocf:heartbeat:IPaddr2 ip=${KE_VIP} cidr_netmask=32 op monitor interval=30s --group=jtel_portal_group
 pcs resource create samba systemd:smb op monitor interval=30s --group=jtel_portal_group
 pcs constraint order start ClusterDataJTELSharedMount then ClusterIP
 pcs constraint order start ClusterIP then samba



Test

...

Test pcs status

Tester comme suit :

Translations Ignore


Code Block
title
Tester le statut du PC
pcs status
  
 -->
shows
indique
the
l'état
status
des
of
ressources
the
nouvellement
newly
créées
created
sur
resources
les
on
deux
both nodes
nœuds,
one
un
node
nœud
should
doit
be
être
active
actif.
  Cluster name
  Nom du cluster : portal
 Stack : corosync
 Current DC : uk-acd-store2 (version 1.1.16-12.el7_4.8-94ff4df) - partition
with
avec quorum
Last updated: Mon
 Dernière mise à jour : Lun 19 Mar
19 
15:40:24 2018
Last
 Dernière
change
modification:
Mon
Lun 19 Mar
19 
15:40:16 2018
by
par root via cibadmin
on
sur uk-acd-store1
 2
nodes configured 3 resources configured Online
nœuds configurés 3 ressources configurées en ligne : [ uk-acd-store1 uk-acd-store2 ]
Full list of resources: Resource Group
 Liste complète des ressources : Groupe de ressources: jtel_portal_group
 
ClusterDataJTELSharedMount (ocf::heartbeat:Filesystem): 
Started uk-acd-store1
ClusterIP
samba 
(
ocf::heartbeat:IPaddr2
systemd:smb): 
Started uk-acd-store1
 
samba
 (systemd:smb):
Started
Démarré uk-acd-store1
Daemon Status: corosync: active/enabled pacemaker: active/enabled pcsd: active/enabled

...

Test file mount
 Statut du démon : corosync : actif/activé pacemaker : actif/activé pcsd : actif/activé



Tester la monture du fichier :

Translations Ignore


Code Block
title
Tester la monture du fichier
#
From
Depuis
the
les
windows
machines
machines
Windows:
  
 dir
\\uk-acd-store\shared




Test

...

Test file mount

de basculement manuel :

Translations Ignore


Code Block
title
Tester la monture du fichier
# Failover to node 2
 pcs cluster standby uk-acd-store1 
  
 # ... (wait)
  
 pcs status
  
 # Then test the availability of the files from the windows machines.
 # Create a new file before failing back (to make sure DRBD working ok).
  
 # Fail back to node 1
 pcs cluster unstandby uk-acd-store1
 pcs cluster standby uk-acd-store2
  
 # ... (wait)
 pcs status
 # Then test the availability of the files from the windows machines.
 # Check that the new file created above is available.
  
 # Unstandby node 2
 pcs cluster unstandby uk-acd-store2

...




Lier manuellement /home/jtel/shared (

...

link

les deux nœuds)

Translations Ignore


Code Block
title
lier /home/jtel/shared
ln -s /srv/jtel/shared /home/jtel/shared