Sv translation

language	en

Notes

It is not trivial to resize this configuration, it is recommended to use Role STORE - DRBD File System (Redundant with LVM).

Create DRBD Partitions on disk (Both Nodes)

The commands below assume that /dev/sdb will be used for the DRBD partition.

Translations Ignore

Code Block

device=/dev/sdb
dd if=/dev/zero of=${device} obs=512 count=100
dd if=/dev/zero of=${device} obs=512 count=100 seek=$(( $(blockdev --getsz ${device}) -100 ))
parted ${device} "mklabel gpt"
parted ${device} "mkpart primary 0% 100%"

Verify that the partition is created:

Translations Ignore

Code Block

fdisk -l /dev/sdb
 
-->
 
WARNING: fdisk GPT support is currently new, and therefore in an experimental phase. Use at your own discretion.

Disk /dev/sdb: 274.9 GB, 274877906944 bytes, 536870912 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: gpt
Disk identifier: E7FF3D92-84BB-44E1-B0B0-26150DB80639


#         Start          End    Size  Type            Name
 1         2048    536868863    256G  Microsoft basic primary

Install DRBD Repos (Both Nodes)

Translations Ignore

Code Block
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm

Install DRBD Modules (Both Nodes)

Translations Ignore

Code Block
yum -y install drbd84-utils kmod-drbd84

Configure Firewall (Both Nodes)

Translations Ignore

Code Block
firewall-cmd --zone=public --add-port=7788-7799/tcp --permanent firewall-cmd --reload

Configure DRBD (Both Nodes)

NOTE: The following commands requires the hostname of both machines and the IP Address. These are obtained as follows:

Translations Ignore

Code Block
ip addr hostname

Create a DRBD config file for jtelshared on /dev/sdb

Translations Ignore

Code Block

title	/etc/drbd.d/jtelshared.res

cat <<EOFF > /etc/drbd.d/jtelshared.res
resource jtelshared {
    protocol C;
    meta-disk internal;
    device /dev/drbd1;
    syncer {
        verify-alg sha1;
    }
    net {
        allow-two-primaries;
    }
    on acd-store1 {
        disk   /dev/sdb1;
        address 10.4.8.71:7789;
    }
    on acd-store2 {
        disk   /dev/sdb1;
        address 10.4.8.171:7789;
    }
    startup {
        become-primary-on both;
    }
}
EOFF

Note: it has been observed, that the fully qualified host name is required in the configuration file. If the first step below fails, then try with the fully qualified host name.

Create Metadata and start (Both Nodes)

Translations Ignore

Code Block
drbdadm create-md jtelshared drbdadm up jtelshared

Make one node primary (First Node)

Translations Ignore

Code Block
drbdadm primary jtelshared --force

Tune the transfer (Second Node)

Translations Ignore

Code Block
drbdadm disk-options --c-plan-ahead=0 --resync-rate=110M jtelshared

Create filesystem (First Node)

Translations Ignore

Code Block
mkfs.xfs -L data /dev/drbd1

Create fstab entry for file system (Both Nodes)

Add the following line to /etc/fstab

Translations Ignore

Code Block
/dev/drbd/by-res/jtelshared/0 /srv/jtel/shared xfs noauto,noatime,nodiratime 0 0

Mount the file system (First Node)

Translations Ignore

Code Block
mkdir /srv/jtel mkdir /srv/jtel/shared chown -R jtel:jtel /srv/jtel mount /srv/jtel/shared

Wait for initial sync to complete (Any Node)

Translations Ignore

Code Block

cat /proc/drbd
 
-->
 
# When not yet done:
 
version: 8.4.10-1 (api:1/proto:86-101)
GIT-hash: a4d5de01fffd7e4cde48a080e2c686f9e8cebf4c build by mockbuild@, 2017-09-15 14:23:22

 1: cs:SyncTarget ro:Secondary/Primary ds:Inconsistent/UpToDate C r-----
    ns:0 nr:3955712 dw:3950592 dr:0 al:8 bm:0 lo:5 pe:0 ua:5 ap:0 ep:1 wo:f oos:264474588
        [>....................] sync'ed:  1.5% (258272/262132)M
        finish: 2:08:08 speed: 34,388 (25,652) want: 112,640 K/sec


-->

# When done:

version: 8.4.10-1 (api:1/proto:86-101)
GIT-hash: a4d5de01fffd7e4cde48a080e2c686f9e8cebf4c build by mockbuild@, 2017-09-15 14:23:22

 1: cs:Connected ro:Secondary/Primary ds:UpToDate/UpToDate C r-----
    ns:0 nr:15626582 dw:284051762 dr:0 al:8 bm:0 lo:0 pe:0 ua:0 ap:0 ep:1 wo:f oos:0

Untune the transfer (Second Node)

Translations Ignore

Code Block
drbdadm adjust jtelshared

Make second node primary and mount the file system (Second node)

Translations Ignore

Code Block
mkdir /srv/jtel mkdir /srv/jtel/shared chown -R jtel:jtel /srv/jtel drbdadm primary jtelshared mount /srv/jtel/shared

Install Samba and lsof (Both Nodes)

Translations Ignore

Code Block

title	Install SAMBA

yum -y install samba samba-client lsof

Configure Samba (Both Nodes)

Translations Ignore

Code Block

title	Configure SAMBA

cat <<EOFF > /etc/samba/smb.conf
[global]
        workgroup = SAMBA
        security = user
        passdb backend = tdbsam
        printing = cups
        printcap name = cups
        load printers = yes
        cups options = raw
        min protocol = NT1
        ntlm auth = yes

[homes]
        comment = Home Directories
        valid users = %S, %D%w%S
        browseable = No
        read only = No
        inherit acls = Yes

[printers]
        comment = All Printers
        path = /var/tmp
        printable = Yes
        create mask = 0600
        browseable = No

[print$]
        comment = Printer Drivers
        path = /var/lib/samba/drivers
        write list = root
        create mask = 0664
        directory mask = 0775

[shared]
    comment = jtel ACD Shared Directory
    read only = no
    public = yes
    writable = yes
    locking = yes
    path = /srv/jtel/shared
    guest ok = yes
    create mask = 0644
    directory mask = 0755
    force user = jtel
    force group = jtel
    acl allow execute always = True

EOFF

Setup SeLinux, jtel User access and Firewall for Samba (Both Nodes)

Replace <password> with the actual password for the jtel user:

Translations Ignore

Code Block

title	SeLinux, jtel User, Firewall

setsebool -P samba_enable_home_dirs=on samba_export_all_rw=on use_samba_home_dirs=on use_nfs_home_dirs=on
printf '<password>\n<password>\n' | smbpasswd -a -s jtel
firewall-cmd --zone=public --add-port=445/tcp --add-port=139/tcp --add-port=138/udp --add-port=137/udp --permanent
firewall-cmd --reload

If necessary, add further users to samba:

Translations Ignore

Code Block

title	More SAMBA users

useradd -m Administrator
printf 'F1r3B²11\nF1r3B²11\n' | smbpasswd -a -s Administrator

Test SAMBA (Both Nodes)

This test should be performed on the node which currently has /srv/jtel/shared mounted:

Translations Ignore

Code Block

title	Test SAMBA

mount /srv/jtel/shared
service nmb start
service smb start

 
# Now check access to the SMB share via (for example) one of the windows machines.
 
service smb stop
service nmb stop
umount /srv/jtel/shared
 
# do same again on other node

Unmount and disable SAMBA (Both Nodes)

Translations Ignore

Code Block

title	Unmount

service smb stop
service nmb stop
umount /srv/jtel/shared
systemctl disable smb

Install PCS Services (Both Nodes)

See Redundancy - Installing PCS Cluster.

Setup virtual IP (One Node Only!)

Change the following to set the virtual IP which should be shared between the nodes.

Translations Ignore

Code Block

title	Set virtual IP

KE_VIP=10.4.8.22

Configure PCS Resources (One Node Only!)

Configure the PCS resources with the following commands:

Translations Ignore

Code Block

title	Configure PCS Resources

pcs resource create ClusterDataJTELSharedMount ocf:heartbeat:Filesystem device="/dev/drbd/by-res/jtelshared/0" directory="/srv/jtel/shared" fstype="xfs" --group=jtel_portal_group
pcs resource create ClusterIP ocf:heartbeat:IPaddr2 ip=${KE_VIP} cidr_netmask=32 op monitor interval=30s --group=jtel_portal_group
pcs resource create samba systemd:smb op monitor interval=30s --group=jtel_portal_group
pcs constraint order start ClusterDataJTELSharedMount then ClusterIP
pcs constraint order start ClusterIP then samba

Test

Test as follows:

Translations Ignore

Code Block

title	Test pcs status

pcs status
 
--> shows the status of the newly created resources on both nodes, one node should be active. 
 
Cluster name: portal
Stack: corosync
Current DC: uk-acd-store2 (version 1.1.16-12.el7_4.8-94ff4df) - partition with quorum
Last updated: Mon Mar 19 15:40:24 2018
Last change: Mon Mar 19 15:40:16 2018 by root via cibadmin on uk-acd-store1

2 nodes configured
3 resources configured

Online: [ uk-acd-store1 uk-acd-store2 ]

Full list of resources:

 Resource Group: jtel_portal_group
     ClusterDataJTELSharedMount (ocf::heartbeat:Filesystem):    Started uk-acd-store1
     ClusterIP  (ocf::heartbeat:IPaddr2):       Started uk-acd-store1
     samba      (systemd:smb):  Started uk-acd-store1

Daemon Status:
  corosync: active/enabled
  pacemaker: active/enabled
  pcsd: active/enabled

Test the file mount:

Translations Ignore

Code Block

title	Test file mount

# From the windows machines:
 
dir \\uk-acd-store\shared

Test manual failover:

Translations Ignore

Code Block

title	Test file mount

# Failover to node 2
pcs cluster standby uk-acd-store1 
 
# ... (wait)
 
pcs status
 
# Then test the availability of the files from the windows machines.
# Create a new file before failing back (to make sure DRBD working ok).
 
# Fail back to node 1
pcs cluster unstandby uk-acd-store1
pcs cluster standby uk-acd-store2
 
# ... (wait)

pcs status

# Then test the availability of the files from the windows machines.
# Check that the new file created above is available.
 
# Unstandby node 2

pcs cluster unstandby uk-acd-store2

Manually link /home/jtel/shared (Both Nodes)

Translations Ignore

Code Block

title	link /home/jtel/shared

ln -s /srv/jtel/shared /home/jtel/shared

Sv translation

language	de

Status

colour	Red
title	This page is only available in English

Sv translation

language	fr

Notes

Il n'est pas banal de redimensionner cette configuration, il est recommandé d'utiliser Role STORE - DRBD File System (Redundant with LVM).

Créer des partitions DRBD sur disque (les deux nœuds)

Les commandes ci-dessous supposent que /dev/sdb sera utilisé pour la partition DRBD.

Translations Ignore

Code Block

device=/dev/sdb dd if=/dev/zero of=${device} obs=512 count=100 dd if=/dev/zero of=${device} obs=512 count=100 seek=$(( $(blockdev --getsz ${device}) -100 )) parted ${device} "mklabel gpt" parted ${device} "mkpart primary 0% 100%"

Vérifiez que la partition est bien créée :

Translations Ignore

Code Block

fdisk -l /dev/sdb --> ATTENTION : le support de fdisk GPT est actuellement nouveau, et donc dans une phase expérimentale. A utiliser à votre discrétion. Disque /dev/sdb : 274.9 GB, 274877906944 bytes, 536870912 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): Disque /dev/sdb : E7FF3D92-84BB-44E1-B0B0-26150DB80639 # Start End Size Type Name 1 2048 536868863 256G Microsoft basic primary

Installer DRBD Repos (les deux nœuds)

Translations Ignore

Code Block
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm

Installer les modules DRBD (les deux nœuds)

Translations Ignore

Code Block
yum -y install drbd84-utils kmod-drbd84

Configurer le pare-feu (les deux nœuds)

Translations Ignore

Code Block
firewall-cmd --zone=public --add-port=7788-7799/tcp --permanent firewall-cmd --reload

Configurer DRBD (les deux nœuds)

NOTE: Les commandes suivantes nécessitent le nom d'hôte des deux machines et l'adresse IP. Ceux-ci sont obtenus comme suit :

Translations Ignore

Code Block
ip addr hostname

Créer un fichier de configuration DRBD pour jtelshared sur /dev/sdb

Translations Ignore

Code Block

title	/etc/drbd.d/jtelshared.res

cat <<EOFF > /etc/drbd.d/jtelshared.res resource jtelshared { protocol C; meta-disk internal; device /dev/drbd1; syncer { verify-alg sha1; } net { allow-two-primaries; } on acd-store1 { disk /dev/sdb1; address 10.4.8.71:7789; } on acd-store2 { disk /dev/sdb1; address 10.4.8.171:7789; } startup { become-primary-on both; } } EOFF

Note : il a été observé que le nom d'hôte entièrement qualifié est requis dans le fichier de configuration. Si la première étape ci-dessous échoue, essayez alors avec le nom d'hôte pleinement qualifié.

Créer des métadonnées et démarrer (les deux nœuds)

Translations Ignore

Code Block
drbdadm create-md jtelshared drbdadm up jtelshared

Faire un nœud primaire (premier nœud)

Translations Ignore

Code Block
drbdadm primary jtelshared --force

Régler le transfert (deuxième nœud)

Translations Ignore

Code Block
drbdadm disk-options --c-plan-ahead=0 --resync-rate=110M jtelshared

Créer un système de fichiers (premier nœud)

Translations Ignore

Code Block
mkfs.xfs -L data /dev/drbd1

Créer une entrée fstab pour le système de fichiers (les deux nœuds)

Ajouter la ligne suivante à /etc/fstab

Translations Ignore

Code Block
/dev/drbd/by-res/jtelshared/0 /srv/jtel/shared xfs noauto,noatime,nodiratime 0 0

Monter le système de fichiers (premier nœud)

Translations Ignore

Code Block
mkdir /srv/jtel mkdir /srv/jtel/shared chown -R jtel:jtel /srv/jtel mount /srv/jtel/shared

Attendre la fin de la synchronisation initiale (N'importe quel nœud)

Translations Ignore

Code Block

cat /proc/drbd   -->   # Quand ce n'est pas encore fait:   version: 8.4.10-1 (api:1/proto:86-101) GIT-hash: a4d5de01fffd7e4cde48a080e2c686f9e8cebf4c build by mockbuild@, 2017-09-15 14:23:22 1: cs:SyncTarget ro:Secondary/Primary ds:Inconsistent/UpToDate C r----- ns:0 nr:3955712 dw:3950592 dr:0 al:8 bm:0 lo:5 pe:0 ua:5 ap:0 ep:1 wo:f oos:264474588 [>....................] sync'ed: 1.5% (258272/262132)M finish: 2:08:08 speed: 34,388 (25,652) want: 112 640 K/sec --> # Quand c'est fait : version : 8.4.10-1 (api:1/proto:86-101) GIT-hash: a4d5de01fffd7e4cde48a080e2c686f9e8cebf4c build by mockbuild@, 2017-09-15 14:23:22 1: cs:Connected ro:Secondary/Primary ds:UpToDate/UpToDate C r----- ns:0 nr:15626582 dw:284051762 dr:0 al:8 bm:0 lo:0 pe:0 ua:0 ap:0 ep:1 wo:f oos:0

Désaccorder le transfert (deuxième nœud)

Translations Ignore

Code Block
drbdadm adjust jtelshared

Faire du deuxième nœud un nœud primaire et monter le système de fichiers (Second node)

Translations Ignore

Code Block
mkdir /srv/jtel mkdir /srv/jtel/shared chown -R jtel:jtel /srv/jtel drbdadm primary jtelshared mount /srv/jtel/shared

Installer Samba et lsof (les deux nœuds)

Translations Ignore

Code Block

title	Installer SAMBA

yum -y install samba samba-client lsof

Configurer le Samba (les deux nœuds)

Translations Ignore

Code Block

title	Configurer SAMBA

cat <<EOFF > /etc/samba/smb.conf [global] workgroup = SAMBA security = user passdb backend = tdbsam printing = cups printcap name = cups load printers = yes cups options = raw min protocol = NT1 ntlm auth = yes [homes] comment = Home Directories valid users = %S, %D%w%S browseable = No read only = No inherit acls = Yes [printers] comment = All Printers path = /var/tmp printable = Yes create mask = 0600 browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = root create mask = 0664 directory mask = 0775 [shared] comment = jtel ACD Shared Directory read only = no public = yes writable = yes locking = yes path = /srv/jtel/shared guest ok = yes create mask = 0644 directory mask = 0755 force user = jtel force group = jtel acl allow execute always = True EOFF

Configuration de SeLinux, jtel Accès utilisateur et pare-feu pour Samba (les deux nœuds)

Remplacez <mot de passe> par le mot de passe réel de l'utilisateur de jtel :

Translations Ignore

Code Block

title	SeLinux, utilisateur jtel, parefeu

setsebool -P samba_enable_home_dirs=on samba_export_all_rw=on use_samba_home_dirs=on use_nfs_home_dirs=on printf '<password>\n<password>\n' | smbpasswd -a -s jtel firewall-cmd --zone=public --add-port=445/tcp --add-port=139/tcp --add-port=138/udp --add-port=137/udp --permanent firewall-cmd --reload

Si nécessaire, ajoutez d'autres utilisateurs à samba :

Translations Ignore

Code Block

title	Plus d'utilisateurs de SAMBA

useradd -m Administrator printf 'F1r3B²11\nF1r3B²11\n' | smbpasswd -a -s Administrator

Tester SAMBA (les deux nœuds)

Ce test doit être effectué sur le nœud qui a actuellement /srv/jtel/shared monté :

Translations Ignore

Code Block

title	Tester SAMBA

mount /srv/jtel/shared service nmb start service smb start   # Now check access to the SMB share via (for example) one of the windows machines.   service smb stop service nmb stop umount /srv/jtel/shared   # do same again on other node

Démonter et désactiver SAMBA (les deux nœuds)

Translations Ignore

Code Block

title	Démonter

service smb stop service nmb stop umount /srv/jtel/shared systemctl disable smb

Installer les services PCS (les deux nœuds)

Voir Redundancy - Installing PCS Cluster.

Configurer l'IP virtuel (un seul nœud !)

Modifiez les éléments suivants pour définir l'IP virtuel qui doit être partagé entre les nœuds.

Translations Ignore

Code Block

title	Définir l'IP virtuel

KE_VIP=10.4.8.22

Configurer les ressources PCS (un seul nœud !)

Configurez les ressources PCS à l'aide des commandes suivantes :

Translations Ignore

Code Block

title	Configurer les ressources PCS

pcs resource create ClusterDataJTELSharedMount ocf:heartbeat:Filesystem device="/dev/drbd/by-res/jtelshared/0" directory="/srv/jtel/shared" fstype="xfs" --group=jtel_portal_group pcs resource create ClusterIP ocf:heartbeat:IPaddr2 ip=${KE_VIP} cidr_netmask=32 op monitor interval=30s --group=jtel_portal_group pcs resource create samba systemd:smb op monitor interval=30s --group=jtel_portal_group pcs constraint order start ClusterDataJTELSharedMount then ClusterIP pcs constraint order start ClusterIP then samba

Test

Tester comme suit :

Translations Ignore

Code Block

title	Tester le statut du PC

pcs status --> indique l'état des ressources nouvellement créées sur les deux nœuds, un nœud doit être actif.   Nom du cluster : portal Stack : corosync Current DC : uk-acd-store2 (version 1.1.16-12.el7_4.8-94ff4df) - partition avec quorum Dernière mise à jour : Lun 19 Mar 15:40:24 2018 Dernière modification: Lun 19 Mar 15:40:16 2018 par root via cibadmin sur uk-acd-store1 2 nœuds configurés 3 ressources configurées en ligne : [ uk-acd-store1 uk-acd-store2 ] Liste complète des ressources : Groupe de ressources: jtel_portal_group ClusterDataJTELSharedMount (ocf::heartbeat:Filesystem): Started uk-acd-store1 samba (systemd:smb): Started uk-acd-store1 samba (systemd:smb): Démarré uk-acd-store1 Statut du démon : corosync : actif/activé pacemaker : actif/activé pcsd : actif/activé

Tester le montage du fichier :

Translations Ignore

Code Block

title	Tester la monture du fichier

# Depuis les machines Windows: dir\\uk-acd-store\shared

Tester le basculement manuel :

Translations Ignore

Code Block

title	Tester la monture du fichier

# Failover to node 2 pcs cluster standby uk-acd-store1    # ... (wait)   pcs status   # Then test the availability of the files from the windows machines. # Create a new file before failing back (to make sure DRBD working ok).   # Fail back to node 1 pcs cluster unstandby uk-acd-store1 pcs cluster standby uk-acd-store2   # ... (wait) pcs status # Then test the availability of the files from the windows machines. # Check that the new file created above is available.   # Unstandby node 2 pcs cluster unstandby uk-acd-store2

Lien manuel /home/jtel/shared (les deux nœuds)

Translations Ignore

Code Block

title	link /home/jtel/shared

ln -s /srv/jtel/shared /home/jtel/shared

Page tree

Page History

Versions Compared

Old Version 48

New Version Current

Key

Notes

Create DRBD Partitions on disk (Both Nodes)

Install DRBD Repos (Both Nodes)

Install DRBD Modules (Both Nodes)

Configure Firewall (Both Nodes)

Create Metadata and start (Both Nodes)

Make one node primary (First Node)

Tune the transfer (Second Node)

Create filesystem (First Node)

Create fstab entry for file system (Both Nodes)

Mount the file system (First Node)

Wait for initial sync to complete (Any Node)

Untune the transfer (Second Node)

Make second node primary and mount the file system (Second node)

Install Samba and lsof (Both Nodes)

Configure Samba (Both Nodes)

Setup SeLinux, jtel User access and Firewall for Samba (Both Nodes)

Test SAMBA (Both Nodes)

Unmount and disable SAMBA (Both Nodes)

Install PCS Services (Both Nodes)

Setup virtual IP (One Node Only!)

Configure PCS Resources (One Node Only!)

Test

Manually link /home/jtel/shared (Both Nodes)

Notes

Créer des partitions DRBD sur disque (les deux nœuds)

Installer DRBD Repos (les deux nœuds)

Installer les modules DRBD (les deux nœuds)

Configurer le pare-feu (les deux nœuds)

Créer des métadonnées et démarrer (les deux nœuds)

Faire un nœud primaire (premier nœud)

Régler le transfert (deuxième nœud)

Créer un système de fichiers (premier nœud)

Créer une entrée fstab pour le système de fichiers (les deux nœuds)

Monter le système de fichiers (premier nœud)

Attendre la fin de la synchronisation initiale (N'importe quel nœud)

Désaccorder le transfert (deuxième nœud)

Faire du deuxième nœud un nœud primaire et monter le système de fichiers (Second node)

Installer Samba et lsof (les deux nœuds)

Configurer le Samba (les deux nœuds)

Configuration de SeLinux, jtel Accès utilisateur et pare-feu pour Samba (les deux nœuds)

Tester SAMBA (les deux nœuds)

Démonter et désactiver SAMBA (les deux nœuds)

Installer les services PCS (les deux nœuds)

Configurer l'IP virtuel (un seul nœud !)

Configurer les ressources PCS (un seul nœud !)

Test

Lien manuel /home/jtel/shared (les deux nœuds)