IN PROGRESS
Notes
We no longer support DRBD on the base file system. We always install with LVM for maintenance purposes.
We use the whole disk, so increasing size is done using LVM by adding new disks.
It is recommended to create the STORE machine without the disk for the storage being mounted by the installation routines.
Creation Steps
Create LVM Physical Volume, Volume Group and Logical Volume (Both Nodes)
The commands below assume that /dev/sdb will be used for the DRBD on top of LVM configuration, and that the disks are EXACTLY the same size.
# Create the phsyical volume - this is based on sdb assuming it is the second drive on the system lvm pvcreate /dev/sdb # Create the volume group lvm vgcreate "vg_drbd_jtelshared" /dev/sdb # Create the logical volume lvm lvcreate -l +100%FREE vg_drbd_jtelshared -n lv_drbd_jtelshared
Configure Firewall for DRBD (Both Nodes)
# Prepare the firewall firewall-cmd --zone=public --add-port=7788-7799/tcp --permanent firewall-cmd --reload
Prepare Mount Point (Both Nodes)
The data should be mounted to the directory /srv/jtel/shared.
The following commands prepare for this:
mkdir /srv/jtel mkdir /srv/jtel/shared chown -R jtel:jtel /srv/jtel
Install ELrepo and DRBD (Both Nodes)
We now install DRBD 9. This requires using the ELrepo.
dnf -y install https://www.elrepo.org/elrepo-release-8.el8.elrepo.noarch.rpm rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org dnf -y install drbd90-utils kmod-drbd90 systemctl enable drbd systemctl start drbd
Configure DRBD (Both Nodes)
DRBD must be configured with static ip addresses and correct hostnames.
The IP addresses below must be modified:
CAUTION IP ADDRESSES
CAUTION HOSTNAMES
# Configure DRBD cat <<EOFF > /etc/drbd.d/jtelshared.res resource jtelshared { protocol C; meta-disk internal; device /dev/drbd0; syncer { verify-alg sha1; } net { allow-two-primaries; } on acd-store1.jtel.local { disk /dev/vg_drbd_jtelshared/lv_drbd_jtelshared; address 10.1.1.1:7789; } on acd-store2.jtel.local { disk /dev/vg_drbd_jtelshared/lv_drbd_jtelshared; address 10.1.1.2:7789; } startup { become-primary-on both; } } EOFF
Create Metadata and Start (Both Nodes)
# Create metadata and start DRBD drbdadm create-md jtelshared drbdadm up jtelshared
Make ONE Node Primary
# Make ONE node primary drbdadm primary jtelshared --force
DRBD will now sync. This might take some time, however, you do not have to wait, as long as you make sure the primary is active in the PCS cluster below.
Install and Configure Access to STORE
Install Samba (BOTH NODES)
These commands install the samba server and client and lsof.
dnf -y install samba samba-client lsof
Configure Samba
The following creates a samba configuration file with a minimum configuration.
# SMB Conf cat <<EOFF > /etc/samba/smb.conf [global] workgroup = JTEL security = user passdb backend = tdbsam min protocol = SMB3 [shared] comment = jtel ACD Shared Directory public = no read only = no writable = yes locking = yes path = /srv/jtel/shared create mask = 0644 directory mask = 0755 force user = jtel force group = jtel acl allow execute always = True EOFF
Setup SeLinux and the Firewall
The following command sets up selinux for the smb service and opens the necessary ports in the firewall:
setsebool -P samba_enable_home_dirs=on samba_export_all_rw=on use_samba_home_dirs=on use_nfs_home_dirs=on firewall-cmd --zone=public --add-port=445/tcp --add-port=139/tcp --add-port=138/udp --add-port=137/udp --permanent firewall-cmd --reload
Manually link /home/jtel/shared
Link the /home/jtel/shared folder.
ln -s /srv/jtel/shared /home/jtel/shared
Setup Access to the Samba Server
jtel User Access
The following command creates the smb credentials for the jtel user.
CAUTION PASSWORD
printf '<password>\n<password>\n' | smbpasswd -a -s jtel
Further User Access
If necessary, add further users to samba - replacing password with the actual password for the user. Here, for example, the windows administrator user:
CAUTION PASSWORD
useradd -m Administrator printf '<password>\n<password>\n' | smbpasswd -a -s Administrator
TODO ...