🇩🇪 Deutsch

Ausfallsicherer Dateiserver: Samba und DRBD mit SuSE Linux 10.0

Hier wird der Aufbau eines redundanten Samba-Servers beschrieben, der als Datei-Server für Windows-Clients verwendet wird. Beim physikalischen Ausfall eines Servers merkt der Benutzer nahezu nichts, alle Daten sind weiterhin vorhanden. Man hat jetzt genug Zeit, sich um die Reparatur des ausgefallenen Servers zu kümmern, z. B. Ersatzteil-Beschaffung des Motherboards. Dies alles hier wurde ca. 2006 so aufgesetzt, getestet und in Betrieb genommen. Kurze Zeit später hat sich das Konzept auch gleich bewährt, weil eben jener Motherboard-Ausfall aufgetreten ist, und die Ersatzbeschaffung via Reklamation und Garantiefall leider eine Woche in Anspruch genommen hat.

Achtung - dies wurde 2006 mit SuSE Linux so getan. Mittlerweile ist natürlich alles anders und hoffentlich besser.

Hier zuerst mal die Config-Dateien. Den Rest verspreche ich schon seit Jahren, nachzutragen.

File-System-Config

  • /etc/fstab
/dev/sda2 / ext3 acl,user_xattr 1 1
/dev/sda1 /boot ext3 acl,user_xattr 1 2
/dev/sda5 /var/log ext3 acl,user_xattr 1 2
/dev/sda3 swap swap defaults 0 0
proc /proc proc defaults 0 0
sysfs /sys sysfs noauto 0 0
usbfs /proc/bus/usb usbfs noauto 0 0
devpts /dev/pts devpts mode=0620,gid=5 0 0
/dev/sda6 /data1 auto noauto,user 0 0
/dev/dvdram /media/dvdram subfs noauto,fs=cdfss,ro,procuid,nosuid,nodev,exec,iocharset=utf8 0 0
/dev/fd0 /media/floppy subfs noauto,fs=floppyfss,procuid,nodev,nosuid,sync 0 0
/dev/drbd0 /data ext3 noauto 0 0

DRBD-Config

  • /etc/drbd.conf
global {
disable-ip-verification;
}

resource r0 {

protocol C;
incon-degr-cmd "halt -f";

startup {
degr-wfc-timeout 120; # 2 minutes.
}

disk {
on-io-error detach;
}

net {
}

syncer {
rate 10M;
group 1;
al-extents 257;
}

on primary { # ** EDIT ** the hostname of server 1 (uname -n)
device /dev/drbd0; #
disk /dev/sda7; # ** EDIT ** data partition on server 1
# address 192.168.0.254:7788; # ** EDIT ** IP address on server 1
address 10.11.1.2:7788; # ** EDIT ** IP address on server 1
meta-disk /dev/sda6[0]; # ** EDIT ** 128MB partition for DRBD on server 1
}

on secondary { # ** EDIT ** the hostname of server 2 (uname -n)
device /dev/drbd0; #
disk /dev/sda7; # ** EDIT ** data partition on server 2
# address 192.168.0.253:7788; # ** EDIT ** IP address on server 2
address 10.11.1.1:7788; # ** EDIT ** IP address on server 2
meta-disk /dev/sda6[0]; # ** EDIT ** 128MB partition for DRBD on server 2
}

}

Heartbeat-Config

  • /etc/ha.d/ha.cf
keepalive 2
#deadtime 30
deadtime 10
bcast eth1
initdead 120
node primary
node secondary
auto_failback on
  • /etc/ha.d/haresources
primary IPaddr::192.168.0.252/24/eth0 \
drbddisk::r0 Filesystem::/dev/drbd0::/data::ext3 \
smb nmb ldap cups \
MailTo::server@example.com::HA-Server
  • /etc/ha.d/authkeys
auth 2
2 crc

Samba-Config

  • /etc/samba/smb.conf
;
; /etc/smb.conf
;
; example.com smb.conf
; 09/2006 by chrissie and friends
;
[global]

oplocks = no
Level2 oplocks = no
# veto oplock files = /*.bat/*.htm/*.pst/
# strict locking = yes

netbios name = fileserver
server string = p
workgroup = WORKGROUP
username map = /etc/samba/users.map
socket options = TCP_NODELAY SO_KEEPALIVE
null passwords = yes
domain master = Yes
local master = Yes
preferred master = Yes
domain logons = Yes
os level = 65
security = user
# passdb backend = smbpasswd guest

logon drive = Z:
time server = yes

logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = Z:
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$

dos charset = 850
unix charset = ISO8859-1
display charset = ISO8859-1

# log level = 3
# logon script = %U.bat

; Block the Nimba Worm
veto files = /*.eml/*.nws/riched20.dll/*.{*}/
folder.htt/desktop.ini/Folder.htt/Desktop.ini/

; Netzwerk Interface Sicherheit:
interfaces = eth0 lo 192.168.0.252
bind interfaces only = true
hosts allow = 192.168.0.0/24 127.0.0.1 192.168.1.0/24
# end global section

#[homes]
# comment = Home Directories
# valid users = %S
# browseable = No
# read only = No
#[profiles]
# comment = Network Profiles Service
# path = %H
# read only = No
# store dos attributes = Yes
# create mask = 0600
# directory mask = 0700
#[users]
# comment = All users
# path = /home
# read only = No
# veto files = /aquota.user/groups/shares/
#[groups]
# comment = All groups
# path = /home/groups
# read only = No

[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0666
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin root
force group = ntadmin
create mask = 0664
directory mask = 0775
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
write list = root
;; die einzelnen shares

[personal]
comment = Personal
path = /data/personal
valid users = @personal
write list = @personal
create mode = 660
directory mode = 770

[accounting]
comment = Accounting
path = /data/accounting
valid users = @sekretariat
write list = @sekretariat
create mode = 660
directory mode = 770

[sekretariat]
comment = Sekretariat
path = /data/sekretariat
valid users = @sekretariat
write list = @sekretariat
create mode = 660
directory mode = 770

[software]
comment = Software
path = /data/software
valid users = @it
write list = @it
create mode = 664
directory mode = 775

;; staff shares

[admin_all]
comment = Admin_All
path = /data/admin_all
valid users = @staff
write list = @staff
create mode = 775
directory mode = 775

[project]
comment = Project
path = /data/project
valid users = @staff
write list = @staff
create mode = 775
directory mode = 775

[images]
comment = Images
path = /data/images
valid users = @staff
write list = @staff
create mode = 775
directory mode = 775

[library]
comment = Library
path = /data/library
valid users = @staff
write list = @staff
create mode = 775
directory mode = 775

[outlook]
comment = Outlook
path = /data/outlook
valid users = @staff
write list = @staff
create mode = 775
directory mode = 775

[archive]
comment = Archive
path = /data/archive
valid users = @staff
write list = @staff
create mode = 775
directory mode = 775

[printerdrivers]
comment = drivers
path = /data/printerdrivers
valid users = @it
write list = @it
create mode = 775
directory mode = 775

Net-Logon-Skript für die Clients

  • /var/lib/samba/netlogon/logon-staff.bat
@echo off
c:
if exist o:\ goto marke1:
net use o: \\fileserver\outlook /persistent:yes
:marke1
if exist p:\ goto marke2:
net use p: \\fileserver\project /persistent:yes
:marke2
if exist q:\ goto marke3:
net use q: \\fileserver\admin_all /persistent:yes
:marke3
if exist s:\ goto marke4:
net use s: \\fileserver\library /persistent:yes
:marke4
if exist t:\ goto marke5:
net use t: \\fileserver\archive /persistent:yes
:marke5
if exist y:\ goto marke6:
net use y: \\fileserver\images /persistent:yes
:marke6
net time \\fileserver /set /yes
  • Dienste aktivieren 
    chkconfig smb on
chkconfig nmb on
chkconfig cups on
chkconfig ldap on

additional links:

Website of the main Projects used in this howto:

http://www.drbd.org/

http://www.linux-ha.org/

http://www.samba.org

Some englisch howtos which may supply more useful information:

High Available NFS-Server This is the base for my howto, i just want to use Samba instead of NFS :-) http://www.howtoforge.com/high_availability_nfs_drbd_heartbeat_p2

Highly available LDAP-Server http://www.linuxjournal.com/article/5505

Artikel erstellt am: 09 September 2001 , aktualisiert am 09 September 2019