CentOS 8
Sponsored Link

GlusterFS 8 : GlusterFS + SMB
2020/09/24
 
Configure GlusterFS volume to enable SMB protocol.
[1] Configure GlusterFS to enable SMB setting on a Node in GlusterFS Cluster.
[root@node01 ~]#
dnf -y install centos-release-samba412
[root@node01 ~]#
sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/CentOS-Samba-412.repo
[root@node01 ~]#
dnf --enablerepo=centos-samba412 -y install samba ctdb samba-vfs-glusterfs
# stop the target Gluster volume and change settings

[root@node01 ~]#
gluster volume stop vol_replica

Stopping volume will make its data inaccessible. Do you want to continue? (y/n)
y

volume stop: vol_replica: success
[root@node01 ~]#
gluster volume set vol_replica user.smb enable

volume set: success
[root@node01 ~]#
gluster volume set vol_replica group samba

volume set: success
[root@node01 ~]#
vi /var/lib/glusterd/hooks/1/start/post/S29CTDBsetup.sh
# line 25 : change to the target Gluster volume name

META="
vol_replica
"
[root@node01 ~]#
vi /var/lib/glusterd/hooks/1/stop/pre/S29CTDB-teardown.sh
# line 13 : change to the target Gluster volume name

META="
vol_replica
"
# start Gluster volume

[root@node01 ~]#
gluster volume start vol_replica

volume start: vol_replica: success
# with the settings above, follwing mounting is done automatically

[root@node01 ~]#
df -h /gluster/lock

Filesystem                         Size  Used Avail Use% Mounted on
node01.srv.world:/vol_replica.tcp   26G  2.3G   24G   9% /gluster/lock
[root@node01 ~]#
tail -1 /etc/fstab

node01.srv.world:/vol_replica /gluster/lock glusterfs _netdev,transport=tcp,xlator-option=*client*.ping-timeout=10 0 0

[root@node01 ~]#
vi /etc/ctdb/nodes
# create new

# write all Nodes that configure target Gluster volume

10.0.0.51
10.0.0.52
10.0.0.53
[root@node01 ~]#
vi /etc/ctdb/public_addresses
# create new

# set virtual IP address for SMB access

# [enp1s0] means network interface name ⇒ replace to your environment

10.0.0.59/24 enp1s0
[root@node01 ~]#
systemctl enable --now ctdb
# confirm status

[root@node01 ~]#
ctdb status

Number of nodes:3
pnn:0 10.0.0.51        OK (THIS NODE)
pnn:1 10.0.0.52        DISCONNECTED|UNHEALTHY|INACTIVE
pnn:2 10.0.0.53        DISCONNECTED|UNHEALTHY|INACTIVE
Generation:1838762525
Size:1
hash:0 lmaster:0
Recovery mode:NORMAL (0)
Recovery master:0

[root@node01 ~]#
ctdb ip

Public IPs on node 0
10.0.0.59 0
[2] Configure Samba.
For example, Create a shared Folder that users in [smbgroup] group can only access to shared folder [smbshare] and also they are required user authetication.
# mount Gluster volume with GlusterFS Native and create a shared folder for SMB access

[root@node01 ~]#
mount -t glusterfs node01.srv.world:/vol_replica /mnt

[root@node01 ~]#
mkdir /mnt/smbshare

[root@node01 ~]#
groupadd smbgroup

[root@node01 ~]#
chgrp smbgroup /mnt/smbshare

[root@node01 ~]#
chmod 770 /mnt/smbshare

[root@node01 ~]#
umount /mnt

[root@node01 ~]#
vi /etc/samba/smb.conf
[global]
        workgroup = MYGROUP
        netbios name = MYSERVER
        server string = Samba Server Version %v
        log file = /var/log/samba/log.%m
        max log size = 50
        security = user
        passdb backend = tdbsam
        load printers = yes
        cups options = raw
        # add follows
        clustering = yes
        kernel share modes = no
        kernel oplocks = no
        map archive = no
        map hidden = no
        map read only = no
        map system = no
        store dos attributes = yes

# follwoing 9 lines are configred automatically
[gluster-vol_replica]
comment = For samba share of volume vol_replica
vfs objects = glusterfs
glusterfs:volume = vol_replica
glusterfs:logfile = /var/log/samba/glusterfs-vol_replica.%M.log
glusterfs:loglevel = 7
path = /
read only = no
kernel share modes = no
# add follows
writable = yes
valid users = @smbgroup
force create mode = 777
force directory mode = 777
inherit permissions = yes

[root@node01 ~]#
systemctl enable --now smb
# add Samba user

[root@node01 ~]#
useradd cent

[root@node01 ~]#
smbpasswd -a cent

New SMB password:    
# set any SMB password

Retype new SMB password:
Added user cent.
[root@node01 ~]#
usermod -G smbgroup cent

[3] If SELinux is enabled, change policy.
[root@node01 ~]#
setsebool -P use_fusefs_home_dirs on

[root@node01 ~]#
setsebool -P samba_load_libgfapi on

[root@node01 ~]#
setsebool -P domain_kernel_load_modules on

[root@node01 ~]#
vi gluster_smb.te
# create new

module gluster_smb 1.0;

require {
        type glusterd_t;
        type ctdbd_t;
        type load_policy_t;
        class fifo_file read;
        class capability sys_ptrace;
}

#============= ctdbd_t ==============
allow ctdbd_t self:capability sys_ptrace;

#============= load_policy_t ==============
allow load_policy_t glusterd_t:fifo_file read;

[root@node01 ~]#
checkmodule -m -M -o gluster_smb.mod gluster_smb.te

[root@node01 ~]#
semodule_package --outfile gluster_smb.pp --module gluster_smb.mod

[root@node01 ~]#
semodule -i gluster_smb.pp

[4] If Firewalld is running, allow services.
[root@node01 ~]#
firewall-cmd --add-service={samba,ctdb} --permanent

success
[root@node01 ~]#
firewall-cmd --reload

success
[5] Verify it can access to the target share with SMB from any Linux client computer.
# verisy with [smbclient]

[root@client ~]#
smbclient //node01.srv.world/gluster-vol_replica -U cent

Enter MYGROUP\cent's password:
Try "help" to get a list of possible commands.

# verify witable to move to shared folder
smb: \> cd smbshare

smb: \smbshare\> mkdir testdir
smb: \smbshare\> ls
  .                                   D        0  Thu Sep 24 19:54:23 2020
  ..                                  D        0  Thu Sep 24 19:42:03 2020
  testdir                             D        0  Thu Sep 24 19:54:23 2020

                27245572 blocks of size 1024. 24924956 blocks available
smb: \smbshare\> exit

# verify with [mount]

# for [10.0.0.59], it is virtual IP address set in [1] section

[root@client ~]#
mount -t cifs -o vers=3.0,username=cent //10.0.0.59/gluster-vol_replica /mnt

Password for cent@//10.0.0.59/gluster-vol_replica: ********
[root@client ~]#
df -hT

Filesystem                        Type            Size  Used Avail Use% Mounted on
devtmpfs                          devtmpfs        1.9G     0  1.9G   0% /dev
tmpfs                             tmpfs           1.9G     0  1.9G   0% /dev/shm
tmpfs                             tmpfs           1.9G  8.6M  1.9G   1% /run
tmpfs                             tmpfs           1.9G     0  1.9G   0% /sys/fs/cgroup
/dev/mapper/cl-root               xfs              26G  2.0G   25G   8% /
/dev/vda1                         ext4            976M  259M  651M  29% /boot
tmpfs                             tmpfs           378M     0  378M   0% /run/user/0
node03.srv.world:/vol_replica.tcp fuse.glusterfs   26G  2.3G   24G   9% /gluster/lock
//10.0.0.59/gluster-vol_replica   cifs             26G  2.3G   24G   9% /mnt

[root@client ~]#
touch /mnt/smbshare/testfile.txt

[root@client ~]#
ll /mnt/smbshare

total 0
drwxr-xr-x. 2 root root 0 Sep 24 19:54 testdir
-rwxr-xr-x. 1 root root 0 Sep 24 19:56 testfile.txt
Matched Content