CentOS Stream 8
Sponsored Link

GlusterFS 7 : GlusterFS + SMB2021/04/02
 
Configure GlusterFS volume to enable SMB protocol.
For example, Configure SMB setting to a Gluster Volume [vol_distributed] like an example of the link here.
[1] Configure GlusterFS to enable SMB setting on a Node in GlusterFS Cluster.
[root@node01 ~]#
dnf -y install centos-release-samba413
[root@node01 ~]#
sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/CentOS-Samba-413.repo
[root@node01 ~]#
dnf --enablerepo=centos-samba413 -y install samba ctdb samba-vfs-glusterfs
# stop the target Gluster volume and change settings

[root@node01 ~]#
gluster volume stop vol_distributed

Stopping volume will make its data inaccessible. Do you want to continue? (y/n)
y

volume stop: vol_distributed: success
[root@node01 ~]#
gluster volume set vol_distributed user.smb enable

volume set: success
[root@node01 ~]#
gluster volume set vol_distributed performance.write-behind off

volume set: success
[root@node01 ~]#
gluster volume set vol_distributed group samba

volume set: success
[root@node01 ~]#
vi /var/lib/glusterd/hooks/1/start/post/S29CTDBsetup.sh
# line 25 : change to the target Gluster volume name

META="
vol_distributed
"
[root@node01 ~]#
vi /var/lib/glusterd/hooks/1/stop/pre/S29CTDB-teardown.sh
# line 13 : change to the target Gluster volume name

META="
vol_distributed
"
# start Gluster volume

[root@node01 ~]#
gluster volume start vol_distributed

volume start: vol_distributed: success
# with the settings above, following mounting is done automatically

[root@node01 ~]#
df -h /gluster/lock 

Filesystem                             Size  Used Avail Use% Mounted on
node01.srv.world:/vol_distributed.tcp   52G  5.4G   47G  11% /gluster/lock
[root@node01 ~]#
tail -1 /etc/fstab 

node01.srv.world:/vol_distributed /gluster/lock glusterfs _netdev,transport=tcp,xlator-option=*client*.ping-timeout=10 0 0
[root@node01 ~]#
vi /etc/ctdb/nodes
# create new

# write all Nodes that configure target Gluster volume

10.0.0.51
10.0.0.52
[root@node01 ~]#
vi /etc/ctdb/public_addresses
# create new

# set virtual IP address for SMB access

# [enp1s0] means network interface name ⇒ replace to your environment

10.0.0.59/24 enp1s0
[root@node01 ~]#
systemctl enable --now ctdb
# confirm status

[root@node01 ~]#
ctdb status 

Number of nodes:2
pnn:0 10.0.0.51        OK (THIS NODE)
pnn:1 10.0.0.52        DISCONNECTED|UNHEALTHY|INACTIVE
Generation:2047183436
Size:1
hash:0 lmaster:0
Recovery mode:NORMAL (0)
Recovery master:0
[root@node01 ~]#
ctdb ip

Public IPs on node 0
10.0.0.59 0
[2] Configure Samba.
For example, Create a shared Folder that users in [smbgroup] group can only access to shared folder [smbshare] and also they are required user authentication.
# mount Gluster volume with GlusterFS Native and create a shared folder for SMB access

[root@node01 ~]#
mount -t glusterfs node01.srv.world:/vol_distributed /mnt

[root@node01 ~]#
mkdir /mnt/smbshare

[root@node01 ~]#
groupadd smbgroup

[root@node01 ~]#
chgrp smbgroup /mnt/smbshare

[root@node01 ~]#
chmod 770 /mnt/smbshare

[root@node01 ~]#
umount /mnt

[root@node01 ~]#
vi /etc/samba/smb.conf 
[global]
        workgroup = MYGROUP
        netbios name = MYSERVER
        server string = Samba Server Version %v
        log file = /var/log/samba/log.%m
        max log size = 50
        security = user
        passdb backend = tdbsam
        load printers = yes
        cups options = raw
        # add follows
        clustering = yes
        kernel share modes = no
        kernel oplocks = no
        map archive = no
        map hidden = no
        map read only = no
        map system = no
        store dos attributes = yes

# following 9 lines are configured automatically
[gluster-vol_distributed]
comment = For samba share of volume vol_distributed
vfs objects = glusterfs
glusterfs:volume = vol_distributed
glusterfs:logfile = /var/log/samba/glusterfs-vol_distributed.%M.log
glusterfs:loglevel = 7
path = /
read only = no
kernel share modes = no
# add follows
writable = yes
valid users = @smbgroup
force create mode = 777
force directory mode = 777
inherit permissions = yes
[root@node01 ~]#
systemctl enable --now smb
# add Samba user

[root@node01 ~]#
useradd cent

[root@node01 ~]#
smbpasswd -a cent

New SMB password:    
# set any SMB password

Retype new SMB password:
Added user cent.
[root@node01 ~]#
usermod -aG smbgroup cent

[3] If SELinux is enabled, change policy.
[root@node01 ~]#
setsebool -P use_fusefs_home_dirs on

[root@node01 ~]#
setsebool -P samba_load_libgfapi on

[root@node01 ~]#
setsebool -P domain_kernel_load_modules on

[root@node01 ~]#
vi gluster_smb.te
# create new

module gluster_smb 1.0;

require {
        type glusterd_t;
        type ctdbd_t;
        type load_policy_t;
        class fifo_file read;
        class capability sys_ptrace;
}

#============= ctdbd_t ==============
allow ctdbd_t self:capability sys_ptrace;

#============= load_policy_t ==============
allow load_policy_t glusterd_t:fifo_file read;
[root@node01 ~]#
checkmodule -m -M -o gluster_smb.mod gluster_smb.te

[root@node01 ~]#
semodule_package --outfile gluster_smb.pp --module gluster_smb.mod

[root@node01 ~]#
semodule -i gluster_smb.pp

[4] If Firewalld is running, allow services.
[root@node01 ~]#
firewall-cmd --add-service={samba,ctdb} --permanent

success
[root@node01 ~]#
firewall-cmd --reload

success
[5] Verify it can access to the target share with SMB from any Linux client computer.
# verify with [smbclient]

[root@client ~]#
smbclient //node01.srv.world/gluster-vol_distributed -U cent 

Enter MYGROUP\cent's password:
Try "help" to get a list of possible commands.

# verify witable to move to shared folder
smb: \> cd smbshare

smb: \smbshare\> mkdir testdir
smb: \smbshare\> ls
  .                                   D        0  Fri Apr  2 14:05:40 2021
  ..                                  D        0  Fri Apr  2 13:30:24 2021
  testdir                             D        0  Fri Apr  2 14:05:40 2021

                54491144 blocks of size 1024. 48882132 blocks available
smb: \smbshare\> exit
# verify with [mount]

# for [10.0.0.59], it is virtual IP address set in [1] section

[root@client ~]#
mount -t cifs -o vers=3.0,username=cent //10.0.0.59/gluster-vol_distributed /mnt

Password for cent@//10.0.0.59/gluster-vol_distributed: ********
[root@client ~]#
df -hT 

Filesystem                          Type      Size  Used Avail Use% Mounted on
devtmpfs                            devtmpfs  1.9G     0  1.9G   0% /dev
tmpfs                               tmpfs     1.9G     0  1.9G   0% /dev/shm
tmpfs                               tmpfs     1.9G  8.6M  1.9G   1% /run
tmpfs                               tmpfs     1.9G     0  1.9G   0% /sys/fs/cgroup
/dev/mapper/cs-root                 xfs        26G  2.4G   24G  10% /
/dev/vda1                           xfs      1014M  322M  693M  32% /boot
tmpfs                               tmpfs     374M     0  374M   0% /run/user/0
//10.0.0.59/gluster-vol_distributed cifs       52G  5.4G   47G  11% /mnt
[root@client ~]#
touch /mnt/smbshare/testfile.txt

[root@client ~]#
ll /mnt/smbshare 

total 4
drwxr-xr-x. 2 root root 0 Apr  2 14:05 testdir
-rwxr-xr-x. 1 root root 0 Apr  2 14:09 testfile.txt
Matched Content