4.3. Configuring Samba

The following procedure initializes the Samba environment and configures Samba on the cluster nodes.
  1. On both nodes of the cluster, perform the following steps:
    1. Install the samba, ctdb, and cifs-utils packages.
      # yum install samba ctdb cifs-utils
    2. If you are running the firewalld daemon, run the following commands to enable the ports that are required by the ctdb and samba services.
      # firewall-cmd --add-service=ctdb --permanent
      # firewall-cmd --add-service=samba --permanent
      # firewall-cmd --reload
    3. Enter the following commands to ensure that these daemons are not running and do not start at bootup. Note that not all of these daemons may be present or running on your system.
      # systemctl disable ctdb
      # systemctl disable smb
      # systemctl disable nmb
      # systemctl disable winbind
      # systemctl stop ctdb
      # systemctl stop smb
      # systemctl stop nmb
      # systemctl stop winbind
    4. In the /etc/samba/smb.conf file, configure the Samba server and set up the [public] share definition. For example:
      # cat << END > /etc/samba/smb.conf
      [global]
      netbios name = linuxserver
      workgroup = WORKGROUP
      server string = Public File Server
      security = user
      map to guest = bad user
      guest account = smbguest
      clustering = yes
      ctdbd socket = /tmp/ctdb.socket
      [public]
      path = /mnt/gfs2share/public
      guest ok = yes
      read only = no
      END
      For information on configuring Samba as a standalone server, as in this example, as well as information on verifying the smb.conf file with the testparm utility, see the File and Print Servers section of the System Administrator's Guide
    5. Add the IP address of the cluster nodes to the /etc/ctdb/nodes file.
      # cat << END > /etc/ctdb/nodes
      192.168.1.151
      192.168.1.152
      END
    6. For load balancing between the nodes of the cluster, you can add two or more IP addresses that can be used to access the Samba shares exported by this cluster to the /etc/ctdb/public_addresses file. These are the IP addresses that you should configure in DNS for the name of the Samba server and are the addresses that SMB clients will connect to. Configure the name of the Samba server as one DNS type A record with multiple IP addresses and let round-robin DNS distribute the clients across the nodes of the cluster.
      For this example, the DNS entry linuxserver.example.com has been defined with both the addresses listed under the /etc/ctdb/public_addresses file. With this in place, DNS will distribute the Samba clients across the cluster nodes in a round-robin fashion. Please note that when implementing this scenario, the DNS entries should match your needs.
      Add the IP addresses that can be used to access the Samba shares exported by this cluster to the /etc/ctdb/public_addresses file.
      # cat << END > /etc/ctdb/public_addresses
      192.168.1.201/24 eth0
      192.168.1.202/24 eth0
      END
    7. Create a Samba group, then add a local user for the public test share directory, setting the previously created group as the primary group.
      # groupadd smbguest
      # adduser smbguest -g smbguest
    8. Make sure that the SELinux context are correct in the CTDB-related directories.
      # mkdir /var/ctdb/
      # chcon -Rv -u system_u -r object_r -t ctdbd_var_lib_t /var/ctdb/
      changing security context of ‘/var/ctdb/’
      # chcon -Rv -u system_u -r object_r -t ctdbd_var_lib_t /var/lib/ctdb/
      changing security context of ‘/var/lib/ctdb/’
      
  2. On one node of the cluster, perform the following steps:
    1. Set up the directories for the CTDB lock file and public share.
      [root@z1 ~]# mkdir -p /mnt/gfs2share/ctdb/
      [root@z1 ~]# mkdir -p /mnt/gfs2share/public/
    2. Update the SELinux contexts on the GFS2 share.
      [root@z1 ~]# chown smbguest:smbguest /mnt/gfs2share/public/
      [root@z1 ~]# chmod 755 /mnt/gfs2share/public/
      [root@z1 ~]# chcon -Rv -t ctdbd_var_run_t /mnt/gfs2share/ctdb/
      changing security context of ‘/mnt/gfs2share/ctdb/’
      [root@z1 ~]# chcon -Rv -u system_u -r object_r -t samba_share_t /mnt/gfs2share/public/
      changing security context of ‘/mnt/gfs2share/public’