Setting up a file server cluster with Samba and CTDB
The CTDB package supplies two useful programs, ctdb and onnode, along with the daemon ctdbd. The ctdb tool is the client interface for CTDB cluster management. The most frequently used command is bound to be ctdb status, which outputs the general status of the cluster (Figure 2). The ctdb ip command shows the distribution of public IP addresses over the nodes (Figure 3). ctdb lets the admin trigger actions in the cluster, such as enabling or disabling individual nodes, adding or removing public IPs, forcing a recovery, or applying various tweaks. See the CTDB man page  for more information.
The onnode script is a very useful tool that lets you run commands on one or multiple nodes:
onnode node[,node...] Kommando
onnode gleans the node details from the /etc/ctdb/nodes file. The target can be one or multiple node numbers or a numeric range. Also all nodes (all), connected nodes (con), healthy nodes (ok), and the recovery master (rm) have symbolic names. onnode uses SSH to establish connections to the nodes; password-less SSH logins are thus a good idea on the internal CTDB network.
Using onnode, the admin can easily roll out service configuration files on the nodes or install the same software package after storing the data on the cluster filesystem beforehand:
onnode all cp /shared/smb.conf /etc/samba/smb.conf
Because onnode only needs to reference the nodes file, you can use it to launch ctdbd on all or selected nodes:
onnode 0,2-5 service ctdb start
For more, see the onnode man page .
To guarantee trouble-free monitoring and failover operations in CTDB, it is important not to use the interfaces or bind interfaces only configuration parameters to restrict the IP addresses or network interfaces you want Samba to listen on. Samba service monitoring requires Samba to listen on the wildcard address, 0.0.0.0, or :: for IPv6.
Listing 2 shows an example of a Samba configuration file that the admin would distribute to all the nodes in the cluster. The smbstatus shows the connections for all nodes in the cluster. To do so, it not only lists the process IDs of the smbd processes, but outputs their node number prefixes (Figure 4). Similarly, admins can influence the Samba daemons throughout the cluster using smbcontrol.
smb.conf for a Cluster
01 [global] 02 clustering = yes 03 netbios name = cifscluster 04 workgroup = mydomain 05 security = ads 06 passdb backend = tdbsam 07 08 idmap backend = tdb2 09 idmap uid = 1000000-2000000 10 idmap gid = 1000000-2000000 11 12 groupdb:backend = tdb 13 fileid:algorithm = fsname 14 15 [share] 16 path = /storage/share 17 vfs objects = fileid
When running a Samba cluster, it doesn't make any sense to run the NetBIOS name service, nmbd, on multiple nodes – the broadcast would just suffer from a split personality. Also, the WINS service is not cluster-capable because Samba does not handle the wins.dat database with CTDB.
For the first time, and conditional on a freely available clustering filesystem that passes the ping-pong test, Samba 3.3 in combination with CTDB offers a highly scalable CIFS cluster that is easily installable for production use without the need for patches and workarounds. After the basic setup, registry-based configuration and the onnode script make managing the cluster a pleasant task. Read on for more on Samba's new registry configuration system.
- Samba project: http://www.samba.org
- Samba team: http://www.samba.org/samba/team/
- Samba Team Receives Microsoft Protocol Documentation: http://www.samba.org/samba/PFIF/
- CTDB project: http://ctdb.samba.org
- File locking principles: http://en.wikipedia.org/wiki/File_locking
- TDB: http://tdb.samba.org
- Ronnie Sahlberg's CTDB repository: git://git.samba.org/sahlberg/ctbd.git
- Samba & clustering: http://wiki.samba.org/index.php/Samba_&_Clustering
- "Clustered Samba" by Andrew Tridgell and Ronnie Sahlberg at linux.conf.au, 2008, http://mirror.linux.org.au/pub/linux.conf.au/2008/slides/178-tridge-ctdb.pdf
- Samba via Git: http://wiki.samba.org/index.php/Using_Git_for_Samba_Development
- Web interface for Samba's Git repository: http://git.samba.org
- Git repository mirror: http://repo.or.cz/w/Samba.git
- CTDB RPMs for RHEL: http://ctdb.samba.org/packages/
- CTDB RPMs for other distributions: http://download.opensuse.org/repositories/home:/iamobnox/
- ping_pong.c: http://junkcode.samba.org/ftp/unpacked/junkcode/ping_pong.c
- Ping-pong: http://wiki.samba.org/index.php/Ping_pong
- IBM General Parallel File System: http://www-03.ibm.com/systems/clusters/software/gpfs/index.html
- Red Hat Global File System: http://www.redhat.com/gfs/
- GlusterFS (GNU Cluster File System): http://www.gluster.org
- Lustre File System: http://www.lustre.org
- Oracle Cluster File System (OCFS2): http://oss.oracle.com/projects/ocfs2/
- OCFS2 mailing list posting on Posix fcntl() locking support: http://oss.oracle.com/pipermail/ocfs2-users/2008-November/003061.html
- CTDB setup: http://wiki.samba.org/index.php/CTDB_Setup
- CTDB man page: http://ctdb.samba.org/~tridge/ctdb/doc/ctdb.1.html
- onnode man page: http://ctdb.samba.org/~tridge/ctdb/doc/onnode.1.html
3ROS attack tool lowers the technical bar so anyone can be an intruder.
Mozilla's latest browser offers powerful new privacy feature
If attackers are on your system, saving your passwords in a password vault is no protection.
Faulty hash algorithm persists, despite efforts by experts to raise awareness.
Powerful man-in-the-middle attack is now targeting online shopping.
Another high-profile coder says the kernel team needs a kinder, gentler culture.
Bug database has a bug of its own that could allow an intruder to create an unauthorized account.
Report focuses federal resources on achieving universal Internet access.
Leading browser makers say “no” to porous encryption algorithm