CentOS Stream 8
Sponsored Link

GlusterFS 10 : GlusterFS + SMB2022/04/14

 
Configure GlusterFS volume to enable SMB protocol.
[1] Configure GlusterFS to enable SMB setting on a Node in GlusterFS Cluster.
[root@node01 ~]#
dnf -y install centos-release-samba416 perl
[root@node01 ~]#
sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/CentOS-Samba-416.repo
# enable EPEL, too

[root@node01 ~]#
dnf --enablerepo=centos-samba416,epel install samba ctdb samba-vfs-glusterfs
# stop the target Gluster volume and change settings

[root@node01 ~]#
gluster volume stop vol_distributed

Stopping volume will make its data inaccessible. Do you want to continue? (y/n)
y

volume stop: vol_distributed: success
[root@node01 ~]#
gluster volume set vol_distributed user.smb enable

volume set: success
[root@node01 ~]#
gluster volume set vol_distributed performance.write-behind off

volume set: success
[root@node01 ~]#
gluster volume set vol_distributed group samba

volume set: success
[root@node01 ~]#
vi /var/lib/glusterd/hooks/1/start/post/S29CTDBsetup.sh
# line 25 : change to the target Gluster volume name

META="
vol_distributed
"
[root@node01 ~]#
vi /var/lib/glusterd/hooks/1/stop/pre/S29CTDB-teardown.sh
# line 13 : change to the target Gluster volume name

META="
vol_distributed
"
# start Gluster volume

[root@node01 ~]#
gluster volume start vol_distributed

volume start: vol_distributed: success
# with the settings above, following mounting is done automatically

[root@node01 ~]#
df -h /gluster/lock

Filesystem                             Size  Used Avail Use% Mounted on
node01.srv.world:/vol_distributed.tcp   52G  6.0G   46G  12% /gluster/lock

[root@node01 ~]#
tail -1 /etc/fstab

node01.srv.world:/vol_distributed /gluster/lock glusterfs _netdev,transport=tcp,xlator-option=*client*.ping-timeout=10 0 0

[root@node01 ~]#
vi /etc/ctdb/nodes
# create new
# write all Nodes that configure target Gluster volume

10.0.0.51
10.0.0.52
[root@node01 ~]#
vi /etc/ctdb/public_addresses
# create new
# set virtual IP address for SMB access
# [enp1s0] means network interface name ⇒ replace to your environment

10.0.0.59/24 enp1s0
[root@node01 ~]#
systemctl enable --now ctdb
# confirm status

[root@node01 ~]#
ctdb status

Number of nodes:2
pnn:0 10.0.0.51        OK (THIS NODE)
pnn:1 10.0.0.52        DISCONNECTED|UNHEALTHY|INACTIVE
Generation:1255687339
Size:1
hash:0 lmaster:0
Recovery mode:NORMAL (0)
Leader:0

[root@node01 ~]#
ctdb ip

Public IPs on node 0
10.0.0.59 0
[2] Configure Samba.
For example, Create a shared Folder that users in [smbgroup] group can only access to shared folder [smbshare] and also they are required user authentication.
# mount Gluster volume with GlusterFS Native and create a shared folder for SMB access

[root@node01 ~]#
mount -t glusterfs node01.srv.world:/vol_distributed /mnt

[root@node01 ~]#
mkdir /mnt/smbshare

[root@node01 ~]#
groupadd smbgroup

[root@node01 ~]#
chgrp smbgroup /mnt/smbshare

[root@node01 ~]#
chmod 770 /mnt/smbshare

[root@node01 ~]#
umount /mnt

[root@node01 ~]#
vi /etc/samba/smb.conf
[global]
        workgroup = MYGROUP
        netbios name = MYSERVER
        server string = Samba Server Version %v
        log file = /var/log/samba/log.%m
        max log size = 50
        security = user
        passdb backend = tdbsam
        load printers = yes
        cups options = raw
        # add follows
        clustering = yes
        kernel share modes = no
        kernel oplocks = no
        map archive = no
        map hidden = no
        map read only = no
        map system = no
        store dos attributes = yes

# following 9 lines are configured automatically
[gluster-vol_distributed]
comment = For samba share of volume vol_distributed
vfs objects = glusterfs
glusterfs:volume = vol_distributed
glusterfs:logfile = /var/log/samba/glusterfs-vol_distributed.%M.log
glusterfs:loglevel = 7
path = /
read only = no
kernel share modes = no
# add follows
writable = yes
valid users = @smbgroup
force group = smbgroup
force create mode = 770
force directory mode = 770
inherit permissions = yes

[root@node01 ~]#
systemctl enable --now smb
# add Samba user

[root@node01 ~]#
useradd cent

[root@node01 ~]#
smbpasswd -a cent

New SMB password:    
# set any SMB password

Retype new SMB password:
Added user cent.
[root@node01 ~]#
usermod -aG smbgroup cent

[3] If SELinux is enabled, change policy.
[root@node01 ~]#
setsebool -P use_fusefs_home_dirs on

[root@node01 ~]#
setsebool -P samba_load_libgfapi on

[root@node01 ~]#
setsebool -P domain_kernel_load_modules on

[root@node01 ~]#
vi gluster_smb.te
# create new

module gluster_smb 1.0;

require {
        type glusterd_t;
        type ctdbd_t;
        type load_policy_t;
        class fifo_file read;
        class capability sys_ptrace;
}

#============= ctdbd_t ==============
allow ctdbd_t self:capability sys_ptrace;

#============= load_policy_t ==============
allow load_policy_t glusterd_t:fifo_file read;

[root@node01 ~]#
checkmodule -m -M -o gluster_smb.mod gluster_smb.te

[root@node01 ~]#
semodule_package --outfile gluster_smb.pp --module gluster_smb.mod

[root@node01 ~]#
semodule -i gluster_smb.pp

[4] If Firewalld is running, allow services.
[root@node01 ~]#
firewall-cmd --add-service={samba,ctdb}

success
[root@node01 ~]#
firewall-cmd --runtime-to-permanent

success
[5] Verify it can access to the target share with SMB from any Linux client computer.
The examples below are on Linux clients but it's possible to access from Windows clients with common way.
# verify with [smbclient]

[root@client ~]#
smbclient //node01.srv.world/gluster-vol_distributed -U cent

Enter SAMBA\cent's password:
Try "help" to get a list of possible commands.

# verify witable to move to shared folder
smb: \> cd smbshare

smb: \smbshare\> mkdir testdir
smb: \smbshare\> ls

  .                                   D        0  Thu Apr 14 12:33:25 2022
  ..                                  D        0  Thu Apr 14 12:22:14 2022
  testdir                             D        0  Thu Apr 14 12:33:25 2022

                54491144 blocks of size 1024. 48104016 blocks available

smb: \smbshare\> exit

# verify with [mount]
# for [10.0.0.59], it is virtual IP address set in [1] section

[root@client ~]#
mount -t cifs -o vers=3.0,username=cent //10.0.0.59/gluster-vol_distributed /mnt

Password for cent@//10.0.0.59/gluster-vol_distributed: ********
[root@client ~]#
df -hT

Filesystem                          Type      Size  Used Avail Use% Mounted on
devtmpfs                            devtmpfs  1.9G     0  1.9G   0% /dev
tmpfs                               tmpfs     1.9G     0  1.9G   0% /dev/shm
tmpfs                               tmpfs     1.9G  8.6M  1.9G   1% /run
tmpfs                               tmpfs     1.9G     0  1.9G   0% /sys/fs/cgroup
/dev/mapper/cs-root                 xfs        26G  2.7G   24G  11% /
/dev/vda1                           xfs      1014M  352M  663M  35% /boot
tmpfs                               tmpfs     374M     0  374M   0% /run/user/0
//10.0.0.59/gluster-vol_distributed cifs       52G  6.1G   46G  12% /mnt

[root@client ~]#
touch /mnt/smbshare/testfile.txt

[root@client ~]#
ll /mnt/smbshare

total 4
drwxr-xr-x. 2 root root 0 Apr 14 12:33 testdir
-rwxr-xr-x. 1 root root 0 Apr 14 12:34 testfile.txt
Matched Content