Thanks for all the good stuff.
<<<<If you're on SLES 10, I'm guessing you're using heartbeat 2.1.x. Things havemoved on somewhat since then (the CRM part of heartbeat became Pacemaker, which can run on top of either heartbeat or openais/corosync). A whole lot of useful documentation can be found at: http://www.clusterlabs.org/wiki/Documentation Note that this focuses on Pacemaker, but principles etc. should all still be applicable. There's also links to documentation for previous releases, including some useful Novell/SUSE guides.>>>> I'm considering moving to SLES 11 and was curious if that uses the new version natively, if you happen to know? I'd like to be on the same level as everyone else to get easier answers to questions and it seems like people are moving up. <<<See above. Another thing you'll need to do is make sure samba's settings for "lock directory" and "private dir" are pointing to your shared filesystem, otherwise your password/user database will/may vary from node to node. Not good >>> I assume this is for Samba login/authentication? What I did is add the nodes to AD as clients. My folders are on the shared filesystem and set with AD users and groups. When I access samba from a domain Windows box they just get access if the user is in the right group etc. Since both nodes are set that way when I fail over I reconnect instantly. The only lose I have is during the 1 second fail over. Do you see an issue with this? I want to make sure I understand. << "ping foo" resolves the correct IP address, but gets no response, whereas "ping IP" does get a response? Sorry, I don't think I can explain that. >> Exactly. IP works and DNS name to IP does not for what ever reason. Ping node-active resolves to the IP, but no reply ping. <<<< So you're using Samba... You can join a Samba instance to an Active Directory domain ("net ads join" from memory). If you set the "netbios name" you want in smb.conf, make sure your "private dir" is on shared storage as mentioned above, then join the AD domain from whichever node samba is active on (refer samba docs for specifics), in theory, the named samba instance should be added to the AD domain and DNS (assuming your AD server is also your DNS server). You'll want to manually remove the fixed IP address of the node from DNS, but once you've done that, the Samba instance should be visible to Windows/AD by name regardless of which node it's running on. >>>>> I'll look into this. I see what you're saying, but to my limited eyes it doesn't feel like a true virtual name. I almost want my name to be independent of the nodes unless the cluster resource is stationed there. <<<< That's because the IP address is an OCF resource agent, whereas Samba is just a reference to the regular Samba init script. OCF RAs can have parameters, init scripts can't (they're not smart enough). >>>>>> Ahhhhh - so they're just firing the main service up for me. Its going to use what ever settings I've set samba or any other component to in the respective setting or start files? Gotcha. <<< Also, someone really needs to publish some documentation on effective use of Samba with Linux-HA/Pacemaker clusters (having written this email, I have a sinking feeling I will be volunteered for the task). >>>>> I know you said peacemaker was newer and I mention above going to it. Is that practical given where documentation is? I'm so happy you've volunteered. LOL I kid. Thank you so much for getting me moving again. This is a fun technology. Bruce A Leggett Director, IT Systems Amscot Financial -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Tim Serong Sent: Thursday, March 18, 2010 6:34 AM To: '[email protected]' Subject: Re: [Linux-HA] Virtual Name and Samba clarification. Hi, On 3/18/2010 at 06:59 AM, Bruce Leggett <[email protected]> wrote: > Hi, > I recently setup Heartbeat on two SLES 10.2 boxes. Between yast and hb_gui > it was simple to get the cluster up and running with a virtual IP in my > resource group. I have a couple questions. I've been reading different > resources and it's tough to get a grap on all the parts to better understand > them and google has so many links that assume you have X experience. > > 1) Does any one have a guide for beginners? Something that's real whiz > bang and helps a person get the components? I've mostly been using > linux-ha.org and google. If you're on SLES 10, I'm guessing you're using heartbeat 2.1.x. Things have moved on somewhat since then (the CRM part of heartbeat became Pacemaker, which can run on top of either heartbeat or openais/corosync). A whole lot of useful documentation can be found at: http://www.clusterlabs.org/wiki/Documentation Note that this focuses on Pacemaker, but principles etc. should all still be applicable. There's also links to documentation for previous releases, including some useful Novell/SUSE guides. > Ok, onto my more technical question. I have a two node cluster. Example > below. > > Node-a 10.0.0.5 > Node-b 10.0.0.6 > > Node-active 10.0.0.10 > > I am setting this lab up to be a HA file server with AD integration. I am > using OCFS2 to nix the need for replicating data or moving disk resources. I > wasn't sure if Linux-HA could handle seamless failover of Samba. > > 2) Can Linux-HA handle a seamless transition without dropping the > connections? Short answer: No. This is because, if you create an HA resource for samba using the smb LSB init script, samba physically gets stopped on the failed node (or is killed/dies), then is restarted on the other, so the connections can't remain alive. Long answer: Maybe, but you will need to either use CTDB and/or the tickle ACK function in the portblock RA, but these are all relatively recent and may not be available on SLES 10. Some (brief) documentation for this is available at http://linux-ha.org/wiki/CTDB_%28resource_agent%29 > Anyhow, I have samba running on both nodes and the nodes are part of my AD > domain. I can access either box from my windows client just like it was a > windows box etc etc. Today I can access node-a and on a failover node-b picks > > things up right where the other left off in about 1 or 2 seconds tops. > \\10.0.0.10\testshare<file:///\\10.0.0.10\testshare> . The only thing is in > this setup any data transferring during the failover dropped. Hence the last > question about Samba being failed over. I've read all kinds of posts on it > and I am not sure the answer is clear to me. See above. Another thing you'll need to do is make sure samba's settings for "lock directory" and "private dir" are pointing to your shared filesystem, otherwise your password/user database will/may vary from node to node. Not good. > I would also like to add a virtual name to my resource group so I can access > the resource group by name. I tried adding a DNS record so I could do > \\node-active\share<file:///\\node-active\share>. However I can not ping the > resource group or access it by name. Pinging from linux or windows resolve > the name to the right IP, but I get no replies or connection using my name. > > 3) Am I missing something to make that work? I'm shocked the resource > group IP responds via number, but not name. "ping foo" resolves the correct IP address, but gets no response, whereas "ping IP" does get a response? Sorry, I don't think I can explain that. > 4) Is there a proper resource name I can add like they have with MSCS? So you're using Samba... You can join a Samba instance to an Active Directory domain ("net ads join" from memory). If you set the "netbios name" you want in smb.conf, make sure your "private dir" is on shared storage as mentioned above, then join the AD domain from whichever node samba is active on (refer samba docs for specifics), in theory, the named samba instance should be added to the AD domain and DNS (assuming your AD server is also your DNS server). You'll want to manually remove the fixed IP address of the node from DNS, but once you've done that, the Samba instance should be visible to Windows/AD by name regardless of which node it's running on. (Disclaimer: the above should be "about right", but it's been a while since I performed that particular bit of magic, so YMMV.) > Lastly, like I mentioned I am using SLES 10.2 and HB_GUI to drive all this. > I notice there are a lot of resources items I can add to my cluster to do all > > sort of things. Some have values that need set like ipaddr has ip. A lot of > them do not like smb has no parameters in the drop down. > > 5) Is that by design or are we expected to know those values and plug > them in ourselves? In the gui its just empty, but I can hand type something > in. That's because the IP address is an OCF resource agent, whereas Samba is just a reference to the regular Samba init script. OCF RAs can have parameters, init scripts can't (they're not smart enough). > I really like this as a technology so far, I'd just like to get some of the > pieces down a little more. I apologize for the basic questions, but there is > a lot of chatter and terms flying around and I am not up to speed enough to > search / ask with those terms. Example - I want to add a virtual name to my > resource group. In the MSCS world that gets hits, but not much with Linux-HA. > > I'm not sure if its there or I have to use Samba in some fashion etc. So it > blocks me from hitting the right search. This can be a fairly dense topic :) There's a lines of responsibility between the various pieces - the HA stack does not know or care what type of resource you are running (maybe it's Samba, maybe it's a database, a web server, whatever). What you need to do is make Samba play nice with AD, then get the HA stack to make that Samba instance highly available. This is possibly why you haven't found much on virtual names and resource groups. Also, someone really needs to publish some documentation on effective use of Samba with Linux-HA/Pacemaker clusters (having written this email, I have a sinking feeling I will be volunteered for the task). Good luck, Tim -- Tim Serong <[email protected]> Senior Clustering Engineer, OPS Engineering, Novell Inc. _______________________________________________ Linux-HA mailing list [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems This Email message and any attachments are confidential. If you are not the intended recipient, please notify Amscot Financial, Inc. immediately by replying to this message and destroy all copies of this message and any attachments.Thank You. _______________________________________________ Linux-HA mailing list [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
