samba - Nov 2003 - High Availability with Samba and Heartbeat

Since I get so much from this list I thought I would share a project 
I've been working on and how it works with samba (3.0.1).  It is Samba 
related so I hope it's not off topic.

I've set up a HA solution with redundant Samba Domain Controllers 
throuth the "Heartbeat" package at:

http://www.ultramonkey.org/download/heartbeat/1.1.3/redhat_9/

I have two "Redhat 9" Linux machines (A and B) configured as a HA 
cluster providing httpd, DNS, and Samba Domain and File services on a 
virtual IP of 192.168.0.45. Initially one of the machines, (A), is 
running those services (smb, named and httpd) and listening on the 
virtual IP, while the other, (B), watches a heartbeat from machine (A) 
through both a redundant ethernet and serial link. When both heartbeat 
lines are pulled or the power drops on machine (A), within 10 seconds 
machine (B) starts the httpd, dns and smbd/nmbd services and listens on 
the virtual IP.

I have a third machine (C) running Win2000 as a client for those 
services.  I can even login on the windows box, thus using Samba's 
Domain Authentication services from machine (A), and while logged on the 
domain, kill machine (A) and machine (B) takes over and when I log off 
the windows box my remote profile is saved on  machine (B), no muss no 
fuss, all transparent to the client machine.  The win2000 client can 
surf to the web services on the virtual IP and never know that a machine 
has died.  When machine (A) comes back up it takes back over the 
services automatically.

What this means is that a machine outage does NOT take our customers 
Domain Authentication out.  All the services will fail over to a 
redundant machine automatically.  I know for Samba there are BDC 
capabilities but this solution seems to cover all the internet services 
we use at once.  I hope someone will get somethnig usefull from this. 
Has anyone else tried this with Samba?

Here is a brief procedure (minus config files) for getting it working.

Installed "libnet" from the src rpm:

rpm -i libnet-1.1.0-1.rh.9.um.1.src.rpm
cd /usr/src/redhat/SPECS
rpmbuild -bb libnet.spec
rpm -Uvh /usr/src/redhat/RPMS/i386/libnet-1.1.0-1.rh.9.um.1.i386.rpm

Installed heartbeat 1.1.3 from the src rpm:

rpm -i heartbeat-1.1.3-1.rh.9.src.rpm
cd /usr/src/redhat/SPEC
rpmbuild -bb heartbeat.spec

The heartbeat src RPM contains several packages to install:

rpm -Uvh /usr/src/redhat/RPMS/i386/heartbeat-pils-1.1.3-1.rh.9.i386.rpm
rpm -Uvh /usr/src/redhat/RPMS/i386/heartbeat-stonith-1.1.3-1.rh.9.i386.rpm
rpm -Uvh /usr/src/redhat/RPMS/i386/heartbeat-1.1.3-1.rh.9.i386.rpm

Configure NICS: (Virtual IP 192.168.0.45 is set in "haresources")

Machine A eth0  192.168.0.40
Machine A eth1  10.0.0.1
Machine B eth0  192.168.0.41
Machine B eth1  10.0.0.2

Connect redundant NICs with a crossover Cat-5 cable
Connect Serial ports with a Null Modem cable

Edit HA config files in /etc/ha.d:

ha.cf
haresources
authkeys

Disable HA services from running at boot time:

chkconfig --level smb 23456 off
chkconfig --level httpd 23456 off
chkconfig --level named 23456 off

Duplicate Apache's documentroot (Rsync)
Duplicate Samba's domain stuff (Copy smbpasswd to both machines)
Duplicate DNS files

Start the HA service or reboot both machines:

/etc/init.d/heartbeat start

Regards

Doug P

On Tue, 2003-11-11 at 10:20, Douglas Phillipson wrote:
> Since I get so much from this list I thought I would share a project 
> I've been working on and how it works with samba (3.0.1).  It is Samba 
> related so I hope it's not off topic.
> 
> I've set up a HA solution with redundant Samba Domain Controllers 
> throuth the "Heartbeat" package at:
> 
> http://www.ultramonkey.org/download/heartbeat/1.1.3/redhat_9/
> 
> I have two "Redhat 9" Linux machines (A and B) configured as a HA
> cluster providing httpd, DNS, and Samba Domain and File services on a 
> virtual IP of 192.168.0.45. Initially one of the machines, (A), is 
> running those services (smb, named and httpd) and listening on the 
> virtual IP, while the other, (B), watches a heartbeat from machine (A) 
> through both a redundant ethernet and serial link. When both heartbeat 
> lines are pulled or the power drops on machine (A), within 10 seconds 
> machine (B) starts the httpd, dns and smbd/nmbd services and listens on 
> the virtual IP.
> 
> I have a third machine (C) running Win2000 as a client for those 
> services.  I can even login on the windows box, thus using Samba's 
> Domain Authentication services from machine (A), and while logged on the 
> domain, kill machine (A) and machine (B) takes over and when I log off 
> the windows box my remote profile is saved on  machine (B), no muss no 
> fuss, all transparent to the client machine.  The win2000 client can 
> surf to the web services on the virtual IP and never know that a machine 
> has died.  When machine (A) comes back up it takes back over the 
> services automatically.
Actually, it noticed.  The TCP/IP connection was lost, and so was all
the locks it had on the files on that server.  At the very least,
disable all oplocks on the Samba servers.

How are you keeping the files on the two servers in sync?  How do you
manage password change replication?  (the only method that supports this
properly is pdb_ldap, due to some nasty 'change on BDC' machine password
semantics).  

Clustering CIFS is about more than saving and restoring a roaming
profile and the PDC/BDC stuff really is better dealt with by MS's native
scheme.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet@samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20031111/6500c3d5/attachment.bin