Make your NCP volume highly available with heartbeat

I wrote a Heartbeat2 resource agent to make your NCP volumes on an OES2 Linux server highly availble if you don’t want to use Novell Cluster Services (NCS).

This only works for NCP volumes that do _NOT_ reside on NSS!

Take the resource agent and drop it in /usr/lib/ocf/resource.d/heartbeat/

Create an IP resource (IPaddr2), a filesystem resource and a NCP Volume resource (NcpVolume) and put them together in one group.

If you are interested drop me an email and I’ll provide you a complete INSTALL/README document.

August 27th, 2008 - Posted in ha, oes | | 0 Comments

Grrrr(eat) samba

Warning *RANT*

First off all let me start this post by stating that samba is a great and very powerful piece of software BUT
configuration and management can be a real PITA

Let me give some examples of what I mean

- Samba + LDAP

If you’re setting up a samba as a PDC in a bigger environment you’ll probably go for LDAP but which LDAP schema will you use? The samba3.schema, gosa.schema or some cusom schema? Standardization anybody?

Which tool will you use to manage your LDAP users? phpLDAPadmin, LAM or maybe the smbldap-tools package.
But all those tools have their own set of problems and shortcomings… How do we find out the next available uid and rid? via a special attribute in LDAP (which requires a certain schema!) or by just doing a lookup or by using an internal range of available uids or still another way *sigh*

Ok so when we create a new (samba) user we also want to make this user an FTP and Mail user. No problem you would think. Think again. Frontend X is not written to fill in the necessary attributes for application Y so you’ll have to use 2 or 3 different front ends or end up with a generic LDAP front end (which is really NOT the tool you want to give to unexperienced users/admins)

- General configuration

Your entire samba configuration is stored in smb.conf (which contains an ini alike format). The biggest problem here is that you have Sooooo many options to configure the entire thing and to make it even worse you can have different options that will achieve the same results.
E.g: to make a certain share writeable you could say “writeable = yes” or “read-only = no”. And don’t get me started on all the other options which can be used in the global section. (man 5 smb.conf)

There is not really a good front end to configure all this stuff. (Swat is not an alternative for me).So you’ll end up with vi smb.conf.

Did you ever tried to configure a share? How do you protect it? With Linux permissions, in the share definition or via a windows workstation (with acls)? Again so many options which makes it very hard to debug in case of problems. And next to the access configuration of a share you still have a number of options to configure other share related stuff. “csc policy”, “dos filemode”, “fake oplocks”, … Waaah! I don’t care, I just want a share and be able to put some data and permissions on it!

- Tools

The entire samba suite comes with a number of command line tools like pdbedit, smbcacls, testparm, tdbdump… which are not always very user friendly.
Ever played with the “net” command and one of its options? Or tried to configure acls via smbcacls? Even setfacl is more user friendly!

All this stuff requires me to have an almost custom samba configuration on every installation ;(

If we really want companies to migrate their existing Windows file server to a Linux alternative this lack of decent management and configuration tools is really something that need to be worked on.

My 2 cents.

August 1st, 2008 - Posted in linux | | 2 Comments