Steps to configure OES SP2 with Clustering, NSS, and Samba
- Download the netinstall.sh script from the following link: http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972902.htm. Follow this TID to install OES SP2 over the network.
There are also further instructions in the OES documentation, which can be found at this link: http://www.novell.com/documentation/oes/install_linux/index.html...
- After installing the OES SP2 server use TID 3045794 to patch the server correctly with rug: http://www.novell.com/support/search.do?cmd=displayKC...
- If you have multiple paths to the data storage install multipath-tools. Launch yast or yast2 | select software | install & remove software | search for multipath-tools and accept any dependencies.
- Start the multipath daemons on boot by running chkconfig -a multipathd. Next open yast | system | runlevel editor | change to expert mode and enable boot.multipath in the B section.
- Edit the /etc/nam.conf file with the following settings:
preferred-server=Preferred E-Directory Server
alternative-ldap-server-list=Alternate E-Directory Servers,Alternare E-Directory Servers
- Configure slp by editing the /etc/slp.conf file and enter the scope and directory agent list. Enter the information in the first two sections about your scope and directory agents. After the file is changed restart the slpd daemon.
- LUM enable the Unix workstation object that was created during server installation. Load iManager | linux user management | modify linux workstation object | add the workstation to your corresponding LUM enabled group. On the server run a namconfig cache_refresh to pull to cache from E-Directory. For more details on LUM please see the following link: http://www.novell.com/documentation/oes/implgde/index.html?...
- Install nss with the following command | yast nss | choose to install the nss rpms | select remote server and choose an E-Directory server | accept default nss user.
- Install Novell Cluster Services after an SBD device has been presented to the servers. Run yast ncs | choose to install rpms | select remote server and choose an E-Directory server | choose a new cluster | enter a unique ip for the cluster | select the device for the SBD partition | select the ip address Novell Cluster Services will use for this node.
- Turn smb and nmb off by running rcsmb stop and rcnmb stop. Turn the services off in the various runlevels by running chkconfig -d smb and chkconfig -d nmb. Shutting off these services lets Novell Cluster Services load and unload smb and nmb.
- Disable the following services on the system:
- Modify the /etc/ssh/sshd_config file, so that login through root is disabled. Also, change the Protocol line and remove the 1, so it is just using protocol 2.
- Modify the /etc/hosts.nds file and add all the replica holders. Do this to provide redundancy for E-Directory.
- There was an issue where OES could not recognize over 8 luns presented to the cluster nodes. Modifying the /boot/grub/menu/lst file with the following entry. Our current storage is Hitachi Data Systems, so the command may vary depending on your storage vendors. Here is an example of an entry in the menu.lst file:
kernel (hd0,0)/boot/vmlinuz root=6801 vga=0x314 selinux=0 splash=silent resume=/dev/cciss/c0d0p2 elevator=cfq showopts "scsi_mod dev_flags=HITACHI:OPEN-V:0x240"
- Check the kernel version by running uname -r from the console or an ssh session. The current kernel released to the OES channel is 2.6.5-7.286-bigsmp. If your system is at this kernel version then apply a km_nss-4.9.30-1.i586.rpm. This patch fixes two critical nss issues. Check http://download.novell.com for this update. If this is not available contact Novell support.
- Install McAfee LinuxShield by installing LinuxShield-1.3.0-108.i386.rpm. Configure a nails lum user and a lum group called nailsgroup. After the initial LinuxShield install run the support pack 4 script for LinuxShield | ./setupSP4 install | apply the McAfee-LinuxShield-1.3_2.6.5_7.286-1.i586.rpm. You may need to contact Novell to get this file. With OES2 (due in September), when you install a security kernel update, the installation process will automatically check the existing kernel modules and re-use them if the new kernel contains the right symbol versions. Kernel security updates usually preserve symbol versions, so McAfee kernel modules would just keep working (no download involved). It should also recognize if there is an update and apply new McAfee kernel hooks.
- Assign storage space for NSS pools and volumes. Scan for storage by using TID 3000817 or the following link: http://www.novell.com/support/search.do?cmd=displayKC...
- To automate these processes create a shell script that includes the commands from TID 3000817. Example:
echo scsi-qlascan > /proc/scsi/qla2xxx/0
echo scsi-qlascan > /proc/scsi/qla2xxx/1
echo "- - -" > /sys/class/scsi_host/host0/scan
echo "- - -" > /sys/class/scsi_host/host1/scan
echo Please run multipath -ll to see if your new lun has been detected.
- Run the script on each server, so all servers are seeing the same storage space.
- Initialize the disk(s) through iManager or nssmu. There is a bug in OES where you could not initialize disks through iManager or nssmu, so evmsgui or evmsn might need to be used. Evmsgui or evmsn will automatically detect new disks and initialize them correctly.
- Create the nss pool(s) and volume(s) through iManager or nssum and cluster enable those items. The following is a link for managing nss pools and volumes on OES Linux.
- After the pool(s) and volume(s) are mounted in /media/nss create a samba directory with the mkdir command. In the samba directory create 3 more directories called etc, logs, and locks.
- Next configure Samba by creating the following smb.conf file. I have included some comments above each section, so you understand how we are configuring Samba with OES.
# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
# Date: 2005-12-01
# netbios name = DATALXPL9-W is the name of the samba domain object in E-Directory
# server string = DATALXPL9 is the name of the nss pool
netbios name = DATALXPL9-W
server string = DATALXPL9
workgroup = workgroup
security = user
passdb backend = NDS_ldapsam:ldaps://127.0.0.1:636
ldap admin dn = cn=Adminuser,o=context of Admin user
ldap suffix = o=UHSC
ldap passwd sync = on
encrypt passwords = yes
smb ports = 139
socket options = TCP_NODELAY IPTOS_LOWDELAY
# Disables mapping to guest
map to guest = Never
# Disables printing support and errors
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
# NOTE: use sendfile is set to no to support nss filesystem shares. speeds up file transfers by copying data directly to and #from kernel buffers, avoiding the overhead of copying to and from buffers in user space.
use sendfile = no
# Needed for clustering per NCSL documentation
# bind interfaces only = yes has samba listen to defined interfaces
# interfaces specifies ip of the nss pool
bind interfaces only = yes
interfaces = ip address
pid directory = /media/nss/ITS/samba/locks
# [ITS] is the share name
# path =/media/nss/ITS is the path the ITS nss volume will get mounted in the filesystem.
comment = ITS share
path = /media/nss/ITS
browseable = Yes
read only = No
inherit acls = Yes
- Copy the smb.conf file to the /media/nss/samba/etc directory.
- Modify the Novell Cluster Service scripts. Load iManager | Clusters | Cluster Options | browse to and select the cluster object | Select the Pool Resource | click Details or Properties | click the Scripts tab | click the load script link | Use the following sample script for your load script:
exit_on_error nss /poolact=DATALXPL9
exit_on_error ncpcon mount /opt=ns=long USERS=213
exit_on_error add_secondary_ipaddress 192.168.0.1
exit_on_error ncpcon bind --ncpservername=DATALXPL3_SERVER --ipaddress=192.168.0.1
exit_on_error /usr/sbin/nmbd -l $SAMBA_ROOT/log -s $SAMBA_ROOT/etc/smb.conf
exit_on_error /usr/sbin/smbd -l $SAMBA_ROOT/log -s $SAMBA_ROOT/etc/smb.conf
In the above script DATALXPL9 is the pool name, USERS is the volume name, /opt=ns=long is mounting the nss volume with the long name space, 192.168.0.1 is pool ip address, DATALXPL3_SERVER is the virtual ncp server object, and the ip of the cluster enabled pool, SAMBA_ROOT is a variable specifying a location, next we load samba and point it to our smb.conf file created earlier.
- Now modify the Novell Cluster unload script. Load iManager | Clusters | Cluster Options | browse to and select the cluster object | Select the Pool Resource | click Details or Properties | click the Scripts tab | Use the following sample script for your unload script:
ignore_error killproc -p $SAMBA_ROOT/locks/nmbd-smb.conf.pid /usr/sbin/nmbd
ignore_error killproc -p $SAMBA_ROOT/locks/smbd-smb.conf.pid /usr/sbin/smbd
ignore_error fuser -k $SAMBA_ROOT
ignore_error ncpcon unbind --ncpservername=DATALXPL3_SERVER --ipaddress=184.108.40.206
ignore_error del_secondary_ipaddress 220.127.116.11
ignore_error nss /pooldeact=DATALXPL3
- After the load and unload scripts are finished unmount and volume and pool. You can use nssmu or iManager to accomplish this task.
- Then use iManager or cluster commands to try and load the resource.
- If you are using the command line then use the following cluster online command:
Cluster online <RESOURCE_SERVER> <SERVER NAME>
- If the resource goes comatose then you have a configuration problem in your smb.conf or the cluster scripts.
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.