Configuring OES SP2 with NSS, NCS, and Samba
Novell Cool Solutions: Feature
By Jordan Nielsen
Digg This -
Posted: 3 Aug 2007
Steps to configure OES SP2 with Clustering, NSS, and Samba
- Download the netinstall.sh script from the following link: http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972902.htm. Follow this TID to install OES SP2 over the network.
There are also further instructions in the OES documentation, which can be found at this link: http://www.novell.com/documentation/oes/install_linux/index.html?page=/documentation/oes/install_linux/data/b1ppmo4.html
- After installing the OES SP2 server use TID 3045794 to patch the server correctly with rug: http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=3045794&sliceId=SAL_Public &dialogID=42082370&stateId=0%200%2042084692
- If you have multiple paths to the data storage install multipath-tools. Launch yast or yast2 | select software | install & remove software | search for multipath-tools and accept any dependencies.
- Start the multipath daemons on boot by running chkconfig -a multipathd. Next open yast | system | runlevel editor | change to expert mode and enable boot.multipath in the B section.
- Edit the /etc/nam.conf file with the following settings:
- Configure slp by editing the /etc/slp.conf file and enter the scope and directory agent list. Enter the information in the first two sections about your scope and directory agents. After the file is changed restart the slpd daemon.
- LUM enable the Unix workstation object that was created during server installation. Load iManager | linux user management | modify linux workstation object | add the workstation to your corresponding LUM enabled group. On the server run a namconfig cache_refresh to pull to cache from E-Directory. For more details on LUM please see the following link: http://www.novell.com/documentation/oes/implgde/index.html?page=/documentation/oes/implgde/data/lum-implsuggest.html
- Install nss with the following command | yast nss | choose to install the nss rpms | select remote server and choose an E-Directory server | accept default nss user.
- Install Novell Cluster Services after an SBD device has been presented to the servers. Run yast ncs | choose to install rpms | select remote server and choose an E-Directory server | choose a new cluster | enter a unique ip for the cluster | select the device for the SBD partition | select the ip address Novell Cluster Services will use for this node.
- Turn smb and nmb off by running rcsmb stop and rcnmb stop. Turn the services off in the various runlevels by running chkconfig -d smb and chkconfig -d nmb. Shutting off these services lets Novell Cluster Services load and unload smb and nmb.
- Disable the following services on the system:
- Modify the /etc/ssh/sshd_config file, so that login through root is disabled. Also, change the Protocol line and remove the 1, so it is just using protocol 2.
- Modify the /etc/hosts.nds file and add all the replica holders. Do this to provide redundancy for E-Directory.
- There was an issue where OES could not recognize over 8 luns presented to the cluster nodes. Modifying the /boot/grub/menu/lst file with the following entry. Our current storage is Hitachi Data Systems, so the command may vary depending on your storage vendors. Here is an example of an entry in the menu.lst file:
- Check the kernel version by running uname -r from the console or an ssh session. The current kernel released to the OES channel is 2.6.5-7.286-bigsmp. If your system is at this kernel version then apply a km_nss-4.9.30-1.i586.rpm. This patch fixes two critical nss issues. Check http://download.novell.com for this update. If this is not available contact Novell support.
- Install McAfee LinuxShield by installing LinuxShield-1.3.0-108.i386.rpm. Configure a nails lum user and a lum group called nailsgroup. After the initial LinuxShield install run the support pack 4 script for LinuxShield | ./setupSP4 install | apply the McAfee-LinuxShield-1.3_2.6.5_7.286-1.i586.rpm. You may need to contact Novell to get this file. With OES2 (due in September), when you install a security kernel update, the installation process will automatically check the existing kernel modules and re-use them if the new kernel contains the right symbol versions. Kernel security updates usually preserve symbol versions, so McAfee kernel modules would just keep working (no download involved). It should also recognize if there is an update and apply new McAfee kernel hooks.
- Assign storage space for NSS pools and volumes. Scan for storage by using TID 3000817 or the following link: http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=3000817&sliceId=SAL_Public &dialogID=42306352&stateId=0%200%2042310286
- To automate these processes create a shell script that includes the commands from TID 3000817. Example:
- Run the script on each server, so all servers are seeing the same storage space.
- Initialize the disk(s) through iManager or nssmu. There is a bug in OES where you could not initialize disks through iManager or nssmu, so evmsgui or evmsn might need to be used. Evmsgui or evmsn will automatically detect new disks and initialize them correctly.
- Create the nss pool(s) and volume(s) through iManager or nssum and cluster enable those items. The following is a link for managing nss pools and volumes on OES Linux. http://www.novell.com/documentation/oes/nss_enu/index.html?page=/documentation/oes/nss_enu/data/bycmray.html
- After the pool(s) and volume(s) are mounted in /media/nss create a samba directory with the mkdir command. In the samba directory create 3 more directories called etc, logs, and locks.
- Next configure Samba by creating the following smb.conf file. I have included some comments above each section, so you understand how we are configuring Samba with OES.
- Copy the smb.conf file to the /media/nss/samba/etc directory.
- Modify the Novell Cluster Service scripts. Load iManager | Clusters | Cluster Options | browse to and select the cluster object | Select the Pool Resource | click Details or Properties | click the Scripts tab | click the load script link | Use the following sample script for your load script:
- Now modify the Novell Cluster unload script. Load iManager | Clusters | Cluster Options | browse to and select the cluster object | Select the Pool Resource | click Details or Properties | click the Scripts tab | Use the following sample script for your unload script:
- After the load and unload scripts are finished unmount and volume and pool. You can use nssmu or iManager to accomplish this task.
- Then use iManager or cluster commands to try and load the resource.
- If you are using the command line then use the following cluster online command:
- If the resource goes comatose then you have a configuration problem in your smb.conf or the cluster scripts.
base-name=o=Base Context admin-fdn=Admins Context preferred-server=Preferred E-Directory Server alternative-ldap-server-list=Alternate E-Directory Servers,Alternare E-Directory Servers num-threads=15 schema=rfc2307 enable-persistent-cache=YES user-hash-size=211 group-hash-size=211 persistent-cache-refresh-period=28800 persistent-cache-refresh-flag=all persistent-search=no create-home=no type-of-authentication=2 certificate-file-type=der ldap-ssl-port=636 ldap-port=389 support-alias-name=no support-outside-base-context=yes
alsasound apach2 SuSEfirewall2_final SuSEfirewall2_init SuSEfirewall2_setup isdn nfs nfsboot nfslock nfsserver novell-httpstkd novell-smdrd novell-tomcat4 novell-xregd novell-xsrvd postfix powersaved rcd splash splash_early splash_late tomcat xdm
title Linux kernel (hd0,0)/boot/vmlinuz root=6801 vga=0x314 selinux=0 splash=silent resume=/dev/cciss/c0d0p2 elevator=cfq showopts "scsi_mod dev_flags=HITACHI:OPEN-V:0x240" initrd (hd0,0)/boot/initrd
#!/bin/bash echo scsi-qlascan > /proc/scsi/qla2xxx/0 sleep 5 echo scsi-qlascan > /proc/scsi/qla2xxx/1 sleep 5 echo "- - -" > /sys/class/scsi_host/host0/scan sleep 5 echo "- - -" > /sys/class/scsi_host/host1/scan sleep 5 multipath echo Please run multipath -ll to see if your new lun has been detected. sleep 2 exit 0
# smb.conf is the main Samba configuration file. You find a full commented # version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the # samba-doc package is installed. # Date: 2005-12-01 # netbios name = DATALXPL9-W is the name of the samba domain object in E-Directory # server string = DATALXPL9 is the name of the nss pool [global] netbios name = DATALXPL9-W server string = DATALXPL9 workgroup = workgroup security = user passdb backend = NDS_ldapsam:ldaps://127.0.0.1:636 ldap admin dn = cn=Adminuser,o=context of Admin user ldap suffix = o=UHSC ldap passwd sync = on encrypt passwords = yes smb ports = 139 socket options = TCP_NODELAY IPTOS_LOWDELAY # Disables mapping to guest map to guest = Never # Disables printing support and errors load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes # NOTE: use sendfile is set to no to support nss filesystem shares. speeds up file transfers by copying data directly to and #from kernel buffers, avoiding the overhead of copying to and from buffers in user space. use sendfile = no # Needed for clustering per NCSL documentation # bind interfaces only = yes has samba listen to defined interfaces # interfaces specifies ip of the nss pool bind interfaces only = yes interfaces = ip address pid directory = /media/nss/ITS/samba/locks # [ITS] is the share name # path =/media/nss/ITS is the path the ITS nss volume will get mounted in the filesystem. [ITS] comment = ITS share path = /media/nss/ITS browseable = Yes read only = No inherit acls = Yes
#!/bin/bash . /opt/novell/ncs/lib/ncsfuncs exit_on_error nss /poolact=DATALXPL9 exit_on_error ncpcon mount /opt=ns=long USERS=213 exit_on_error add_secondary_ipaddress 192.168.0.1 exit_on_error ncpcon bind --ncpservername=DATALXPL3_SERVER --ipaddress=192.168.0.1 SAMBA_ROOT=/media/nss/USERS/samba exit_on_error /usr/sbin/nmbd -l $SAMBA_ROOT/log -s $SAMBA_ROOT/etc/smb.conf exit_on_error /usr/sbin/smbd -l $SAMBA_ROOT/log -s $SAMBA_ROOT/etc/smb.conf exit 0
In the above script DATALXPL9 is the pool name, USERS is the volume name, /opt=ns=long is mounting the nss volume with the long name space, 192.168.0.1 is pool ip address, DATALXPL3_SERVER is the virtual ncp server object, and the ip of the cluster enabled pool, SAMBA_ROOT is a variable specifying a location, next we load samba and point it to our smb.conf file created earlier.
#!/bin/bash . /opt/novell/ncs/lib/ncsfuncs SAMBA_ROOT=/media/nss/USERS/samba ignore_error killproc -p $SAMBA_ROOT/locks/nmbd-smb.conf.pid /usr/sbin/nmbd ignore_error killproc -p $SAMBA_ROOT/locks/smbd-smb.conf.pid /usr/sbin/smbd sleep 8 ignore_error fuser -k $SAMBA_ROOT ignore_error ncpcon unbind --ncpservername=DATALXPL3_SERVER --ipaddress=184.108.40.206 ignore_error del_secondary_ipaddress 220.127.116.11 ignore_error nss /pooldeact=DATALXPL3 exit 0
Cluster online <RESOURCE_SERVER> <SERVER NAME>
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com