Disjoining one domain from a CTDB cluster and joining another

Michael Adam obnox at samba.org
Sat Jan 10 10:24:33 MST 2015 

Richard,

On 2015-01-10 at 07:09 -0800, Richard Sharpe wrote:
> 
> When disjoining a domain from a CTDB cluster

Do you rather mean having the cluster leave the Domain?

> do you have to disable CTDB control of winbindd and then
> re-enable CTDB control of winbindd when you have joined
> the new domain?

What do you actually mean by "disable CTDB control of winbind"?

1) If you mean removing "clustering = yes" from smb.conf,
   then the answer is no. You never do that!

A server is either clustered or not, but it does usually not
change during its lifetime, and especially not temporarily for
some administrative tasks!

If you disable clustering in smb.conf, then all of a sudden you
are faced with a completely different server because it uses
different databases.


2) If you mean "CTDB_MANAGES_WINBIND=yes/no", then the answer
   is also no, you don't need to do that. But you could.

When you think about what CTDB is for Samba, namely just
the provider of its databases, and what you have to do
in a non-clustered environment, the steps you need to
take to put a clustered samba server into a new domain
should be fairly obvious:

on a high level generally

- stop winbind (and samba)
- leave the domain
- enter new domain
- start winbind (and samba)

Of yourse for a clustered server, there are a few details:
If you simply stop winbindd, then ctdb will get unhealthy.

In order to perform the net ads leave/join operations,
ctdb needs to be running, so you can't simply stop it.

One option is to
- stop ctdb
- remove CTDB_MANAGES_SAMBA/WINBIND
- start ctdb
- net ads leave
- modify config
- net ads join
- stop ctdb
- add CTDB_MANAGES_SAMBA/WINBIND
- start ctdb

If you want to avoid complete cluster downtime
though (e.g. for other services), then you can:

- ctdb disablescript 50.samba
- CTDB_BASE=/etc/ctdb bash /etc/ctdb/events.d/50.samba shutdown
- ctdb disablescript 49.winbind
- CTDB_BASE=/etc/ctdb bash /etc/ctdb/events.d/49.winbind shutdown
- net ads leave
- modify config
- net ads join
- CTDB_BASE=/etc/ctdb bash /etc/ctdb/events.d/49.winbind startup
- ctdb enablescript 49.winbind
- CTDB_BASE=/etc/ctdb bash /etc/ctdb/events.d/50.samba startup
- ctdb enablescript 50.samba

Note: the extra steps with 49.winbind only apply to ctdb 2.5 and
newer. Older versions only have 50.samba.

Cheers - Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150110/15bb942c/attachment.pgp>

More information about the samba-technical mailing list