ctdb - public ip is assigned to us but not on an interface - error

Martin Schwenke martin at meltin.net
Sat Jan 28 20:27:48 UTC 2017 

On Sat, 28 Jan 2017 11:53:07 +0000, lejeczek <peljasz at yahoo.co.uk>
wrote:

> >> this - https://wiki.samba.org/index.php/CTDB_Setup - gives
> >> out an impression that ".. These are the addresses that the
> >> SMBD daemons will bind to.."

> yes, but we should not have to restart anything!
> If we should that obviously someone, or everybody 
> collectively made a joke out of CTDB and not! HA system.
> Also Samba's own wiki gets it, makes it wrong. Something, 
> someone is very wrong here.

That's right, you should not have to restart anything.

Yes, the wiki is wrong.  I will try to fix it.

As long as you configure clients to only connect to public IP addresses
then everything will work as expected.  You can do this by defining a
DNS name with all the public addresses, and using round-robin DNS.

> gee, to anybody like me(beginning to) trying to make sense 
> out of how it works it soon becomes... useless.
> What one would expect is that:
> a) there will be a public IP(s) on which smbd will be 
> listening specifically, exclusively.
> In any mid-size and upwards, set-ups there will be multiple 
> interfaces and users/admins will need to tie smdb to only 
> some NICs. CTDB should not be an obstacle in any form nor 
> shape in such cases.
> b) not knowing inner workings of samba/kernel/networking but 
> knowing how Samba is smart, and are people who made her, one 
> would ... just.. assume that it would just work - one 
> specifies: bind interfaces only + interfaces (in my mind one 
> should not, after reading all the howtos/docs I could find, 
> first I was convinced that public_addresses will only be 
> used) and CTDB would (after publicIP is up&responding) just 
> "poke" smbd and tell it: hey, here, on the iface you are 
> bound too is yet another IP, serve it, now! We ought not 
> restart anything!

Right.  However, that isn't how it currently works.  I don't think it
would be a trivial change to smbd.  I'll document that this does not
work.

It does work by default, provided you only configure clients to connect
to public IP addresses.  You would only need to firewall off other
addresses if you have concerns about client configuration (e.g. rogue
client administration).

> so, I'd have more questions:

> 1) does it make difference whether NIC(s) for 
> public_addresses are configured by the system or completely 
> left out inconfigured, to CTBD disposal. Is there a preference?

Both will work.  However, you need to consider how a node will route to
infrastructure on the client network (e.g. DNS, AD DC, LDAP) when
the node is unhealthy (for example) and not hosting any public IP
addresses.

* If you have at least one static IP address then, depending on network
  topology, CTDB's monitoring and the NAS services can use it to route
  to infrastructure on the client network when no public IP addresses
  are hosted.

* If you do not have a static IP address then you may not be able to
  route to client network infrastructure when a node is not hosting
  public IP addresses.  For example, if you are using CTDB to cluster
  NFS then the exportfs command may time out doing DNS lookups, so the
  node might not become healthy.

  CTDB has a feature called "NAT gateway", which sets up a fallback
  route to infrastructure via a single configured NAT gateway IP
  addresses.

This needs to be more clearly documented in the wiki.  It all takes
time...  :-)

> 2) what about nmbd, is it doing anything in CTDB cluster?

No.  I haven't used nmbd in a CTDB cluster.

> and so, I'll go back to tampering ctdb..

Good luck!  :-)

peace & happiness,
martin

More information about the samba-technical mailing list