[Samba] R­­e: R­e: D­­C2 d­enie­s a­c­­cess­­ whe­­­n sa­­vin­g

Rowland Penny rowlandpenny at googlemail.com
Mon Nov 3 04:16:27 MST 2014


On 03/11/14 08:12, L.P.H. van Belle wrote:
> Hai,
>
> Guys, some extra understanding.
>
>> This is what I cannot really understand, why use the rsync command at
>> all, as it would seem that unison uses rsync itself to do the copying,
> Rsync is use-ed to create the right direcotie structure with all the needed ACL and ATTRS.
> Unison cant do that ( yet ) but unison can do bidirectional sync of files.
> and together you get what we need.
>
>
>> OK, after reading the unison manpage several times, I think I have it,
> >from /root/.unison/default.prf remove 'perms=0' and add 'owner=true' &
>> 'group=true' . This seems to fix the problem.
> That can be but should not be needed.
>
> remember, that i dont look het the rights on linux, and mainly because of that sysvol
> is only used for windows.
>
> So idmappping not needed, rights, copied from DC1 to DC2 may see different, but !
> not in windows.
>
> and if you want it really only for windows, and dont look to much in the underlaying linux rights.
> add : acl_xattr:ignore system acl = ye
>
> last.
>
> I saw something with errors on DC2 about when creating etc.
> where the prileges set on the second DC?
>
>
>
> Louis
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: rowlandpenny at googlemail.com
>> [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
>> Verzonden: zondag 2 november 2014 23:01
>> CC: samba at lists.samba.org
>> Onderwerp: Re: [Samba] R­­e: R­e: D­­C2 d­enie­s a­c­­cess­­
>> whe­­­n sa­­vin­g
>>
>> On 02/11/14 17:10, Min Wai Chan wrote:
>>> Hi Rowland,
>>>
>>> You are correct...
>>>
>>> Let us ask Louis...
>>>
>>> Dear Louis,
>>>
>>> Can help us on this?
>>>
>>> Thank you
>>>
>>> On Mon, Nov 3, 2014 at 12:54 AM, Rowland Penny
>>> <rowlandpenny at googlemail.com
>> <mailto:rowlandpenny at googlemail.com>> wrote:
>>>      On 02/11/14 16:00, Rowland Penny wrote:
>>>
>>>          On 02/11/14 15:29, ?icro MEGAS wrote:
>>>
>>>              Indeed, it deleted these two mentioned directories, it
>>>              also tried to delete the directory
>>>              {5F5181D6-325D-4566-8B2E-0292E9F4995B} but it wasn't able
>>>              to do so.
>>>
>>>              I played around a bit and actually in my opinion
>>>              rsync+unison is *not* behaving correctly as one would
>>>              expect. For example: I am creating a new file or
>> directory
>>>              on dc2:/var/lib/samba/sysvol/mydom.example.com
>>>              <http://mydom.example.com> called "test"
>>>
>>>              After I run the rsync+unison command on DC1, this file or
>>>              directory called "test" gets deleted on DC2. That's not
>>>              what I would expect. What I expected is that this
>>>              file/directory would be copied from DC2 to DC1. The setup
>>>              works only in one direction at the moment, that mean when
>>>              I create something on DC1 it is successfully
>> synced to DC2
>>>              but _not vice-versa_ :(
>>>
>>>              So in my opinion there is a misconfigured rsync+unison.
>>>              How do we set this thing up so both directions work?
>>>
>>>              Mirco
>>>
>>>          You would seem to be correct, I rsync'd /var/lib/samba/sysvol
>>>          to /var/test/samba and I have been testing with the
>> later dir.
>>>          I run the line from the script (modified for change of path)
>>>          and my test sysvol was replicated to the second DC, so far so
>>>          good.
>>>
>>>          root at dc02:~# cd /var/test/samba//sysvol/example.com
>>>          <http://example.com>
>>>          root at dc02:/var/test/samba/sysvol/example.com#
>>>          <http://example.com#> ls -la
>>>          total 32
>>>          drwxrwx---+ 4 root 3000000 4096 Aug 12 10:41 .
>>>          drwxrwx---+ 3 root 3000000 4096 Aug 12 10:40 ..
>>>          drwxrwx---+ 4 root 3000000 4096 Aug 12 10:41 Policies
>>>          drwxrwx---+ 2 root 3000000 4096 Aug 12 10:40 scripts
>>>
>>>          I then created a new directory on the second DC dc02
>>>
>>>          root at dc02:/var/test/samba/sysvol/example.com#
>>>          <http://example.com#> mkdir Test
>>>          root at dc02:/var/test/samba/sysvol/example.com#
>>>          <http://example.com#> chown root:3000000 Test
>>>
>>>          root at dc02:/var/test/samba/sysvol/example.com#
>>>          <http://example.com#> ls -la
>>>          total 40
>>>          drwxrwx---+ 5 root 3000000 4096 Nov  2 15:38 .
>>>          drwxrwx---+ 3 root 3000000 4096 Aug 12 10:40 ..
>>>          drwxrwx---+ 4 root 3000000 4096 Aug 12 10:41 Policies
>>>          drwxrwx---+ 2 root 3000000 4096 Aug 12 10:40 scripts
>>>          drwxrwx---+ 2 root 3000000 4096 Nov  2 15:38 Test
>>>
>>>          I then ran the line from the script again on dc01
>>>
>>>          root at dc01:~# rsync -XAavz --delete-after -f"+ */" -f"- *"
>>>          /var/test/samba/sysvol root at DC02:/var/test/samba &&
>>>          /usr/bin/unison
>>>          building file list ... done
>>>          sysvol/example.com/ <http://example.com/>
>>>          deleting sysvol/example.com/Test/ <http://example.com/Test/>
>>>
>>>          sent 973 bytes  received 15 bytes  658.67 bytes/sec
>>>          total size is 0  speedup is 0.00
>>>          Contacting server...
>>>          Connected [//dc01//var/test/samba -> //dc02//var/test/samba]
>>>          Looking for changes
>>>            Waiting for changes from server
>>>          Reconciling changes
>>>          Nothing to do: replicas have not changed since last sync.
>>>
>>>          If I now check if the new directory is still there:
>>>
>>>          root at dc02:/var/test/samba/sysvol/example.com#
>>>          <http://example.com#> ls -la
>>>          total 32
>>>          drwxrwx---+ 4 root 3000000 4096 Aug 12 10:41 .
>>>          drwxrwx---+ 3 root 3000000 4096 Aug 12 10:40 ..
>>>          drwxrwx---+ 4 root 3000000 4096 Aug 12 10:41 Policies
>>>          drwxrwx---+ 2 root 3000000 4096 Aug 12 10:40 scripts
>>>
>>>          It has been removed and I think I understand why, rsync is
>>>          removing it:
>>>
>>>          building file list ... done
>>>          sysvol/example.com/ <http://example.com/>
>>>          deleting sysvol/example.com/Test/ <http://example.com/Test/>
>>>
>>>          So how do we stop rsync removing anything that is not on the
>>>          first DC ????
>>>
>>>          Rowland
>>>
>>>      OK, got past that problem, remove '--delete-after' from the rsync
>>>      command. Now for the next problem, the test dir is not deleted on
>>>      the second DC, but when unison syncs it to the first DC,
>> it is set
>>>      as belonging to 'root:root' even though it belongs to
>>>      'root:3000000' on the second DC.
>>>
>>>
>>>      Rowland
>>>
>>>      --
>>>      To unsubscribe from this list go to the following URL
>> and read the
>>>      instructions: https://lists.samba.org/mailman/options/samba
>>>
>>>
>> OK, after reading the unison manpage several times, I think I have it,
> >from /root/.unison/default.prf remove 'perms=0' and add 'owner=true' &
>> 'group=true' . This seems to fix the problem.
>>
>> Rowland
>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
OK, I am testing on a test dir '/var/test/samba', I rsync'd 
/var/lib/samba/sysvol' to the test dir and then tested copying between 
my two DC's.

My '/root/.unison/default.prf' now looks like this:

# Unison preference file
# Synchronization roots
# This machine
root = /var/test/samba
# Remote machine
# Note the 2 x / behind DC02, they are required
root = ssh://root@DC02//var/test/samba
#
# Path to synchronize
path = sysvol
#
#ignore = Path stats    ## ignores /var/www/stats
# copymax & maxthreads params were set to 1 for easier troubleshooting.
# Have to experiment to see if they can be increased again.
auto=true
batch=true
rsync=true
maxthreads=1
retry=3
confirmbigdel=false
servercmd=/usr/bin/unison
copythreshold=0
# removed --compress from following two lines, z is --compress
copyprog = /usr/bin/rsync -XAavz --inplace
copyprogrest = /usr/bin/rsync -XAavz --partial --inplace
copyquoterem = true
copymax = 1
owner=true
group=true

Running 'rsync -XAavz -f"+ */" -f"- *" /var/test/samba/sysvol 
root at DC02:/var/test/samba && /usr/bin/unison' syncs 
'/var/test/samba/sysvol' to the second DC.

If I add another dir inside '/var/test/samba/sysvol' and run the command 
again, the dir is then synced to the second DC.

If I add another dir inside '/var/test/samba/sysvol' on the second DC 
and run the command again, the dir is then synced to the first DC.

I now have two identical directories, one on my first DC, the other on 
the second DC, if I run 'getfacl' on any of the directories or files, I 
get exactly the same results, all the directories & files are owned by 
the same user & group.

This is, in my opinion, better than having files owned by different 
users on different DC's.

Rowland



More information about the samba mailing list