[Samba] R­­e: R­e: D­­C2 d­enie­s a­c­­cess­­ whe­­­n sa­­vin­g

L.P.H. van Belle belle at bazuin.nl
Mon Nov 3 05:54:52 MST 2014


Hai, 

Ok, this is an option also then. 
I'll go test this also, and if this works better, then lets adopt it. 

Greetz, 

Louis
 

>-----Oorspronkelijk bericht-----
>Van: rowlandpenny at googlemail.com 
>[mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
>Verzonden: maandag 3 november 2014 12:16
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] R­­e: R­e: D­­C2 d­enie­s a­c­­cess­­ 
>whe­­­n sa­­vin­g
>
>On 03/11/14 08:12, L.P.H. van Belle wrote:
>> Hai,
>>
>> Guys, some extra understanding.
>>
>>> This is what I cannot really understand, why use the rsync 
>command at
>>> all, as it would seem that unison uses rsync itself to do 
>the copying,
>> Rsync is use-ed to create the right direcotie structure with 
>all the needed ACL and ATTRS.
>> Unison cant do that ( yet ) but unison can do bidirectional 
>sync of files.
>> and together you get what we need.
>>
>>
>>> OK, after reading the unison manpage several times, I think 
>I have it,
>> >from /root/.unison/default.prf remove 'perms=0' and add 
>'owner=true' &
>>> 'group=true' . This seems to fix the problem.
>> That can be but should not be needed.
>>
>> remember, that i dont look het the rights on linux, and 
>mainly because of that sysvol
>> is only used for windows.
>>
>> So idmappping not needed, rights, copied from DC1 to DC2 may 
>see different, but !
>> not in windows.
>>
>> and if you want it really only for windows, and dont look to 
>much in the underlaying linux rights.
>> add : acl_xattr:ignore system acl = ye
>>
>> last.
>>
>> I saw something with errors on DC2 about when creating etc.
>> where the prileges set on the second DC?
>>
>>
>>
>> Louis
>>
>>
>>
>>> -----Oorspronkelijk bericht-----
>>> Van: rowlandpenny at googlemail.com
>>> [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
>>> Verzonden: zondag 2 november 2014 23:01
>>> CC: samba at lists.samba.org
>>> Onderwerp: Re: [Samba] R­­e: R­e: D­­C2 d­enie­s a­c­­cess­­
>>> whe­­­n sa­­vin­g
>>>
>>> On 02/11/14 17:10, Min Wai Chan wrote:
>>>> Hi Rowland,
>>>>
>>>> You are correct...
>>>>
>>>> Let us ask Louis...
>>>>
>>>> Dear Louis,
>>>>
>>>> Can help us on this?
>>>>
>>>> Thank you
>>>>
>>>> On Mon, Nov 3, 2014 at 12:54 AM, Rowland Penny
>>>> <rowlandpenny at googlemail.com
>>> <mailto:rowlandpenny at googlemail.com>> wrote:
>>>>      On 02/11/14 16:00, Rowland Penny wrote:
>>>>
>>>>          On 02/11/14 15:29, ?icro MEGAS wrote:
>>>>
>>>>              Indeed, it deleted these two mentioned directories, it
>>>>              also tried to delete the directory
>>>>              {5F5181D6-325D-4566-8B2E-0292E9F4995B} but it 
>wasn't able
>>>>              to do so.
>>>>
>>>>              I played around a bit and actually in my opinion
>>>>              rsync+unison is *not* behaving correctly as one would
>>>>              expect. For example: I am creating a new file or
>>> directory
>>>>              on dc2:/var/lib/samba/sysvol/mydom.example.com
>>>>              <http://mydom.example.com> called "test"
>>>>
>>>>              After I run the rsync+unison command on DC1, 
>this file or
>>>>              directory called "test" gets deleted on DC2. 
>That's not
>>>>              what I would expect. What I expected is that this
>>>>              file/directory would be copied from DC2 to 
>DC1. The setup
>>>>              works only in one direction at the moment, 
>that mean when
>>>>              I create something on DC1 it is successfully
>>> synced to DC2
>>>>              but _not vice-versa_ :(
>>>>
>>>>              So in my opinion there is a misconfigured 
>rsync+unison.
>>>>              How do we set this thing up so both directions work?
>>>>
>>>>              Mirco
>>>>
>>>>          You would seem to be correct, I rsync'd 
>/var/lib/samba/sysvol
>>>>          to /var/test/samba and I have been testing with the
>>> later dir.
>>>>          I run the line from the script (modified for 
>change of path)
>>>>          and my test sysvol was replicated to the second 
>DC, so far so
>>>>          good.
>>>>
>>>>          root at dc02:~# cd /var/test/samba//sysvol/example.com
>>>>          <http://example.com>
>>>>          root at dc02:/var/test/samba/sysvol/example.com#
>>>>          <http://example.com#> ls -la
>>>>          total 32
>>>>          drwxrwx---+ 4 root 3000000 4096 Aug 12 10:41 .
>>>>          drwxrwx---+ 3 root 3000000 4096 Aug 12 10:40 ..
>>>>          drwxrwx---+ 4 root 3000000 4096 Aug 12 10:41 Policies
>>>>          drwxrwx---+ 2 root 3000000 4096 Aug 12 10:40 scripts
>>>>
>>>>          I then created a new directory on the second DC dc02
>>>>
>>>>          root at dc02:/var/test/samba/sysvol/example.com#
>>>>          <http://example.com#> mkdir Test
>>>>          root at dc02:/var/test/samba/sysvol/example.com#
>>>>          <http://example.com#> chown root:3000000 Test
>>>>
>>>>          root at dc02:/var/test/samba/sysvol/example.com#
>>>>          <http://example.com#> ls -la
>>>>          total 40
>>>>          drwxrwx---+ 5 root 3000000 4096 Nov  2 15:38 .
>>>>          drwxrwx---+ 3 root 3000000 4096 Aug 12 10:40 ..
>>>>          drwxrwx---+ 4 root 3000000 4096 Aug 12 10:41 Policies
>>>>          drwxrwx---+ 2 root 3000000 4096 Aug 12 10:40 scripts
>>>>          drwxrwx---+ 2 root 3000000 4096 Nov  2 15:38 Test
>>>>
>>>>          I then ran the line from the script again on dc01
>>>>
>>>>          root at dc01:~# rsync -XAavz --delete-after -f"+ */" -f"- *"
>>>>          /var/test/samba/sysvol root at DC02:/var/test/samba &&
>>>>          /usr/bin/unison
>>>>          building file list ... done
>>>>          sysvol/example.com/ <http://example.com/>
>>>>          deleting sysvol/example.com/Test/ 
><http://example.com/Test/>
>>>>
>>>>          sent 973 bytes  received 15 bytes  658.67 bytes/sec
>>>>          total size is 0  speedup is 0.00
>>>>          Contacting server...
>>>>          Connected [//dc01//var/test/samba -> 
>//dc02//var/test/samba]
>>>>          Looking for changes
>>>>            Waiting for changes from server
>>>>          Reconciling changes
>>>>          Nothing to do: replicas have not changed since last sync.
>>>>
>>>>          If I now check if the new directory is still there:
>>>>
>>>>          root at dc02:/var/test/samba/sysvol/example.com#
>>>>          <http://example.com#> ls -la
>>>>          total 32
>>>>          drwxrwx---+ 4 root 3000000 4096 Aug 12 10:41 .
>>>>          drwxrwx---+ 3 root 3000000 4096 Aug 12 10:40 ..
>>>>          drwxrwx---+ 4 root 3000000 4096 Aug 12 10:41 Policies
>>>>          drwxrwx---+ 2 root 3000000 4096 Aug 12 10:40 scripts
>>>>
>>>>          It has been removed and I think I understand why, rsync is
>>>>          removing it:
>>>>
>>>>          building file list ... done
>>>>          sysvol/example.com/ <http://example.com/>
>>>>          deleting sysvol/example.com/Test/ 
><http://example.com/Test/>
>>>>
>>>>          So how do we stop rsync removing anything that is 
>not on the
>>>>          first DC ????
>>>>
>>>>          Rowland
>>>>
>>>>      OK, got past that problem, remove '--delete-after' 
>from the rsync
>>>>      command. Now for the next problem, the test dir is 
>not deleted on
>>>>      the second DC, but when unison syncs it to the first DC,
>>> it is set
>>>>      as belonging to 'root:root' even though it belongs to
>>>>      'root:3000000' on the second DC.
>>>>
>>>>
>>>>      Rowland
>>>>
>>>>      --
>>>>      To unsubscribe from this list go to the following URL
>>> and read the
>>>>      instructions: https://lists.samba.org/mailman/options/samba
>>>>
>>>>
>>> OK, after reading the unison manpage several times, I think 
>I have it,
>> >from /root/.unison/default.prf remove 'perms=0' and add 
>'owner=true' &
>>> 'group=true' . This seems to fix the problem.
>>>
>>> Rowland
>>>
>>> -- 
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>>
>OK, I am testing on a test dir '/var/test/samba', I rsync'd 
>/var/lib/samba/sysvol' to the test dir and then tested copying between 
>my two DC's.
>
>My '/root/.unison/default.prf' now looks like this:
>
># Unison preference file
># Synchronization roots
># This machine
>root = /var/test/samba
># Remote machine
># Note the 2 x / behind DC02, they are required
>root = ssh://root@DC02//var/test/samba
>#
># Path to synchronize
>path = sysvol
>#
>#ignore = Path stats    ## ignores /var/www/stats
># copymax & maxthreads params were set to 1 for easier troubleshooting.
># Have to experiment to see if they can be increased again.
>auto=true
>batch=true
>rsync=true
>maxthreads=1
>retry=3
>confirmbigdel=false
>servercmd=/usr/bin/unison
>copythreshold=0
># removed --compress from following two lines, z is --compress
>copyprog = /usr/bin/rsync -XAavz --inplace
>copyprogrest = /usr/bin/rsync -XAavz --partial --inplace
>copyquoterem = true
>copymax = 1
>owner=true
>group=true
>
>Running 'rsync -XAavz -f"+ */" -f"- *" /var/test/samba/sysvol 
>root at DC02:/var/test/samba && /usr/bin/unison' syncs 
>'/var/test/samba/sysvol' to the second DC.
>
>If I add another dir inside '/var/test/samba/sysvol' and run 
>the command 
>again, the dir is then synced to the second DC.
>
>If I add another dir inside '/var/test/samba/sysvol' on the second DC 
>and run the command again, the dir is then synced to the first DC.
>
>I now have two identical directories, one on my first DC, the other on 
>the second DC, if I run 'getfacl' on any of the directories or 
>files, I 
>get exactly the same results, all the directories & files are owned by 
>the same user & group.
>
>This is, in my opinion, better than having files owned by different 
>users on different DC's.
>
>Rowland
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>



More information about the samba mailing list