[Samba] Bi-directional sync for Sysvol folder -- Osync?
Daniel Carrasco Marín
danielmadrid19 at gmail.com
Thu Jun 25 09:37:03 MDT 2015
2015-06-25 14:44 GMT+02:00 Daniel Carrasco Marín <danielmadrid19 at gmail.com>:
>
>
> 2015-06-25 14:12 GMT+02:00 Min Wai Chan <dcmwai at gmail.com>:
>
>> Dear Daniel, Klaus
>>
>> I've try that before
>> But because of how samba work on the files.
>>
>> The Advise is No
>> Without CTDB, you will just shoot yourself on the foot...
>>
>>
>>
> Maybe i'm wrong, but we are talking about the sysvol and the databases are
> out that folder. Sysvol only have the shared files like netlogon, gpo...
>
> Greetings!!
>
>
>>
>>
>>
>> On Thu, Jun 25, 2015 at 7:39 PM, Zerwes, Klaus <zerwes at rosalux.de> wrote:
>>
>>> Just some notes:
>>> For master <-> master setup (bi-directional sync) you need AFAIK a
>>> cluster filesystem.
>>> I have no idea how far this is supported w/ samab (ACLs, ...)
>>>
>>> Maybe a old tool related to drbd might be worth some testing too:
>>> http://oss.linbit.com/csync2/
>>>
>>> Klaus
>>>
>>>
>>> ________________________________________
>>> Von: samba-bounces at lists.samba.org [samba-bounces at lists.samba.org]"
>>> im Auftrag von "Daniel Carrasco Marín [danielmadrid19 at gmail.com]
>>> Gesendet: Donnerstag, 25. Juni 2015 12:38
>>> An: samba at lists.samba.org
>>> Betreff: Re: [Samba] Bi-directional sync for Sysvol folder -- Osync?
>>>
>>> Hi,
>>>
>>> I was thinking about bidirectional sync of sysvol and i've a question:
>>> ¿What about DRBD?. You can create a disk partition in every node, create
>>> a
>>> DRBD cluster and then mount that partition on sysvol folder. The
>>> sincronization is bidirectional and in real time.
>>>
>>> For now i've not tested this option, but i've plans to start some tests.
>>>
>>> What is your opinion about this?
>>>
>>> Greetings!!
>>>
>>> 2015-06-24 20:25 GMT+02:00 Min Wai Chan <dcmwai at gmail.com>:
>>>
>>> > Hello,
>>> >
>>> > Just to share
>>> >
>>> > I've updated the guide to use osync.
>>> >
>>> > https://wiki.samba.org/index.php/SysVol_Bidirectional_Replication
>>> >
>>> > Enjoy
>>> >
>>> > Regards,
>>> > Min Wai
>>> >
>>> > On Wed, Jun 24, 2015 at 2:44 AM, Min Wai Chan <dcmwai at gmail.com>
>>> wrote:
>>> >
>>> > > Dear Belle,
>>> > >
>>> > > That produce the similar situation.
>>> > >
>>> > > Thus I'm trying osync
>>> > >
>>> > > And the result are much present according to my test case
>>> > > And configuration are much streamline.
>>> > >
>>> > > However, I'm not sure how it can work with 2 DC or more...
>>> > >
>>> > > Thank You
>>> > >
>>> > >
>>> > > On Mon, Jun 22, 2015 at 9:05 PM, L.P.H. van Belle <belle at bazuin.nl>
>>> > wrote:
>>> > >
>>> > >> Hai Min Wai Chan,
>>> > >>
>>> > >> I have tested it as shown in your example, and your correct.
>>> > >> I did a few test, but im very buzy atm.
>>> > >> Few things i noticed.
>>> > >>
>>> > >>
>>> > >> I compaired the rights in linux and these are the same, but when i
>>> look
>>> > >> at the rights in windows, these are different.. :-/
>>> > >> but wait..
>>> > >> Sync DC1 => DC2 , files and folder rights are ok, in windows and in
>>> > linux
>>> > >> Sync DC2 => DC1, files and folder rights in windows are same but
>>> > >> different compaired to dc1.
>>> > >>
>>> > >> ow and i have :
>>> > >> acl_xattr:ignore system acls = yes
>>> > >> set on sysvol and netlogon
>>> > >>
>>> > >> So can you test also a bit with the following and report back?
>>> > >>
>>> > >> change /etc/cron.d/sysvol-sync to
>>> > >>
>>> > >> */5 * * * * root /usr/bin/unison && /usr/bin/rsync -XAavzu
>>> --log-file
>>> > >> /var/log/sysvol-sync.log --delete-after -f"+ */" -f"- *"
>>> > >> /var/lib/samba/sysvol root at 192.168.0.2:/var/lib/samba &>
>>> /dev/null
>>> > >> so i change the order, first unison, then rsync.
>>> > >> and i added -u in the rsync command.
>>> > >>
>>> > >>
>>> > >>
>>> > >> Greetz,
>>> > >>
>>> > >> Louis
>>> > >>
>>> > >>
>>> > >> ------------------------------
>>> > >> *Van:* Min Wai Chan [mailto:dcmwai at gmail.com]
>>> > >> *Verzonden:* maandag 22 juni 2015 12:41
>>> > >>
>>> > >> *Aan:* L.P.H. van Belle
>>> > >> *CC:* samba at lists.samba.org
>>> > >> *Onderwerp:* Re: [Samba] Bi-directional sync for Sysvol folder --
>>> Osync?
>>> > >>
>>> > >> Dear Belle,
>>> > >>
>>> > >> I found some typo on my last email.
>>> > >>
>>> > >> 1. DC1 will Remove any empty directory on DC2
>>> > >> 2. DC1 will overwrite any users/group change on DC2
>>> > >>
>>> > >> Please note that all change happen on DC2
>>> > >>
>>> > >> Please check on the configuration and log below
>>> > >> https://gist.github.com/dcmwai/e1237ad7f9d35cef2ed6
>>> > >>
>>> > >> Picture with explanation
>>> > >> 1. 01 All Sync
>>> > >>
>>> > >>
>>> >
>>> https://picasaweb.google.com/lh/photo/diyMS_SeKuwXV1dVRQdrYNMTjNZETYmyPJy0liipFm0?feat=directlink
>>> > >> 2. 02 create files and folder on DC2
>>> > >>
>>> > >>
>>> >
>>> https://picasaweb.google.com/lh/photo/A7rQzenAjIfyRAVDBeT5_9MTjNZETYmyPJy0liipFm0?feat=directlink
>>> > >> 3. DC2 files and folder list with permission.png
>>> > >>
>>> > >>
>>> >
>>> https://picasaweb.google.com/lh/photo/7fW8V6JZOgYux6hwQW9jHtMTjNZETYmyPJy0liipFm0?feat=directlink
>>> > >> 4. DC1 after 1st sync files and folder present, but users
>>> permission is
>>> > >> not correct
>>> > >>
>>> > >>
>>> >
>>> https://picasaweb.google.com/lh/photo/-oBXuJLJ6vLT2v1EtdVPSNMTjNZETYmyPJy0liipFm0?feat=directlink
>>> > >> 5. DC 2 after 1st sync folder2_3 is missing permission on DC1 is not
>>> > >> correct
>>> > >>
>>> > >>
>>> >
>>> https://picasaweb.google.com/lh/photo/mCJZxcOhZkTBZKy3FmsUF9MTjNZETYmyPJy0liipFm0?feat=directlink
>>> > >> 6. DC1 overwrite permission on DC2
>>> > >>
>>> > >>
>>> >
>>> https://picasaweb.google.com/lh/photo/q7vfuj_yQ-RTzbUvunEiBdMTjNZETYmyPJy0liipFm0?feat=directlink
>>> > >>
>>> > >>
>>> > >> Hope this help us to see more in detail on the issue.
>>> > >>
>>> > >>
>>> > >>
>>> > >>
>>> > >>
>>> > >>
>>> > >>
>>> > >>
>>> > >> On Mon, Jun 22, 2015 at 2:43 PM, L.P.H. van Belle <belle at bazuin.nl>
>>> > >> wrote:
>>> > >>
>>> > >>> Hello Min Wai Chan,
>>> > >>>
>>> > >>> Can you explain more about,, the DC1 will remove any emptey
>>> directory
>>> > on
>>> > >>> DC1.
>>> > >>> tested it here, but that does not occure here.
>>> > >>> i can create empty directories on DC1, and these are synced to DC2.
>>> > >>> empty or not.
>>> > >>>
>>> > >>> DC1 will overwrite any users/group change on DC2
>>> > >>> if setup correctly, your sysvol rights on DC1 and DC2 are the
>>> same..
>>> > >>>
>>> > >>> i suggest you to the following.
>>> > >>> get the latest version of the script.
>>> > >>> stop samba on both dcs.
>>> > >>> copy idmap from DC1 to DC2, and start up again.
>>> > >>> these last steps are in the latest script also.
>>> > >>>
>>> > >>> Greetz,
>>> > >>>
>>> > >>> Louis
>>> > >>>
>>> > >>>
>>> > >>>
>>> > >>> ------------------------------
>>> > >>> *Van:* Min Wai Chan [mailto:dcmwai at gmail.com]
>>> > >>> *Verzonden:* zondag 21 juni 2015 19:23
>>> > >>> *Aan:* L.P.H. van Belle
>>> > >>> *CC:* samba at lists.samba.org
>>> > >>> *Onderwerp:* Re: [Samba] Bi-directional sync for Sysvol folder --
>>> > Osync?
>>> > >>>
>>> > >>> Dear Belle,
>>> > >>>
>>> > >>> I think I'm using the 1.02 Version as we post question on Feb.
>>> > >>>
>>> > >>> But I don't think there are much different
>>> > >>>
>>> > >>> At least when I see from the cron script and also the unison
>>> > default.prf
>>> > >>>
>>> > >>> I think this script have 2 major issue.
>>> > >>>
>>> > >>> 1. DC1 will Remove any empty directory on DC1
>>> > >>> 2. DC1 will overwrite any users/group change on DC2
>>> > >>>
>>> > >>> the last issue I see is that cron.d are sending mail every 5
>>> mins..(but
>>> > >>> I think that can be solved)
>>> > >>>
>>> > >>> I've not try osync before...
>>> > >>>
>>> > >>> but it look promising...
>>> > >>>
>>> > >>> Regards,
>>> > >>> Min Wai
>>> > >>>
>>> > >>>
>>> > >>>
>>> > >>> On Fri, Jun 19, 2015 at 2:53 PM, L.P.H. van Belle <belle at bazuin.nl
>>> >
>>> > >>> wrote:
>>> > >>>
>>> > >>>> Hai Min Wai Chan,
>>> > >>>>
>>> > >>>> i'll go have a look in osync..
>>> > >>>> and how do you mean fixour issue? Can you explain more so i can
>>> have a
>>> > >>>> look into that.
>>> > >>>>
>>> > >>>> which version are you running..
>>> > >>>> latest is : 2015-04-30: 1.0.6
>>> > >>>>
>>> > >>>> these where the last changes :
>>> > >>>> # 2014-05-02: 1.0 : im considering this stable, but use at own
>>> risk.
>>> > >>>> # 2014-05-09: 1.01 : missed sysvol in the cron line. (
>>> sysvol-sync )
>>> > >>>> # 2014-06-23: 1.02 : added Extra Variable to make sure syncing is
>>> done
>>> > >>>> correct.
>>> > >>>> # 2015-02-19: 1.0.3: correction in the setup/copy of the sysvol.
>>> ( no
>>> > >>>> more /home/samba/sysvol/sysvol )
>>> > >>>> # 2015-02-24: 1.0.4: corrected the mixed up of PATH and BASE in
>>> line
>>> > 97
>>> > >>>> ( now relly no more double sysvol )
>>> > >>>> # 2015-04-29: 1.0.5: added extra copy of idmap.ldb, to make sure
>>> the
>>> > >>>> uids/gids on both servers are correct.
>>> > >>>> # samba 4.2.1 did complain about wrong
>>> uid/gids in
>>> > >>>> the sync.
>>> > >>>> # copy of sysvol did not always work, fixed it,
>>> > >>>> # removed the copy of sysvol on dc2, due to
>>> above
>>> > >>>> fixed not needed anymore.
>>> > >>>> # 2015-04-30: 1.0.6: small problems where detected with the
>>> idmap, as
>>> > >>>> suggestedby achim,
>>> > >>>> # gencache.tdb is remove
>>> before
>>> > >>>> startingsamba again.
>>> > >>>>
>>> > >>>>
>>> > >>>>
>>> > >>>> >-----Oorspronkelijk bericht-----
>>> > >>>> >Van: dcmwai at gmail.com [mailto:samba-bounces at lists.samba.org]
>>> > >>>> >Namens Min Wai Chan
>>> > >>>> >Verzonden: donderdag 18 juni 2015 20:04
>>> > >>>> >Aan: samba at lists.samba.org
>>> > >>>> >Onderwerp: [Samba] Bi-directional sync for Sysvol folder --
>>> Osync?
>>> > >>>> >
>>> > >>>> >Hello all,
>>> > >>>> >
>>> > >>>> >Just to ask have anyone try osync before?
>>> > >>>> >https://github.com/deajan/osync
>>> > >>>> >
>>> > >>>> >And would you think that this will fix our issue on
>>> > >>>> >
>>> https://wiki.samba.org/index.php/SysVol_Bidirectional_Replication
>>> > >>>> >
>>> > >>>> >Where DC2 files or folder will be removed?
>>> > >>>> >
>>> > >>>> >Thank You.
>>> > >>>> >--
>>> > >>>> >To unsubscribe from this list go to the following URL and read
>>> the
>>> > >>>> >instructions: https://lists.samba.org/mailman/options/samba
>>> > >>>> >
>>> > >>>> >
>>> > >>>>
>>> > >>>> --
>>> > >>>> To unsubscribe from this list go to the following URL and read the
>>> > >>>> instructions: https://lists.samba.org/mailman/options/samba
>>> > >>>>
>>> > >>>
>>> > >>>
>>> > >>
>>> > >
>>> > --
>>> > To unsubscribe from this list go to the following URL and read the
>>> > instructions: https://lists.samba.org/mailman/options/samba
>>> >
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>
>>
>
Hi again,
I've done some tests with DRBD and gfs2, and these are my conclusions:
- Some mount options are not avaible, like "user_xattr" and
"barrier=1". I don't know if are important, because at least the extended
atributes are working:
getfattr -n security.test -d test.txt
# file: test.txt
security.test="test2"
- As i said above, extended atributes are working and ACLs too.
- Files are synchronized instantly, just edit a file in one node and is
updated in the other node in less than a second. ACLs are synchronized
instantly too.
- I can enter to sysvol and netlogon shares from Linux and Windows.
- I've changed some permissions from a Windows machine and were updated
without problem.
For now i've not tested to join the domain with a Windows machine, but
looks promising:
root@*pruebas2*:/var/lib/samba/sysvol/test.red/scripts/Hola# getfacl
test.txt
# file: test.txt
# owner: root
# group: root
user::rw-
user:root:rw-
user:3000000:rw-
user:3000001:r--
user:3000002:rw-
user:3000003:r--
group::---
group:root:---
group:users:rwx
group:3000000:rw-
group:3000001:r--
group:3000002:rw-
group:3000003:r--
mask::rwx
other::---
root@*pruebas*:/var/lib/samba/sysvol/test.red/scripts/Hola# getfacl
test.txt
# file: test.txt
# owner: root
# group: root
user::rw-
user:root:rw-
user:3000000:rw-
user:3000001:r--
user:3000002:rw-
user:3000003:r--
group::---
group:root:---
group:users:rwx
group:3000000:rw-
group:3000001:r--
group:3000002:rw-
group:3000003:r--
mask::rwx
other::---
root@*pruebas*:/var/lib/samba/sysvol/test.red/scripts/Hola# setfattr -n
user.test -v test test.txt
root@*pruebas*:/var/lib/samba/sysvol/test.red/scripts/Hola# setfattr -n
security.test -v test2 test.txt
root@*pruebas*:/var/lib/samba/sysvol/test.red/scripts/Hola# getfattr -d
test.txt
# file: test.txt
user.test="test"
root@*pruebas*:/var/lib/samba/sysvol/test.red/scripts/Hola# getfattr -n
security.test -d test.txt
# file: test.txt
security.test="test2"
root@*pruebas2*:/var/lib/samba/sysvol/test.red/scripts/Hola# getfattr -d
test.txt
# file: test.txt
user.test="test"
root@*pruebas2*:/var/lib/samba/sysvol/test.red/scripts/Hola# getfattr -n
security.test -d test.txt
# file: test.txt
security.test="test2"
Greetings!!
More information about the samba
mailing list