[Samba] Bi-directional sync for Sysvol folder -- Osync?
Min Wai Chan
dcmwai at gmail.com
Thu Jun 25 10:14:29 MDT 2015
Hi all,
I'm lazy to argue again.
https://lists.samba.org/archive/samba/2014-February/178549.html
Thank You.
On Thu, Jun 25, 2015 at 11:37 PM, Daniel Carrasco Marín <
danielmadrid19 at gmail.com> wrote:
>
>
> 2015-06-25 14:44 GMT+02:00 Daniel Carrasco Marín <danielmadrid19 at gmail.com
> >:
>
>>
>>
>> 2015-06-25 14:12 GMT+02:00 Min Wai Chan <dcmwai at gmail.com>:
>>
>>> Dear Daniel, Klaus
>>>
>>> I've try that before
>>> But because of how samba work on the files.
>>>
>>> The Advise is No
>>> Without CTDB, you will just shoot yourself on the foot...
>>>
>>>
>>>
>> Maybe i'm wrong, but we are talking about the sysvol and the databases
>> are out that folder. Sysvol only have the shared files like netlogon, gpo...
>>
>> Greetings!!
>>
>>
>>>
>>>
>>>
>>> On Thu, Jun 25, 2015 at 7:39 PM, Zerwes, Klaus <zerwes at rosalux.de>
>>> wrote:
>>>
>>>> Just some notes:
>>>> For master <-> master setup (bi-directional sync) you need AFAIK a
>>>> cluster filesystem.
>>>> I have no idea how far this is supported w/ samab (ACLs, ...)
>>>>
>>>> Maybe a old tool related to drbd might be worth some testing too:
>>>> http://oss.linbit.com/csync2/
>>>>
>>>> Klaus
>>>>
>>>>
>>>> ________________________________________
>>>> Von: samba-bounces at lists.samba.org [samba-bounces at lists.samba.org]"
>>>> im Auftrag von "Daniel Carrasco Marín [danielmadrid19 at gmail.com]
>>>> Gesendet: Donnerstag, 25. Juni 2015 12:38
>>>> An: samba at lists.samba.org
>>>> Betreff: Re: [Samba] Bi-directional sync for Sysvol folder -- Osync?
>>>>
>>>> Hi,
>>>>
>>>> I was thinking about bidirectional sync of sysvol and i've a question:
>>>> ¿What about DRBD?. You can create a disk partition in every node,
>>>> create a
>>>> DRBD cluster and then mount that partition on sysvol folder. The
>>>> sincronization is bidirectional and in real time.
>>>>
>>>> For now i've not tested this option, but i've plans to start some tests.
>>>>
>>>> What is your opinion about this?
>>>>
>>>> Greetings!!
>>>>
>>>> 2015-06-24 20:25 GMT+02:00 Min Wai Chan <dcmwai at gmail.com>:
>>>>
>>>> > Hello,
>>>> >
>>>> > Just to share
>>>> >
>>>> > I've updated the guide to use osync.
>>>> >
>>>> > https://wiki.samba.org/index.php/SysVol_Bidirectional_Replication
>>>> >
>>>> > Enjoy
>>>> >
>>>> > Regards,
>>>> > Min Wai
>>>> >
>>>> > On Wed, Jun 24, 2015 at 2:44 AM, Min Wai Chan <dcmwai at gmail.com>
>>>> wrote:
>>>> >
>>>> > > Dear Belle,
>>>> > >
>>>> > > That produce the similar situation.
>>>> > >
>>>> > > Thus I'm trying osync
>>>> > >
>>>> > > And the result are much present according to my test case
>>>> > > And configuration are much streamline.
>>>> > >
>>>> > > However, I'm not sure how it can work with 2 DC or more...
>>>> > >
>>>> > > Thank You
>>>> > >
>>>> > >
>>>> > > On Mon, Jun 22, 2015 at 9:05 PM, L.P.H. van Belle <belle at bazuin.nl>
>>>> > wrote:
>>>> > >
>>>> > >> Hai Min Wai Chan,
>>>> > >>
>>>> > >> I have tested it as shown in your example, and your correct.
>>>> > >> I did a few test, but im very buzy atm.
>>>> > >> Few things i noticed.
>>>> > >>
>>>> > >>
>>>> > >> I compaired the rights in linux and these are the same, but when i
>>>> look
>>>> > >> at the rights in windows, these are different.. :-/
>>>> > >> but wait..
>>>> > >> Sync DC1 => DC2 , files and folder rights are ok, in windows and in
>>>> > linux
>>>> > >> Sync DC2 => DC1, files and folder rights in windows are same but
>>>> > >> different compaired to dc1.
>>>> > >>
>>>> > >> ow and i have :
>>>> > >> acl_xattr:ignore system acls = yes
>>>> > >> set on sysvol and netlogon
>>>> > >>
>>>> > >> So can you test also a bit with the following and report back?
>>>> > >>
>>>> > >> change /etc/cron.d/sysvol-sync to
>>>> > >>
>>>> > >> */5 * * * * root /usr/bin/unison && /usr/bin/rsync -XAavzu
>>>> --log-file
>>>> > >> /var/log/sysvol-sync.log --delete-after -f"+ */" -f"- *"
>>>> > >> /var/lib/samba/sysvol root at 192.168.0.2:/var/lib/samba &>
>>>> /dev/null
>>>> > >> so i change the order, first unison, then rsync.
>>>> > >> and i added -u in the rsync command.
>>>> > >>
>>>> > >>
>>>> > >>
>>>> > >> Greetz,
>>>> > >>
>>>> > >> Louis
>>>> > >>
>>>> > >>
>>>> > >> ------------------------------
>>>> > >> *Van:* Min Wai Chan [mailto:dcmwai at gmail.com]
>>>> > >> *Verzonden:* maandag 22 juni 2015 12:41
>>>> > >>
>>>> > >> *Aan:* L.P.H. van Belle
>>>> > >> *CC:* samba at lists.samba.org
>>>> > >> *Onderwerp:* Re: [Samba] Bi-directional sync for Sysvol folder --
>>>> Osync?
>>>> > >>
>>>> > >> Dear Belle,
>>>> > >>
>>>> > >> I found some typo on my last email.
>>>> > >>
>>>> > >> 1. DC1 will Remove any empty directory on DC2
>>>> > >> 2. DC1 will overwrite any users/group change on DC2
>>>> > >>
>>>> > >> Please note that all change happen on DC2
>>>> > >>
>>>> > >> Please check on the configuration and log below
>>>> > >> https://gist.github.com/dcmwai/e1237ad7f9d35cef2ed6
>>>> > >>
>>>> > >> Picture with explanation
>>>> > >> 1. 01 All Sync
>>>> > >>
>>>> > >>
>>>> >
>>>> https://picasaweb.google.com/lh/photo/diyMS_SeKuwXV1dVRQdrYNMTjNZETYmyPJy0liipFm0?feat=directlink
>>>> > >> 2. 02 create files and folder on DC2
>>>> > >>
>>>> > >>
>>>> >
>>>> https://picasaweb.google.com/lh/photo/A7rQzenAjIfyRAVDBeT5_9MTjNZETYmyPJy0liipFm0?feat=directlink
>>>> > >> 3. DC2 files and folder list with permission.png
>>>> > >>
>>>> > >>
>>>> >
>>>> https://picasaweb.google.com/lh/photo/7fW8V6JZOgYux6hwQW9jHtMTjNZETYmyPJy0liipFm0?feat=directlink
>>>> > >> 4. DC1 after 1st sync files and folder present, but users
>>>> permission is
>>>> > >> not correct
>>>> > >>
>>>> > >>
>>>> >
>>>> https://picasaweb.google.com/lh/photo/-oBXuJLJ6vLT2v1EtdVPSNMTjNZETYmyPJy0liipFm0?feat=directlink
>>>> > >> 5. DC 2 after 1st sync folder2_3 is missing permission on DC1 is
>>>> not
>>>> > >> correct
>>>> > >>
>>>> > >>
>>>> >
>>>> https://picasaweb.google.com/lh/photo/mCJZxcOhZkTBZKy3FmsUF9MTjNZETYmyPJy0liipFm0?feat=directlink
>>>> > >> 6. DC1 overwrite permission on DC2
>>>> > >>
>>>> > >>
>>>> >
>>>> https://picasaweb.google.com/lh/photo/q7vfuj_yQ-RTzbUvunEiBdMTjNZETYmyPJy0liipFm0?feat=directlink
>>>> > >>
>>>> > >>
>>>> > >> Hope this help us to see more in detail on the issue.
>>>> > >>
>>>> > >>
>>>> > >>
>>>> > >>
>>>> > >>
>>>> > >>
>>>> > >>
>>>> > >>
>>>> > >> On Mon, Jun 22, 2015 at 2:43 PM, L.P.H. van Belle <belle at bazuin.nl
>>>> >
>>>> > >> wrote:
>>>> > >>
>>>> > >>> Hello Min Wai Chan,
>>>> > >>>
>>>> > >>> Can you explain more about,, the DC1 will remove any emptey
>>>> directory
>>>> > on
>>>> > >>> DC1.
>>>> > >>> tested it here, but that does not occure here.
>>>> > >>> i can create empty directories on DC1, and these are synced to
>>>> DC2.
>>>> > >>> empty or not.
>>>> > >>>
>>>> > >>> DC1 will overwrite any users/group change on DC2
>>>> > >>> if setup correctly, your sysvol rights on DC1 and DC2 are the
>>>> same..
>>>> > >>>
>>>> > >>> i suggest you to the following.
>>>> > >>> get the latest version of the script.
>>>> > >>> stop samba on both dcs.
>>>> > >>> copy idmap from DC1 to DC2, and start up again.
>>>> > >>> these last steps are in the latest script also.
>>>> > >>>
>>>> > >>> Greetz,
>>>> > >>>
>>>> > >>> Louis
>>>> > >>>
>>>> > >>>
>>>> > >>>
>>>> > >>> ------------------------------
>>>> > >>> *Van:* Min Wai Chan [mailto:dcmwai at gmail.com]
>>>> > >>> *Verzonden:* zondag 21 juni 2015 19:23
>>>> > >>> *Aan:* L.P.H. van Belle
>>>> > >>> *CC:* samba at lists.samba.org
>>>> > >>> *Onderwerp:* Re: [Samba] Bi-directional sync for Sysvol folder --
>>>> > Osync?
>>>> > >>>
>>>> > >>> Dear Belle,
>>>> > >>>
>>>> > >>> I think I'm using the 1.02 Version as we post question on Feb.
>>>> > >>>
>>>> > >>> But I don't think there are much different
>>>> > >>>
>>>> > >>> At least when I see from the cron script and also the unison
>>>> > default.prf
>>>> > >>>
>>>> > >>> I think this script have 2 major issue.
>>>> > >>>
>>>> > >>> 1. DC1 will Remove any empty directory on DC1
>>>> > >>> 2. DC1 will overwrite any users/group change on DC2
>>>> > >>>
>>>> > >>> the last issue I see is that cron.d are sending mail every 5
>>>> mins..(but
>>>> > >>> I think that can be solved)
>>>> > >>>
>>>> > >>> I've not try osync before...
>>>> > >>>
>>>> > >>> but it look promising...
>>>> > >>>
>>>> > >>> Regards,
>>>> > >>> Min Wai
>>>> > >>>
>>>> > >>>
>>>> > >>>
>>>> > >>> On Fri, Jun 19, 2015 at 2:53 PM, L.P.H. van Belle <
>>>> belle at bazuin.nl>
>>>> > >>> wrote:
>>>> > >>>
>>>> > >>>> Hai Min Wai Chan,
>>>> > >>>>
>>>> > >>>> i'll go have a look in osync..
>>>> > >>>> and how do you mean fixour issue? Can you explain more so i can
>>>> have a
>>>> > >>>> look into that.
>>>> > >>>>
>>>> > >>>> which version are you running..
>>>> > >>>> latest is : 2015-04-30: 1.0.6
>>>> > >>>>
>>>> > >>>> these where the last changes :
>>>> > >>>> # 2014-05-02: 1.0 : im considering this stable, but use at own
>>>> risk.
>>>> > >>>> # 2014-05-09: 1.01 : missed sysvol in the cron line. (
>>>> sysvol-sync )
>>>> > >>>> # 2014-06-23: 1.02 : added Extra Variable to make sure syncing
>>>> is done
>>>> > >>>> correct.
>>>> > >>>> # 2015-02-19: 1.0.3: correction in the setup/copy of the sysvol.
>>>> ( no
>>>> > >>>> more /home/samba/sysvol/sysvol )
>>>> > >>>> # 2015-02-24: 1.0.4: corrected the mixed up of PATH and BASE in
>>>> line
>>>> > 97
>>>> > >>>> ( now relly no more double sysvol )
>>>> > >>>> # 2015-04-29: 1.0.5: added extra copy of idmap.ldb, to make sure
>>>> the
>>>> > >>>> uids/gids on both servers are correct.
>>>> > >>>> # samba 4.2.1 did complain about wrong
>>>> uid/gids in
>>>> > >>>> the sync.
>>>> > >>>> # copy of sysvol did not always work, fixed
>>>> it,
>>>> > >>>> # removed the copy of sysvol on dc2, due to
>>>> above
>>>> > >>>> fixed not needed anymore.
>>>> > >>>> # 2015-04-30: 1.0.6: small problems where detected with the
>>>> idmap, as
>>>> > >>>> suggestedby achim,
>>>> > >>>> # gencache.tdb is remove
>>>> before
>>>> > >>>> startingsamba again.
>>>> > >>>>
>>>> > >>>>
>>>> > >>>>
>>>> > >>>> >-----Oorspronkelijk bericht-----
>>>> > >>>> >Van: dcmwai at gmail.com [mailto:samba-bounces at lists.samba.org]
>>>> > >>>> >Namens Min Wai Chan
>>>> > >>>> >Verzonden: donderdag 18 juni 2015 20:04
>>>> > >>>> >Aan: samba at lists.samba.org
>>>> > >>>> >Onderwerp: [Samba] Bi-directional sync for Sysvol folder --
>>>> Osync?
>>>> > >>>> >
>>>> > >>>> >Hello all,
>>>> > >>>> >
>>>> > >>>> >Just to ask have anyone try osync before?
>>>> > >>>> >https://github.com/deajan/osync
>>>> > >>>> >
>>>> > >>>> >And would you think that this will fix our issue on
>>>> > >>>> >
>>>> https://wiki.samba.org/index.php/SysVol_Bidirectional_Replication
>>>> > >>>> >
>>>> > >>>> >Where DC2 files or folder will be removed?
>>>> > >>>> >
>>>> > >>>> >Thank You.
>>>> > >>>> >--
>>>> > >>>> >To unsubscribe from this list go to the following URL and read
>>>> the
>>>> > >>>> >instructions: https://lists.samba.org/mailman/options/samba
>>>> > >>>> >
>>>> > >>>> >
>>>> > >>>>
>>>> > >>>> --
>>>> > >>>> To unsubscribe from this list go to the following URL and read
>>>> the
>>>> > >>>> instructions: https://lists.samba.org/mailman/options/samba
>>>> > >>>>
>>>> > >>>
>>>> > >>>
>>>> > >>
>>>> > >
>>>> > --
>>>> > To unsubscribe from this list go to the following URL and read the
>>>> > instructions: https://lists.samba.org/mailman/options/samba
>>>> >
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>
>>>
>>>
>>
> Hi again,
>
> I've done some tests with DRBD and gfs2, and these are my conclusions:
>
> - Some mount options are not avaible, like "user_xattr" and
> "barrier=1". I don't know if are important, because at least the extended
> atributes are working:
>
> getfattr -n security.test -d test.txt
> # file: test.txt
> security.test="test2"
>
> - As i said above, extended atributes are working and ACLs too.
> - Files are synchronized instantly, just edit a file in one node and
> is updated in the other node in less than a second. ACLs are synchronized
> instantly too.
> - I can enter to sysvol and netlogon shares from Linux and Windows.
> - I've changed some permissions from a Windows machine and were
> updated without problem.
>
>
> For now i've not tested to join the domain with a Windows machine, but
> looks promising:
>
> root@*pruebas2*:/var/lib/samba/sysvol/test.red/scripts/Hola# getfacl
> test.txt
> # file: test.txt
> # owner: root
> # group: root
> user::rw-
> user:root:rw-
> user:3000000:rw-
> user:3000001:r--
> user:3000002:rw-
> user:3000003:r--
> group::---
> group:root:---
> group:users:rwx
> group:3000000:rw-
> group:3000001:r--
> group:3000002:rw-
> group:3000003:r--
> mask::rwx
> other::---
>
>
> root@*pruebas*:/var/lib/samba/sysvol/test.red/scripts/Hola# getfacl
> test.txt
> # file: test.txt
> # owner: root
> # group: root
> user::rw-
> user:root:rw-
> user:3000000:rw-
> user:3000001:r--
> user:3000002:rw-
> user:3000003:r--
> group::---
> group:root:---
> group:users:rwx
> group:3000000:rw-
> group:3000001:r--
> group:3000002:rw-
> group:3000003:r--
> mask::rwx
> other::---
>
>
> root@*pruebas*:/var/lib/samba/sysvol/test.red/scripts/Hola# setfattr -n
> user.test -v test test.txt
> root@*pruebas*:/var/lib/samba/sysvol/test.red/scripts/Hola# setfattr -n
> security.test -v test2 test.txt
> root@*pruebas*:/var/lib/samba/sysvol/test.red/scripts/Hola# getfattr -d
> test.txt
> # file: test.txt
> user.test="test"
>
> root@*pruebas*:/var/lib/samba/sysvol/test.red/scripts/Hola# getfattr -n
> security.test -d test.txt
> # file: test.txt
> security.test="test2"
>
>
> root@*pruebas2*:/var/lib/samba/sysvol/test.red/scripts/Hola# getfattr -d
> test.txt
> # file: test.txt
> user.test="test"
>
> root@*pruebas2*:/var/lib/samba/sysvol/test.red/scripts/Hola# getfattr -n
> security.test -d test.txt
> # file: test.txt
> security.test="test2"
>
>
> Greetings!!
>
More information about the samba
mailing list