<div dir="ltr"><div dir="ltr"><div dir="auto"><div>Hi,</div><div><br></div><div>Thanks for the reply!</div><div><br></div><div>This was setup a few years ago and was working OK, even when falling back to this server. We had not failed over to this server recently after the latest samba upgrades, so Not sure if maybe the new samba and ctdb packages had a change that is creating the issue.</div><div><br></div><div><span style="font-family:monospace"><span style="font-weight:bold;color:rgb(255,84,84)">samba</span><span style="color:rgb(0,0,0)">-libs-4.7.1-9.el7_5.x86_64
</span><br><span style="font-weight:bold;color:rgb(255,84,84)">samba</span><span style="color:rgb(0,0,0)">-client-libs-4.7.1-9.el7_5.x86_64
</span><br><span style="font-weight:bold;color:rgb(255,84,84)">samba</span><span style="color:rgb(0,0,0)">-common-tools-4.7.1-9.el7_5.x86_64
</span><br><span style="font-weight:bold;color:rgb(255,84,84)">samba</span><span style="color:rgb(0,0,0)">-common-4.7.1-9.el7_5.noarch
</span><br><span style="font-weight:bold;color:rgb(255,84,84)">samba</span><span style="color:rgb(0,0,0)">-common-libs-4.7.1-9.el7_5.x86_64
</span><br><span style="font-weight:bold;color:rgb(255,84,84)">samba</span><span style="color:rgb(0,0,0)">-vfs-glusterfs-4.7.1-9.el7_5.x86_64
</span><br><span style="font-weight:bold;color:rgb(255,84,84)">samba</span><span style="color:rgb(0,0,0)">-4.7.1-9.el7_5.x86_64</span><br>
<br></span></div><div>It may not be the right way to do it, so I am going to investigate your suggestion and find out if it works for us. I do need your help with answers to some questions below.</div><div><br></div><div>A bit of an explanation on the current setup. Both servers, ysmha01 and ysmha02 are joined against AD using sssd. We are not using winbindd at all.</div><div><br></div><div>For each server, we created a machine account in AD, and we also created a computer account for the "Shared" host name. So we have these 3 computer objects in AD</div><div>ysmha01 10.0.0.6</div><div>ysmha02 10.0.0.7</div><div>ysmserver 10.0.0.1 (this ip is handled by ctdb)</div><div><br></div><div>We are not controlling smb with ctdb (doing it manually).</div><div><br></div><div>Both ysmha01 and ysmha02 were tied to AD using: realm join domain -v unattended</div><div><br></div><div>Then we modified the sssd.conf file as follows:</div><div><br></div><div><span style="font-family:monospace"><span style="color:rgb(0,0,0)"><a href="http://termbin.com/wulh">http://termbin.com/wulh</a></span><br></span></div><div><br></div><div>And restarted sssd and everything works fine getting users and groups.</div><div><br></div><div>We populate uidNumbers and gidNumbers for all users and groups in AD, so the permissions work.</div><div><br></div><div>Then we configured samba to join the domain using the ysmserver machine account and only password (not keytab). So in order to keep the samba information available to both servers, we used the configuration:<br><br><span style="font-family:monospace"><span style="color:rgb(0,0,0)">private dir = /export/etc/samba/private</span><br></span></div><div><br></div><div>Since this is an un-conventional setup, could you explain the process of using both sssd and joining the machine to the AD domain? I am not quite sure I understand how to do that after having used SSSD first. In occasions where I set ysmha01 and ysmha02 as the netbios name for smb.conf and then ran net ads join after realm join, it simply updated the keytab and then sssd would not work anymore. This is why we ended up using the setup above. If you could point to a good process including smb.conf and how to join the machines to the domain, that would be appreciated.</div><div><br></div><div>This is the current config for samba. For the Projects share I had to disable vfs gluster because I had issues with one specific type of files, but it would be really nice if I can clean up all of this and get it to work properly using vfs gluster for all shares.</div><div><br></div><div><span style="font-family:monospace"><span style="color:rgb(0,0,0)"><a href="http://termbin.com/2f64">http://termbin.com/2f64</a></span><br></span></div><div><br></div><div>After replacing the motherboard on ysmha02 and bringing it back up last night, things seem to be working fine so far, but I still see the gluster error messages and I want to fix this and run it properly as it should:</div><div><br></div><div><span style="font-family:monospace"><span style="color:rgb(0,0,0)">[2018-10-05 13:41:21.279685] I [MSGID: 139001] [posix-acl.c:269:posix_acl_log_permit_denied] 0-posix-acl-autoload: cli</span><br>ent: -, gfid: 5b5bed22-ace0-410d-8623-4f1a31069b81, req(uid:1058,gid:513,perm:1,ngrps:3), ctx(uid:0,gid:0,in-groups:0,<br>perm:700,updated-fop:LOOKUP, acl:-) [Permission denied]
<br>[2018-10-05 13:41:21.279758] W [fuse-bridge.c:490:fuse_entry_cbk] 0-glusterfs-fuse: 10521075: LOOKUP() /etc/samba/priv<br>ate/msg.sock/6945 => -1 (Permission denied)
<br>[2018-10-05 13:41:21.279827] W [fuse-bridge.c:490:fuse_entry_cbk] 0-glusterfs-fuse: 10521076: LOOKUP() /etc/samba/priv<br>ate/msg.sock/6945 => -1 (Permission denied)<br></span></div><div><span style="font-family:monospace"><br></span></div><div>The link you sent is broken, but I think it should be:<br><br><a href="https://access.redhat.com/documentation/en-us/red_hat_gluster_storage/3.3/html-single/administration_guide/#sect-SMB_CTDB" target="_blank">https://access.redhat.com/documentation/en-us/red_hat_gluster_storage/3.3/html-single/administration_guide/#sect-SMB_CTDB</a><br></div><div><br></div><div>Thanks<br></div><div><div dir="auto"><br></div><div dir="auto">Diego</div><br><br><div class="gmail_quote"><div dir="ltr">On Thu, Oct 4, 2018, 09:16 Poornima Gurusiddaiah <<a href="mailto:pgurusid@redhat.com" target="_blank">pgurusid@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto"><div dir="ltr"><div dir="ltr"><br><br><div class="gmail_quote"><div dir="ltr">On Tue, Oct 2, 2018 at 5:26 PM Diego Remolina <<a href="mailto:dijuremo@gmail.com" rel="noreferrer noreferrer" target="_blank">dijuremo@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Dear all,<br>
<br>
I have a two node setup running on Centos and gluster version<br>
glusterfs-3.10.12-1.el7.x86_64<br>
<br>
One of my nodes died (motherboard issue). Since I had to continue<br>
being up, I modified the quorum to below 50% to make sure I could<br>
still run on one server.<br>
<br>
The server runs ovirt and 2 VMs on top of a volume called vmstorage. I<br>
also had a third node in the peer list, but never configured it as an<br>
arbiter, so it just comes up in gluster v status. The server also run<br>
a file server with samba to serve files to windows machines.<br>
<br>
The issue is that since starting the server on it's own as the samba<br>
server, I am seeing permission denied errors for the "export" volume<br>
in /var/log/glusterfs/export.log<br>
<br>
The errors look like this and repeat over and over:<br>
<br>
[2018-10-02 11:46:56.327925] I [MSGID: 139001]<br>
[posix-acl.c:269:posix_acl_log_permit_denied] 0-posix-acl-autoload:<br>
client: -, gfid: 5b5bed22-ace0-410d-8623-4f1a31069b81,<br>
req(uid:1051,gid:513,perm:1,ngrps:2),<br>
ctx(uid:0,gid:0,in-groups:0,perm:700,updated-fop:LOOKUP, acl:-)<br>
[Permission denied]<br>
[2018-10-02 11:46:56.328004] W [fuse-bridge.c:490:fuse_entry_cbk]<br>
0-glusterfs-fuse: 20599112: LOOKUP() /etc/samba/private/msg.sock/15149<br>
=> -1 (Permission denied)<br>
[2018-10-02 11:46:56.328185] W [fuse-bridge.c:490:fuse_entry_cbk]<br>
0-glusterfs-fuse: 20599113: LOOKUP() /etc/samba/private/msg.sock/15149<br>
=> -1 (Permission denied)<br>
[2018-10-02 11:47:53.766562] W [fuse-bridge.c:490:fuse_entry_cbk]<br>
0-glusterfs-fuse: 20600590: LOOKUP() /etc/samba/private/msg.sock/15149<br>
=> -1 (Permission denied)<br>
<br>
The gluster volume export is mounted on /export, samba and ctdb are<br>
instructed to use /export/etc/samba/private and /export/lock which is<br>
on the gluster file system for the clustered tdb, etc. However, I keep<br>
getting the log messages that fuse seems to try to access a folder<br>
that does not exist, /etc/samba/private/msg.sock<br></blockquote><div><br></div><div>This is an unconventional setup, the suggested way of clustering samba is as mentioned in [1]. Sharing tdbs using gluster volume can lead to more issues. Has the setup ever worked? Was this setup suggested somewhere?</div><div><br></div><div>[1] <a href="https://access.qa.redhat.com/documentation/en-us/red_hat_gluster_storage/3.3/html-single/administration_guide/#sect-SMB_CTDB" rel="noreferrer noreferrer" target="_blank">https://access.qa.redhat.com/documentation/en-us/red_hat_gluster_storage/3.3/html-single/administration_guide/#sect-SMB_CTDB</a><br></div><div> <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
Why is this, how can I fix it?<br>
<br>
[root@ysmha01 export]# gluster v status export<br>
Status of volume: export<br>
Gluster process TCP Port RDMA Port Online Pid<br>
------------------------------------------------------------------------------<br>
Brick 10.0.1.6:/bricks/hdds/brick 49153 0 Y 3516<br>
Self-heal Daemon on localhost N/A N/A Y 3710<br>
Self-heal Daemon on 10.0.1.5 N/A N/A Y 4380<br>
<br>
Task Status of Volume export<br>
------------------------------------------------------------------------------<br>
There are no active volume tasks<br>
<br>
These are all the volume options currently set:<br>
<br>
<a href="http://termbin.com/1xm5" rel="noreferrer noreferrer noreferrer" target="_blank">http://termbin.com/1xm5</a><br>
<br>
Diego<br>
_______________________________________________<br>
Gluster-users mailing list<br>
<a href="mailto:Gluster-users@gluster.org" rel="noreferrer noreferrer" target="_blank">Gluster-users@gluster.org</a><br>
<a href="https://lists.gluster.org/mailman/listinfo/gluster-users" rel="noreferrer noreferrer noreferrer" target="_blank">https://lists.gluster.org/mailman/listinfo/gluster-users</a><br>
</blockquote></div></div></div></div>
</blockquote></div></div></div>
</div></div>