Samba主备服务部署
环境准备
服务器配置
| 服务器 | IP地址 | 类型 | 配置 |
|---|---|---|---|
| 主server | 172.253.60.51 | Centos 7.5 | 1c2G 100G |
| 备server | 172.253.60.253 | Centos 7.5 | 1c2G 100G |
| VIP | 172.253.60.8 | VIP地址 |
准备操作系统
最小化安装操作系统
配置yum源
repo文件如下:
# CentOS-Base.repo
[base]
name=CentOS-$releasever
failovermethod=priority
baseurl=http://172.253.60.1/centos75/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
数据盘分区及格式化
[root@samba-master ~]# pvcreate /dev/sdb
[root@samba-master ~]# vgcreate data /dev/sdb
[root@samba-master ~]# lvcreate -l 100%VG -n samba data
[root@samba-master ~]# mkfs.xfs /dev/mapper/data-samba
[root@samba-master ~]# mkdir -p /data/samba/
[root@samba-master ~]# echo "/dev/mapper/data-samba /data/samba xfs defaults,usrquota,grpquota 1 1" >> /etc/fstab
[root@samba-master ~]# mount -a
[root@samba-master ~]# chmod 777 /data/samba/
关闭selinux
[root@samba-master ~]# vi /etc/selinux/config
SELINUX=disabled
配置hosts
[root@samba-master ~]# vi /etc/hosts
172.253.60.51 samba-master
172.253.60.253 samba-slave
安装及配置samba
安装samba
[root@samba-master ~]# yum instal -y samba
配置samba
修改配置文件/etc/smb.conf
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.
[global]
config file = /etc/samba/%G.smb.conf
workgroup = SAMBA
max connections = 0
deadtime = 600
log file = /var/log/samba/log.%m
max log size = 50
security = user
passdb backend = smbpasswd
smb passwd file = /etc/samba/smbpasswd
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
netbios name = server-share
ntlm auth = yes
配置samba服务
[root@samba-master ~]# systemctl start smb
[root@samba-master ~]# systemctl enable smb
配置防火墙
[root@samba-master ~]# firewall-cmd --permanent --add-port=139/tcp
[root@samba-master ~]# firewall-cmd --permanent --add-port=445/tcp
[root@samba-master ~]# firewall-cmd --permanent --add-port=137/udp
[root@samba-master ~]# firewall-cmd --permanent --add-port=138/udp
[root@samba-master ~]# firewall-cmd --reload
安装及配置keepalived
安装keepalived
在两台机器上安装keepalived
[root@samba-master ~]# yum install -y keepalived
配置防火墙
[root@samba-master ~]# firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --in-interface ens192 --protocol vrrp -j ACCEPT
[root@samba-master ~]# firewall-cmd --reload
Samba-master配置
keepalived配置
修改/etc/keepalived/keepalived.conf
global_defs {
router_id Samba-HA
}
vrrp_script check_samba {
script "/etc/keepalived/bin/check_samba.sh"
interval 22
weight 2
}
vrrp_sync_group VG1 {
group {
VI_10
}
}
vrrp_instance VI_10 {
state BACKUP
interface ens192
virtual_router_id 101
priority 100
advert_int 1
nopreempt
authentication {
auth_type PASS
auth_pass 112233
}
track_script {
check_samba
}
virtual_ipaddress {
172.253.60.8
}
notify_master "/etc/keepalived/bin/rsync.sh"
notify_stop "/etc/keepalived/bin/shutdown.sh"
}
配置检测脚本
[root@samba-master ~]# mkdir -p /etc/keepalived/bin/
配置check_samba.sh脚本
#!/bin/bash
# author duke
run=`ps -C smbd --no-header | wc -l`
if [ $run -eq 0 ];then
systemctl stop smb
systemctl start smb
sleep 3
if [ `ps -C smbd --no-header | wc -l` ];then
killall keepalived
fi
fi
配置shutdown.sh脚本
#!/bin/bash
# author duke
systemctl stop keepalived
ps -C sync.sh --no-header|awk '{print $1}'|xargs kill
配置rsync.sh脚本
#!/bin/bash
# author duke
/etc/keepalived/bin/sync.sh &
配置sync.sh脚本
#!/bin/bash
# author duke
while true; do
/usr/bin/rsync -arzuq --delete /samba/data 172.253.60.253::dest_part/
/usr/bin/rsync -arzuq --delete /samba/data 172.253.60.253::dest_part/
sleep 5
done
配置脚本权限
[root@samba-slave ~]# chmod a+x /etc/keepalived/bin/*
Samba-slave配置
keepalived配置
修改/etc/keepalived/keepalived.conf
global_defs {
router_id Samba-HA
}
vrrp_script check_samba {
script "/etc/keepalived/bin/check_samba.sh"
interval 22
weight 2
}
vrrp_sync_group VG1 {
group {
VI_10
}
}
vrrp_instance VI_10 {
state BACKUP
interface ens192
virtual_router_id 101
priority 50
advert_int 1
nopreempt
authentication {
auth_type PASS
auth_pass 112233
}
track_script {
check_samba
}
notify_stop /etc/keepalived/bin/shutdown.sh
virtual_ipaddress {
172.253.60.8
}
}
配置检测脚本权限
[root@samba-slave ~]# mkdir -p /etc/keepalived/bin/
配置check_samba.sh脚本
#!/bin/bash
# author duke
run=`ps -C smbd --no-header | wc -l`
if [ $run -eq 0 ];then
systemctl stop smb
systemctl start smb
sleep 3
if [ `ps -C smbd --no-header | wc -l` ];then
killall keepalived
fi
fi
配置shutdown.sh脚本
#!/bin/bash
# author duke
systemctl stop keepalived
配置检测脚本权限
[root@samba-slave ~] # chmod a+x /etc/keepalived/bin/*
安装及配置rsync
安装rsync
在两台机器上安装rsync
[root@samba-master ~]# yum install -y rsync
[root@samba-slave ~]# yum install -y rsync
配置防火墙
[root@samba-slave ~]# firewall-cmd --permanent --add-port=873/tcp
[root@samba-slave ~]# firewall-cmd --reload
配置rsync
在Samba-slave上配置rsyncd
修改/etc/rsyncd.conf
# /etc/rsyncd: configuration file for rsync daemon mode
# See rsyncd.conf man page for more options.
# configuration example:
uid = root
gid = root
use chroot = no
max connections = 10
hosts allow = 172.253.60.51
strict modes = yes
pid file=/var/run/rsyncd.pid
lock file=/var/run/rsyncd.lock
log file= =/var/log/rsyncd.log
[dest_part]
path= /data/samba
comment= analyse
read only = false
hosts allow = *
启动rsyncd服务
[root@samba-slave ~]# systemctl start rsyncd
[root@samba-slave ~]# systemctl enable rsyncd
启动keepalived服务
在Master和Slave上启动keepalived服务
[root@samba-master ~]# systemctl start keepalived
[root@samba-master ~]# systemctl enable keepalived
[root@samba-slave ~]# systemctl start keepalived
[root@samba-slave ~]# systemctl enable keepalived
Samba管理
创建用户及用户组
修改/etc/group文件,添加用户组
sambagroup1:x:1001:
sambagroup2:x:1002:
sambagroup3:x:1003:
修改/etc/passwd文件,添加用户,并根据UID关联用户组
samba1:x:1000:1001:samba1测试:/home:/sbin/nologin
samba2:x:1001:1001:samba2测试:/home:/sbin/nologin
samba3:x:1002:1002:samba3测试:/home:/sbin/nologin
samba4:x:1003:1002:samba4测试:/home:/sbin/nologin
samba5:x:1004:1003:samba3测试:/home:/sbin/nologin
samba6:x:1005:1003:samba4测试:/home:/sbin/nologin
添加用户为samba用户
添加用户为samba用户并设置密码
[root@samba-master ~]# smbpasswd -a samba1
[root@samba-master ~]# smbpasswd -a samba2
[root@samba-master ~]# smbpasswd -a samba3
[root@samba-master ~]# smbpasswd -a samba4
[root@samba-master ~]# smbpasswd -a samba5
[root@samba-master ~]# smbpasswd -a samba6
为每个组配置共享
为每个用户组创建/etc/samba/组名.smb.conf
sambagroup1
# sambagroup1 conf
[samba1]
comment = samba1
path = /data/samba/samba1
browseable = yes
available = yes
valid users = @sambagroup1
writable = yes
read list = @sambagroup1
write list = @sambagroup1
create mask = 660
directory mask = 770
public = no
sambagroup2
# sambagroup2 conf
[samba2]
comment = samba2
path = /data/samba/samba2
browseable = yes
available = yes
valid users = @sambagroup2
writable = yes
read list = @sambagroup2
write list = @sambagroup2
create mask = 660
directory mask = 770
public = no
sambagroup3
# sambagroup3 conf
[samba3]
comment = samba3
path = /data/samba/samba3
browseable = yes
available = yes
valid users = @sambagroup3
writable = yes
read list = @sambagroup3
write list = @sambagroup3
create mask = 660
directory mask = 770
public = no
为共享目录设置权限
以共享samba1所在目录/data/samba/samba1为例
设定初始权限(所有用户均不能访问任何子目录子文件)
[root@samba-master ~]#setfacl -R -m g:sambagroup1:--- data/samba/samba1
[root@samba-master ~]#setfacl -m g:sambagroup1:r-x data/samba/samba1
设定指定目录可用权限(可写)
[root@samba-master ~]#setfacl -R -m u:samba1:rwx data/samba/samba1/dir1
设定指定目录可用权限(可读)
[root@samba-master ~]#setfacl -R -m u:samba2:rxx data/samba/samba1/dir1
设定指定目录默认权限(可写)
[root@samba-master ~]#setfacl -R -m d:u:samba1:rwx data/samba/samba1/dir1
设定指定目录默认权限(只读)
[root@samba-master ~]#setfacl -R -m d:u:samba2:r-x data/samba/samba1/dir1
同步配置
同步samba-master和samba-slave的配置,主要有以下:
/etc/passwd
/etc/group
/etc/samba/*
网友评论