Setting up CTDB with other services: Difference between revisions
(Created page with "= Introduction = CTDB can be used to cluster services other than Samba and NFS. CTDB comes with event scripts for handling some of these services. Configuring some of these...") |
|||
Line 15: | Line 15: | ||
== nsswitch.conf and PAM configuration == |
== nsswitch.conf and PAM configuration == |
||
Some Unix or Linux services need to be configured to authenticate users against the same backend being used for SMB. In this case Samba's windbind component will need to be used. |
|||
For details, see [[Setting up Samba as a Domain Member#Configuring the Name Service Switch | Configuring the Name Service Switch]] |
For details, see [[Setting up Samba as a Domain Member#Configuring the Name Service Switch | Configuring the Name Service Switch]] |
Revision as of 00:57, 15 October 2019
Introduction
CTDB can be used to cluster services other than Samba and NFS. CTDB comes with event scripts for handling some of these services. Configuring some of these is described below.
Note: These services are not as well tested as the core Samba and NFS services. Feel free to ask questions on mailing lists and/or provide patches.
Prerequisites
- Basic CTDB configuration
- Setting up a cluster filesystem
- Configuring the CTDB recovery lock (recommended)
- Adding public IP addresses (or some other failover/load balancing scheme)
Common instructions
nsswitch.conf and PAM configuration
Some Unix or Linux services need to be configured to authenticate users against the same backend being used for SMB. In this case Samba's windbind component will need to be used.
For details, see Configuring the Name Service Switch and Authenticating Domain Users Using PAM.
On Red Hat style systems, a command like the following can be useful:
authconfig --update --nostart \ --enablewinbindauth --enablewinbind --enablekrb5 \ --krb5kdc=<kdc>.<domain> \ --krb5realm=<domain>
substituting appropriate values from <kdc>
and <domain>
.
Restart CTDB
After a configuring CTDB to manage a new service it may be necessary to restart CTDB.
FTP using vsftpd
vsftpd
is an FTP server available on various Linux distributions and other platforms.
Configure CTDB to manage vsftpd
The vsftpd event script must be enabled:
ctdb event script enable legacy 40.vsftpd
CTDB will manage and start/stop/restart the vsftpd services, so the operating system should be configured so these are not started/stopped automatically.
Samba configuration
Users will require a shell and home directory to log in to the FTP server.
The following Samba global configuration parameters can be used to provide these:
template shell = /bin/bash template homedir = /<shared storage>/homedir/%D/%U
A more secure solution could use something like rssh
and a home directory that uses a chroot
:
template shell = /usr/bin/rssh template homedir = /var/local/vsftp-chroot
The home directory must exist or the user will not be able to log in with FTP.
Antivirus with ClamAV
ClamAV is a free and open source antivirus solution.
Configure CTDB to manage clamd
The clamd event scripts must be enabled:
ctdb event script enable legacy 31.clamd
CTDB will manage and start/stop/restart the vsftpd services, so the operating system should be configured so these are not started/stopped automatically.
The CTDB_CLAMD_SOCKET
script variable must be set in either script.options
or 31.clamd.options
file. For example:
CTDB_CLAMD_SOCKET=/var/run/clamd.socket