Difference between revisions of "Directory Replication"
m (→DNS Configuration (Optional))
|Line 57:||Line 57:|
Revision as of 04:30, 15 January 2013
The following is a simple configuration for synchronizing the directories of two Linux servers that are tied to Samba shares. This can be looked at as a very simple implementation of directory replication, including the "poor mans" namespace. In this configuration, we use a third a party program called Unison to implement simple two way replication between servers. More information about Unison, including detailed manuals and setup information can be found on their website.
In this setup, we will be using two servers that utilize the local Linux authentication scheme (/etc/passwd, /etc/group, /etc/shadow, and so directories). In large environments with many users, it is recommended to use external authentication schemes like LDAP. In our case, with our limited number of users, we will be using local authentication.
We will be creating SSH keys between the two Linux servers that Unison will utilize to establish SSH sessions. A good guide can be found here
Next, we will create a simple command that replicates the content of the directories, along with attributes like permissions and ownership.
After we have a solid synchronization running, we will then want to create duplicates of the Samba share configurations so that the shares are available independent of what server we connect to.
The DNS configuration is optional, but it will allow us to be able to type one hostname and connect to either server.
This software should be installed on your servers before you begin the configuration process.
Unison (Most distributions include a precompiled version. The source code can be found here
An SSH Server (check your specific distribution's manual for more information)
Bind 9 (optional) (Most distributions include a precompiled version. The source code can be found here
We will now begin the setup the setup.
This step can be skipped if you want the synchronized files and folder to inherit the owner and group permissions of the account that initializes the synchronization.In most cases, though, you will want the permissions and attributes to sync as well.
This step can also be skipped for larger setups using LDAP.
As mentioned earlier, in environments with many users and groups, an LDAP backup is a good choice to synchronize the users between the Linux servers, in this tutorial, we will be manually synchronizing the UIDs and GIDs of the users and groups that utilize the file servers.
On both Linux servers, open up the files /etc/passwd and /etc/group so that we can see the UIDs and GIDs. Note the users that will be utilizing the file server. We are not referring to automatically created user accounts that manage programs that are created during installation, but we are referring to user accounts made later for specific users.
The fist thing that we need to do is add the users from both servers to the opposite server. Looking at the user accounts, you should type the following for each user that you dont see in the other server
useradd -u xxx username
If there are users present that have different UIDs, you can type the following to modify them so that they match.
usermod -u xxx username
xxx refers to the UID of the user. This should match that of the other server
When this is done, you should then repeat the exact process above with the groups using the groupadd and groupmod commands
Your UIDs and GIDs should now match for the users and groups that you have created.
A good tutorial for creating and exporting SSH keys can be found here
We do not want to include passwords on our keys since we want the SSH connections to be able to be run automatically.
We want the SSH keys be be made on a user account that has full permission over the synchronized directories.
For our Unison configuration, you will need to go over all the different options that Unison provides to make a command that fits your needs. The following is a simple command that can be run to synchronize your directories.
unison -batch -owner -group /replication/directory ssh://x.x.x.x//replication/directory
This command runs the unison command with the batch, owner, and group options. It replicates the the /replication/directory/ on the local computer, with that on the remote
DNS Configuration (Optional)
This step assumes that you have a Bind DNS server configured and managing a zone that includes your two Samba server.
Up to this point, you are able to access your synchronized data via server1.yourdomain.com and server2.yourdomain.com. This step allows you to access both servers via one DNS name. For instance, adding the following records allows you to access either server under one name. If one of the servers is down, your computer should automatically connect to the other.
cluster IN A 192.168.0.2 cluster IN A 192.168.0.3
By typing cluster.yourdomain.com, you would be able to connect to either of your servers, depending on whichever one you resolve first