Setting up CTDB with other services

Revision as of 02:04, 29 September 2019 by MartinSchwenke (talk | contribs) (Created page with "= Introduction = CTDB can be used to cluster services other than Samba and NFS. CTDB comes with event scripts for handling some of these services. Configuring some of these...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Introduction

CTDB can be used to cluster services other than Samba and NFS. CTDB comes with event scripts for handling some of these services. Configuring some of these is described below.

Note: These services are not as well tested as the core Samba and NFS services. Feel free to ask questions on mailing lists and/or provide patches.

Prerequisites

Common instructions

nsswitch.conf and PAM configuration

To allow standard Unix or Linux style services to authenticate users against the same backend being used for SMB, Samba's windbind component will need to be used.

For details, see Configuring the Name Service Switch and Authenticating Domain Users Using PAM.

On Red Hat style systems, a command like the following can be useful:

   authconfig --update --nostart \
     --enablewinbindauth --enablewinbind --enablekrb5 \
     --krb5kdc=<kdc>.<domain> \
     --krb5realm=<domain>

substituting appropriate values from <kdc> and <domain>.

Restart CTDB

After a configuring CTDB to manage a new service it may be necessary to restart CTDB.

FTP using vsftpd

vsftpd is an FTP server available on various Linux distributions and other platforms.

Configure CTDB to manage vsftpd

The vsftpd event script must be enabled:

 ctdb event script enable legacy 40.vsftpd

CTDB will manage and start/stop/restart the vsftpd services, so the operating system should be configured so these are not started/stopped automatically.

Samba configuration

Users will require a shell and home directory to log in to the FTP server.

The following Samba global configuration parameters can be used to provide these:

 template shell = /bin/bash
 template homedir = /<shared storage>/homedir/%D/%U

A more secure solution could use something like rssh and a home directory that uses a chroot:

 template shell = /usr/bin/rssh
 template homedir = /var/local/vsftp-chroot

The home directory must exist or the user will not be able to log in with FTP.

Antivirus with ClamAV

ClamAV is a free and open source antivirus solution.

Configure CTDB to manage clamd

The clamd event scripts must be enabled:

 ctdb event script enable legacy 31.clamd

CTDB will manage and start/stop/restart the vsftpd services, so the operating system should be configured so these are not started/stopped automatically.

The CTDB_CLAMD_SOCKET script variable must be set in either script.options or 31.clamd.options file. For example:

 CTDB_CLAMD_SOCKET=/var/run/clamd.socket