[gpfsug-discuss] Migrate 3.5 to 4.2 and LTFSEE toSpectrumArchive
Christof Schmitt
christof.schmitt at us.ibm.com
Thu Aug 18 20:43:50 BST 2016
There are a few points to consider here:
CES uses Samba in cluster mode with ctdb. That means that the tdb database
is shared through ctdb on all protocol nodes, and the internal format is
slightly different since it contains additional information for tracking
the cross-node status of the individual records.
Spectrum Scale officially supports the autorid module for internal id
mapping. That approach is different than the older idmap_tdb since it
basically only has one record per AD domain, and not one record per user
or group. This is known to scale better in environments where many users
and groups require id mappings. The downside is that data from idmap_tdb
cannot be directly imported.
While not officially supported Spectrum Scale also ships the idmap_tdb
module.
You could configure authentication and internal id mapping on Spectrum
Scale, and then overwrite the config manually to use the old idmap module
(the idmap-range-size is required, but not relevant later on):
mmuserauth service create ... --idmap-range 1000000-9000000
--idmap-range-size 100000
/usr/lpp/mmfs/bin/net conf setparm global 'idmap config * : backend' tdb
mmdsh -N CesNodes systemctl restart gpfs-winbind
mmdsh -N CesNodes /usr/lpp/mmfs/bin/net cache flush
With the old Samba, export the idmap data to a file:
net idmap dump > idmap-dump.txt
And on a node running CES Samba import that data, and remove any old
cached entries:
/usr/lpp/mmfs/bin/net idmap restore idmap-dump.txt
mmdsh -N CesNodes /usr/lpp/mmfs/bin/net cache flush
Just to be clear: This is untested and if there is a problem with the id
mapping in that configuration, it will likely be pointed to the
unsupported configuration. The way to request this as an official feature
would be through a RFE, although i cannot say whether that would be picked
up by product management.
Another option would be creating the id mappings in the Active Directory
records or in a external LDAP server based on the old mappings, and point
the CES Samba to that data. That would again be a supported configuration.
Regards,
Christof Schmitt || IBM || Spectrum Scale Development || Tucson, AZ
christof.schmitt at us.ibm.com || +1-520-799-2469 (T/L: 321-2469)
From: Shaun Anderson <SAnderson at convergeone.com>
To: Christof Schmitt/Tucson/IBM at IBMUS
Cc: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
Date: 08/18/2016 11:11 AM
Subject: RE: [gpfsug-discuss] Migrate 3.5 to 4.2 and LTFSEE
toSpectrumArchive
Correct. We are upgrading their existing configuration and want to switch
to CES provided Samba.
They are using Samba 3.6.24 currently on RHEL 6.6.
Here is the head of the smb.conf file:
===================================================
[global]
workgroup = SL1
netbios name = SLTLTFSEE
server string = LTFSEE Server
realm = removed.ORG
security = ads
encrypt passwords = yes
default = global
browseable = no
socket options = TCP_NODELAY SO_KEEPALIVE TCP_KEEPCNT=4
TCP_KEEPIDLE=240 TCP_KEEPINTVL=15
idmap config * : backend = tdb
idmap config * : range = 1000000-9000000
template shell = /bash/bin
writable = yes
allow trusted domains = yes
client ntlmv2 auth = yes
auth methods = guest sam winbind
passdb backend = tdbsam
groupdb:backend = tdb
interfaces = eth1 lo
username map = /etc/samba/smbusers
map to guest = bad uid
guest account = nobody
=====================================================
Does that make sense?
Regards,
SHAUN ANDERSON
STORAGE ARCHITECT
O 208.577.2112
M 214.263.7014
-----Original Message-----
From: gpfsug-discuss-bounces at spectrumscale.org [
mailto:gpfsug-discuss-bounces at spectrumscale.org] On Behalf Of Christof
Schmitt
Sent: Thursday, August 18, 2016 11:50 AM
To: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
Subject: Re: [gpfsug-discuss] Migrate 3.5 to 4.2 and LTFSEE
toSpectrumArchive
Samba as supported in Spectrum Scale uses the "autorid" module for
creating internal id mappings (see man idmap_autorid for some details).
Officially supported are also methods to retrieve id mappings from an
external server:
https://www.ibm.com/support/knowledgecenter/en/STXKQY_4.2.1/com.ibm.spectrum.scale.v4r21.doc/bl1adm_adfofile.htm
The earlier email states that they have a " .tdb backend for id mapping on
their current server. ". How exactly is that configured in Samba? Which
Samba version is used here?
So the plan is to upgrade the cluster, and then switch to the Samba
version provided with CES? Should the same id mappings be used?
Regards,
Christof Schmitt || IBM || Spectrum Scale Development || Tucson, AZ
christof.schmitt at us.ibm.com || +1-520-799-2469 (T/L: 321-2469)
From: Shaun Anderson <SAnderson at convergeone.com>
To: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
Date: 08/17/2016 06:52 PM
Subject: Re: [gpfsug-discuss] Migrate 3.5 to 4.2 and LTFSEE to
Spectrum Archive
Sent by: gpfsug-discuss-bounces at spectrumscale.org
We are currently running samba on the 3.5 node, but wanting to migrate
everything into using CES once we get everything up to 4.2.
SHAUN ANDERSON
STORAGE ARCHITECT
O 208.577.2112
M 214.263.7014
From: gpfsug-discuss-bounces at spectrumscale.org
<gpfsug-discuss-bounces at spectrumscale.org> on behalf of Yaron Daniel
<YARD at il.ibm.com>
Sent: Wednesday, August 17, 2016 5:11 PM
To: gpfsug main discussion list
Subject: Re: [gpfsug-discuss] Migrate 3.5 to 4.2 and LTFSEE to Spectrum
Archive
Hi
Do u use CES protocols nodes ? Or Samba on each of the Server ?
Regards
Yaron Daniel
94 Em Ha'Moshavot Rd
Server, Storage and Data Services- Team Leader
Petach Tiqva, 49527
Global Technology Services
Israel
Phone:
+972-3-916-5672
Fax:
+972-3-916-5672
Mobile:
+972-52-8395593
e-mail:
yard at il.ibm.com
IBM Israel
From: Shaun Anderson <SAnderson at convergeone.com>
To: "gpfsug-discuss at spectrumscale.org"
<gpfsug-discuss at spectrumscale.org>
Date: 08/18/2016 12:11 AM
Subject: [gpfsug-discuss] Migrate 3.5 to 4.2 and LTFSEE to Spectrum
Archive
Sent by: gpfsug-discuss-bounces at spectrumscale.org
I am in process of migrating from 3.5 to 4.2 and LTFSEE to Spectrum
Archive.
1 node cluster (currently) connected to V3700 storage and TS4500 backend.
We have upgraded their 2nd node to 4.2 and have successfully tested
joining the domain, created smb shares, and validated their ability to
access and control permissions on those shares.
They are using .tdb backend for id mapping on their current server.
I'm looking to discuss with someone the best method of migrating those tdb
databases to the second server, or understand how Spectrum Scale does id
mapping and where it stores that information.
Any hints would be greatly appreciated.
Regards,
SHAUN ANDERSON
STORAGE ARCHITECT
O208.577.2112
M214.263.7014
NOTICE: This email message and any attachments here to may contain
confidential
information. Any unauthorized review, use, disclosure, or distribution of
such
information is prohibited. If you are not the intended recipient, please
contact
the sender by reply email and destroy the original message and all copies
of it._______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss
NOTICE: This email message and any attachments here to may contain
confidential
information. Any unauthorized review, use, disclosure, or distribution of
such
information is prohibited. If you are not the intended recipient, please
contact
the sender by reply email and destroy the original message and all copies
of it._______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss
_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss
NOTICE: This email message and any attachments here to may contain
confidential
information. Any unauthorized review, use, disclosure, or distribution of
such
information is prohibited. If you are not the intended recipient, please
contact
the sender by reply email and destroy the original message and all copies
of it.
More information about the gpfsug-discuss
mailing list