414 lines
9.5 KiB
Plaintext
414 lines
9.5 KiB
Plaintext
{{beinhaltet Abweichungen von der Realität}}
|
|
|
|
{{NiftyDiv|
|
|
Farbe=#aafd72|
|
|
Inhalt=
|
|
c3d2-networking Skript unterstützt unter Debian das mounten vom HQ Storage Server per smb,nfs,webdav,sshfs
|
|
|
|
* [[HQ/c3d2-networking]]
|
|
}}
|
|
|
|
|
|
[[Server/freebert]] is gone!
|
|
|
|
== Hardware ==
|
|
Virtualisiert durch [[Server/freebert/FreeBSD]]
|
|
|
|
== Software Info ==
|
|
FreeBSD Jail Container
|
|
* minidlna
|
|
* nfs(3)
|
|
* samba(4)
|
|
* ftp (in arbeit)
|
|
|
|
== Verwendungszweck ==
|
|
* DLNA Sharing
|
|
* File Sharing
|
|
|
|
== HOST: FreeBSD NFS Export / ZFS sharenfs ==
|
|
|
|
<source lang=bash>
|
|
vi /etc/rc.conf
|
|
|
|
rpcbind_enable="YES"
|
|
nfs_server_enable="YES"
|
|
mountd_flags="-r"
|
|
rpc_lockd_enable="YES"
|
|
rpc_statd_enable="YES"
|
|
</source>
|
|
|
|
dirkter ZFS Export
|
|
|
|
<source lang=bash>
|
|
zfs set sharenfs="-maproot=root -network=172.22.0.0 -mask=255.255.0.0" zroot/storage/rpool
|
|
</source>
|
|
|
|
(fstab beispiel)
|
|
<source lang=bash>172.22.99.10:/mnt/zroot/storage/rpool /mnt/freebert.nfs nfs noauto,soft,noatime,acl,users,timeo=15 0 0</source>
|
|
|
|
|
|
ZFS Clone Stand:
|
|
|
|
<source lang=bash>
|
|
zfs clone zroot/storage/c3d2@_0009_system_07.04.2014 zroot/ezjail/storage.hq.c3d2.de/rpool
|
|
</source>
|
|
|
|
== NFS Import unter Linux ==
|
|
|
|
<source lang=bash>
|
|
apt-get install nfs-common portmap
|
|
</source>
|
|
|
|
mount:
|
|
|
|
<source lang=bash>
|
|
mkdir /freebert-nfs
|
|
|
|
showmount -e 172.22.99.10
|
|
|
|
mount -t nfs 172.22.99.10:/mnt/zroot/storage/rpool /freebert-nfs -o soft,timeo=15,noatime
|
|
</source>
|
|
setting noatime is not recomended if you want to use mutt inside your nfs mountpoint.
|
|
|
|
entry for <code>mount -a</code> in /etc/fstab:
|
|
:<code>172.22.99.10:/mnt/zroot/storage/rpool /freebert-nfs nfs noauto,user,soft,timeo=15,noatime 0 0</code>
|
|
|
|
== NFS Import unter FreeBSD ==
|
|
|
|
<source lang=bash>
|
|
vi /etc/rc.conf
|
|
|
|
nfs_client_enable="YES"
|
|
</source>
|
|
|
|
mount:
|
|
|
|
<source lang=bash>
|
|
mount 172.22.99.10:/mnt/zroot/storage/rpool /freebert-nfs
|
|
</source>
|
|
|
|
|
|
== NFS Import unter MacOS X ==
|
|
|
|
<source lang=bash>
|
|
Finder -> Gehe zu -> Mit Server verbinden (Apfel+K)
|
|
|
|
|
|
nfs://172.22.99.10/mnt/zroot/storage/rpool
|
|
</source>
|
|
|
|
|
|
bei Problemen mit Schreibrechten ->
|
|
|
|
|
|
<source lang=bash>
|
|
mkdir freebert-nfs
|
|
|
|
sudo mount -t nfs -o resvport,bg,nfc,nolocks,locallocks,intr,soft,wsize=32768,rsize=3276 172.22.99.10:/mnt/zroot/storage/rpool /Users/<DEIN NAME>/freebert-nfs
|
|
</source>
|
|
|
|
|
|
Finder mit ROOT-Rechten!
|
|
|
|
|
|
<source lang=bash>
|
|
sudo /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder
|
|
</source>
|
|
|
|
|
|
== NFS Import unter Windows (8) ==
|
|
|
|
<source lang=bash>
|
|
Systemsteuerung -> Programme und Features (aktivieren/deaktivieren) -> Dienste für NFS (Client/Verwaltung) installieren
|
|
|
|
Computer -> (Kontextmenü) Netzwerkadresse hinzufügen
|
|
|
|
|
|
\\172.22.99.10\mnt\zroot\storage\rpool
|
|
</source>
|
|
|
|
|
|
== DLNA ==
|
|
|
|
=== Berechtigungen für DLNA setzen ===
|
|
|
|
bei Änderungen / Upload bitte ein:
|
|
|
|
<source lang=bash>
|
|
chown 1003:1003: ~/file
|
|
</source>
|
|
|
|
=== Index für Fernseher neu schreiben ===
|
|
|
|
Um die DB (<code>/var/db/minidlna/files.db</code>) neu zu schreiben muss diese
|
|
|
|
* gelöscht/überschrieben werden
|
|
* während der Service nicht aktiv ist,
|
|
* bei Neustart wird sie neu geschrieben (dauert ca. 20min)
|
|
|
|
Dies wurde hier teilweise durch eine zweite Instanz umgangen.
|
|
|
|
das Script: unter <code>/usr/local/bin/minidlna_scan</code>:
|
|
<source lang=bash>
|
|
#!/bin/sh
|
|
# simple but buggy
|
|
#service minidlna stop
|
|
#rm /var/db/minidlna/files.db
|
|
#service minidlna start
|
|
# should do like that
|
|
#configure 2nd service just for rescanning
|
|
#start service 2nd instance with another pid
|
|
#start for rescanning the filestructure
|
|
#stop 2nd service and delete pid
|
|
#copy files.db over the existing one
|
|
#send sighub to dlna-process to make him use the new files.db
|
|
#
|
|
### ### ### C3D2 ### ### ###
|
|
|
|
PID=($(ps -ax | grep "/var/run/minidlna/minidlna_scan.pid -R" | head -1 | awk '{print $1}'))
|
|
|
|
# stage0
|
|
/usr/local/sbin/minidlnad -u dlna -f /usr/local/etc/minidlna_scan.conf -P /var/run/minidlna/minidlna_scan.pid -R
|
|
# stage1
|
|
### ps -ax | grep "/var/run/minidlna/minidlna_scan.pid -R" | head -1 | awk '{print $1}' | xargs -L 1 kill -9
|
|
# stage2
|
|
#cp -prfv /var/db/minidlna_scan /var/db/minidlna
|
|
# stage3
|
|
#pkill -HUP /var/run/minidlna/minidlna.pid
|
|
|
|
while ps -p ${PID[*]}; do sleep 1; done ; cp -prfv /var/db/minidlna_scan/* /var/db/minidlna/; pkill -HUP /var/run/minidlna/minidlna.pid
|
|
|
|
### ### ### C3D2 ### ### ###
|
|
# EOF
|
|
</source>
|
|
|
|
== Jail: Samba 4 ==
|
|
|
|
=== Samba4 Installation ===
|
|
|
|
* Samba 4.1 hat derzeit ein kaputtes s3fs, daher 4.0
|
|
|
|
|
|
<source lang=bash>
|
|
cd /usr/ports/net/samba4/ && make install clean
|
|
</source>
|
|
|
|
|
|
@HOST - Samba4 ADS sysvol Kompatibilität per UFS ZVOL
|
|
|
|
<source lang=bash>
|
|
rm -rfv /usr/jails/storage.hq.c3d2.de/var/db/samba4
|
|
zfs create -p -V 10g zroot/ezjail/storage.hq.c3d2.de/samba4db
|
|
newfs -U -O2 /dev/zvol/zroot/ezjail/storage.hq.c3d2.de/samba4db
|
|
mkdir /usr/jails/storage.hq.c3d2.de/var/db/samba4
|
|
mount -o acls /dev/zvol/zroot/ezjail/storage.hq.c3d2.de/samba4db /usr/jails/storage.hq.c3d2.de/var/db/samba4
|
|
zfs set aclmode=passthrough zroot/ezjail/storage.hq.c3d2.de/rpool
|
|
zfs set aclinherit=passthrough zroot/ezjail/storage.hq.c3d2.de/rpool
|
|
</source>
|
|
|
|
|
|
ZVOL auf dem FreeBSD HOST mounten lassen
|
|
|
|
<source lang=bash>
|
|
vi /etc/fstab
|
|
|
|
# Device Mountpoint FStype Options Dump Pass#
|
|
/dev/gpt/swap0 none swap sw 0 0
|
|
#/dev/gpt/swap1 none swap sw 0 0
|
|
#/dev/gpt/swap2 none swap sw 0 0
|
|
#/dev/gpt/swap3 none swap sw 0 0
|
|
### ### ### C3D2 ### ### ###
|
|
proc /proc procfs rw 0 0
|
|
/dev/zvol/zroot/ezjail/storage.hq.c3d2.de/samba4db /usr/jails/storage.hq.c3d2.de/var/db/samba4 ufs rw,acls 1 1
|
|
### ### ### C3D2 ### ### ###
|
|
# EOF
|
|
</source>
|
|
|
|
=== Samba4 Provisionierung ===
|
|
|
|
<source lang=bash>
|
|
/usr/local/bin/samba-tool domain provision --use-rfc2307 --use-xattrs=yes --function-level=2008_R2 --realm=HQ.C3D2.DE --domain=HQ --adminpass='geheim' --server-role='dc' --dns-backend=SAMBA_INTERNAL
|
|
</source>
|
|
|
|
=== Samba4 Config ===
|
|
|
|
vi /usr/local/etc/smb4.conf
|
|
|
|
<source lang=bash>
|
|
### ### ### C3D2 ### ### ###
|
|
|
|
# Global parameters
|
|
[global]
|
|
workgroup = HQ
|
|
realm = HQ.C3D2.DE
|
|
netbios name = STORAGE
|
|
server role = active directory domain controller
|
|
idmap_ldb:use rfc2307 = yes
|
|
### dns forwarder = 172.22.99.51
|
|
|
|
server services = -smb +s3fs -nbt
|
|
dcerpc endpoint servers = -winreg -srvsvc
|
|
|
|
### ### ### C3D2 ### ### ###
|
|
#
|
|
server string = %h - FreeBSD ZFS Server
|
|
|
|
interfaces = 172.22.99.52
|
|
bind interfaces only = Yes
|
|
|
|
# disable printer support
|
|
disable spoolss = Yes
|
|
|
|
# allow dynamic dns update / true = nonsecure + signed
|
|
allow dns updates = signed
|
|
|
|
# freebsd specific
|
|
nsupdate command = /usr/local/bin/samba-nsupdate -g
|
|
|
|
# added to allow asynchronous I/O (make sure to load the kernel module aio)
|
|
aio read size = 16384
|
|
aio write size = 16384
|
|
|
|
### ### # server options
|
|
|
|
server min protocol = NT1
|
|
server max protocol = SMB3
|
|
|
|
disable netbios = Yes
|
|
smb ports = 445
|
|
|
|
server signing = auto
|
|
|
|
# protocol stream encryption for smbclient
|
|
smb encrypt = auto
|
|
|
|
### ### # client options (for local services / smbclient etc.)
|
|
|
|
client min protocol = NT1
|
|
client max protocol = SMB3
|
|
|
|
client ldap sasl wrapping = seal
|
|
|
|
client signing = auto
|
|
client schannel = auto
|
|
|
|
lanman auth = No
|
|
ntlm auth = No
|
|
client use spnego = Yes
|
|
client ntlmv2 auth = Yes
|
|
client lanman auth = No
|
|
client plaintext auth = No
|
|
|
|
### experimental ###
|
|
###
|
|
### dsdb:schema update allowed = Yes
|
|
###
|
|
### experimental ###
|
|
|
|
#
|
|
### ### ### C3D2 ### ### ###
|
|
|
|
[netlogon]
|
|
path = /var/db/samba4/sysvol/hq.c3d2.de/scripts
|
|
read only = No
|
|
browseable = no
|
|
|
|
[sysvol]
|
|
path = /var/db/samba4/sysvol
|
|
read only = No
|
|
browseable = no
|
|
|
|
### ### ### C3D2 ### ### ###
|
|
|
|
[rpool]
|
|
path = /rpool
|
|
|
|
valid users = k-ot
|
|
map acl inherit = yes
|
|
browseable = yes
|
|
public = yes
|
|
writable = yes
|
|
posix locking = yes
|
|
create mask = 0664
|
|
directory mask = 0775
|
|
strict locking = no
|
|
store dos attributes = yes
|
|
|
|
### nt acl support = yes
|
|
### csc policy = disable
|
|
|
|
inherit acls = Yes
|
|
inherit owner = no
|
|
inherit permissions = no
|
|
map archive = No
|
|
map readonly = no
|
|
vfs objects = shadow_copy2, zfsacl
|
|
nfs4:mode = special
|
|
nfs4:acedup = merge
|
|
nfs4:chown = yes
|
|
|
|
shadow: format = -CRON-%Y.%m.%d-%H.%M
|
|
shadow: sort = desc
|
|
shadow: snapdir = .zfs/snapshot
|
|
|
|
### ### ### C3D2 ### ### ###
|
|
# EOF
|
|
</source>
|
|
|
|
|
|
=== Samba4 Map Users to thier UNIX UID ===
|
|
|
|
<source lang=bash>
|
|
id k-ot
|
|
uid=1003(k-ot) gid=1003(k-ot) groups=1003(k-ot)
|
|
|
|
samba-tool user add k-ot
|
|
New Password:
|
|
Retype Password:
|
|
User 'k-ot' created successfully
|
|
|
|
service samba_server start
|
|
|
|
wbinfo --name-to-sid k-ot
|
|
S-1-5-21-2260217406-2925069997-4078739481-1108 SID_USER (1)
|
|
|
|
wbinfo --sid-to-uid S-1-5-21-2260217406-2925069997-4078739481-1108
|
|
3000022
|
|
|
|
service samba_server stop
|
|
|
|
ldbedit -e vi -H /var/db/samba4/private/idmap.ldb objectsid=S-1-5-21-2260217406-2925069997-4078739481-1108
|
|
|
|
xidNumber: 1003
|
|
|
|
# 0 adds 1 modifies 0 deletes
|
|
|
|
/usr/local/bin/testparm
|
|
samba-tool dbcheck
|
|
samba-tool ntacl sysvolcheck
|
|
</source>
|
|
|
|
|
|
== SMB Import unter Linux ==
|
|
|
|
<source lang=bash>
|
|
sudo apt-get install cifs-utils
|
|
|
|
sudo mkdir /freebert-storage
|
|
|
|
sudo mount -t cifs //172.22.99.10/rpool /freebert-storage -o user=k-ot
|
|
</source>
|
|
|
|
|
|
== HOST: crontab ==
|
|
|
|
<source lang=bash>
|
|
00 6 * * * root /usr/sbin/chown -R k-ot:k-ot /rpool
|
|
</source>
|
|
|
|
== Log ==
|
|
* 10.05.2014 - Samba4 Support
|
|
* 01.05.2014 - NFSv3 Export
|
|
|
|
[[Kategorie:Infrastruktur]]
|