c3d2-wiki/Server%2Fstorage.mw

[[Kategorie:Infrastruktur]]

== Hardware Info ==
Virtualisiert durch [[intern:Freebert]]

== Software Info ==
FreeBSD Jail Container
* minidlna
* nfs(3)
* samba(4)
* ftp (in arbeit)

== Verwendungszweck ==
* DLNA Sharing
* File Sharing

== HOST: FreeBSD NFS Export / ZFS sharenfs ==

<source lang=bash>
vi /etc/rc.conf

rpcbind_enable="YES"
nfs_server_enable="YES"
mountd_flags="-r"
rpc_lockd_enable="YES"
rpc_statd_enable="YES"
</source>

dirkter ZFS Export

<source lang=bash>
zfs set sharenfs="-maproot=root -network=172.22.99.0 -mask=255.255.255.0" zroot/ezjail/storage.hq.c3d2.de/rpool
</source>

ZFS Clone Stand:

<source lang=bash>
zfs clone zroot/storage/c3d2@_0009_system_07.04.2014 zroot/ezjail/storage.hq.c3d2.de/rpool
</source>


== NFS Import unter Linux ==

<source lang=bash>
apt-get install nfs-common portmap
</source>

mount:

<source lang=bash>
mkdir /freebert-nfs

showmount -e 172.22.99.10

mount -t nfs 172.22.99.10:/usr/jails/storage.hq.c3d2.de/rpool /freebert-nfs -o soft,timeo=1,noatime
</source>
setting noatime is not recomended if you want to use mutt inside your nfs mountpoint.


== NFS Import unter FreeBSD ==

<source lang=bash>
vi /etc/rc.conf

nfs_client_enable="YES"
</source>

mount:

<source lang=bash>
mount 172.22.99.10:/usr/jails/storage.hq.c3d2.de/rpool /freebert-nfs

mount 172.22.99.10:/usr/jails/storage.hq.c3d2.de/zimport /freebert-zimport
</source>


== NFS Import unter MacOS X ==

<source lang=bash>
Finder -> Gehe zu -> Mit Server verbinden (Apfel+K)


nfs://172.22.99.10/usr/jails/storage.hq.c3d2.de/rpool
</source>


bei Problemen mit Schreibrechten ->


<source lang=bash>
mkdir freebert-nfs

sudo mount -t nfs -o resvport,bg,nfc,nolocks,locallocks,intr,soft,wsize=32768,rsize=3276 172.22.99.10:/usr/jails/storage.hq.c3d2.de/rpool /Users/<DEIN NAME>/freebert-nfs
</source>


Finder mit ROOT-Rechten!


<source lang=bash>
sudo /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder
</source>


== NFS Import unter Windows (8) ==

<source lang=bash>
Systemsteuerung -> Programme und Features (aktivieren/deaktivieren) -> Dienste für NFS (Client/Verwaltung) installieren

Computer -> (Kontextmenü) Netzwerkadresse hinzufügen


\\172.22.99.10\usr\jails\storage.hq.c3d2.de\rpool
</source>


== DLNA ==

=== Berechtigungen für DLNA setzen ===

bei Änderungen / Upload bitte ein:

<source lang=bash>
chown 1003:1003: ~/file
</source>

=== Index für Fernseher neu schreiben ===

Um die DB (<code>/var/db/minidlna/files.db</code>) neu zu schreiben muss diese

* gelöscht werden
* wenn der Service angehalten ist,
* bei Neustart wird sie neu geschrieben (dauert..).

oder ausführbar: unter <code>/usr/local/bin</code> liegt <code>reindex.sh</code>:
<source lang=bash>
#!/bin/sh
service minidlna stop
rm /var/db/minidlna/files.db
service minidlna start
</source>

'''Das Script sollte noch angepasst werden um die parallele Nutzung (Video läuft) problemfrei zu gewährleisten. Dafür kann eine zweite Instanz des Services für den Rescan und ein SIGHUP zur Injektion der neuen DB genutzt werden.'''

== Jail: Samba 4 ==

=== Samba4 Installation ===

* Samba 4.1 hat derzeit ein kaputtes s3fs, daher 4.0


<source lang=bash>
cd /usr/ports/net/samba4/ && make install clean
</source>


@HOST - Samba4 ADS sysvol Kompatibilität per UFS ZVOL

<source lang=bash>
rm -rfv /usr/jails/storage.hq.c3d2.de/var/db/samba4
zfs create -p -V 10g zroot/ezjail/storage.hq.c3d2.de/samba4db
newfs -U -O2 /dev/zvol/zroot/ezjail/storage.hq.c3d2.de/samba4db
mkdir /usr/jails/storage.hq.c3d2.de/var/db/samba4
mount -o acls /dev/zvol/zroot/ezjail/storage.hq.c3d2.de/samba4db /usr/jails/storage.hq.c3d2.de/var/db/samba4
zfs set aclmode=passthrough zroot/ezjail/storage.hq.c3d2.de/rpool
zfs set aclinherit=passthrough zroot/ezjail/storage.hq.c3d2.de/rpool
</source>


ZVOL auf dem FreeBSD HOST mounten lassen

<source lang=bash>
vi /etc/fstab

# Device                Mountpoint      FStype  Options         Dump    Pass#
/dev/gpt/swap0          none    swap    sw              0       0
#/dev/gpt/swap1         none    swap    sw              0       0
#/dev/gpt/swap2         none    swap    sw              0       0
#/dev/gpt/swap3         none    swap    sw              0       0
### ### ### C3D2 ### ### ###
proc                                                 /proc                                         procfs  rw        0    0
/dev/zvol/zroot/ezjail/storage.hq.c3d2.de/samba4db   /usr/jails/storage.hq.c3d2.de/var/db/samba4   ufs     rw,acls   1    1
### ### ### C3D2 ### ### ###
# EOF
</source>

=== Samba4 Provisionierung ===

<source lang=bash>
/usr/local/bin/samba-tool domain provision --use-rfc2307 --use-xattrs=yes --function-level=2008_R2 --realm=HQ.C3D2.DE --domain=HQ --adminpass='geheim' --server-role='dc' --dns-backend=SAMBA_INTERNAL
</source>

=== Samba4 Config ===

vi /usr/local/etc/smb4.conf

<source lang=bash>
### ### ### C3D2 ### ### ###

# Global parameters
[global]
        workgroup = HQ
        realm = HQ.C3D2.DE
        netbios name = STORAGE
        server role = active directory domain controller
        idmap_ldb:use rfc2307 = yes
### dns forwarder = 172.22.99.51

        server services = -smb +s3fs -nbt
        dcerpc endpoint servers = -winreg -srvsvc

### ### ### C3D2 ### ### ###
#
        server string = %h - FreeBSD ZFS Server

        interfaces = 172.22.99.52
        bind interfaces only = Yes

        # disable printer support
        disable spoolss = Yes

        # allow dynamic dns update / true = nonsecure + signed
        allow dns updates = signed

        # freebsd specific
        nsupdate command = /usr/local/bin/samba-nsupdate -g

        # added to allow asynchronous I/O (make sure to load the kernel module aio)
        aio read size = 16384
        aio write size = 16384

### ### # server options

        server min protocol = NT1
        server max protocol = SMB3

        disable netbios = Yes
        smb ports = 445

        server signing = auto

        # protocol stream encryption for smbclient
        smb encrypt = auto

### ### # client options (for local services / smbclient etc.)

        client min protocol = NT1
        client max protocol = SMB3

        client ldap sasl wrapping = seal

        client signing = auto
        client schannel = auto

        lanman auth = No
        ntlm auth = No
        client use spnego = Yes
        client ntlmv2 auth = Yes
        client lanman auth = No
        client plaintext auth = No

### experimental ###
###
### dsdb:schema update allowed = Yes
###
### experimental ###

#
### ### ### C3D2 ### ### ###

[netlogon]
        path = /var/db/samba4/sysvol/hq.c3d2.de/scripts
        read only = No
browseable = no

[sysvol]
        path = /var/db/samba4/sysvol
        read only = No
browseable = no

### ### ### C3D2 ### ### ###

[rpool]
        path = /rpool

valid users = k-ot
map acl inherit = yes
browseable = yes
public = yes
writable = yes
posix locking = yes
create mask = 0664
directory mask = 0775
strict locking = no
store dos attributes = yes

### nt acl support = yes
### csc policy = disable

inherit acls = Yes
inherit owner = no
inherit permissions = no
map archive = No
map readonly = no
vfs objects = shadow_copy2, zfsacl
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = yes

shadow: format = -CRON-%Y.%m.%d-%H.%M
shadow: sort = desc
shadow: snapdir = .zfs/snapshot

### ### ### C3D2 ### ### ###
# EOF
</source>


=== Samba4 Map Users to thier UNIX UID ===

<source lang=bash>
id k-ot
uid=1003(k-ot) gid=1003(k-ot) groups=1003(k-ot)

samba-tool user add k-ot
New Password: 
Retype Password: 
User 'k-ot' created successfully

service samba_server start

wbinfo --name-to-sid k-ot
S-1-5-21-2260217406-2925069997-4078739481-1108 SID_USER (1)

wbinfo --sid-to-uid S-1-5-21-2260217406-2925069997-4078739481-1108
3000022

service samba_server stop

ldbedit -e vi -H /var/db/samba4/private/idmap.ldb objectsid=S-1-5-21-2260217406-2925069997-4078739481-1108

xidNumber: 1003

# 0 adds  1 modifies  0 deletes

/usr/local/bin/testparm
samba-tool dbcheck
samba-tool ntacl sysvolcheck
</source>


== SMB Import unter Linux ==

<source lang=bash>
sudo apt-get install cifs-utils

sudo mkdir /freebert-storage

sudo mount -t cifs //172.22.99.52/rpool /freebert-storage -o user=k-ot
</source>


== HOST: crontab ==

<source lang=bash>
00      6       *       *       *       root    /usr/sbin/chown -R k-ot:k-ot /rpool
</source>

== Log ==
* 10.05.2014 - Samba4 Support
* 01.05.2014 - NFSv3 Export