![[PukiWiki]](image/picc.png "[PukiWiki]")
cephには smb module とか用意されていて、本来ならそのmoduleを使えばsamba-ad メンバーサーバになってsmb共有を提供したりできるのですが、
いろいろ試してみて、まだ無理みたい。こちらの手順の間違いがあるのかもしれないが、無理だった
っでではどうやってcephのボリュームをsmbに乗っけて共有させるかとなると
単純にcephボリュームをmountして、そのmount pointをsambaで公開する。
まぁー単純だけどね。
まずはcephのリポジトリを入れて ceph プログラムを入れます
[root@ceph-smb ~]# cat <<_EOF_> /etc/yum.repos.d/ceph.repo
[Ceph]
name=Ceph $basearch
baseurl=https://download.ceph.com/rpm-tentacle/el9/\$basearch
enabled=1
gpgcheck=1
gpgkey=https://download.ceph.com/keys/release.gpg
[Ceph-noarch]
name=Ceph noarch
baseurl=https://download.ceph.com/rpm-tentacle/el9/noarch
enabled=1
gpgcheck=1
gpgkey=https://download.ceph.com/keys/release.gpg
_EOF_
[root@ceph-smb ~]#
[root@ceph-smb ~]# dnf install epel-release -y
[root@ceph-smb ~]# dnf install ceph-common -yその後にsmbで共有したい場所をmountします
今回は/home。cephでは emfs 直下の subvolumegroup の people 部分.
[root@ceph-mgr ~]# ceph fs ls
name: emfs, metadata pool: emfs-meta, data pools: [emfs-data-default emfs-data-ec ]
[root@ceph-mgr ~]# ceph fs subvolumegroup ls emfs
[
{
"name": "project"
},
{
"name": "data"
},
{
"name": "people"
}
]
[root@ceph-mgr ~]# ceph fs subvolumegroup getpath emfs people
/volumes/people
[root@ceph-mgr ~]#この/volumes/peopleを /home にmountさせる。このceph側の/volumes/peopleは
[root@ceph-mgr ~]# ceph auth ls |grep people
client.r9-people
caps: [mds] allow rwps fsname=emfs path=/volumes/people
[root@ceph-mgr ~]#
から
[root@ceph-mgr ~]# ceph auth get client.r9-people
[client.r9-people]
key = AQCMzu9p3MWhEBAAzSN9nCFRdraJGkM9sGn7VA==
caps mds = "allow rwps fsname=emfs path=/volumes/people"
caps mon = "allow r fsname=emfs"
caps osd = "allow rw pool=emfs-data-ec "
[root@ceph-mgr ~]#とキーリングが既に存在すればそれを使う
[root@ceph-smb ~]# vi /etc/ceph/ceph.client.r9-people.keyring
[client.r9-people]
key = AQCMzu9p3MWhEBAAzSN9nCFRdraJGkM9sGn7VA==
caps mds = "allow rwps fsname=emfs path=/volumes/people"
caps mon = "allow r fsname=emfs"
caps osd = "allow rw pool=emfs-data-ec"
[root@ceph-smb ~]#そして最低限のceph.confを作る
[root@ceph-smb ~]# ssh root@ceph-mgr "ceph config generate-minimal-conf" | tee /etc/ceph/ceph.conf
[root@ceph-smb ~]#そして /etc/fstab に記載。autofs 経由でも構わないけど。
[root@ceph-smb ~]# vi /etc/fstab
:
ceph-mon01:/volumes/people /home ceph defaults,name=r9-people,fs=emfs,_netdev 0 0
[root@ceph-smb ~]#
[root@ceph-smb ~]# systemctl daemon-reload
[root@ceph-smb ~]# mount -a
[root@ceph-smb ~]# df -Th /home
Filesystem Type Size Used Avail Use% Mounted on
192.168.0.48:/volumes/people ceph 300G 244M 300G 1% /home
[root@ceph-smb ~]#普通にsambaをdnfでいれて、もしsamba-adの認証を使うならその設定を施します
ここでは既にsamba-adがあるとして
samba-ad: ad.sybyl.local (192.168.0.131)
[root@ceph-smb ~]# nmtui (resolveやdomeinを調整)
[root@ceph-smb ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search sybyl.local
nameserver 192.168.0.131
[root@ceph-smb ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.115 ceph-smb.sybyl.local ceph-smb
192.168.0.131 ad.sybyl.local ad
[root@ceph-smb ~]# dnf install samba samba-winbind
[root@ceph-smb ~]# cat /etc/krb5.conf
[libdefaults]
default_realm = SYBYL.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = true
[root@ceph-smb ~]# cat /etc/samba/smb.conf
[global]
workgroup = SYBYL
security = ADS
realm = SYBYL.LOCAL
kerberos method = secrets and keytab
[root@ceph-smb ~]# net ads join -U administrator
Password for [SYBYL\administrator]:
Using short domain name -- SYBYL
Joined 'CEPH-SMB' to dns domain 'sybyl.local'
[root@ceph-smb ~]# net ads testjoin
Join is OK
[root@ceph-smb ~]#っとsamba-adの仲間に参加できた.
次にsamba-adで抱えているuser情報にアクセスしてみる
[root@ceph-smb ~]# dnf install sssd-ad
[root@ceph-smb ~]# cat /etc/sssd/sssd.conf
[sssd]
services = nss, pam
config_file_version = 2
domains = sybyl.local
[domain/sybyl.local]
id_provider = ad
auth_provider = ad
access_provider = ad
dyndns_update = false
enumerate = True
krb5_keytab = /etc/krb5.keytab
ldap_id_mapping = False
ldap_sasl_authid = ceph-smb$@SYBYL.LOCAL
[root@ceph-smb ~]#
[root@ceph-smb ~]# chmod 600 /etc/sssd/sssd.conf
[root@ceph-smb ~]# authselect select sssd --force
[root@ceph-smb ~]# systemctl restart sssd
[root@ceph-smb ~]# getent passwd saber
saber:*:1003:2000:Artoria Pendragon:/home/saber:/bin/bash
[root@ceph-smb ~]#「getent passwd」で引けたのでok
最後に 「/etc/samba/smb.conf」を修正してsmbを起動させます
[root@ceph-smb ~]# cat /etc/samba/smb.conf
[global]
workgroup = SYBYL
security = ADS
realm = SYBYL.LOCAL
kerberos method = secrets and keytab
[homes]
read only = no
browsable = yes
[root@ceph-smb ~]# systemctl enable smb winbind --now
[root@ceph-smb ~]# firewall-cmd --add-service=samba --add-service=samba-dc --zone=public --permanent
[root@ceph-smb ~]# firewall-cmd --reload他のノードからテスト
[saber@c ~]$ smbclient -L ceph-smb -U saber@SYBYL
Password for [saber@SYBYL]:
Sharename Type Comment
--------- ---- -------
homes Disk
IPC$ IPC IPC Service (Samba 4.22.4)
saber Disk Home directory of saber
SMB1 disabled -- no workgroup available
[saber@c ~]$ smbclient //ceph-smb/saber -U saber@SYBYL
Password for [saber@SYBYL]:
Try "help" to get a list of possible commands.
smb: \> ls
. D 0 Tue Apr 28 15:08:34 2026
.. D 0 Tue Apr 28 15:08:34 2026
.bashrc H 492 Tue Apr 28 15:02:41 2026
.bash_profile H 141 Tue Apr 28 15:02:41 2026
.bash_history H 11 Tue Apr 28 15:08:34 2026
.bash_logout H 18 Tue Apr 28 15:02:41 2026
314548224 blocks of size 1024. 314298368 blocks available
smb: \> quit
[saber@c ~]$と完成
