I want to build 2 servers (both running samba) to provide file storage to 2 offices (approx 100 miles apart, linked via DSL) but all data writen to 1 server must also be saved to the other server. Both servers would also allow users to access the data via a VPN thus allowing 1 office with a failed server to access the other server via the vpn and still see the data from both offices. I currently have 1 server working but we want to add the second office to the system. (Currently 1 office has 10 users and the second office has 1 user connected via VPN ) but the second office will have 20 within 12 months and the first will have 35 soon ))
Has anyone done anything like this ?
I am currently reading & unpicking http://www.linux-ha.org/ to see what that gives me.
Any clues/comments very welcome, even if you think I am mad !
Thanks
Denis
Denis Croombs denis@croombs.org wrote:
I want to build 2 servers (both running samba) to provide file storage to 2 offices (approx 100 miles apart, linked via DSL) but all data writen to 1 server must also be saved to the other server.
What do you want to synchronize? Directory services? User authentication? Or files?
Directory and user authentication are very doable. File services are typically not, or limited.
Both servers would also allow users to access the data via a VPN thus allowing 1 office with a failed server to access the other server via the vpn and still see the data from
both
offices.
You're going to _saturate_ your link between the two offices if you start synchronizing files in real-time. Unless you have something like a 4+ T-1s, or a 6+Mbps SDSL (i.e., synchronous DSL -- 6Mbps upload as well as download), you're going to find you're not going be able to do this in "real-time."
At the best, you can use rsync to synchronize files at several points in the day -- maybe lunch-time and middle of the night. To get real-time, you're going to find the load on your network will be self-defeating.
I currently have 1 server working but we want to add the second office to the system. (Currently 1 office has 10
users
and the second office has 1 user connected via VPN ) but
the
second office will have 20 within 12 months and the first will have 35 soon )) Has anyone done anything like this ?
Yes and no.
Yes, I've done it. I've done it at high speed in the same closet (or nearby closet with SAN) with the same storage. NFS/Samba with failover c/o Mission Critical Linux (now part of RHEL). You need multi-targetable hardware (not cheap).
But no, I haven't done it (nor would I do it) over a VPN link. You'll saturate it quickly. File server clustering is designed for high speed connections between servers and their storage.
I am currently reading & unpicking http://www.linux-ha.org/ to see what that gives me.
"High-availability" (HA) doesn't necessarily mean "failover." Most HA implementations are for read-only web services, destination NAT (DNAT), etc...
When you start talking failover of network file servers, then you start talking mega-$$$, lots of bandwidth/synchronization requirements, hardware, etc... to do it real-time. GFS reduced the $$$ and same closet requirement, but it also expoentially increases bandwidth and other costs.
At best, you'll have to do it non-real-time, using something like rsync. It won't be fail-over at all.
Any clues/comments very welcome, even if you think I am mad !
I don't think you're mad. But I don't think you're aware of what is all involved with real-time failover of network file services. And it's really going to be near impossible over low-throughput Internet connections.
I'd look to non-real-time rsync instead, running off-hours. That's the best you can do unless you have a lot of bandwidth and a lot of money. The majority of the HA stuff will _not_ apply. ;->
Denis Croombs wrote:
I want to build 2 servers (both running samba) to provide file storage to 2 offices (approx 100 miles apart, linked via DSL) but all data writen to 1 server must also be saved to the other server. Both servers would also allow users to access the data via a VPN thus allowing 1 office with a failed server to access the other server via the vpn and still see the data from both offices. I currently have 1 server working but we want to add the second office to the system. (Currently 1 office has 10 users and the second office has 1 user connected via VPN ) but the second office will have 20 within 12 months and the first will have 35 soon ))
Has anyone done anything like this ?
I am currently reading & unpicking http://www.linux-ha.org/ to see what that gives me.
Any clues/comments very welcome, even if you think I am mad !
Thanks
Denis
I'd take a look at drbd (www.drbd.org) while you're reading on heartbeat. I use it for web servers, but I'm not sure if it would be suitable for file servers.
Ugo Bellavance ugob@camo-route.com wrote:
I'd take a look at drbd (www.drbd.org) while you're reading on heartbeat. I use it for web servers, but I'm not sure if it would be suitable for file servers.
There is a lot more to handling network file services -- especially when it comes to locking and controlling write access -- that web servers don't have to worry about. ;->
On Mon, 2005-12-05 at 15:44 -0800, Bryan J. Smith wrote:
Ugo Bellavance ugob@camo-route.com wrote:
I'd take a look at drbd (www.drbd.org) while you're reading on heartbeat. I use it for web servers, but I'm not sure if it would be suitable for file servers.
There is a lot more to handling network file services -- especially when it comes to locking and controlling write access -- that web servers don't have to worry about. ;->
I use drbd and heartbeat on a samba domain controller that has failover ... BUT, you can't use both machines at the same time.
AND, it takes a GiB connector to keep the files in sync ... trying to do it via a WAN connection would, I think, be fairly impossible.
Johnny Hughes wrote:
On Mon, 2005-12-05 at 15:44 -0800, Bryan J. Smith wrote:
Ugo Bellavance ugob@camo-route.com wrote:
I'd take a look at drbd (www.drbd.org) while you're reading on heartbeat. I use it for web servers, but I'm not sure if it would be suitable for file servers.
There is a lot more to handling network file services -- especially when it comes to locking and controlling write access -- that web servers don't have to worry about. ;->
I use drbd and heartbeat on a samba domain controller that has failover ... BUT, you can't use both machines at the same time.
AND, it takes a GiB connector to keep the files in sync ... trying to do it via a WAN connection would, I think, be fairly impossible.
I've managed to keep two moderately busy servers in sync using frequent rsync over a WAN VPN tunnel. However, that tunnel was over an OC-3 link. I suspect it would be a rather painful affair over DSL/cablemodem or even a few bonded T1's. Something like drbd that treats a remote volume as a device would definitely not work on such a "skinny" link unless the servers were relatively lightly used.
Cheers,
On Mon, 2005-12-05 at 21:21 -0500, Chris Mauritz wrote:
Johnny Hughes wrote:
On Mon, 2005-12-05 at 15:44 -0800, Bryan J. Smith wrote:
Ugo Bellavance ugob@camo-route.com wrote:
I'd take a look at drbd (www.drbd.org) while you're reading on heartbeat. I use it for web servers, but I'm not sure if it would be suitable for file servers.
There is a lot more to handling network file services -- especially when it comes to locking and controlling write access -- that web servers don't have to worry about. ;->
I use drbd and heartbeat on a samba domain controller that has failover ... BUT, you can't use both machines at the same time.
AND, it takes a GiB connector to keep the files in sync ... trying to do it via a WAN connection would, I think, be fairly impossible.
I've managed to keep two moderately busy servers in sync using frequent rsync over a WAN VPN tunnel. However, that tunnel was over an OC-3 link. I suspect it would be a rather painful affair over DSL/cablemodem or even a few bonded T1's. Something like drbd that treats a remote volume as a device would definitely not work on such a "skinny" link unless the servers were relatively lightly used.
Cheers,
I sync up 2 servers w/software I wrote myself but I only use this along the lines of "HA" techniques. also...not real time...that would be ummm...pretty high dollar stuff there...I sync up bout every 20-30 seconds Both servers are not running at the same time. It's a master/slave deal w/the slave just constantly checking on the master...it the slave deems the master is in trouble...it just takes the ip and it's the master until you intervene.
depending on what you want to sync up... it might work...the key w/this is that only 1 server is serving at any given time.
john rose
On 12/6/05, rado rado@rivers-bend.com wrote: [SNIPPED FOR EASE]
I sync up 2 servers w/software I wrote myself but I only use this along the lines of "HA" techniques. also...not real time...that would be ummm...pretty high dollar stuff there...I sync up bout every 20-30 seconds Both servers are not running at the same time. It's a master/slave deal w/the slave just constantly checking on the master...it the slave deems the master is in trouble...it just takes the ip and it's the master until you intervene.
depending on what you want to sync up... it might work...the key w/this is that only 1 server is serving at any given time.
Unless there is way too much data being generated (and in typical office environment there is not) rsync run every half an hour by cron would keep the both servers reasonably free and keep data in sync. Since it only updates the files that have flag changes since last run it does this fast enough. This would mean that if user travels(shifts) from one office to another the files are updated by the time he gets there. This does not allow for remote file mount solution in case of failure at one end, which in any casewith such skinny link is not practical.
-- Sudev Barar Learning Linux
On Tue, 2005-12-06 at 08:18 +0530, Sudev Barar wrote:
On 12/6/05, rado rado@rivers-bend.com wrote: [SNIPPED FOR EASE]
I sync up 2 servers w/software I wrote myself but I only use this along the lines of "HA" techniques. also...not real time...that would be ummm...pretty high dollar stuff there...I sync up bout every 20-30 seconds Both servers are not running at the same time. It's a master/slave deal w/the slave just constantly checking on the master...it the slave deems the master is in trouble...it just takes the ip and it's the master until you intervene.
depending on what you want to sync up... it might work...the key w/this is that only 1 server is serving at any given time.
Unless there is way too much data being generated (and in typical office environment there is not) rsync run every half an hour by cron would keep the both servers reasonably free and keep data in sync. Since it only updates the files that have flag changes since last run it does this fast enough. This would mean that if user travels(shifts) from one office to another the files are updated by the time he gets there. This does not allow for remote file mount solution in case of failure at one end, which in any casewith such skinny link is not practical.
Also ... it would suck if a person on each end modified the same file (on different servers) within a half hour :)
re: mirrored server taking over ip of dead primary
A pointer please to examples on how to do this?
Thanks.
----------------------------------------------------------------- Hoover Chan hchan@mail.ewind.com -or- hchan@well.com Eastwind Associates P.O. Box 16646 voice: 415-731-6019 -or- 415-565-8936 San Francisco, CA 94116
On Mon, 2005-12-05 at 19:35 -0800, Hoover Chan wrote:
re: mirrored server taking over ip of dead primary
A pointer please to examples on how to do this?
You would use heartbeat ...
drbd and heartbeat are in the extras directory for centos-4.
http://lists.centos.org/pipermail/centos-announce/2005-November/000944.html
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Mon, Dec 05, 2005 at 08:13:58PM -0600, Johnny Hughes wrote:
There is a lot more to handling network file services -- especially when it comes to locking and controlling write access -- that web servers don't have to worry about. ;->
I use drbd and heartbeat on a samba domain controller that has failover ... BUT, you can't use both machines at the same time.
Actually, you can't. I did that twice for telco datacenters. It is tricky as hell, but it is possible. I would not recomend it to first timers on drbd, tho.
AND, it takes a GiB connector to keep the files in sync ... trying to do it via a WAN connection would, I think, be fairly impossible.
Yes, WAN would be not good for it.
- -- Rodrigo Barbosa rodrigob@suespammers.org "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)
On Tue, 2005-12-06 at 00:49 -0200, Rodrigo Barbosa wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Mon, Dec 05, 2005 at 08:13:58PM -0600, Johnny Hughes wrote:
There is a lot more to handling network file services -- especially when it comes to locking and controlling write access -- that web servers don't have to worry about. ;->
I use drbd and heartbeat on a samba domain controller that has failover ... BUT, you can't use both machines at the same time.
Actually, you can't. I did that twice for telco datacenters. It is tricky as hell, but it is possible. I would not recomend it to first timers on drbd, tho.
What I meant is you can't use the shared partition on both machines at the same time. You can't mount the mirror partition while it is secondary.
You can have an active partition on computer one ... to a mirrored partition on the computer two ... and a separate active partition on the computer two to a mirror partition on computer one.
AND, it takes a GiB connector to keep the files in sync ... trying to do it via a WAN connection would, I think, be fairly impossible.
Yes, WAN would be not good for it.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Mon, Dec 05, 2005 at 06:18:10PM -0500, Ugo Bellavance wrote:
I'd take a look at drbd (www.drbd.org) while you're reading on heartbeat. I use it for web servers, but I'm not sure if it would be suitable for file servers.
No good. drbd needs a lot of reliable bandwidth. Loosing sync between two online servers that use drbd is a reciepe for misery.
I would suggest AFS (Andrew Filesystem) for that. I know there is an open implementation of that these days, tho I never used. I had some experience with it (the old commercial version) running on AIX. We were able to keep filesystems in sync over a 19.2K link.
[]s
- -- Rodrigo Barbosa rodrigob@suespammers.org "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)
-
Bryan J. Smith -
Chris Mauritz -
Denis Croombs -
Hoover Chan -
Johnny Hughes -
rado -
Rodrigo Barbosa -
Sudev Barar -
Ugo Bellavance