4.4 Accessing Volumes using Samba

You can expose volumes using the Common Internet File System (CIFS) or Server Message Block (SMB) by using Samba. This file sharing service is commonly used on Microsoft Windows systems.

Gluster provides hooks to preconfigure and export volumes automatically using a Samba Virtual File System (VFS) module plug-in. This reduces the complexity of configuring Samba to export the shares and also means that you do not have to pre-mount the volumes using the FUSE client, resulting in some performance gains. The hooks are triggered every time a volume is started, so your Samba configuration is updated the moment a volume is started within Gluster.

For more information on Samba, see Oracle® Linux 7: Administrator's Guide.

Setting up the Volume for Samba Access

This section discusses setting up the nodes in the trusted storage pool to enable access to a volume by a Samba client. To use this service, you must make sure both the samba and samba-vfs-glusterfs packages are installed on any of the nodes in the pool where you intend a client to connect to the volume using Samba.

To set up the volume for Samba access:

On each node in the trusted storage pool on which you want to enable Samba access:

  1. Install the Samba packages for Gluster:

    # yum install samba samba-vfs-glusterfs
  2. If you are running a firewall service, enable access to Samba on the node. For example:

    # firewall-cmd --permanent --add-service=samba 
    # firewall-cmd --reload
  3. Enable and start the Samba service:

    # systemctl enable --now smb
  4. (Optional) If you do not have an authentication system configured (for example, an LDAP server), you can create a Samba user to enable access to the Samba share from clients. This user should be created on all nodes set up to export the Samba share. For example:

    # adduser myuser
    # smbpasswd -a myuser
    New SMB password:
    Retype new SMB password:
    Added user myuser.

    Restart the Samba service:

    # systemctl restart smb
  5. (Optional) If you want to allow guest access to a Samba share (no authentication is required), add a new line containing map to guest = Bad User to the [global] section of the /etc/samba/smb.conf file on each node set up to export the Samba share. For example:

    [global]
           workgroup = SAMBA
           security = user
    
           passdb backend = tdbsam
    
           printing = cups
           printcap name = cups
           load printers = yes
           cups options = raw
           map to guest = Bad User

    Allowing guest access also requires that the [gluster-volume_name] section contains the guest ok = yes option, which is set automatically with the Gluster hook scripts in the next step.

    Restart the Samba service:

    # systemctl restart smb
  6. If you have a running volume, stop it, enable either SMB or CIFS on the volume and start it again. On any node in the trusted storage pool, run:

    # gluster volume stop myvolume
    # gluster volume set myvolume user.smb enable
    # gluster volume start myvolume

    Note that when setting the SMB or CIFS option on the volume, you can use either user.smb or user.cifs to enable the type of export you require. Note that if both options are enabled, user.smb has precedence.

    When you start a volume, a Gluster hook is triggered to automatically add a configuration entry for the volume to the /etc/samba/smb.conf file on each node, and to reload the Samba service, as long as the user.smb or user.cifs option is set for the volume. This script generates a Samba configuration entry similar to the following:

    [gluster-myvolume]
    comment = For samba share of volume myvolume
    vfs objects = glusterfs
    glusterfs:volume = myvolume
    glusterfs:logfile = /var/log/samba/glusterfs-myvolume.%M.log
    glusterfs:loglevel = 7
    path = /
    read only = no
    guest ok = yes
    kernel share modes = no
    Note

    The value of the [gluster-myvolume] entry sets the name you use to connect to the Samba share in the connection string.

  7. (Optional) If you do not want Gluster to automatically configure Samba to export shares for volumes, you can remove or rename the hook scripts that control this behavior. On each node on which you want to disable the Samba shares, rename the hook scripts, for example:

    # rename S30 disabled-S30 $(find /var/lib/glusterd -type f -name S30samba*)

    To re-enable the hooks, you can run:

    # rename disabled-S30 S30 $(find /var/lib/glusterd -type f -name *S30samba*)

Testing SMB Access to a Volume

This section discusses testing SMB access to a volume that has been set up to export a Samba share. You can test SMB access to the volume from an Oracle Linux host. This host does not need to be part of the Gluster pool.

To test access to the volume using SMB:

  1. On an Oracle Linux host, install the Samba client package:

    # yum install samba-client
  2. Use the smbclient command to list Samba shares on a node in the trusted storage pool where you set up Samba. For example:

    # smbclient -N -U% -L node1

    To look directly at the contents of the volume, you can do:

    # smbclient -N -U% //node1/gluster-myvolume -c ls

    In this command, you specify the Samba share name for the volume. This name can be found on a host where you set up the Samba share, in the /etc/samba/smb.conf file. Usually the Samba share name is gluster-volume_name.

Testing CIFS Access to a Volume

This section discusses testing CIFS access to a volume that has been set up to export a Samba share. You can test CIFS access to the volume from an Oracle Linux host. This host does not need to be part of the Gluster pool.

To test access to the volume using CIFS:

  1. On an Oracle Linux host, install the cifs-utils package:

    # yum install cifs-utils
  2. Create a mount directory where you intend to mount the volume. For example:

    # mkdir /gluster-storage
  3. Mount the volume on the directory using the cifs mount type and by specifying a node within the pool, along with the Samba share name for the volume. This name can be found on a host where you set up the Samba share, in the /etc/samba/smb.conf file. Usually the Samba share name is gluster-volume_name. For example:

    # mount -t cifs -o guest //node1/gluster-myvolume /gluster-storage

    If you have set up the volume to enable mounting a subdirectory, you can add the subdirectory name to the path on the Gluster file system:

    # mount -t cifs -o guest //node1/gluster-myvolume/subdirectory /gluster-storage

    If you want to pass authentication credentials to the Samba share, first add them to a local file. In this example, the credentials are saved to the file /credfile.

    username=value
    password=value

    Set the permissions on the credentials file so other users cannot access it.

    # chmod 600 /credfile

    You can then use the credentials file to connect to the Samba share, for example:

    # mount -t cifs -o credentials=/credfile //node1/gluster-myvolume /gluster-storage
  4. Check the permissions on the new mount to make sure the appropriate users can read and write to the storage. For example:

    # chmod 777 /gluster-storage

Accessing the Volume from Microsoft Windows

On a Microsoft Windows host, you can mount the volume using the Samba share. By default, the Samba share is available in the Workgroup named SAMBA (as defined in the /etc/samba/smb.conf file on Samba share nodes).

You can map the volume by mapping a network drive using Windows Explorer using the format: \\node\volume, for example:

\\node1\gluster-myvolume

Alternatively, you can map a new drive using the Windows command line. Start the Command Prompt. Enter a command similar to the following:

net use z: \\node1\gluster-myvolume