ArbitCode
diff --git a/‎doc/cephadm/services/smb.rst‎
Lines changed: 30 additions & 9 deletions b/‎doc/cephadm/services/smb.rst‎
Lines changed: 30 additions & 9 deletions
diff --git a/‎doc/mgr/smb.rst‎
Lines changed: 17 additions & 1 deletion b/‎doc/mgr/smb.rst‎
Lines changed: 17 additions & 1 deletion
diff --git a/‎qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_basic.yaml‎
Lines changed: 1 addition & 0 deletions b/‎qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_basic.yaml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_basic.yaml‎
Lines changed: 135 additions & 0 deletions b/‎qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_basic.yaml‎
Lines changed: 135 additions & 0 deletions
diff --git a/‎qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_dom.yaml‎
Lines changed: 138 additions & 0 deletions b/‎qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_dom.yaml‎
Lines changed: 138 additions & 0 deletions
@@ -9,10 +9,10 @@ SMB Service
 .. warning::
 
     SMB support is under active development and many features may be
-    missing or immature. Additionally, a Manager module to automate
-    SMB clusters and SMB shares is in development. Once that feature
-    is developed it will be the preferred method for managing
-    SMB on ceph.
+    missing or immature. A Ceph MGR module, named smb, is available to help
+    organize and manage SMB related featues. Unless the smb module
+    has been determined to be unsuitable for your needs we recommend using that
+    module over directly using the smb service spec.
 
 
 Deploying Samba Containers
@@ -78,6 +78,7 @@ features
     An empty list is valid. Supported terms:
 
     * ``domain``: Enable domain member mode
+    * ``clustered``: Enable Samba native cluster mode
 
 config_uri
     A string containing a (standard or de-facto) URI that identifies a
@@ -109,6 +110,30 @@ include_ceph_users:
     The cephx keys for each user in the list will automatically be added to
     the keyring in the container.
 
+cluster_meta_uri:
+    A string containing a URI that identifies where the cluster structure
+    metadata will be stored. Required if ``clustered`` feature is set. Must be
+    a RADOS pseudo-URI.
+
+cluster_lock_uri:
+    A string containing a URI that identifies where Samba/CTDB will store a
+    cluster lock. Required if ``clustered`` feature is set. Must be a RADOS
+    pseudo-URI.
+
+
+.. note::
+
+   If one desires clustering between smbd instances (also known as
+   High-Availability or "transparent state migration") the feature flag
+   ``clustered`` is needed. If this flag is not specified cephadm may deploy
+   multiple smb servers but they will lack the coordination needed of an actual
+   Highly-Avaiable cluster. When the ``clustered`` flag is specified cephadm
+   will deploy additional containers that manage this coordination.
+   Additionally, the cluster_meta_uri and cluster_lock_uri values must be
+   specified. The former is used by cephadm to describe the smb cluster layout
+   to the samba containers. The latter is used by Samba's CTDB component to
+   manage an internal cluster lock.
+
 
 Configuring an SMB Service
 --------------------------
@@ -134,7 +159,7 @@ it accepts.
 When one has composed a configuration it should be stored in a location
 that the Samba Container can access. The recommended approach for running
 Samba Containers within Ceph orchestration is to store the configuration
-in the Ceph cluster. There are two ways to store the configuration
+in the Ceph cluster. There are a few ways to store the configuration
 in ceph:
 
 RADOS
@@ -202,9 +227,5 @@ A non-exhaustive list of important limitations for the SMB service follows:
   configured so that it can resolve the Active Directory (AD) domain or the
   ``custom_dns`` option may be used. In both cases DNS hosts for the AD domain
   must still be reachable from whatever network segment the ceph cluster is on.
-* Proper clustering/high-availability/"transparent state migration" is not yet
-  supported. If a placement causes more than service to be created these
-  services will act independently and may lead to unexpected behavior if clients
-  access the same files at once.
 * Services must bind to TCP port 445. Running multiple SMB services on the same
   node is not yet supported and will trigger a port-in-use conflict.
@@ -55,7 +55,7 @@ Create Cluster
 
 .. code:: bash
 
-    $ ceph smb cluster create <cluster_id> {user|active-directory} [--domain-realm=<domain_realm>] [--domain-join-user-pass=<domain_join_user_pass>] [--define-user-pass=<define_user_pass>] [--custom-dns=<custom_dns>] [--placement=<placement>]
+    $ ceph smb cluster create <cluster_id> {user|active-directory} [--domain-realm=<domain_realm>] [--domain-join-user-pass=<domain_join_user_pass>] [--define-user-pass=<define_user_pass>] [--custom-dns=<custom_dns>] [--placement=<placement>] [--clustering=<clustering>]
 
 Create a new logical cluster, identified by the cluster id value. The cluster
 create command must specify the authentication mode the cluster will use. This
@@ -88,6 +88,14 @@ custom_dns
     not configured to resolve DNS entries within AD domain(s).
 placement
     A Ceph orchestration :ref:`placement specifier <orchestrator-cli-placement-spec>`
+clustering
+    Optional. Control if a cluster abstraction actually uses Samba's clustering
+    mechanism.  The value may be one of ``default``, ``always``, or ``never``.
+    A ``default`` value indicates that clustering should be enabled if the
+    placement count value is any value other than 1. A value of ``always``
+    enables clustering regardless of the placement count. A value of ``never``
+    disables clustering regardless of the placement count. If unspecified,
+    ``default`` is assumed.
 
 Remove Cluster
 ++++++++++++++
@@ -360,6 +368,14 @@ custom_dns
 placement
     Optional. A Ceph Orchestration :ref:`placement specifier
     <orchestrator-cli-placement-spec>`.  Defaults to one host if not provided
+clustering
+    Optional. Control if a cluster abstraction actually uses Samba's clustering
+    mechanism.  The value may be one of ``default``, ``always``, or ``never``.
+    A ``default`` value indicates that clustering should be enabled if the
+    placement count value is any value other than 1. A value of ``always``
+    enables clustering regardless of the placement count. A value of ``never``
+    disables clustering regardless of the placement count. If unspecified,
+    ``default`` is assumed.
 custom_smb_global_options
     Optional mapping. Specify key-value pairs that will be directly added to
     the global ``smb.conf`` options (or equivalent) of a Samba server.  Do
 
@@ -39,6 +39,7 @@ tasks:
           ceph smb cluster create modusr1 user
           --define-user-pass=user1%t3stP4ss1
           --define-user-pass=user2%t3stP4ss2
+          --placement=count:1
       - cmd: ceph smb share create modusr1 share1 cephfs / --subvolume=smb/sv1
       - cmd: ceph smb share create modusr1 share2 cephfs / --subvolume=smb/sv2
 # Wait for the smb service to start
 
@@ -0,0 +1,135 @@
+roles:
+# Test is for basic smb deployment & functionality. one node cluster is OK
+- - host.a
+  - mon.a
+  - mgr.x
+  - osd.0
+  - osd.1
+  - client.0
+- - host.b
+  - mon.b
+  - osd.2
+  - osd.3
+- - host.c
+  - mon.c
+  - osd.4
+  - osd.5
+# Reserve a host for acting as an smb client
+- - host.d
+  - cephadm.exclude
+overrides:
+  ceph:
+    log-only-match:
+      - CEPHADM_
+tasks:
+- cephadm.configure_samba_client_container:
+    role: host.d
+- cephadm:
+
+- cephadm.shell:
+    host.a:
+      - ceph fs volume create cephfs
+- cephadm.wait_for_service:
+    service: mds.cephfs
+
+- cephadm.shell:
+    host.a:
+      # add subvolgroup & subvolumes for test
+      - cmd: ceph fs subvolumegroup create cephfs smb
+      - cmd: ceph fs subvolume create cephfs sv1 --group-name=smb --mode=0777
+      - cmd: ceph fs subvolume create cephfs sv2 --group-name=smb --mode=0777
+      # set up smb cluster and shares
+      - cmd: ceph mgr module enable smb
+      # TODO: replace sleep with poll of mgr state?
+      - cmd: sleep 30
+      - cmd: ceph smb apply -i -
+        stdin: |
+          # --- Begin Embedded YAML
+          - resource_type: ceph.smb.cluster
+            cluster_id: uctdb1
+            auth_mode: user
+            user_group_settings:
+              - {source_type: resource, ref: ug1}
+            placement:
+              count: 3
+          - resource_type: ceph.smb.usersgroups
+            users_groups_id: ug1
+            values:
+              users:
+                - {name: user1, password: t3stP4ss1}
+                - {name: user2, password: t3stP4ss2}
+              groups: []
+          - resource_type: ceph.smb.share
+            cluster_id: uctdb1
+            share_id: share1
+            cephfs:
+              volume: cephfs
+              subvolumegroup: smb
+              subvolume: sv1
+              path: /
+          - resource_type: ceph.smb.share
+            cluster_id: uctdb1
+            share_id: share2
+            cephfs:
+              volume: cephfs
+              subvolumegroup: smb
+              subvolume: sv2
+              path: /
+          # --- End Embedded YAML
+# Wait for the smb service to start
+- cephadm.wait_for_service:
+    service: smb.uctdb1
+# Since this is a true cluster there should be a clustermeta in rados
+- cephadm.shell:
+    host.a:
+      - cmd: rados --pool=.smb -N uctdb1 get cluster.meta.json /dev/stdout
+
+# Check if shares exist
+- cephadm.exec:
+    host.d:
+      - sleep 30
+      - "{{ctx.samba_client_container_cmd|join(' ')}} smbclient -U user1%t3stP4ss1 //{{'host.a'|role_to_remote|attr('ip_address')}}/share1 -c ls"
+      - "{{ctx.samba_client_container_cmd|join(' ')}} smbclient -U user2%t3stP4ss2 //{{'host.a'|role_to_remote|attr('ip_address')}}/share2 -c ls"
+
+# verify CTDB is healthy, cluster well formed
+- cephadm.exec:
+    host.a:
+      - "{{ctx.cephadm}} ls --no-detail  | {{ctx.cephadm}} shell jq -r 'map(select(.name | startswith(\"smb.uctdb1\")))[-1].name' > /tmp/svcname"
+      - "{{ctx.cephadm}} enter -n $(cat /tmp/svcname) ctdb status > /tmp/ctdb_status"
+      - cat /tmp/ctdb_status
+      - grep 'pnn:0 .*OK' /tmp/ctdb_status
+      - grep 'pnn:1 .*OK' /tmp/ctdb_status
+      - grep 'pnn:2 .*OK' /tmp/ctdb_status
+      - grep 'Number of nodes:3' /tmp/ctdb_status
+      - rm -rf /tmp/svcname /tmp/ctdb_status
+
+# Test a different host in the cluster
+- cephadm.exec:
+    host.d:
+      - sleep 30
+      - "{{ctx.samba_client_container_cmd|join(' ')}} smbclient -U user1%t3stP4ss1 //{{'host.c'|role_to_remote|attr('ip_address')}}/share1 -c ls"
+      - "{{ctx.samba_client_container_cmd|join(' ')}} smbclient -U user2%t3stP4ss2 //{{'host.c'|role_to_remote|attr('ip_address')}}/share2 -c ls"
+
+- cephadm.shell:
+    host.a:
+      - cmd: ceph smb apply -i -
+        stdin: |
+          # --- Begin Embedded YAML
+          - resource_type: ceph.smb.cluster
+            cluster_id: uctdb1
+            intent: removed
+          - resource_type: ceph.smb.usersgroups
+            users_groups_id: ug1
+            intent: removed
+          - resource_type: ceph.smb.share
+            cluster_id: uctdb1
+            share_id: share1
+            intent: removed
+          - resource_type: ceph.smb.share
+            cluster_id: uctdb1
+            share_id: share2
+            intent: removed
+          # --- End Embedded YAML
+# Wait for the smb service to be removed
+- cephadm.wait_for_service_not_present:
+    service: smb.uctdb1
@@ -0,0 +1,138 @@
+roles:
+# Test is for basic smb deployment & functionality. one node cluster is OK
+- - host.a
+  - mon.a
+  - mgr.x
+  - osd.0
+  - osd.1
+  - client.0
+- - host.b
+  - mon.b
+  - osd.2
+  - osd.3
+- - host.c
+  - mon.c
+  - osd.4
+  - osd.5
+# Reserve a host for acting as a domain controller and smb client
+- - host.d
+  - cephadm.exclude
+overrides:
+  ceph:
+    log-only-match:
+      - CEPHADM_
+tasks:
+- cephadm.deploy_samba_ad_dc:
+    role: host.d
+- cephadm:
+
+- cephadm.shell:
+    host.a:
+      - ceph fs volume create cephfs
+- cephadm.wait_for_service:
+    service: mds.cephfs
+
+- cephadm.shell:
+    host.a:
+      # add subvolgroup & subvolumes for test
+      - cmd: ceph fs subvolumegroup create cephfs smb
+      - cmd: ceph fs subvolume create cephfs sv1 --group-name=smb --mode=0777
+      - cmd: ceph fs subvolume create cephfs sv2 --group-name=smb --mode=0777
+      # set up smb cluster and shares
+      - cmd: ceph mgr module enable smb
+      # TODO: replace sleep with poll of mgr state?
+      - cmd: sleep 30
+      - cmd: ceph smb apply -i -
+        stdin: |
+          # --- Begin Embedded YAML
+          - resource_type: ceph.smb.cluster
+            cluster_id: adctdb1
+            auth_mode: active-directory
+            domain_settings:
+              realm: DOMAIN1.SINK.TEST
+              join_sources:
+                - source_type: resource
+                  ref: join1-admin
+            custom_dns:
+              - "{{ctx.samba_ad_dc_ip}}"
+            placement:
+              count: 3
+          - resource_type: ceph.smb.join.auth
+            auth_id: join1-admin
+            auth:
+              username: Administrator
+              password: Passw0rd
+          - resource_type: ceph.smb.share
+            cluster_id: adctdb1
+            share_id: share1
+            cephfs:
+              volume: cephfs
+              subvolumegroup: smb
+              subvolume: sv1
+              path: /
+          - resource_type: ceph.smb.share
+            cluster_id: adctdb1
+            share_id: share2
+            cephfs:
+              volume: cephfs
+              subvolumegroup: smb
+              subvolume: sv2
+              path: /
+          # --- End Embedded YAML
+# Wait for the smb service to start
+- cephadm.wait_for_service:
+    service: smb.adctdb1
+# Since this is a true cluster there should be a clustermeta in rados
+- cephadm.shell:
+    host.a:
+      - cmd: rados --pool=.smb -N adctdb1 get cluster.meta.json /dev/stdout
+
+# Check if shares exist
+- cephadm.exec:
+    host.d:
+      - sleep 30
+      - "{{ctx.samba_client_container_cmd|join(' ')}} smbclient -U DOMAIN1\\\\ckent%1115Rose. //{{'host.a'|role_to_remote|attr('ip_address')}}/share1 -c ls"
+      - "{{ctx.samba_client_container_cmd|join(' ')}} smbclient -U DOMAIN1\\\\ckent%1115Rose. //{{'host.a'|role_to_remote|attr('ip_address')}}/share2 -c ls"
+
+# verify CTDB is healthy, cluster well formed
+- cephadm.exec:
+    host.a:
+      - "{{ctx.cephadm}} ls --no-detail  | {{ctx.cephadm}} shell jq -r 'map(select(.name | startswith(\"smb.adctdb1\")))[-1].name' > /tmp/svcname"
+      - "{{ctx.cephadm}} enter -n $(cat /tmp/svcname) ctdb status > /tmp/ctdb_status"
+      - cat /tmp/ctdb_status
+      - grep 'pnn:0 .*OK' /tmp/ctdb_status
+      - grep 'pnn:1 .*OK' /tmp/ctdb_status
+      - grep 'pnn:2 .*OK' /tmp/ctdb_status
+      - grep 'Number of nodes:3' /tmp/ctdb_status
+      - rm -rf /tmp/svcname /tmp/ctdb_status
+
+# Test a different host in the cluster
+- cephadm.exec:
+    host.d:
+      - sleep 30
+      - "{{ctx.samba_client_container_cmd|join(' ')}} smbclient -U DOMAIN1\\\\ckent%1115Rose. //{{'host.c'|role_to_remote|attr('ip_address')}}/share1 -c ls"
+      - "{{ctx.samba_client_container_cmd|join(' ')}} smbclient -U DOMAIN1\\\\ckent%1115Rose. //{{'host.c'|role_to_remote|attr('ip_address')}}/share2 -c ls"
+
+- cephadm.shell:
+    host.a:
+      - cmd: ceph smb apply -i -
+        stdin: |
+          # --- Begin Embedded YAML
+          - resource_type: ceph.smb.cluster
+            cluster_id: adctdb1
+            intent: removed
+          - resource_type: ceph.smb.join.auth
+            auth_id: join1-admin
+            intent: removed
+          - resource_type: ceph.smb.share
+            cluster_id: adctdb1
+            share_id: share1
+            intent: removed
+          - resource_type: ceph.smb.share
+            cluster_id: adctdb1
+            share_id: share2
+            intent: removed
+          # --- End Embedded YAML
+# Wait for the smb service to be removed
+- cephadm.wait_for_service_not_present:
+    service: smb.adctdb1