Really add new conf.base-SoFS-1.5.3 file.

Forgot to "git add" it last time and it got missed. Signed-off-by: Martin Schwenke <martin@meltin.net>
author: Martin Schwenke <martin@meltin.net> 2009-04-17 23:09:54 +1000
committer: Martin Schwenke <martin@meltin.net> 2009-04-17 23:09:54 +1000
commit: 696317eeaabc71b239ab52fba162f7fcb601563f (patch)
tree: cd4329ced6526e1d3dd567f9dd34f51a2118d798 /base/root/scripts
parent: 30279189108e2f484e743ab7d5f30abcffb4a699 (diff)
download: autocluster-696317eeaabc71b239ab52fba162f7fcb601563f.tar.gz
autocluster-696317eeaabc71b239ab52fba162f7fcb601563f.tar.xz
autocluster-696317eeaabc71b239ab52fba162f7fcb601563f.zip
1 files changed, 523 insertions, 0 deletions
diff --git a/base/root/scripts/conf.base-SoFS-1.5.3 b/base/root/scripts/conf.base-SoFS-1.5.3
new file mode 100644
index 0000000..ac09782
--- /dev/null
+++ b/base/root/scripts/conf.base-SoFS-1.5.3
@@ -0,0 +1,523 @@
+# a rough base config for SoFS-1.5.3 used by setup_samba.sh
+# created using "cnconfig backup"
+[CTDB_MANAGES_SAMBA]
+	yes
+
+[CTDB_MANAGES_HTTPD]
+	yes
+
+[HTTP_CONFIGURED]
+	yes
+
+[CTDB_MANAGES_VSFTPD]
+	yes
+
+[FTP_CONFIGURED]
+	yes
+
+[vsftpd]
+	# no anon access
+	anonymous_enable=NO
+	# put locks onto the files currently transferred
+	lock_upload_files=YES
+	# enable write access
+	write_enable=YES
+	# prevent changing access rights – ACLs get screwed otherwise
+	chmod_enable=NO
+	# enable that user is able to see the root of gpfs
+	chroot_local_user=YES
+	# allow local user access
+	local_enable=YES
+	listen=YES
+	pam_service_name=vsftpd
+	# set the ftp root directory users can see when they connect to the FTP
+	local_root=/var/opt/IBM/sofs/ftproot
+	log_ftp_protocol=NO
+	syslog_enable=YES
+	#show user/groupnames instead of only numeric IDs
+	text_userdb_names=YES
+
+[CTDB_MANAGES_NFS]
+	yes
+
+[NFS_CONFIGURED]
+	yes
+
+[CTDB_MANAGES_SCP]
+	yes
+
+[SCP_CONFIGURED]
+	yes
+
+[scpglobal]
+	allowscp
+	allowsftp
+	chrootpath=/var/opt/IBM/sofs/scproot
+	logfacility=LOG_USER
+
+[ftpexports]
+	data=/gpfs/data
+
+[httpexports]
+	ScriptAlias "/data" "/var/www/cgi-bin/browse.cgi"
+	RewriteRule ^/data(/(.*)$|$) - [E=CGIBROWSE_PREFIX:/gpfs/data]
+	
+	
+
+[nfsexports]
+	"/gpfs/data"	*(rw,no_root_squash,fsid=834258092)
+	
+
+[nfssharenames]
+	#
+	#Fri Apr 17 20:42:35 EST 2009
+	/gpfs/data=data
+	
+
+[scpexports]
+	data=/gpfs/data
+
+[smbconf/global]
+	netbios name = @@CLUSTER@@
+	workgroup = @@WORKGROUP@@
+	realm = @@DOMAIN@@
+	server string = "IBM SoFS Cluster"
+	disable netbios = yes
+	disable spoolss = yes
+	fileid:mapping = fsname
+	use mmap = yes
+	gpfs:sharemodes = yes
+	gpfs:leases = yes
+	passdb backend = tdbsam
+	idmap backend = tdb2
+	idmap:cache = no
+	security = ADS
+	preferred master = no
+	idmap gid = 10000000-11000000
+	idmap uid = 10000000-11000000
+	kernel oplocks = yes
+	syslog = 1
+	host msdfs = no
+	notify:inotify = no
+	vfs objects = shadow_copy2 syncops gpfs fileid
+	shadow:snapdir = .snapshots
+	shadow:fixinodes = yes
+	wide links = no
+	auth methods = guest sam winbind
+	smbd:backgroundqueue = False
+	read only = no
+	use sendfile = yes
+	strict locking = yes
+	posix locking = yes
+	large readwrite = yes
+	force unknown acl user = yes
+	nfs4:mode = special
+	nfs4:chown = yes
+	nfs4:acedup = merge
+	nfs4:sidmap = /etc/samba/sidmap.tdb
+	map readonly = no
+	ea support = yes
+	groupdb:backend = tdb
+	winbind:online check timeout = 30
+	template shell = /usr/bin/rssh
+	template homedir = /var/opt/IBM/sofs/scproot
+	dmapi support = no
+
+[smbconf/data]
+	path = /gpfs/data
+	comment = Data Share
+	guest ok = no
+	read only = no
+	browseable = yes
+
+
+[/etc/ctdb/public_addresses:@@CLUSTER@@n1.@@DOMAIN@@]
+
+[/etc/ctdb/public_addresses:@@CLUSTER@@n2.@@DOMAIN@@]
+	@@IPBASE@@.1.101/24 eth1
+	@@IPBASE@@.1.102/24 eth1
+	@@IPBASE@@.1.103/24 eth1
+	@@IPBASE@@.2.101/24 eth2
+	@@IPBASE@@.2.102/24 eth2
+	@@IPBASE@@.2.103/24 eth2
+
+[/etc/ctdb/public_addresses:@@CLUSTER@@n3.@@DOMAIN@@]
+	@@IPBASE@@.1.101/24 eth1
+	@@IPBASE@@.1.102/24 eth1
+	@@IPBASE@@.1.103/24 eth1
+	@@IPBASE@@.2.101/24 eth2
+	@@IPBASE@@.2.102/24 eth2
+	@@IPBASE@@.2.103/24 eth2
+
+[/etc/krb5.conf]
+	[logging]
+	 default = FILE:/var/log/krb5libs.log
+	 kdc = FILE:/var/log/krb5kdc.log
+	 admin_server = FILE:/var/log/kadmind.log
+	
+	[libdefaults]
+	 default_realm = EXAMPLE.COM
+	 dns_lookup_realm = true
+	 dns_lookup_kdc = true
+	 ticket_lifetime = 24h
+	 forwardable = yes
+	
+	[realms]
+		@@DOMAIN@@ = {  	
+			kdc = sofs1-ad.@@DOMAIN@@
+		} 		
+	 EXAMPLE.COM = {
+	  kdc = kerberos.example.com:88
+	  admin_server = kerberos.example.com:749
+	  default_domain = example.com
+	 }
+	
+	[domain_realm]
+	 .example.com = EXAMPLE.COM
+	 example.com = EXAMPLE.COM
+	
+	[appdefaults]
+	 pam = {
+	   debug = false
+	   ticket_lifetime = 36000
+	   renew_lifetime = 36000
+	   forwardable = true
+	   krb4_convert = false
+	 }
+
+[/etc/samba/smb.conf]
+	# Samba Configuration file.
+	#
+	# ****************** WARNING ********************************
+	# The contents of this file should not be modified directly !
+	#
+	# The samba options are stored in the registry.
+	# Use the "net conf" command to add/modify samba options in the registry
+	# ***************************************************************
+	
+	[global]
+		# enable clustering
+		clustering=yes
+		ctdb:registry.tdb=yes
+		private dir=/gpfs/.ctdb/
+		# Load options from registry
+		include=registry 
+
+[/etc/sysconfig/authconfig]
+	USEWINBINDAUTH=yes
+	USEKERBEROS=no
+	USESYSNETAUTH=no
+	USEPAMACCESS=no
+	USEMKHOMEDIR=no
+	FORCESMARTCARD=no
+	USESMBAUTH=no
+	USESMARTCARD=no
+	USELDAPAUTH=no
+	USEDB=no
+	USEWINBIND=no
+	USESHADOW=yes
+	PASSWDALGORITHM=md5
+	USELOCAUTHORIZE=no
+	USEPASSWDQC=no
+	USELDAP=no
+	USEHESIOD=no
+	USECRACKLIB=yes
+	USENIS=no
+
+[/etc/sysconfig/ctdb]
+	# Options to ctdbd. This is read by /etc/init.d/ctdb
+	# you must specify the location of a shared lock file across all the
+	# nodes. This must be on shared storage
+	# there is no default
+	CTDB_RECOVERY_LOCK=/gpfs/.ctdb/shared
+	# should ctdb do IP takeover? If it should, then specify a file
+	# containing the list of public IP addresses that ctdb will manage
+	# Note that these IPs must be different from those in $NODES above
+	# there is no default
+	CTDB_PUBLIC_ADDRESSES=/etc/ctdb/public_addresses
+	# when doing IP takeover you also must specify what network interface
+	# to use for the public addresses
+	# there is no default
+	CTDB_PUBLIC_INTERFACE=eth0
+	# should ctdb manage starting/stopping the Samba service for you?
+	# default is to not manage Samba
+	CTDB_MANAGES_SAMBA=yes
+	# should ctdb manage starting/stopping the winbind service for you?
+	# default is autodetect
+	CTDB_MANAGES_WINBIND=yes
+	# should ctdb monitor GPFS filesystems and disks
+	CTDB_MANAGES_GPFS=yes
+	# you may wish to raise the file descriptor limit for ctdb
+	# use a ulimit command here. ctdb needs one file descriptor per
+	# connected client (ie. one per connected client in Samba)
+	ulimit -n 10000
+	DAEMON_COREFILE_LIMIT="unlimited"
+	# the NODES file must be specified or ctdb won't start
+	# it should contain a list of IPs that ctdb will use
+	# it must be exactly the same on all cluster nodes
+	# defaults to /etc/ctdb/nodes
+	CTDB_NODES=/etc/ctdb/nodes
+	# the directory to put the local ctdb database files in
+	# defaults to /var/ctdb
+	CTDB_DBDIR=/var/ctdb
+	# the script to run when ctdb needs to ask the OS for help,
+	# such as when a IP address needs to be taken or released
+	# defaults to /etc/ctdb/events
+	CTDB_EVENT_SCRIPT=/etc/ctdb/events.d
+	# the location of the local ctdb socket
+	# defaults to /tmp/ctdb.socket
+	CTDB_SOCKET=/tmp/ctdb.socket
+	# what transport to use. Only tcp is currently supported
+	# defaults to tcp
+	CTDB_TRANSPORT="tcp"
+	# where to log messages
+	# the default is /var/log/log.ctdb
+	CTDB_LOGFILE=/var/log/log.ctdb
+	# what debug level to run at. Higher means more verbose
+	# the default is 2
+	CTDB_DEBUGLEVEL=2
+	# set any default tuning options for ctdb
+	# use CTDB_SET_XXXX=value where XXXX is the name of the tuning
+	# variable
+	# for example
+	#CTDB_SET_TRAVERSETIMEOUT=60
+	#Disable the share check during monitor
+	CTDB_SAMBA_SKIP_SHARE_CHECK=yes
+	#Specify the SMB ports to check during monitor
+	CTDB_SAMBA_CHECK_PORTS="445"
+	# you can get a list of variables using "ctdb listvars"
+	# any other options you might want. Run ctdbd --help for a list
+	CTDB_OPTIONS=--syslog
+
+[/etc/sysconfig/vsftpd]
+	# should ctdb manage starting/stopping the service for you?
+	# default is to not manage it
+	CTDB_MANAGES_VSFTPD=yes
+
+[/etc/sysconfig/http]
+	# should ctdb manage starting/stopping the service for you?
+	# default is to not manage it
+	CTDB_MANAGES_HTTPD=yes
+
+[/etc/sysconfig/nfs]
+	STATD_PORT=32765
+	STATD_OUTGOING_PORT=32766
+	MOUNTD_PORT=32767
+	RQUOTAD_PORT=32768
+	LOCKD_UDPPORT=32769
+	LOCKD_TCPPORT=32769
+	NFS_TICKLE_SHARED_DIRECTORY=/gpfs/.ctdb/nfs-tickles
+	STATD_SHARED_DIRECTORY=/gpfs/.ctdb/nfs-state
+	NFS_HOSTNAME="@@CLUSTER@@"
+	STATD_HOSTNAME="$NFS_HOSTNAME -H /etc/ctdb/statd-callout "
+	RPCNFSDARGS="-N 4"
+	# should ctdb manage starting/stopping the service for you?
+	# default is to not manage it
+	CTDB_MANAGES_NFS=yes
+
+[/etc/nsswitch.conf]
+	#
+	# /etc/nsswitch.conf
+	#
+	# An example Name Service Switch config file. This file should be
+	# sorted with the most-used services at the beginning.
+	#
+	# The entry '[NOTFOUND=return]' means that the search for an
+	# entry should stop if the search in the previous entry turned
+	# up nothing. Note that if the search failed due to some other reason
+	# (like no NIS server responding) then the search continues with the
+	# next entry.
+	#
+	# Legal entries are:
+	#
+	#	nisplus or nis+		Use NIS+ (NIS version 3)
+	#	nis or yp		Use NIS (NIS version 2), also called YP
+	#	dns			Use DNS (Domain Name Service)
+	#	files			Use the local files
+	#	db			Use the local database (.db) files
+	#	compat			Use NIS on compat mode
+	#	hesiod			Use Hesiod for user lookups
+	#	[NOTFOUND=return]	Stop searching if not found so far
+	#
+	
+	# To use db, put the "db" in front of "files" for entries you want to be
+	# looked up first in the databases
+	#
+	# Example:
+	#passwd:    db files nisplus nis
+	#shadow:    db files nisplus nis
+	#group:     db files nisplus nis
+	
+	passwd:     files winbind
+	shadow:     files
+	group:      files winbind 
+	
+	#hosts:     db files nisplus nis dns
+	hosts:      files dns
+	
+	# Example - obey only what nisplus tells us...
+	#services:   nisplus [NOTFOUND=return] files
+	#networks:   nisplus [NOTFOUND=return] files
+	#protocols:  nisplus [NOTFOUND=return] files
+	#rpc:        nisplus [NOTFOUND=return] files
+	#ethers:     nisplus [NOTFOUND=return] files
+	#netmasks:   nisplus [NOTFOUND=return] files     
+	
+	bootparams: nisplus [NOTFOUND=return] files
+	
+	ethers:     files
+	netmasks:   files
+	networks:   files
+	protocols:  files
+	rpc:        files
+	services:   files
+	
+	netgroup:   nisplus
+	
+	publickey:  nisplus
+	
+	automount:  files nisplus
+	aliases:    files nisplus
+	
+
+[/etc/pam.d/system-auth-ac]
+	#%PAM-1.0
+	# This file is auto-generated.
+	# User changes will be destroyed the next time authconfig is run.
+	auth        required      pam_env.so
+	auth        sufficient    pam_unix.so nullok try_first_pass
+	auth        requisite     pam_succeed_if.so uid >= 500 quiet
+	auth        sufficient    pam_winbind.so use_first_pass
+	auth        required      pam_deny.so
+	
+	account     required      pam_unix.so broken_shadow
+	account     sufficient    pam_succeed_if.so uid < 500 quiet
+	account     [default=bad success=ok user_unknown=ignore] pam_winbind.so
+	account     required      pam_permit.so
+	
+	password    requisite     pam_cracklib.so try_first_pass retry=3
+	password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok
+	password    sufficient    pam_winbind.so use_authtok
+	password    required      pam_deny.so
+	
+	session     optional      pam_keyinit.so revoke
+	session     required      pam_limits.so
+	session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
+	session     required      pam_unix.so
+
+[/etc/pam.d/vsftpd]
+	#%PAM-1.0
+	session    optional     pam_keyinit.so    force revoke
+	auth       required     pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
+	#auth       required     pam_shells.so
+	auth       sufficient   pam_winbind.so
+	auth       include      system-auth
+	account    sufficient   pam_winbind.so
+	account    include      system-auth
+	session    include      system-auth
+	session    required     pam_loginuid.so
+
+[/etc/rssh.conf]
+	allowscp
+	allowsftp
+	chrootpath=/var/opt/IBM/sofs/scproot
+	logfacility=LOG_USER
+
+[/etc/httpd/conf.d/shares.config]
+	ScriptAlias "/data" "/var/www/cgi-bin/browse.cgi"
+	RewriteRule ^/data(/(.*)$|$) - [E=CGIBROWSE_PREFIX:/gpfs/data]
+	
+	
+
+[/etc/vsftpd/vsftpd.conf]
+	# no anon access
+	anonymous_enable=NO
+	# put locks onto the files currently transferred
+	lock_upload_files=YES
+	# enable write access
+	write_enable=YES
+	# prevent changing access rights – ACLs get screwed otherwise
+	chmod_enable=NO
+	# enable that user is able to see the root of gpfs
+	chroot_local_user=YES
+	# allow local user access
+	local_enable=YES
+	listen=YES
+	pam_service_name=vsftpd
+	# set the ftp root directory users can see when they connect to the FTP
+	local_root=/var/opt/IBM/sofs/ftproot
+	log_ftp_protocol=NO
+	syslog_enable=YES
+	#show user/groupnames instead of only numeric IDs
+	text_userdb_names=YES
+
+[/var/opt/IBM/sofs/configs/scpexports]
+	data=/gpfs/data
+
+[/var/opt/IBM/sofs/configs/ftpexports]
+	data=/gpfs/data
+
+[/var/opt/IBM/sofs/scproot/etc/nsswitch.conf]
+	#
+	# /etc/nsswitch.conf
+	#
+	# An example Name Service Switch config file. This file should be
+	# sorted with the most-used services at the beginning.
+	#
+	# The entry '[NOTFOUND=return]' means that the search for an
+	# entry should stop if the search in the previous entry turned
+	# up nothing. Note that if the search failed due to some other reason
+	# (like no NIS server responding) then the search continues with the
+	# next entry.
+	#
+	# Legal entries are:
+	#
+	#	nisplus or nis+		Use NIS+ (NIS version 3)
+	#	nis or yp		Use NIS (NIS version 2), also called YP
+	#	dns			Use DNS (Domain Name Service)
+	#	files			Use the local files
+	#	db			Use the local database (.db) files
+	#	compat			Use NIS on compat mode
+	#	hesiod			Use Hesiod for user lookups
+	#	[NOTFOUND=return]	Stop searching if not found so far
+	#
+	
+	# To use db, put the "db" in front of "files" for entries you want to be
+	# looked up first in the databases
+	#
+	# Example:
+	#passwd:    db files nisplus nis
+	#shadow:    db files nisplus nis
+	#group:     db files nisplus nis
+	
+	passwd:     files winbind
+	shadow:     files
+	group:      files winbind 
+	
+	#hosts:     db files nisplus nis dns
+	hosts:      files dns
+	
+	# Example - obey only what nisplus tells us...
+	#services:   nisplus [NOTFOUND=return] files
+	#networks:   nisplus [NOTFOUND=return] files
+	#protocols:  nisplus [NOTFOUND=return] files
+	#rpc:        nisplus [NOTFOUND=return] files
+	#ethers:     nisplus [NOTFOUND=return] files
+	#netmasks:   nisplus [NOTFOUND=return] files     
+	
+	bootparams: nisplus [NOTFOUND=return] files
+	
+	ethers:     files
+	netmasks:   files
+	networks:   files
+	protocols:  files
+	rpc:        files
+	services:   files
+	
+	netgroup:   nisplus
+	
+	publickey:  nisplus
+	
+	automount:  files nisplus
+	aliases:    files nisplus
+
author	Martin Schwenke <martin@meltin.net>	2009-04-17 23:09:54 +1000
committer	Martin Schwenke <martin@meltin.net>	2009-04-17 23:09:54 +1000
commit	696317eeaabc71b239ab52fba162f7fcb601563f (patch)
tree	cd4329ced6526e1d3dd567f9dd34f51a2118d798 /base/root/scripts
parent	30279189108e2f484e743ab7d5f30abcffb4a699 (diff)
download	autocluster-696317eeaabc71b239ab52fba162f7fcb601563f.tar.gz autocluster-696317eeaabc71b239ab52fba162f7fcb601563f.tar.xz autocluster-696317eeaabc71b239ab52fba162f7fcb601563f.zip