I made a detailed tutorial for a Arch Linux installation a few days back. This is a quick follow up post to create a Distributed-Replicated gluster share.
The goal is to create a mirror for several linux distributions. A mirror needs a lot of disk space, but big machines are expensive. Also I would like to have a bit of redundancy. The idea is to use 4 machines, each of them has around 4,2TB storage. Gluster allows us a good combination of replication and distribution, so we can use 8,4TB of storage across two machines, the rest of the free storage is used for replication.
The installation is quite easy. We need to install the rpcbind
and gluster
packages. I’ve got a seperate partition on all machines, mountet at /glusterfs. After the installation of all packages we can directly create the share (do the following on any of the nodes). Important note: do not do the probe command for the server you are currently working on (we’re on server4 in this example):
1 | gluster peer probe server1 |
2 | gluster peer probe server2 |
3 | gluster peer probe server3 |
4 | gluster volume create mirror replica 2 transport tcp \ |
5 | server1:/glusterfs/mirror \ |
6 | server2:/glusterfs/mirror \ |
7 | server3:/glusterfs/mirror \ |
8 | server4:/glusterfs/mirror |
9 | gluster volume start mirror |
Now we should have a working share, hooray. We can verify the peer and share state:
2 | gluster volume info mirror |
We’re now able to mount the share via the glusterfs fuse module on any node:
1 | mount -t glusterfs server1:/mirror /srv/mirror |
There isn’t any encryption on the gluster traffic so we should do some firewalling. In my setup nobody except for the gluster nodes itself will mount the share. Here is an example ferm config:
1 | @def $node1_ipv4 = ( ipv4 ); |
2 | @def $node1_ipv6 = ( ipv6 ); |
3 | @def $node2_ipv4 = ( ipv4 ); |
4 | @def $node2_ipv6 = ( ipv6 ); |
5 | @def $node3_ipv4 = ( ipv4 ); |
6 | @def $node3_ipv6 = ( ipv6 ); |
7 | @def $node4_ipv4 = ( ipv4 ); |
8 | @def $node4_ipv6 = ( ipv6 ); |
15 | mod state state INVALID DROP; |
16 | mod state state (ESTABLISHED RELATED) ACCEPT ; |
22 | proto icmp icmp-type echo-request ACCEPT ; |
25 | proto tcp dport ssh ACCEPT ; |
28 | proto tcp dport (111 24007 24008 49152 49153 49154 49155 49156 49157) saddr ( $node1_ipv4 $node2_ipv4 $node3_ipv4 $node4_ipv4 ) ACCEPT ; |
33 | chain OUTPUT policy ACCEPT ; |
36 | chain FORWARD policy DROP; |
45 | mod state state INVALID DROP; |
46 | mod state state (ESTABLISHED RELATED) ACCEPT ; |
57 | proto tcp dport ssh ACCEPT ; |
60 | proto tcp dport (111 24007 24008 49152 49153 49154 49155 49156 49157) saddr ( $node1_ipv6 $node2_ipv6 $node3_ipv6 $node4_ipv6 ) ACCEPT ; |
65 | chain OUTPUT policy ACCEPT ; |
68 | chain FORWARD policy DROP; |
Pingback: Linux Short Tip: Correct IPv6 with ferm firewalling | the world needs more puppet!