How to set up Samba high availability with PCS

Keeping SMB file shares available during node failures or maintenance prevents broken mappings, interrupted applications, and long file-lock recoveries. A Samba high availability stack also keeps the client-facing address stable, so reconnect behavior is consistent during failover.

In a Pacemaker and Corosync cluster managed by the pcs CLI, each moving part of the file service becomes a resource. A Filesystem resource mounts the shared storage, an IPaddr2 resource assigns the floating IP address, and a systemd resource controls the Samba daemon. Grouping these resources forces colocation on the same node and enforces ordered start/stop so the service comes online cleanly.

Shared storage must enforce single-writer access (or use a clustered filesystem that supports multi-writer safely), otherwise simultaneous mounts can corrupt data. Reliable fencing (STONITH) is critical in production to prevent split-brain from running the stack on more than one node. Share configuration and authentication must be consistent across nodes, and interface-restricted Samba setups (for example bind interfaces only) must account for the floating IP.

1. Confirm the cluster is online with quorum.

   $ sudo pcs status
   Cluster name: clustername
   Cluster Summary:
     * Stack: corosync (Pacemaker is running)
     * Current DC: node-01 (version 2.1.6-6fdc9deea29) - partition with quorum
     * 3 nodes configured
     * 0 resource instances configured
   ##### snipped #####

   Related: How to check Pacemaker cluster status

2. Identify the Samba service unit name.

   $ systemctl list-unit-files --type=service | grep -E '^(smb|smbd)\.service'
   smbd.service                                 disabled        enabled

   Related: How to manage Pacemaker cluster services with systemctl in Linux

3. Disable the detected Samba service unit on all cluster nodes to prevent startup outside Pacemaker control.

   $ sudo systemctl disable --now smbd
   Synchronizing state of smbd.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
   Executing: /usr/lib/systemd/systemd-sysv-install disable smbd
   ##### snipped #####

   Leaving Samba enabled outside cluster control can result in both nodes exporting the same single-writer storage, causing data corruption.

   Related: How to manage Pacemaker cluster services with systemctl in Linux

4. Validate the Samba configuration file on each node.

   $ sudo testparm -s
   Load smb config files from /etc/samba/smb.conf
   Loaded services file OK.
   Weak crypto is allowed by GnuTLS (e.g. NTLM as a compatibility fallback)
   
   Server role: ROLE_STANDALONE
   
   # Global parameters
   [global]
   	map to guest = Bad User
   	security = USER
   	idmap config * : backend = tdb
   
   
   [files]
   	path = /srv/samba
   	read only = No

   The share path should match the mount point used by the clustered Filesystem resource.

5. Create the share mount point directory on all nodes.

   $ sudo install -d -o root -g root -m 0755 /srv/samba
   $ ls -ld /srv/samba
   drwxr-xr-x 2 root root 4096 Jan  1 06:57 /srv/samba

6. Get the filesystem details for the shared block device.

   $ sudo blkid /dev/loop11
   /dev/loop11: UUID="85eeb728-c39c-429b-a3c8-a8e3971d851e" BLOCK_SIZE="512" TYPE="xfs"

   Use a stable device identifier (such as a UUID) when the shared storage path can change between boots.

   Related: How to get disk and partition UUIDs in Linux

7. Create a filesystem resource for the shared export path.

   $ sudo pcs resource create samba_fs ocf:heartbeat:Filesystem device=/dev/loop11 directory=/srv/samba fstype=xfs op monitor interval=20s

   Use the shared device identifier and the mount path intended for the cluster.

8. Create a floating IP resource for the SMB endpoint.

   $ sudo pcs resource create samba_ip ocf:heartbeat:IPaddr2 ip=192.0.2.72 cidr_netmask=24 op monitor interval=30s

   Related: How to create a floating IP address in Pacemaker

9. Create the Samba service resource.

   $ sudo pcs resource create samba_service systemd:smbd op monitor interval=30s

   Use systemd:smbd when that unit is present.

10. Group the filesystem, floating IP, and service resources.

    $ sudo pcs resource group add samba-stack samba_fs samba_ip samba_service

    Ordering inside the group controls start/stop order for clean failover.

    Related: How to create a Pacemaker resource group

11. Verify the resource group placement.

    $ sudo pcs status resources
      * Resource Group: samba-stack:
        * samba_fs	(ocf:heartbeat:Filesystem):	 Started node-01
        * samba_ip	(ocf:heartbeat:IPaddr2):	 Started node-01
        * samba_service	(systemd:smbd):	 Started node-01

12. List exported shares through the floating IP from a client system.

    $ smbclient -L //192.0.2.72 -U shareuser
    Password for [WORKGROUP\shareuser]:
    
    	Sharename       Type      Comment
    	---------       ----      -------
    	files           Disk      
    	IPC$            IPC       IPC Service (Samba 4.19.5-Ubuntu)
    SMB1 disabled -- no workgroup available

13. Run a failover test for the running resource group.

    Related: How to run a Pacemaker failover test with PCS