New Distribution Point Failure

  1. 2 months ago

    Hi All... I am having an issue with setting up a new Distribution Point on my CD Server. I will try and explain what I am trying to do as short and concise as possible.

    For starters, CD runs fine and works as expected in regards to upload/deploy, however, we have run out of storage space on our Distribution Point, so I wanted to add a new hard drive and set it up as an additional DP until we could verify it was working, then we can blow away the default DP.

    Our CD Setup:
    CD 1.3.0 installed on Centos 7.4.1708 running on ESXi 6.7.0
    New 500GB virtual hard drive added to the CD VM in ESXi

    Here is what I have done:

    1. Created primary partition on new HD (/dev/sdb) in Centos using CFdisk
    2. Created new folder (/sys_images) to use as mount point for the new drive
    3. Mounted the new drive as "mount /dev/sdb /sys_images"
    4. Added the mount to fstab
    5. Created "images" and "resources" folders in the new folder
    6. Followed http://clonedeploy.org/docs/image-storage-linux/ to set the permissions on the new mount
    7. Edited smb.conf and added a new share, duplicating the default [cd_share] from the original install, but changed the share name and path to be /sys_images
    8. Restarted the SMB Service
    9. Copied all images, preserving permissions, from /cd_dp to /sys_images (cp -rp /cd_dp/images/<imagename> /sys_images/images/)
    10. Verified that permissions are the same on all images in both /cd_dp and /sys_images
    11. In CD, created a new DP named "Image_Storage" and set it up for the new share name and path
    12. Set the New DP as the Primary DP

    Now, when I attempt a deploy or upload, I receive "permission denied" error and the client is stuck in a continuous reboot loop until the task is cancelled:

    [i]** Looking For Active Task For ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **
     
    {"computerId":"4","task":"deploy","taskId":"26"}
     
    ...... Success
     
    Found deploy Task For This Computer
     
    ** Displaying Boot Arguments **
     
    BOOT_IMAGE=kernels/4.13.2x64 initrd=images/initrd.xz root=/dev/ram0 rw ramdisk_size=156000 consoleblank=0 web=http://~~~~~~~/clonedeploy/api/ClientImaging/ USER_TOKEN=~~~~~~~~~~~ MAC~~~~~~~~~~~~~
    Linux client_console.localdomain 4.13.2 #1 SMP Mon Sep 18 12:18:16 EDT 2017 x86_64 GNU/Linux
     
    Boot Image Version: 1008
     
    ** Verifying Active Task **
     
    computer_name=~~~~~~~~~~ image_name=T3610-Win7x64-With-Agent profile_id=7 server_ip=~~~~~~~~~~ pre_scripts="" post_scripts="" file_copy=False sysprep_tags="" task_completed_action="Reboot" osx_target_volume="" munki_repo_url="" change_computer_name=true fix_bootloader=true partition_method=dynamic dp_id="2"
     
    ...... Success
     
    ** Checking Current Queue **
     
    ...... Complete
     
    ** Mounting SMB Share **
     
    ...... Connecting To Image_Storage
    mount: mounting //~~~~~~~~/sys_images on /storage failed: Permission denied
    mount: mounting //~~~~~~~~/sys_images on /storage failed: Permission denied
    mount: mounting //~~~~~~~~/sys_images on /storage failed: Permission denied
    mount: mounting //~~~~~~~~/sys_images on /storage failed: Permission denied
     
    ...... Could Not Mount SMB Share
     
    ...... Looking For Additional Distribution Points
     
    ** An Error Has Occurred **
     
    ...... Could Not Mount SMB Share and Server Is Not Clustered
    [/i]

    One thing I did notice, is that the original cd_dp folder had a 'dot' at the end of the permissions indicating an selinux security context, but the new /sys_images folder did not, so I cloned all permissions as follows:
    NOTE: SeLinux is currently DISABLED on this server:
    [root@clonedeploy]# sestatus
    SELinux status: disabled

    Running ls -dZ /cd_dp/ returns:
    drwxrwsr-x. apache cdsharewriters unconfined_u:object_r:default_t:s0 /cd_dp
    (Notice the 'dot' after -x)

    Whereas ls -dZ /sys_images returned:
    drwxrwsr-x apache cdsharewriters ? /sys_images/
    (No 'dot' after -x)

    Running chcon -h unconfined_u:object_r:default_t:s0 /sys_images fixed the issue and now the two folders match in every way.
    This still did not solve the permissions issue with my new DP.

    Thanks for any help or insight into what I am missing here!

  2. clonedeploy

    Sep 20 Administrator

    It sounds like you followed the correct steps. It's just a regular smb share, might be easier to troubleshoot by trying to connect to it from another pc. Can you post smb.conf?

  3. Here is my entire smb.conf file:
    [global]
    workgroup = SAMBA
    security = user

    passdb backend = tdbsam

    printing = cups
    printcap name = cups
    load printers = yes
    cups options = raw

    [homes]
    comment = Home Directories
    valid users = %S, %D%w%S
    browseable = No
    read only = No
    inherit acls = Yes

    [printers]
    comment = All Printers
    path = /var/tmp
    printable = Yes
    create mask = 0600
    browseable = No

    [print$]
    comment = Printer Drivers
    path = /var/lib/samba/drivers
    write list = root
    create mask = 0664
    directory mask = 0775

    [cd_share]
    path = /cd_dp
    valid users = @cdsharewriters, cd_share_ro
    create mask = 02775
    directory mask = 02775
    guest ok = no
    writable = yes
    browsable = yes
    read list = @cdsharewriters, cd_share_ro
    write list = @cdsharewriters
    force create mode = 02775
    force directory mode = 02775
    force group = +cdsharewriters

    [sys_images]
    path = /sys_images
    valid users = @cdsharewriters, cd_share_ro
    create mask = 02775
    directory mask = 02775
    guest ok = no
    writable = yes
    browsable = yes
    read list = @cdsharewriters, cd_share_ro
    write list = @cdsharewriters
    force create mode = 02775
    force directory mode = 02775
    force group = +cdsharewriters

  4. clonedeploy

    Sep 20 Administrator

    Sounds simple but in step 11 you said you made a new dp. Are you certain the passwords are correct? What if you just change the existing dp to the updated paths?

  5. That 'seems' to have worked!
    Will have to verify that it is indeed pulling from the new drive and not the existing /cd_dp share, but looks good!

    Thanks

  6. BTW - Pretty sure I get better tech support here than from paid software companies!

 

or Sign Up to reply!