I want to combine NAS storage functionality with Openstack KVM instances on one box. Cinder can use LVM as storage backend and I want to use bcache as SSD cacing in front of mdraid. On top runs LVM which is necessary for Cinder.

Why Debian? Debian 9 has got a very new kernel which is very wishful for using bcache. The bcache utilities are default in Debian repos. Ubuntu 16.04 LTS is not as new as the long lasting Debian 9.

apt install chrony

/etc/chrony/chrony.conf

.
.
server 172.16.2.250 iburst
.
.

systemctl restart chrony
systemctl enable chrony

apt install ifenslave-2.6 vlan

/etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

auto bond0
iface bond0 inet manual
  bond_mode 802.3ad
  bond_miimon 100
  bond_xmit_hash_policy layer2+3
  bond_updelay 200
  bond_downdelay 200
  bond_lacp_rate fast
  slaves eno1 eno2

auto vlan2
iface vlan2 inet static
  vlan_raw_device bond0
  address 172.16.2.3/24
  gateway 172.16.2.1

iface vlan2 inet6 static
  address 2a02:22a0:bbb7:402::3/64
  gateway 2a02:22a0:bbb7:402::1

auto vlan11
iface vlan11 inet static
  vlan_raw_device bond0
  address 172.16.3.3/24

iface vlan11 inet6 static
   address 2a02:22a0:bbb7:403::3/64

# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 2a02:22a0:bbb7:402::21 172.16.2.21 2620:0:ccc::2
dns-search mngt.bh.helux.nl

apt install sssd sssd-ldap

/etc/sssd/sssd.conf

[sssd]
config_file_version = 2
services = nss, pam
domains = LDAP

[nss]

[pam]

[domain/LDAP]
id_provider = ldap
auth_provider = ldap

ldap_uri = ldap://ldap.mngt.bh.helux.nl/
ldap_search_base = dc=helux,dc=nl

ldap_id_use_start_tls = true
ldap_tls_cacert = /usr/local/share/ca-certificates/cacert.crt

cache_credentials = true
enumerate = true

cd /usr/local/share/ca-certificates
wget http://ldap.mngt.bh.helux.nl/cacert.crt
update-ca-certificates

/usr/share/pam-configs/mkhomedir

Name: activate mkhomedir
Default: yes
Priority: 900
Session-Type: Additional
Session:
  required  pam_mkhomedir.so umask=0022 skel=/etc/skel

pam-auth-update

Because of the LACP link the network is not available when I startup the server. It takes some time before everything is running. Samba wants to connect to LDAP and it fails when LDAP is not reachable. So this is a wait service.

/etc/systemd/system/network-wait-online.service

#
# Uses 'hostname --all-fqdns' to confirm that both: IP address[es] assigned, and DNS operational
#

[Unit]
Description=Wait for Network to be Online
Documentation=man:systemd.service(5) man:systemd.special(7)
Conflicts=shutdown.target
After=network.target
Before=network-online.target

[Service]
Type=oneshot
ExecStart=/bin/bash -c 'while [ -z $(hostname --all-fqdns) ]; do sleep 1; done'
TimeoutStartSec=1min 30s

[Install]
WantedBy=network-online.target

systemctl daemon-reload
systemctl enable network-wait-online

systemctl daemon-reload
systemctl enable network-wait-online

apt install smartmontools

TODO: monitoring config with smartd and cron

apt install samba

/etc/samba/smb.conf

[global]
	realm = *
	workgroup = HELUX
	local master = No
	ldap admin dn = cn=manager,dc=helux,dc=nl
	ldap group suffix = ou=Group
	ldap idmap suffix = ou=Idmap
	ldap machine suffix = ou=Computer
	ldap passwd sync = yes
	ldap suffix = dc=helux,dc=nl
	ldap user suffix = ou=People
	load printers = No
	printcap name = cups
	server min protocol = NT1
	passdb backend = ldapsam:ldap://ldap.mngt.bh.helux.nl
	security = USER
	server role = standalone server
	winbind enum groups = Yes
	winbind enum users = Yes
	ldapsam:editposix = yes
	ldapsam:trusted = yes
	idmap config * : backend = tdb
	admin users = root
	create mask = 0640
	directory mask = 0750


[home]
	path = /home/%U
	read only = No
	valid users = %U


[share]
	path = /volume1/share
	read only = No
	valid users = %U