Initial commit

2021-06-13 11:44:30 +00:00 · 2021-06-13 11:44:30 +00:00 · 5c8c3b3343
commit 5c8c3b3343
4 changed files with 105 additions and 0 deletions
--- a/12
+++ b/12
@ -0,0 +1,12 @@
+FROM alpine AS build
+
+RUN apk add --no-cache \
+    bind-tools \
+    krb5 \
+    samba-dc
+
+RUN rm /etc/samba/smb.conf
+
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+ENTRYPOINT /entrypoint.sh
--- a/README.md
+++ b/README.md
@ -0,0 +1,27 @@
+# Deploying
+
+Since Samba does not really fit in the Docker world,
+only viable options are to use `macvlan`, `ipvlan` networking modes
+so the instance appears on the network with dedicated IP.
+Alternatively `network_mode: host` might be also viable approach.
+For sample configuration see `docker-compose.yml`.
+After provisioning be sure to replace the domain administrator password.
+
+
+# Replacing node
+
+Copy `/mnt/ssd/samba` from old node if possible.
+
+After starting with `overnode up` check replication status, this should show 0 for every line:
+
+```
+docker exec -it samba_app_1  samba-tool drs showrepl | grep "consecutive failure"
+```
+
+To inspect running version:
+
+```
+docker exec -it samba_app_1 samba-tool -V
+```
+
+
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -0,0 +1,34 @@
+
+version: '3.7'
+
+networks:
+  infra:
+    external: true
+
+services:
+    app:
+        cap_add:
+        - SYS_ADMIN
+        - NET_ADMIN
+        image: 172.20.40.1:5000/samba:latest
+        hostname: dc${OVERNODE_ID:-1}.ad.k-space.ee
+        networks:
+            infra:
+                ipv4_address: 172.21.39.${OVERNODE_ID:-1}
+                ipv6_address: 2001:bb8:4008:21:172:21:39:${OVERNODE_ID:-1}
+        dns:
+         - 2001:bb8:4008:21:172:21:39:1
+         - 2001:bb8:4008:21:172:21:39:2
+         - 2001:bb8:4008:21:172:21:39:3
+        volumes:
+            - type: bind
+              source: /mnt/ssd/samba/etc/samba
+              target: /etc/samba
+            - type: bind
+              source: /mnt/ssd/samba/var/lib/samba
+              target: /var/lib/samba/
+        environment:
+            PROVISION_WORKGROUP: AD
+            PROVISION_REALM: AD.K-SPACE.EE
+            PROVISION_REVERSE_INET_ZONE: 39.21.172.in-addr.arpa
+            PROVISION_REVERSE_INET6_ZONE: .9.3.0.0.1.2.0.0.2.7.1.0.1.2.0.0.8.0.0.4.8.b.b.0.1.0.0.2.ip6.arpa
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -0,0 +1,32 @@
+#!/bin/sh
+set -e
+set -x
+
+test -f /etc/samba/smb.conf && samba -F && exit 0
+
+case $(hostname) in
+  dc1)
+    samba-tool domain provision \
+      --option="dns forwarder = 8.8.8.8 1.1.1.1" \
+      --option="disable netbios = yes" \
+      --server-role=dc \
+      --dns-backend=SAMBA_INTERNAL \
+      --realm=$PROVISION_REALM \
+      --domain=$PROVISION_WORKGROUP \
+      --adminpass=S4l4k4l4!!
+    samba -F
+    ;;
+  dc2|dc3)
+    echo S4l4k4l4!! | kinit administrator@$PROVISION_REALM
+    ! samba-tool dns zonecreate -k yes dc1.$PROVISION_REALM $PROVISION_REVERSE_INET_ZONE
+    ! samba-tool dns zonecreate -k yes dc1.$PROVISION_REALM $PROVISION_REVERSE_INET6_ZONE
+    samba-tool domain join -k yes $PROVISION_REALM dc \
+      --option="dns forwarder = 8.8.8.8 1.1.1.1" \
+      --option="disable netbios = yes"
+    samba -F
+    ;;
+  *)
+    echo "Won't do anything for hostname $(hostname)"
+    exit 0
+    ;;
+esac