Initial commit
This commit is contained in:
commit
5c8c3b3343
|
@ -0,0 +1,12 @@
|
||||||
|
FROM alpine AS build
|
||||||
|
|
||||||
|
RUN apk add --no-cache \
|
||||||
|
bind-tools \
|
||||||
|
krb5 \
|
||||||
|
samba-dc
|
||||||
|
|
||||||
|
RUN rm /etc/samba/smb.conf
|
||||||
|
|
||||||
|
COPY entrypoint.sh /entrypoint.sh
|
||||||
|
RUN chmod +x /entrypoint.sh
|
||||||
|
ENTRYPOINT /entrypoint.sh
|
|
@ -0,0 +1,27 @@
|
||||||
|
# Deploying
|
||||||
|
|
||||||
|
Since Samba does not really fit in the Docker world,
|
||||||
|
only viable options are to use `macvlan`, `ipvlan` networking modes
|
||||||
|
so the instance appears on the network with dedicated IP.
|
||||||
|
Alternatively `network_mode: host` might be also viable approach.
|
||||||
|
For sample configuration see `docker-compose.yml`.
|
||||||
|
After provisioning be sure to replace the domain administrator password.
|
||||||
|
|
||||||
|
|
||||||
|
# Replacing node
|
||||||
|
|
||||||
|
Copy `/mnt/ssd/samba` from old node if possible.
|
||||||
|
|
||||||
|
After starting with `overnode up` check replication status, this should show 0 for every line:
|
||||||
|
|
||||||
|
```
|
||||||
|
docker exec -it samba_app_1 samba-tool drs showrepl | grep "consecutive failure"
|
||||||
|
```
|
||||||
|
|
||||||
|
To inspect running version:
|
||||||
|
|
||||||
|
```
|
||||||
|
docker exec -it samba_app_1 samba-tool -V
|
||||||
|
```
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,34 @@
|
||||||
|
|
||||||
|
version: '3.7'
|
||||||
|
|
||||||
|
networks:
|
||||||
|
infra:
|
||||||
|
external: true
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
cap_add:
|
||||||
|
- SYS_ADMIN
|
||||||
|
- NET_ADMIN
|
||||||
|
image: 172.20.40.1:5000/samba:latest
|
||||||
|
hostname: dc${OVERNODE_ID:-1}.ad.k-space.ee
|
||||||
|
networks:
|
||||||
|
infra:
|
||||||
|
ipv4_address: 172.21.39.${OVERNODE_ID:-1}
|
||||||
|
ipv6_address: 2001:bb8:4008:21:172:21:39:${OVERNODE_ID:-1}
|
||||||
|
dns:
|
||||||
|
- 2001:bb8:4008:21:172:21:39:1
|
||||||
|
- 2001:bb8:4008:21:172:21:39:2
|
||||||
|
- 2001:bb8:4008:21:172:21:39:3
|
||||||
|
volumes:
|
||||||
|
- type: bind
|
||||||
|
source: /mnt/ssd/samba/etc/samba
|
||||||
|
target: /etc/samba
|
||||||
|
- type: bind
|
||||||
|
source: /mnt/ssd/samba/var/lib/samba
|
||||||
|
target: /var/lib/samba/
|
||||||
|
environment:
|
||||||
|
PROVISION_WORKGROUP: AD
|
||||||
|
PROVISION_REALM: AD.K-SPACE.EE
|
||||||
|
PROVISION_REVERSE_INET_ZONE: 39.21.172.in-addr.arpa
|
||||||
|
PROVISION_REVERSE_INET6_ZONE: .9.3.0.0.1.2.0.0.2.7.1.0.1.2.0.0.8.0.0.4.8.b.b.0.1.0.0.2.ip6.arpa
|
|
@ -0,0 +1,32 @@
|
||||||
|
#!/bin/sh
|
||||||
|
set -e
|
||||||
|
set -x
|
||||||
|
|
||||||
|
test -f /etc/samba/smb.conf && samba -F && exit 0
|
||||||
|
|
||||||
|
case $(hostname) in
|
||||||
|
dc1)
|
||||||
|
samba-tool domain provision \
|
||||||
|
--option="dns forwarder = 8.8.8.8 1.1.1.1" \
|
||||||
|
--option="disable netbios = yes" \
|
||||||
|
--server-role=dc \
|
||||||
|
--dns-backend=SAMBA_INTERNAL \
|
||||||
|
--realm=$PROVISION_REALM \
|
||||||
|
--domain=$PROVISION_WORKGROUP \
|
||||||
|
--adminpass=S4l4k4l4!!
|
||||||
|
samba -F
|
||||||
|
;;
|
||||||
|
dc2|dc3)
|
||||||
|
echo S4l4k4l4!! | kinit administrator@$PROVISION_REALM
|
||||||
|
! samba-tool dns zonecreate -k yes dc1.$PROVISION_REALM $PROVISION_REVERSE_INET_ZONE
|
||||||
|
! samba-tool dns zonecreate -k yes dc1.$PROVISION_REALM $PROVISION_REVERSE_INET6_ZONE
|
||||||
|
samba-tool domain join -k yes $PROVISION_REALM dc \
|
||||||
|
--option="dns forwarder = 8.8.8.8 1.1.1.1" \
|
||||||
|
--option="disable netbios = yes"
|
||||||
|
samba -F
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Won't do anything for hostname $(hostname)"
|
||||||
|
exit 0
|
||||||
|
;;
|
||||||
|
esac
|
Reference in New Issue