Initial commit
This commit is contained in:
commit
5c8c3b3343
|
@ -0,0 +1,12 @@
|
|||
FROM alpine AS build
|
||||
|
||||
RUN apk add --no-cache \
|
||||
bind-tools \
|
||||
krb5 \
|
||||
samba-dc
|
||||
|
||||
RUN rm /etc/samba/smb.conf
|
||||
|
||||
COPY entrypoint.sh /entrypoint.sh
|
||||
RUN chmod +x /entrypoint.sh
|
||||
ENTRYPOINT /entrypoint.sh
|
|
@ -0,0 +1,27 @@
|
|||
# Deploying
|
||||
|
||||
Since Samba does not really fit in the Docker world,
|
||||
only viable options are to use `macvlan`, `ipvlan` networking modes
|
||||
so the instance appears on the network with dedicated IP.
|
||||
Alternatively `network_mode: host` might be also viable approach.
|
||||
For sample configuration see `docker-compose.yml`.
|
||||
After provisioning be sure to replace the domain administrator password.
|
||||
|
||||
|
||||
# Replacing node
|
||||
|
||||
Copy `/mnt/ssd/samba` from old node if possible.
|
||||
|
||||
After starting with `overnode up` check replication status, this should show 0 for every line:
|
||||
|
||||
```
|
||||
docker exec -it samba_app_1 samba-tool drs showrepl | grep "consecutive failure"
|
||||
```
|
||||
|
||||
To inspect running version:
|
||||
|
||||
```
|
||||
docker exec -it samba_app_1 samba-tool -V
|
||||
```
|
||||
|
||||
|
|
@ -0,0 +1,34 @@
|
|||
|
||||
version: '3.7'
|
||||
|
||||
networks:
|
||||
infra:
|
||||
external: true
|
||||
|
||||
services:
|
||||
app:
|
||||
cap_add:
|
||||
- SYS_ADMIN
|
||||
- NET_ADMIN
|
||||
image: 172.20.40.1:5000/samba:latest
|
||||
hostname: dc${OVERNODE_ID:-1}.ad.k-space.ee
|
||||
networks:
|
||||
infra:
|
||||
ipv4_address: 172.21.39.${OVERNODE_ID:-1}
|
||||
ipv6_address: 2001:bb8:4008:21:172:21:39:${OVERNODE_ID:-1}
|
||||
dns:
|
||||
- 2001:bb8:4008:21:172:21:39:1
|
||||
- 2001:bb8:4008:21:172:21:39:2
|
||||
- 2001:bb8:4008:21:172:21:39:3
|
||||
volumes:
|
||||
- type: bind
|
||||
source: /mnt/ssd/samba/etc/samba
|
||||
target: /etc/samba
|
||||
- type: bind
|
||||
source: /mnt/ssd/samba/var/lib/samba
|
||||
target: /var/lib/samba/
|
||||
environment:
|
||||
PROVISION_WORKGROUP: AD
|
||||
PROVISION_REALM: AD.K-SPACE.EE
|
||||
PROVISION_REVERSE_INET_ZONE: 39.21.172.in-addr.arpa
|
||||
PROVISION_REVERSE_INET6_ZONE: .9.3.0.0.1.2.0.0.2.7.1.0.1.2.0.0.8.0.0.4.8.b.b.0.1.0.0.2.ip6.arpa
|
|
@ -0,0 +1,32 @@
|
|||
#!/bin/sh
|
||||
set -e
|
||||
set -x
|
||||
|
||||
test -f /etc/samba/smb.conf && samba -F && exit 0
|
||||
|
||||
case $(hostname) in
|
||||
dc1)
|
||||
samba-tool domain provision \
|
||||
--option="dns forwarder = 8.8.8.8 1.1.1.1" \
|
||||
--option="disable netbios = yes" \
|
||||
--server-role=dc \
|
||||
--dns-backend=SAMBA_INTERNAL \
|
||||
--realm=$PROVISION_REALM \
|
||||
--domain=$PROVISION_WORKGROUP \
|
||||
--adminpass=S4l4k4l4!!
|
||||
samba -F
|
||||
;;
|
||||
dc2|dc3)
|
||||
echo S4l4k4l4!! | kinit administrator@$PROVISION_REALM
|
||||
! samba-tool dns zonecreate -k yes dc1.$PROVISION_REALM $PROVISION_REVERSE_INET_ZONE
|
||||
! samba-tool dns zonecreate -k yes dc1.$PROVISION_REALM $PROVISION_REVERSE_INET6_ZONE
|
||||
samba-tool domain join -k yes $PROVISION_REALM dc \
|
||||
--option="dns forwarder = 8.8.8.8 1.1.1.1" \
|
||||
--option="disable netbios = yes"
|
||||
samba -F
|
||||
;;
|
||||
*)
|
||||
echo "Won't do anything for hostname $(hostname)"
|
||||
exit 0
|
||||
;;
|
||||
esac
|
Reference in New Issue