Single binary to rule them all!

Mon Feb 18 20:27:35 MST 2013

Am Dienstag, 19. Februar 2013, 04:13:06 schrieb Andrew Bartlett:
> On Mon, 2013-02-18 at 20:41 -0600, Ricky Nance wrote:
> > Christopher, I think you are missing what I am trying to accomplish here,
> > right now if 'server role = active_directory_domain_controller' all the
> > s4 stuff is spawned (including smbd if you have the s3fs file server
> > backend running, which is default). I am simply proposing that we
> > shutdown all S4 related things if we only want a fileserver, or a nt4
> > style pdc, or member server, or..., then tell samba to run only the
> > binaries needed (as it does now with s3fs and smbd). I am not wanting to
> > start conflicts with other services within samba, but rather keep the
> > conflicts from happening and hopefully gain some more popularity with
> > the package maintainers, along with having a single init script (instead
> > of multiple inits one for AD DC and one for 'other' or having to modify
> > it). I think the devs understand the problem and likely have a good
> > solution in mind already, I am simply asking for some documentation to
> > be made defining 'what is a role'.
> 
> Indeed, just as we already have rules that stop these services starting
> in the wrong role, taking this to the next step and having it just start
> the right thing is entirely practical.
> 
> It is just a matter of coding - spawing a different service really only
> relies on taking the existing code in file_server/ and applying it to a
> different binary.
> 
> In terms of nmbd, my hope is that we can sort out the last details
> missing from the source4 nbt server (given we went to the effort to
> write a new, clean nbt server), but even then we can start nmbd for
> now.
> 
> Clearly winbindd will be a key part of all server roles in the future,
> and having it launched automatically will mean an easier transition when
> we drop the internal winbind for the AD DC.
> 
> Finally, to stop the other things launching, you just need to put a
> non-fatal (final argument false) server_service_terminate() call in
> based on the server role in each server, or we write a wrapping routine
> that filters the 'lpcfg_server_service()' call based on server role.

Afair, there are some places in different code areas, where the started
service does it's own "calculation based on smb.conf", whether it
should run - or not. E.g. dns_server.c

	switch (lpcfg_server_role(task->lp_ctx)) {
	case ROLE_STANDALONE:
		task_server_terminate(task, "dns: no DNS required in standalone configuration", false);
		return;
	case ROLE_DOMAIN_MEMBER:
		task_server_terminate(task, "dns: no DNS required in member server configuration", false);
		return;
	case ROLE_ACTIVE_DIRECTORY_DC:
		/* Yes, we want a DNS */
		break;
	}

Probably it would be better "to have a central code area" where those
decisions are done.
Just to have a better overview (not spread across many sources).

Cheers, Günter

> 
> This would have this aspect of Samba follow the rule of 'if we know what
> the right thing to do is, just do it' that much of the rest of the AD DC
> tries to do.
> 
> The corner-case we need to handle is the ntvfs CIFS proxy, the rpc proxy
> and whatever is needed to support openchange.  These details are encoded
> in the existing 'incorrect mode' checks anyway.
> 
> Andrew Bartlett