Single binary to rule them all!

Mon Feb 18 20:40:42 MST 2013

Am Dienstag, 19. Februar 2013, 04:27:35 schrieb Günter Kukkukk:
> Am Dienstag, 19. Februar 2013, 04:13:06 schrieb Andrew Bartlett:
> > On Mon, 2013-02-18 at 20:41 -0600, Ricky Nance wrote:
> > > Christopher, I think you are missing what I am trying to accomplish
> > > here, right now if 'server role = active_directory_domain_controller'
> > > all the s4 stuff is spawned (including smbd if you have the s3fs file
> > > server backend running, which is default). I am simply proposing that
> > > we shutdown all S4 related things if we only want a fileserver, or a
> > > nt4 style pdc, or member server, or..., then tell samba to run only
> > > the binaries needed (as it does now with s3fs and smbd). I am not
> > > wanting to start conflicts with other services within samba, but
> > > rather keep the conflicts from happening and hopefully gain some more
> > > popularity with the package maintainers, along with having a single
> > > init script (instead of multiple inits one for AD DC and one for
> > > 'other' or having to modify it). I think the devs understand the
> > > problem and likely have a good solution in mind already, I am simply
> > > asking for some documentation to be made defining 'what is a role'.
> > 
> > Indeed, just as we already have rules that stop these services starting
> > in the wrong role, taking this to the next step and having it just start
> > the right thing is entirely practical.
> > 
> > It is just a matter of coding - spawing a different service really only
> > relies on taking the existing code in file_server/ and applying it to a
> > different binary.
> > 
> > In terms of nmbd, my hope is that we can sort out the last details
> > missing from the source4 nbt server (given we went to the effort to
> > write a new, clean nbt server), but even then we can start nmbd for
> > now.
> > 
> > Clearly winbindd will be a key part of all server roles in the future,
> > and having it launched automatically will mean an easier transition when
> > we drop the internal winbind for the AD DC.
> > 
> > Finally, to stop the other things launching, you just need to put a
> > non-fatal (final argument false) server_service_terminate() call in
> > based on the server role in each server, or we write a wrapping routine
> > that filters the 'lpcfg_server_service()' call based on server role.
> 
> Afair, there are some places in different code areas, where the started
> service does it's own "calculation based on smb.conf", whether it
> should run - or not. E.g. dns_server.c
> 
> 	switch (lpcfg_server_role(task->lp_ctx)) {
> 	case ROLE_STANDALONE:
> 		task_server_terminate(task, "dns: no DNS required in standalone
> configuration", false); return;
> 	case ROLE_DOMAIN_MEMBER:
> 		task_server_terminate(task, "dns: no DNS required in member server
> configuration", false); return;
> 	case ROLE_ACTIVE_DIRECTORY_DC:
> 		/* Yes, we want a DNS */
> 		break;
> 	}
> 

sorry, forgot to mention another place in ldap_server.c (i think there are some
more:

	switch (lpcfg_server_role(task->lp_ctx)) {
	case ROLE_STANDALONE:
		task_server_terminate(task, "ldap_server: no LDAP server required in standalone configuration", 
				      false);
		return;
	case ROLE_DOMAIN_MEMBER:
		task_server_terminate(task, "ldap_server: no LDAP server required in member server configuration", 
				      false);
		return;
	case ROLE_ACTIVE_DIRECTORY_DC:
		/* Yes, we want an LDAP server */
		break;
	}

	task_server_set_title(task, "task[ldapsrv]");

Cheers, Günter

> Probably it would be better "to have a central code area" where those
> decisions are done.
> Just to have a better overview (not spread across many sources).
> 
> Cheers, Günter
> 
> > This would have this aspect of Samba follow the rule of 'if we know what
> > the right thing to do is, just do it' that much of the rest of the AD DC
> > tries to do.
> > 
> > The corner-case we need to handle is the ntvfs CIFS proxy, the rpc proxy
> > and whatever is needed to support openchange.  These details are encoded
> > in the existing 'incorrect mode' checks anyway.
> > 
> > Andrew Bartlett