Implementing Samba in Containers

John Mulligan phlogistonjohn at asynchrono.us
Mon Jun 28 22:17:33 UTC 2021 

On Monday, June 28, 2021 4:41:13 AM EDT Abhidnya Joshi wrote:
> Hi John,
> 
> This is very interesting stuff! I would be interested to know, as part of
> this:
> 1. Any goal to reduce /limit resource consumption done by Samba file
> server, e.g. open file limits, max memory used, etc

I think that would be up to the container runtime or orchestration system. 
That said I'd be open to hearing more feedback about this. It's not something 
I've looked into much as of yet.

> 2. Is there any reduced functionality due to Samba running in a container?

There are a few gotchas that I've found but nothing insurmountable. As noted 
in the linked thread, the container needs CAP_SYS_ADMIN (aka a privileged 
container) if you want to use the acl xattr vfs module. I also found that to 
use winbind for active directory users the containers must share the pid 
namespace. I collect most of the issues I've found at the issues of the 
project on github.

> 3. Is the idea here also to make winbind available as a separate
> container in order to support only authentication related stuff?
> 

When I run winbind in our k8s based approach, it is running in a separate 
container from smbd (see the namespace caveat above). I could imagine that the 
container running winbind could be used for other purposes as well -  the 
trick would be making sure the sockets, files, and dbs that are needed to be 
shared outside the container are available. 

Note that above, I'm talking about the running container. We build one image 
for the file server stuff.

> Thanks and Regards
> Abhidnya Joshi


Thank you!

PS. I'm re-adding the list to the To: line. I hope you don't mind.

> 
> On Mon, Jun 28, 2021 at 5:11 AM John Mulligan via samba-technical
> 
> <samba-technical at lists.samba.org> wrote:
> > Hi List,
> > 
> > I wanted to follow up on something that I learned from a thread on the
> > user's list [1] recently.  Specifically, that I'm not the only one
> > working on "containerizing" samba components.  Some readers may be aware
> > of my container efforts if you attended our talk at sambaxp, or saw the
> > recording [2]. While we focused quite a bit on the Kubernetes parts there
> > I want to skip over Kubernetes in this mail and focus on the (OCI)
> > container images.
> > 
> > Michael Adam started a project [3] to build container images for Samba. We
> > publish our images on quay.io [4]. I have
> > been involved there for a little under a year now. We mainly have been
> > focused on our immediate needs but I wanted to reach out and see who may
> > be interested in collaborating on containerizing Samba.
> > 
> > In the samba-containers project we have three images that are built:
> > * A file server image
> > * A client image (smbclient)
> > * An AD DC image
> > 
> > The file server is my main focus for our Kubernetes efforts. The other two
> > images we are generally using only for test and are currently very
> > simplistic. But I'd like to see all the images become generally useful,
> > so that's why I'm writing this - to seek out any parties in the wider
> > Samba community who may be interesting collaborating on this effort - or
> > even just discussing containerization of Samba.  I would also like to
> > re-emphasize that despite the name of the Org in the project url, none of
> > it is meant to be Kubernetes specific. I'd personally be thrilled to see
> > it get used in other contexts, with other orchestration systems,
> > docker-compose, or direct docker & podman. More eyes on the project from
> > others who aren't focused on k8s can help keep us honest. :-)
> > 
> > In conclusion, I'd like to hear from anyone reading this if you're
> > interested in samba in containers, even if you're not so interested in
> > our particular efforts - but especially if you are :-). I'm curious if
> > anyone wants to know more about the nuts-and-bolts of how we're designing
> > the current containers and if you have feedback. In addition, if you are
> > already running samba in containers or have your own images, I'd love to
> > hear about them and any challenges or successes you've had.
> > 
> > Thanks for your time!
> > 
> > 
> > [1] - Thread Parent: https://lists.samba.org/archive/samba/2021-June/
> > 236451.html
> > [2] - https://www.youtube.com/watch?v=mG-Jxaf8_gw
> > [3] - https://github.com/samba-in-kubernetes/samba-container
> > [4] - https://quay.io/samba.org
> > 
> > -- John M.

More information about the samba-technical mailing list