Thanks for the info. Did you create unprivileged containers to run Samba in? On Wed, Jun 3, 2015 at 6:02 PM, John Lewis <oflameo2 at gmail.com> wrote:> I have my deployment of Version 4.1.17-Debian in a Debian container. I > pretty much a standard system container with Samba installed. I run two > of them in a virtual network on a VPS as Domain controllers. Each > instance is in its own container. > > The main there is no gotchas specific to Samba itself. It is just > standard stuff like configuring the container for systemd and setting up > networking correctly. > > On 06/03/2015 08:19 PM, David Bear wrote: > > Someone recently mentioned building a samba addc in a linux container. > I'm > > new to containers and would really love to learn how to do it correctly. > > > > Anyone know of how-to's or gotcha's related making samba run in an lxc > > containter? > > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- David Bear mobile: (602) 903-6476
I did not implement Unprivileged containers because there is no dynamic uid remapping implemented so I would have to statically change the uids and gid's of all of the system files with uidshift and It didn't work well with the AUFS setup I originally and I haven't tested it with ldap accounts so I have no clue if there would be an issue with uid mapping. Since then I moved to dm-snapshot backed file system image files with a squashfs base image, and then standard file system image files. The dm-snapshot backed images didn't give me as many storage savings as I thought I would get and they were kind of annoying to work with do to lack of tooling to take advantage of their properties. I am sure I would try dm-snapshot backed file system images when I find or make some tools to take advantage of them, but I will not go back to AUFS until it has POSIX ACL support. I don't think I can get enough out of unprivileged LXCs to justify redeploying them right now. On 06/03/2015 10:23 PM, David Bear wrote:> Thanks for the info. Did you create unprivileged containers to run > Samba in? > > On Wed, Jun 3, 2015 at 6:02 PM, John Lewis <oflameo2 at gmail.com > <mailto:oflameo2 at gmail.com>> wrote: > > I have my deployment of Version 4.1.17-Debian in a Debian container. I > pretty much a standard system container with Samba installed. I > run two > of them in a virtual network on a VPS as Domain controllers. Each > instance is in its own container. > > The main there is no gotchas specific to Samba itself. It is just > standard stuff like configuring the container for systemd and > setting up > networking correctly. > > On 06/03/2015 08:19 PM, David Bear wrote: > > Someone recently mentioned building a samba addc in a linux > container. I'm > > new to containers and would really love to learn how to do it > correctly. > > > > Anyone know of how-to's or gotcha's related making samba run in > an lxc > > containter? > > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > > > > -- > David Bear > mobile: (602) 903-6476 > >
Thank you for the excellent advice. so an lxc container should be a privilege vm. Do containers share the same file system like a BSD chroot jail? Or do they have a virtual disk image like vmware or virtual box? Sorry to be dense here. If you know of any good tutorials on making lxc containers, I'd like to read them. My thinking was that I would make an lxc container for the addc instance of samba. Then I would just allow samba running in the host system to handle file service. This allows me to follow best practices with samba addc in keeping them separate from samba serving files. I had thought about putting the file serving samba instance in a container as well, but didn't see an advantage. And if the container has a vmdk like virtual box, then serving large file sets from that seems that it would be a problem. On Wed, Jun 3, 2015 at 7:41 PM, John Lewis <oflameo2 at gmail.com> wrote:> I did not implement Unprivileged containers because there is no dynamic > uid remapping implemented so I would have to statically change the uids and > gid's of all of the system files with uidshift and It didn't work well with > the AUFS setup I originally and I haven't tested it with ldap accounts so I > have no clue if there would be an issue with uid mapping. > > Since then I moved to dm-snapshot backed file system image files with a > squashfs base image, and then standard file system image files. The > dm-snapshot backed images didn't give me as many storage savings as I > thought I would get and they were kind of annoying to work with do to lack > of tooling to take advantage of their properties. > > I am sure I would try dm-snapshot backed file system images when I find or > make some tools to take advantage of them, but I will not go back to AUFS > until it has POSIX ACL support. > > I don't think I can get enough out of unprivileged LXCs to justify > redeploying them right now. > > > On 06/03/2015 10:23 PM, David Bear wrote: > > Thanks for the info. Did you create unprivileged containers to run Samba > in? > > On Wed, Jun 3, 2015 at 6:02 PM, John Lewis <oflameo2 at gmail.com> wrote: > >> I have my deployment of Version 4.1.17-Debian in a Debian container. I >> pretty much a standard system container with Samba installed. I run two >> of them in a virtual network on a VPS as Domain controllers. Each >> instance is in its own container. >> >> The main there is no gotchas specific to Samba itself. It is just >> standard stuff like configuring the container for systemd and setting up >> networking correctly. >> >> On 06/03/2015 08:19 PM, David Bear wrote: >> > Someone recently mentioned building a samba addc in a linux container. >> I'm >> > new to containers and would really love to learn how to do it correctly. >> > >> > Anyone know of how-to's or gotcha's related making samba run in an lxc >> > containter? >> > >> > >> > >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > > > > -- > David Bear > mobile: (602) 903-6476 > > > >-- David Bear mobile: (602) 903-6476