Thank you for the excellent advice.
so an lxc container should be a privilege vm. Do containers share the same
file system like a BSD chroot jail? Or do they have a virtual disk image
like vmware or virtual box?
Sorry to be dense here. If you know of any good tutorials on making lxc
containers, I'd like to read them.
My thinking was that I would make an lxc container for the addc instance of
samba. Then I would just allow samba running in the host system to handle
file service. This allows me to follow best practices with samba addc in
keeping them separate from samba serving files.
I had thought about putting the file serving samba instance in a container
as well, but didn't see an advantage. And if the container has a vmdk like
virtual box, then serving large file sets from that seems that it would be
a problem.
On Wed, Jun 3, 2015 at 7:41 PM, John Lewis <oflameo2 at gmail.com> wrote:
> I did not implement Unprivileged containers because there is no dynamic
> uid remapping implemented so I would have to statically change the uids and
> gid's of all of the system files with uidshift and It didn't work
well with
> the AUFS setup I originally and I haven't tested it with ldap accounts
so I
> have no clue if there would be an issue with uid mapping.
>
> Since then I moved to dm-snapshot backed file system image files with a
> squashfs base image, and then standard file system image files. The
> dm-snapshot backed images didn't give me as many storage savings as I
> thought I would get and they were kind of annoying to work with do to lack
> of tooling to take advantage of their properties.
>
> I am sure I would try dm-snapshot backed file system images when I find or
> make some tools to take advantage of them, but I will not go back to AUFS
> until it has POSIX ACL support.
>
> I don't think I can get enough out of unprivileged LXCs to justify
> redeploying them right now.
>
>
> On 06/03/2015 10:23 PM, David Bear wrote:
>
> Thanks for the info. Did you create unprivileged containers to run Samba
> in?
>
> On Wed, Jun 3, 2015 at 6:02 PM, John Lewis <oflameo2 at gmail.com>
wrote:
>
>> I have my deployment of Version 4.1.17-Debian in a Debian container. I
>> pretty much a standard system container with Samba installed. I run
two
>> of them in a virtual network on a VPS as Domain controllers. Each
>> instance is in its own container.
>>
>> The main there is no gotchas specific to Samba itself. It is just
>> standard stuff like configuring the container for systemd and setting
up
>> networking correctly.
>>
>> On 06/03/2015 08:19 PM, David Bear wrote:
>> > Someone recently mentioned building a samba addc in a linux
container.
>> I'm
>> > new to containers and would really love to learn how to do it
correctly.
>> >
>> > Anyone know of how-to's or gotcha's related making samba
run in an lxc
>> > containter?
>> >
>> >
>> >
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
>
>
> --
> David Bear
> mobile: (602) 903-6476
>
>
>
>
--
David Bear
mobile: (602) 903-6476