342 lines
9.1 KiB
YAML
342 lines
9.1 KiB
YAML
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: samba-files-nsswitch
|
|
namespace: samba-files
|
|
data:
|
|
nsswitch.conf: |
|
|
passwd: files winbind
|
|
group: files winbind
|
|
shadow: files
|
|
hosts: files dns
|
|
networks: files
|
|
protocols: files
|
|
services: files
|
|
ethers: files
|
|
rpc: files
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: samba-files-krb5
|
|
namespace: samba-files
|
|
data:
|
|
krb5.conf: |
|
|
[libdefaults]
|
|
default_realm = UNDERCLOUD.LOCAL
|
|
dns_lookup_realm = true
|
|
dns_lookup_kdc = true
|
|
rdns = false
|
|
ticket_lifetime = 24h
|
|
forwardable = true
|
|
default_ccache_name = FILE:/tmp/krb5cc_%{uid}
|
|
|
|
[domain_realm]
|
|
.undercloud.local = UNDERCLOUD.LOCAL
|
|
undercloud.local = UNDERCLOUD.LOCAL
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: samba-files
|
|
namespace: samba-files
|
|
labels:
|
|
app: samba-files
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: samba-files
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: samba-files
|
|
spec:
|
|
hostname: filesrv1
|
|
subdomain: samba-files
|
|
shareProcessNamespace: true
|
|
terminationGracePeriodSeconds: 30
|
|
|
|
initContainers:
|
|
- name: wait-for-ad
|
|
image: quay.io/samba.org/samba-server:v0.8
|
|
imagePullPolicy: IfNotPresent
|
|
command: ["/bin/bash", "-ec"]
|
|
args:
|
|
- |
|
|
set -euxo pipefail
|
|
|
|
until getent hosts dc1.undercloud.local >/dev/null; do
|
|
echo "waiting for dc1.undercloud.local dns"
|
|
sleep 5
|
|
done
|
|
|
|
until bash -c "</dev/tcp/dc1.undercloud.local/389" 2>/dev/null; do
|
|
echo "waiting for dc1.undercloud.local ldap"
|
|
sleep 5
|
|
done
|
|
|
|
until bash -c "</dev/tcp/dc1.undercloud.local/636" 2>/dev/null; do
|
|
echo "waiting for dc1.undercloud.local ldaps"
|
|
sleep 5
|
|
done
|
|
|
|
- name: join-domain
|
|
image: quay.io/samba.org/samba-server:v0.8
|
|
imagePullPolicy: IfNotPresent
|
|
env:
|
|
- name: JOIN_USER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: samba-files-join
|
|
key: username
|
|
- name: JOIN_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: samba-files-join
|
|
key: password
|
|
command: ["/bin/bash", "-ec"]
|
|
args:
|
|
- |
|
|
set -euxo pipefail
|
|
|
|
mkdir -p /run/samba
|
|
mkdir -p /var/cache/samba
|
|
mkdir -p /var/lib/samba
|
|
mkdir -p /var/lib/samba/private
|
|
mkdir -p /var/lib/samba/private/msg.sock
|
|
mkdir -p /data
|
|
|
|
chmod 0755 /var/lib/samba
|
|
chmod 0755 /var/cache/samba
|
|
chmod 0700 /var/lib/samba/private/msg.sock
|
|
chmod 2770 /data
|
|
|
|
cp /krb5/krb5.conf /etc/krb5.conf
|
|
|
|
if net ads testjoin >/dev/null 2>&1; then
|
|
echo "already joined"
|
|
exit 0
|
|
fi
|
|
|
|
net ads join \
|
|
-S dc1.undercloud.local \
|
|
-U "${JOIN_USER}%${JOIN_PASSWORD}"
|
|
|
|
net ads testjoin
|
|
volumeMounts:
|
|
- name: samba-config
|
|
mountPath: /etc/samba/smb.conf
|
|
subPath: smb.conf
|
|
- name: krb5-config
|
|
mountPath: /krb5/krb5.conf
|
|
subPath: krb5.conf
|
|
- name: samba-state
|
|
mountPath: /var/lib/samba
|
|
- name: samba-cache
|
|
mountPath: /var/cache/samba
|
|
- name: samba-run
|
|
mountPath: /run/samba
|
|
- name: share-data
|
|
mountPath: /data
|
|
|
|
containers:
|
|
- name: winbindd
|
|
image: quay.io/samba.org/samba-server:v0.8
|
|
imagePullPolicy: IfNotPresent
|
|
command: ["/bin/bash", "-ec"]
|
|
args:
|
|
- |
|
|
set -euxo pipefail
|
|
mkdir -p \
|
|
/run/samba \
|
|
/var/cache/samba \
|
|
/var/lib/samba \
|
|
/var/lib/samba/private \
|
|
/var/lib/samba/private/msg.sock
|
|
cp /krb5/krb5.conf /etc/krb5.conf
|
|
exec winbindd --foreground --no-process-group
|
|
volumeMounts:
|
|
- name: samba-config
|
|
mountPath: /etc/samba/smb.conf
|
|
subPath: smb.conf
|
|
- name: krb5-config
|
|
mountPath: /krb5/krb5.conf
|
|
subPath: krb5.conf
|
|
- name: samba-state
|
|
mountPath: /var/lib/samba
|
|
- name: samba-cache
|
|
mountPath: /var/cache/samba
|
|
- name: samba-run
|
|
mountPath: /run/samba
|
|
startupProbe:
|
|
exec:
|
|
command: ["/bin/bash", "-ec", "wbinfo -p"]
|
|
periodSeconds: 5
|
|
timeoutSeconds: 5
|
|
failureThreshold: 24
|
|
readinessProbe:
|
|
exec:
|
|
command: ["/bin/bash", "-ec", "wbinfo -p && wbinfo -P"]
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
timeoutSeconds: 20
|
|
failureThreshold: 6
|
|
|
|
- name: smbd
|
|
image: quay.io/samba.org/samba-server:v0.8
|
|
imagePullPolicy: IfNotPresent
|
|
ports:
|
|
- name: smb
|
|
containerPort: 445
|
|
protocol: TCP
|
|
- name: netbios-ssn
|
|
containerPort: 139
|
|
protocol: TCP
|
|
command: ["/bin/bash", "-ec"]
|
|
args:
|
|
- |
|
|
set -euxo pipefail
|
|
|
|
mkdir -p \
|
|
/run/samba \
|
|
/var/cache/samba \
|
|
/var/lib/samba \
|
|
/var/lib/samba/private \
|
|
/var/lib/samba/private/msg.sock
|
|
|
|
cp /krb5/krb5.conf /etc/krb5.conf
|
|
|
|
until wbinfo -p && wbinfo -P; do
|
|
echo "waiting for winbind/dc"
|
|
sleep 5
|
|
done
|
|
|
|
until getent group 'UNDERCLOUD\fileserver-access' >/dev/null; do
|
|
echo "waiting for group resolution"
|
|
sleep 2
|
|
done
|
|
|
|
mkdir -p \
|
|
/data/data \
|
|
/data/music \
|
|
/data/movies \
|
|
/data/tvshows
|
|
|
|
chgrp 'UNDERCLOUD\fileserver-access' /data || chgrp 21105 /data
|
|
chgrp 'UNDERCLOUD\fileserver-access' /data/data /data/music /data/movies /data/tvshows || true
|
|
|
|
chmod 2770 /data
|
|
chmod 2770 /data/data /data/music /data/movies /data/tvshows
|
|
|
|
exec smbd --foreground --no-process-group --debug-stdout -d 3
|
|
volumeMounts:
|
|
- name: samba-config
|
|
mountPath: /etc/samba/smb.conf
|
|
subPath: smb.conf
|
|
- name: nsswitch-config
|
|
mountPath: /etc/nsswitch.conf
|
|
subPath: nsswitch.conf
|
|
- name: krb5-config
|
|
mountPath: /krb5/krb5.conf
|
|
subPath: krb5.conf
|
|
- name: samba-state
|
|
mountPath: /var/lib/samba
|
|
- name: samba-cache
|
|
mountPath: /var/cache/samba
|
|
- name: samba-run
|
|
mountPath: /run/samba
|
|
- name: share-data
|
|
mountPath: /data
|
|
startupProbe:
|
|
tcpSocket:
|
|
port: 445
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 18
|
|
|
|
readinessProbe:
|
|
tcpSocket:
|
|
port: 445
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 6
|
|
|
|
volumes:
|
|
- name: samba-config
|
|
configMap:
|
|
name: samba-files-config
|
|
- name: krb5-config
|
|
configMap:
|
|
name: samba-files-krb5
|
|
- name: samba-cache
|
|
emptyDir: {}
|
|
- name: samba-run
|
|
emptyDir: {}
|
|
- name: samba-state
|
|
persistentVolumeClaim:
|
|
claimName: samba-files-state
|
|
- name: share-data
|
|
persistentVolumeClaim:
|
|
claimName: samba-files-data
|
|
- name: nsswitch-config
|
|
configMap:
|
|
name: samba-files-nsswitch
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: samba-files-state
|
|
namespace: samba-files
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteMany
|
|
resources:
|
|
requests:
|
|
storage: 5Gi
|
|
storageClassName: cephfs-hyper
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: samba-files-data
|
|
namespace: samba-files
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteMany
|
|
resources:
|
|
requests:
|
|
storage: 200Gi
|
|
storageClassName: cephfs-hyper-slow
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: samba-files
|
|
namespace: samba-files
|
|
labels:
|
|
app: samba-files
|
|
spec:
|
|
internalTrafficPolicy: Cluster
|
|
clusterIP: 2001:470:7116:f:1::30
|
|
clusterIPs:
|
|
- 2001:470:7116:f:1::30
|
|
- 10.0.91.30
|
|
ipFamilies:
|
|
- IPv6
|
|
- IPv4
|
|
ipFamilyPolicy: PreferDualStack
|
|
type: ClusterIP
|
|
selector:
|
|
app: samba-files
|
|
ports:
|
|
- name: smb
|
|
port: 445
|
|
protocol: TCP
|
|
targetPort: 445
|
|
- name: netbios-ssn
|
|
port: 139
|
|
protocol: TCP
|
|
targetPort: 139 |