226 lines
7.9 KiB
YAML
226 lines
7.9 KiB
YAML
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: samba-ad-dc2
|
|
namespace: samba-directory
|
|
labels:
|
|
app: samba-ad
|
|
samba-role: dc2
|
|
spec:
|
|
clusterIP: None
|
|
publishNotReadyAddresses: true
|
|
selector:
|
|
app: samba-ad
|
|
samba-role: dc2
|
|
ports:
|
|
- { name: dns-tcp, port: 53, protocol: TCP, targetPort: 53 }
|
|
- { name: dns-udp, port: 53, protocol: UDP, targetPort: 53 }
|
|
- { name: kerberos-tcp, port: 88, protocol: TCP, targetPort: 88 }
|
|
- { name: kerberos-udp, port: 88, protocol: UDP, targetPort: 88 }
|
|
- { name: ntp, port: 123, protocol: UDP, targetPort: 123 }
|
|
- { name: netbios-ns, port: 137, protocol: UDP, targetPort: 137 }
|
|
- { name: netbios-dgm, port: 138, protocol: UDP, targetPort: 138 }
|
|
- { name: netbios-ssn, port: 139, protocol: TCP, targetPort: 139 }
|
|
- { name: ldap-tcp, port: 389, protocol: TCP, targetPort: 389 }
|
|
- { name: ldap-udp, port: 389, protocol: UDP, targetPort: 389 }
|
|
- { name: smb, port: 445, protocol: TCP, targetPort: 445 }
|
|
- { name: kpasswd-tcp, port: 464, protocol: TCP, targetPort: 464 }
|
|
- { name: kpasswd-udp, port: 464, protocol: UDP, targetPort: 464 }
|
|
- { name: ldaps, port: 636, protocol: TCP, targetPort: 636 }
|
|
- { name: gc, port: 3268, protocol: TCP, targetPort: 3268 }
|
|
- { name: gc-ssl, port: 3269, protocol: TCP, targetPort: 3269 }
|
|
- { name: rpc-epmap, port: 135, protocol: TCP, targetPort: 135 }
|
|
- { name: rpc-base, port: 5000, protocol: TCP, targetPort: 5000 }
|
|
- { name: rpc-netlogon, port: 5001, protocol: TCP, targetPort: 5001 }
|
|
- { name: rpc-lsarpc, port: 5002, protocol: TCP, targetPort: 5002 }
|
|
- { name: rpc-samr, port: 5003, protocol: TCP, targetPort: 5003 }
|
|
- { name: rpc-drsuapi, port: 5004, protocol: TCP, targetPort: 5004 }
|
|
- { name: rpc-dnsserver, port: 5005, protocol: TCP, targetPort: 5005 }
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: samba-ad-config-dc2
|
|
namespace: samba-directory
|
|
data:
|
|
smb.conf: |
|
|
[global]
|
|
workgroup = UNDERCLOUD
|
|
realm = UNDERCLOUD.LOCAL
|
|
netbios name = DC2
|
|
server role = active directory domain controller
|
|
|
|
rpc server port = 5000
|
|
rpc server port:netlogon = 5001
|
|
rpc server port:lsarpc = 5002
|
|
rpc server port:samr = 5003
|
|
rpc server port:drsuapi = 5004
|
|
rpc server port:dnsserver = 5005
|
|
|
|
[sysvol]
|
|
path = /var/lib/samba/sysvol
|
|
read only = No
|
|
|
|
[netlogon]
|
|
path = /var/lib/samba/sysvol/undercloud.local/scripts
|
|
read only = No
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: StatefulSet
|
|
metadata:
|
|
name: dc2
|
|
namespace: samba-directory
|
|
spec:
|
|
serviceName: samba-ad-dc2
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: samba-ad
|
|
samba-role: dc2
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: samba-ad
|
|
samba-role: dc2
|
|
spec:
|
|
terminationGracePeriodSeconds: 30
|
|
hostname: dc2
|
|
containers:
|
|
- name: samba-ad
|
|
image: quay.io/samba.org/samba-ad-server:latest
|
|
securityContext:
|
|
capabilities:
|
|
add: ["SYS_ADMIN"]
|
|
envFrom:
|
|
- secretRef:
|
|
name: samba-ad-secrets
|
|
ports:
|
|
- { name: dns-tcp, containerPort: 53, protocol: TCP }
|
|
- { name: dns-udp, containerPort: 53, protocol: UDP }
|
|
- { name: kerberos-tcp, containerPort: 88, protocol: TCP }
|
|
- { name: kerberos-udp, containerPort: 88, protocol: UDP }
|
|
- { name: ldap-tcp, containerPort: 389, protocol: TCP }
|
|
- { name: ldap-udp, containerPort: 389, protocol: UDP }
|
|
- { name: smb, containerPort: 445, protocol: TCP }
|
|
- { name: kpasswd-tcp, containerPort: 464, protocol: TCP }
|
|
- { name: kpasswd-udp, containerPort: 464, protocol: UDP }
|
|
- { name: ldaps, containerPort: 636, protocol: TCP }
|
|
- { name: gc, containerPort: 3268, protocol: TCP }
|
|
- { name: gc-ssl, containerPort: 3269, protocol: TCP }
|
|
- { name: rpc-epmap, containerPort: 135, protocol: TCP }
|
|
- { name: rpc-base, containerPort: 5000, protocol: TCP }
|
|
- { name: rpc-netlogon, containerPort: 5001, protocol: TCP }
|
|
- { name: rpc-lsarpc, containerPort: 5002, protocol: TCP }
|
|
- { name: rpc-samr, containerPort: 5003, protocol: TCP }
|
|
- { name: rpc-drsuapi, containerPort: 5004, protocol: TCP }
|
|
- { name: rpc-dnsserver, containerPort: 5005, protocol: TCP }
|
|
volumeMounts:
|
|
- name: samba-state
|
|
mountPath: /var/lib/samba
|
|
- name: samba-etc
|
|
mountPath: /etc/samba
|
|
- name: samba-config
|
|
mountPath: /etc/samba/smb.conf
|
|
subPath: smb.conf
|
|
command: ["/bin/bash", "-ec"]
|
|
args:
|
|
- |
|
|
set -euxo pipefail
|
|
|
|
DC1_FQDN="dc1.undercloud.local"
|
|
|
|
if [ ! -f /var/lib/samba/.joined ] || [ ! -f /etc/samba/smb.conf ]; then
|
|
rm -f /var/lib/samba/.joined
|
|
|
|
until getent hosts "${DC1_FQDN}"; do
|
|
echo "waiting for dc1 dns"
|
|
sleep 5
|
|
done
|
|
|
|
until bash -c "</dev/tcp/${DC1_FQDN}/389" 2>/dev/null; do
|
|
echo "waiting for dc1 ldap"
|
|
sleep 5
|
|
done
|
|
|
|
sleep 30
|
|
|
|
samba-tool domain join UNDERCLOUD.LOCAL DC \
|
|
--server="${DC1_FQDN}" \
|
|
-d 3 \
|
|
-U"Administrator%${ADMIN_PASSWORD}"
|
|
|
|
cp /var/lib/samba/private/krb5.conf /etc/krb5.conf
|
|
|
|
touch /var/lib/samba/.joined
|
|
fi
|
|
|
|
cp /var/lib/samba/private/krb5.conf /etc/krb5.conf
|
|
|
|
exec samba -i
|
|
volumes:
|
|
- name: samba-config
|
|
configMap:
|
|
name: samba-ad-config-dc2
|
|
volumeClaimTemplates:
|
|
- metadata:
|
|
name: samba-state
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteMany
|
|
resources:
|
|
requests:
|
|
storage: 10Gi
|
|
storageClassName: cephfs-hyper
|
|
- metadata:
|
|
name: samba-etc
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteMany
|
|
resources:
|
|
requests:
|
|
storage: 1Gi
|
|
storageClassName: cephfs-hyper
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: samba-ad-dc2-direct
|
|
namespace: samba-directory
|
|
labels:
|
|
app: samba-ad
|
|
samba-role: dc2
|
|
spec:
|
|
internalTrafficPolicy: Cluster
|
|
clusterIP: 2001:470:7116:f:1::22
|
|
clusterIPs:
|
|
- 2001:470:7116:f:1::22
|
|
- 10.0.91.22
|
|
ipFamilies:
|
|
- IPv6
|
|
- IPv4
|
|
ipFamilyPolicy: PreferDualStack
|
|
type: ClusterIP
|
|
selector:
|
|
app: samba-ad
|
|
samba-role: dc2
|
|
ports:
|
|
- { name: dns-tcp, port: 53, protocol: TCP, targetPort: 53 }
|
|
- { name: dns-udp, port: 53, protocol: UDP, targetPort: 53 }
|
|
- { name: kerberos-tcp, port: 88, protocol: TCP, targetPort: 88 }
|
|
- { name: kerberos-udp, port: 88, protocol: UDP, targetPort: 88 }
|
|
- { name: ldap-tcp, port: 389, protocol: TCP, targetPort: 389 }
|
|
- { name: ldap-udp, port: 389, protocol: UDP, targetPort: 389 }
|
|
- { name: smb, port: 445, protocol: TCP, targetPort: 445 }
|
|
- { name: kpasswd-tcp, port: 464, protocol: TCP, targetPort: 464 }
|
|
- { name: kpasswd-udp, port: 464, protocol: UDP, targetPort: 464 }
|
|
- { name: ldaps, port: 636, protocol: TCP, targetPort: 636 }
|
|
- { name: gc, port: 3268, protocol: TCP, targetPort: 3268 }
|
|
- { name: gc-ssl, port: 3269, protocol: TCP, targetPort: 3269 }
|
|
- { name: rpc-epmap, port: 135, protocol: TCP, targetPort: 135 }
|
|
- { name: rpc-base, port: 5000, protocol: TCP, targetPort: 5000 }
|
|
- { name: rpc-netlogon, port: 5001, protocol: TCP, targetPort: 5001 }
|
|
- { name: rpc-lsarpc, port: 5002, protocol: TCP, targetPort: 5002 }
|
|
- { name: rpc-samr, port: 5003, protocol: TCP, targetPort: 5003 }
|
|
- { name: rpc-drsuapi, port: 5004, protocol: TCP, targetPort: 5004 }
|
|
- { name: rpc-dnsserver, port: 5005, protocol: TCP, targetPort: 5005 }
|
|
--- |