add support for custom global options in AD DC confgurations #85
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Signed-off-by: John Mulligan <jmulligan@redhat.com>
This looks like it might have been experimental code that was accidentally left in. Remove it. Signed-off-by: John Mulligan <jmulligan@redhat.com>
This will allow setting of smb.conf options at provision time. Signed-off-by: John Mulligan <jmulligan@redhat.com>
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Avoid clear code duplication. Signed-off-by: John Mulligan <jmulligan@redhat.com>
Apparently, I'm lazy and had not done it before. Signed-off-by: John Mulligan <jmulligan@redhat.com>
This allows the customization of samba DC configuration beyond the core parameters needed for domain provision or join. Signed-off-by: John Mulligan <jmulligan@redhat.com>
In the case of AD DC it's pretty normal for there to be no globals key in the instance configuration. If we want to optionally support global configuration params for addc it's convenient to simply return an empty list rather than raise an exception in this case. If the globals list refers to global configs that don't exist exceptions will continue to be raised which seem like the right thing to do. Signed-off-by: John Mulligan <jmulligan@redhat.com>
synarete
reviewed
Aug 13, 2023
The smbconf library provided by Samba allows python code to interact with Samba's configuration backends. Before adding a module that uses those libraries directly add a module that provides general abstractions and interfaces in that vein. Signed-off-by: John Mulligan <jmulligan@redhat.com>
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Add smbconf_samba.py a module that builds a somewhat more pythonic and convenient interface around the SMBConf class and functions provided by samba python libraries. Note that the import of samba modules is deferred until the class needs them so that we can import smbconf_samba without raising an ImportError even if samba modules are unavailable. Signed-off-by: John Mulligan <jmulligan@redhat.com>
Add unit(ish) tests for smbconf_samba. We have to work around an (IMO) annoying behavior of samba's. When using the registry backend once the registry tdb file is opened it is never closed and subsequent calls to smbconf's init_reg or similar end up reusing whatever first tdb file got opened. (I looked at samba master code, this is still the case AFAICT.) So we do a bit of hackery with regards to test fixtures to get a "clean" SMBConf for each test. This shouldn't be much of an issue outside of tests as you typically only have one smb.conf and/or one data dir with a registry.tdb in it. Signed-off-by: John Mulligan <jmulligan@redhat.com>
Global options passed to the samba-tool commands do no persist in the
smb.conf generated by samba-tool domain {provision,join} commands. In
order to get custom global configurations into the AD DC we can instead
use the smbconf configuration reader to read the current smb.conf and
merge in any options defined in the sambacc configuration.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
phlogistonjohn
force-pushed
the
jjm-addc-globals-23
branch
from
c1fd3a0
to
9c55ae2
Compare
anoopcs9
reviewed
Aug 23, 2023
If I understand the question right, then yes. sambacc initially only knew how to provision the AD DC, which generates it's own smb.conf but still had a place in it's own config for specifying globals, they were just ignored. This PR aims to make it work - and it's one of the more requested things for users of samba-containers. |
anoopcs9
approved these changes
Aug 23, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This revisits and reuses parts of the work done in #45
Fixes: #43
When replying to samba-in-kubernetes/samba-container#154 I realized that one of the workarounds I suggested could be implemented in sambacc without too many complications and without needing to change
samba-tool. Also, all versions of samba used by samba-container images that provide AD DC images should be providing the smbconf python library now. This avoids us having to parse smb.conf-style-ini in python.Briefly, when an AD DC configuration provides globals references the global options are passed directory to samba-tool commands and after samba-tool has generated an smb.conf, sambacc uses smbconf libraries to read the smb.conf, merge the settings from the sambacc globals and write out an updated smb.conf file.
An example YAML configuration file I manually tested with:
Results in an smb.conf like:
Using
digin the container I was able to test thatdns forwarderoption did have an actual effect on the runningsambaserver.The PR starts off with a few random cleanups of stuff that I hit while working on these changes. If you'd rather see those as a separate PR, just ask.
This doesn't update any docs. I will update the documentation in a separate PR, perhaps after asking the issue reporters to test out the changes when they land in samba-container server & ad-server latest images on quay.