On Sat, Aug 16, 2014 at 11:03 PM, Martinx - ジェームズ <thiagocmarti...@gmail.com> wrote: > Hey Stackers, > > I'm wondering here... Samba4 is pretty solid (up coming 4.2 rocks), I'm > using it on a daily basis as an AD DC controller, for both Windows and Linux > Instances! With replication, file system ACLs - cifs, built-in LDAP, dynamic > DNS with Bind9 as a backend (no netbios) and etc... Pretty cool! > > In OpenStack ecosystem, there are awesome solutions like Trove, Solum, > Designate and etc... Amazing times BTW! So, why not try to integrate Samba4, > working as an AD DC, within OpenStack itself?! > > If yes, then, what is the best way/approach to achieve this?! > > I mean, for SQL, we have Trove, for iSCSI, Cinder, Nova uses Libvirt... > Don't you guys think that it is time to have an OpenStack project for LDAP > too? And since Samba4 come with it, plus DNS, AD, Kerberos and etc, I think > that it will be huge if we manage to integrate it with OpenStack. > > I think that it would be nice to have, for example: domains, users and > groups management at Horizon, and each tenant with its own "Administrator" > (not the Keystone "global" admin) (to mange its Samba4 domains), so, they > will be able to fully manage its own account, while allowing Keystone to > authenticate against these users... > > Also, maybe Designate can have support for it too! I don't know for sure... > > Today, I'm doing this "Samba integration" manually, I have an "external" > Samba4, from OpenStack's point of view, then, each tenant/project, have its > own DNS domains, when a instance boots up, I just need to do something like > this (bootstrap): > > -- > echo "127.0.1.1 instance-1.tenant-1.domain-1.com instance-1" >> /etc/hosts > net ads join -U administrator > -- > > To make this work, the instance just needs to use Samba4 AD DC as its Name > Servers, configured at its /etc/resolv.conf, "delivered by DHCP Agent". The > packages `samba-common-bin` and `krb5-user` are also required. Including a > ready to use smb.conf file. > > Then, "ping instance-1.tenant-1.domain-1.com" worldwide! It works for both > IPv4 and IPv6!! > > Also, Samba4 works okay with Disjoint Namespaces, so, each tenant can have > one or more domains and subdomains! Like "*.realm.domain.com, *.domain.com, > *.cloud-net-1.domain.com, *.domain2.com... All dynamic managed by Samba4 and > Bind9! > > What about that?! > > Cheers! > Thiago
There are several existing OpenStack projects which can help to leverage Samba support: 1. Manila - it seems to be capable of provisioning and attaching CIFS/SMB shares. I know Samba is more than just a CIFS share, but it is a significant part of it 2. You can use Heat to spin up a VM and configure Samba server 3. You can use Murano to spin up VMs with Samba, LDAP, Kerberos, etc (done with Heat internally) and configure them to work together Thanks, Ruslan _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
