Comments (10)
The "real" errors seem to be:
Failed to initialize the registry: WERR_ACCESS_DENIED
Failed to initialize the registry: WERR_ACCESS_DENIED
But it isn't clear to me what is triggering those access denies when trying to init the registry.
@nixpanic do you feel comfortable hacking sambacc to add a -d10
(or similar) to the net command line? Or do you prefer I teach sambacc more tricks related to debugging?
from samba-operator.
I think it would be really helpful if a SmbShare
has options to enable debugging, maybe through an annotation?
Not sure when I will be looking at this again, but I can try to add additional command line options and see where I get.
from samba-operator.
I'll look into adding some options in order to do advanced debugging. This needs to touch all the layers in our stack and thus will require some amount of plumbing. Stay tuned. :-)
from samba-operator.
Hi @nixpanic I've merged code to support debugging. Please take a look at the dev doc and try that out and see if it helps.
from samba-operator.
@phlogistonjohn I turned on debug level, and I now see the following lines:
$ oc logs -f myshare-6db88964d4-qjcz2
doing parameter registry shares = yes
tdb(/var/lib/samba/registry.tdb): tdb_open_ex: could not open file /var/lib/samba/registry.tdb: No such file or directory
Could not open tdb: No such file or directory
tdb(/var/lib/samba/registry.tdb): tdb_open_ex: could not open file /var/lib/samba/registry.tdb: Permission denied
Could not open tdb: Permission denied
regdb_init: Failed to open registry /var/lib/samba/registry.tdb (Permission denied)
Failed to initialize the registry: WERR_ACCESS_DENIED
error initializing registry configuration: SBC_ERR_BADFILE
from samba-operator.
tdb(/var/lib/samba/registry.tdb): tdb_open_ex: could not open file /var/lib/samba/registry.tdb: No such file or directory
Could not open tdb: No such file or directory
This is probably normal when the tdb file does not already exist.
tdb(/var/lib/samba/registry.tdb): tdb_open_ex: could not open file /var/lib/samba/registry.tdb: Permission denied
Could not open tdb: Permission denied
My guess is this is the real error condition. Something on OpenShift is restricting this process from writing to the file system in a way standard k8s clusters do not. Let's keep digging. :-)
from samba-operator.
After spending the better part of the day on this one, I realized that OpenShift assigns UIDs differently[1]; Indeed, adding a simple echo $(id)
upon container's start gives:
uid=1000800000(1000800000) gid=0(root) groups=0(root),1000800000
Changing permissions with chmod 770 /var/lib/samba
solved this issue, just to hit the next one:
Traceback (most recent call last):
File "/usr/local/bin/samba-container", line 8, in <module>
sys.exit(main())
File "/usr/local/lib/python3.9/site-packages/sambacc/commands/main.py", line 211, in main
cfunc(CommandContext(cli))
File "/usr/local/lib/python3.9/site-packages/sambacc/commands/run.py", line 75, in run_container
init_container(ctx)
File "/usr/local/lib/python3.9/site-packages/sambacc/commands/initialize.py", line 94, in init_container
cmds[step_name].cmd_func(ctx)
File "/usr/local/lib/python3.9/site-packages/sambacc/commands/users.py", line 48, in import_sys_users
etc_passwd_loader.write()
File "/usr/local/lib/python3.9/site-packages/sambacc/textfile.py", line 33, in write
with open(tpath, "w") as f:
PermissionError: [Errno 13] Permission denied: '/etc/passwd.tmp'
I will try to setup appropriate SCC[2].
@phlogistonjohn Does smbd realy needs write access to /etc/passwd.tmp
?
[1] https://cloud.redhat.com/blog/a-guide-to-openshift-and-uids
[2] https://cloud.redhat.com/blog/managing-sccs-in-openshift
from samba-operator.
After spending the better part of the day on this one, I realized that OpenShift assigns UIDs differently[1]; Indeed, adding a simple
echo $(id)
upon container's start gives:uid=1000800000(1000800000) gid=0(root) groups=0(root),1000800000
Good find, thanks.
Changing permissions with
chmod 770 /var/lib/samba
solved this issue, just to hit the next one:Traceback (most recent call last): File "/usr/local/bin/samba-container", line 8, in <module> sys.exit(main()) File "/usr/local/lib/python3.9/site-packages/sambacc/commands/main.py", line 211, in main cfunc(CommandContext(cli)) File "/usr/local/lib/python3.9/site-packages/sambacc/commands/run.py", line 75, in run_container init_container(ctx) File "/usr/local/lib/python3.9/site-packages/sambacc/commands/initialize.py", line 94, in init_container cmds[step_name].cmd_func(ctx) File "/usr/local/lib/python3.9/site-packages/sambacc/commands/users.py", line 48, in import_sys_users etc_passwd_loader.write() File "/usr/local/lib/python3.9/site-packages/sambacc/textfile.py", line 33, in write with open(tpath, "w") as f: PermissionError: [Errno 13] Permission denied: '/etc/passwd.tmp'
I will try to setup appropriate SCC[2].
Great. We need smbd & friends to actually start as root (uid 0) and in the case of smbd be able to change uids. Samba "impersonates" each user that connects to it.
@phlogistonjohn Does smbd realy needs write access to
/etc/passwd.tmp
?
Yeah, but it's sambacc trying to set up our custom /etc/passwd. We need to be able to write this file when we're initializing the environment. This may not be required on the AD setup (I forget) but is required for users & groups for the same reason smbd needs to be able to change to specific uids & gids.
from samba-operator.
AFAICT the status of OpenShift-Support is the following.
Configure samba-operator to use the samba
serviceaccount.
For any namespace that shares live in, the serviceaccount, role and rolebinding from 8e3292e is needed.
Is there a downside in creating a clusterrole (akin to the role) and binding the serviceaccount to it? One less object to create. I can create documentation to
from samba-operator.
@ibotty We want to simplify the deployment over OpenShift and make it and make it as seamless as possible. Unfortunately, patches are still under review and did not make it to v0.2
. Take a look at #216 or use the operator image from quay.io/ssharon/sink:openshift
from samba-operator.
Related Issues (20)
- need a contributing guide HOT 2
- Custom SMB configuration options HOT 11
- How to configure node selector if using a mixed K8S HOT 2
- document centos ci "commands" HOT 1
- initializing posix permissions handler: OSError: [Errno 95] Operation not supported HOT 9
- Grouped Shares Issues HOT 4
- Need examples of how to integrate the shares with Pods/Services/Deployment HOT 3
- Support for Longhorn volumes? HOT 3
- posix permissions handler does not function as desired when using NFS as backend FS HOT 10
- Is it possible to scale down a clustered samba server instance? HOT 6
- Operator does not reload when SmbShare's settings are changed HOT 3
- parse_dfs_path_strict: Hostname <hostname> is not ours. HOT 2
- Allow for shares with public access (no authentication) HOT 2
- Set share.permissions.method to none on read only shares? HOT 1
- ARM64 support HOT 2
- Grouping shares of different pvcs HOT 1
- CI needs updating HOT 2
- Samba-operator crashes when setting affinity in clustered samba server HOT 1
- Allow specification of annotations for the smbshare service HOT 1
- SIGSEGV during operator deployment using controller-gen HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from samba-operator.