[openstack-dev] Time to Samba! :-)

Ruslan Kamaldinov rkamaldinov at mirantis.com
Sun Aug 17 08:57:50 UTC 2014

On Sat, Aug 16, 2014 at 11:03 PM, Martinx - ジェームズ
<thiagocmartinsc at gmail.com> wrote:
> Hey Stackers,
>  I'm wondering here... Samba4 is pretty solid (up coming 4.2 rocks), I'm
> using it on a daily basis as an AD DC controller, for both Windows and Linux
> Instances! With replication, file system ACLs - cifs, built-in LDAP, dynamic
> DNS with Bind9 as a backend (no netbios) and etc... Pretty cool!
>  In OpenStack ecosystem, there are awesome solutions like Trove, Solum,
> Designate and etc... Amazing times BTW! So, why not try to integrate Samba4,
> working as an AD DC, within OpenStack itself?!
>  If yes, then, what is the best way/approach to achieve this?!
>  I mean, for SQL, we have Trove, for iSCSI, Cinder, Nova uses Libvirt...
> Don't you guys think that it is time to have an OpenStack project for LDAP
> too? And since Samba4 come with it, plus DNS, AD, Kerberos and etc, I think
> that it will be huge if we manage to integrate it with OpenStack.
>  I think that it would be nice to have, for example: domains, users and
> groups management at Horizon, and each tenant with its own "Administrator"
> (not the Keystone "global" admin) (to mange its Samba4 domains), so, they
> will be able to fully manage its own account, while allowing Keystone to
> authenticate against these users...
>  Also, maybe Designate can have support for it too! I don't know for sure...
>  Today, I'm doing this "Samba integration" manually, I have an "external"
> Samba4, from OpenStack's point of view, then, each tenant/project, have its
> own DNS domains, when a instance boots up, I just need to do something like
> this (bootstrap):
> --
> echo " instance-1.tenant-1.domain-1.com instance-1" >> /etc/hosts
> net ads join -U administrator
> --
>  To make this work, the instance just needs to use Samba4 AD DC as its Name
> Servers, configured at its /etc/resolv.conf, "delivered by DHCP Agent". The
> packages `samba-common-bin` and `krb5-user` are also required. Including a
> ready to use smb.conf file.
>  Then, "ping instance-1.tenant-1.domain-1.com" worldwide! It works for both
> IPv4 and IPv6!!
>  Also, Samba4 works okay with Disjoint Namespaces, so, each tenant can have
> one or more domains and subdomains! Like "*.realm.domain.com, *.domain.com,
> *.cloud-net-1.domain.com, *.domain2.com... All dynamic managed by Samba4 and
> Bind9!
>  What about that?!
> Cheers!
> Thiago

There are several existing OpenStack projects which can help to
leverage Samba support:

1. Manila - it seems to be capable of provisioning and attaching
CIFS/SMB shares. I know Samba is more than just a CIFS share, but it
is a significant part of it
2. You can use Heat to spin up a VM and configure Samba server
3. You can use Murano to spin up VMs with Samba, LDAP, Kerberos, etc
(done with Heat internally) and configure them to work together


More information about the OpenStack-dev mailing list