[openstack-dev] Time to Samba! :-)

Andrew Bartlett abartlet at samba.org
Mon Aug 18 05:52:09 UTC 2014

On Sun, 2014-08-17 at 13:05 +0400, Ruslan Kamaldinov wrote:
> On Sun, Aug 17, 2014 at 4:16 AM, Adam Lawson <alawson at aqorn.com> wrote:
> > Doesn't Murano address this already?
> Please note that Murano is no longer a windows-as-a-service or
> smth-as-a-serivce. Murano is an application catalog [1]. But you're
> absolutely right, this is a perfect use case for Murano - application
> developer can describe those applications and publish them in catalog,
> which will enable cloud users to combine those apps together. LDAP,
> Kerberos, Samba, ActiveDirectory - are applications in terms of
> Murano.
> [1] https://wiki.openstack.org/wiki/Murano


Indeed, I think Murano may well be the natural home of Samba deployed as
an AD DC, inside a tenant.  I reached out to the Murano team a few
months ago, but haven't have any time to put into development of a Samba
AD DC application yet.  

I work for Catalyst in NZ, and lurk here and quite close to our internal
OpenStack team.  I think OpenStack is a great opportunity for Samba and
Samba is a great fit for OpenStack, particularly when we look at the
emerging market of Desktop as Service, things like hosted Exchange (or
more particularly OpenChange), and single-sign-on from the
Windows-dominated enterprise.

What I would like to do is to work closely with someone already more
familiar with the OpenStack world, and provide my expertise and
assistance to that existing effort. 

I also think that Samba does justify being beyond just being an
application in Murano, because for the best results, Samba should be
used, but not administered directly.  Instead, what would bring the best
out of Samba is deployment like in Trove, where the Tenant does not get
rights to directly touch the instance - operation of the AD DC should be
by OpenStack, not the end-user.

Finally, yes Samba certainly plays a role in Manila, and while currently
very well hidden, I think that some really great functionality can be
exposed via the 'generic' driver that would be far from generic.
Imagine if that driver 'just worked' with exposed snapshots via the
windows 'previous versions' tab, for example.

Or, imagine if we used the OpenStack machine credentials to securely get
a Kerberos ticket for access to a big multi-tenant file share?

As I mention, I do lurk here, but also feel free to contact me directly
or the Samba lists if you are implementing Samba as an OpenStack
service, and you think I can help, or think I've missed some


Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the OpenStack-dev mailing list