Container images for Samba services.
- Are OCI formatted container images
- Provide application-like high-level entrypoint scripts
- Are available as pre-built stable and "nightly" variants
- Are used by the samba-operator for Kubernetes
- Don't require Kubernetes
- Are available at quay.io
- Are used by the ceph project to provide SMB services on CephFS
Image Type | Repository | Custom Entrypoint | Features |
---|---|---|---|
Samba Server | quay.io | Yes | Standalone file server, Domain member file server |
AD Domain Controller | quay.io | Yes | Active Directory Domain Controller |
Client | quay.io | No | Basic Userspace Client Utilities |
Toolbox | quay.io | No | Extra debugging and testing tools |
The Samba server image defaults to the samba-container
entrypoint.
In the default configuration, the server container image exports one share,
named "share", with the path /share
which is expected to be a volume provided
by the host. A default user, named "sambauser" is predefined with a password of
"samba". This simple mode of operation is great for quick demos. Example:
podman run --name samba --publish 10445:445 --volume=/path/on/host/to/share:/share:Z --rm quay.io/samba.org/samba-server:latest
Note The port mapping option (
--publish
) is only needed when running as non-root, e.g. for testing purposes.
The samba-container
entrypoint can perform many functions and is
designed to make the container image act like a cohesive application.
It can automate the management of Samba as well as the container environment
to make them work together. This tool is provided by the
sambacc project.
# print help
podman run --rm quay.io/samba.org/samba-server:latest --help
# print help for the run subcommand
podman run --rm quay.io/samba.org/samba-server:latest run --help
The behavior of the container can be changed by invoking it with specific
arguments for the samba-container
script and/or setting environment
variables.
You can include a custom configuration via the following method:
$EDITOR /path/to/config/config.json
podman run --name samba --publish 10445:445 --volume=/path/on/host/to/share:/share:Z --volume=/path/to/config:/etc/samba-container -e SAMBACC_CONFIG=/etc/samba-container/config.json -e SAMBA_CONTAINER_ID=myid --rm quay.io/samba.org/samba-server:latest
The AD DC image defaults to the samba-dc-container
entrypoint.
In the default configuration, the AD DC container image automatically
provisions and serves a simple stock domain DOMAIN1.SINK.TEST
.
Because the Samba AD DC uses certain file system xattrs this container
must currently be run with privileges. Example:
podman run --rm --privileged quay.io/samba.org/samba-ad-server:latest
The samba-dc-container
entrypoint can perform multiple functions as is
designed to make the container image act like a cohesive application.
It helps automate the provisioning of and/or connection to a domain.
This tool is provided by the
sambacc project.
The project provides a simple samba client container image that can be useful for testing. One does not need to install the user space samba client locally but rather use the container image. It can run the samba client interactively when a TTY is available and can also be scripted for automated testing purposes. Example:
podman run --rm -it quay.io/samba.org/samba-client:latest
[root@dc0419d28c4e /]# smbclient -U 'sambauser' //foo.example.org/share
The project provides a container image container containing the samba test suite program (smbtorture) as well as the user space client. This can be used for debugging and testing purposes. Example:
podman run --rm -it quay.io/samba.org/samba-toolbox:latest
[root@dc0419d28c4e /]# smbtorture --help
The server images come in two variants: stable and nightly. The stable variant is what you get with the "latest" tag and includes Samba packages from the Linux distribution used in our base images. The "nightly" images are based on Samba RPM packages created by the samba-build project which builds and tests Samba builds before release. The nightly images are tagged with "nightly" instead of "latest".
# Build Everything
make build
Each container image type has a build target:
# Build the server image
make build-server
# Build the server with "nightly" samba
make build-nightly-server
# Build the client
make build-client
# And so on...
There are matching push-*
rules that default to pushing the images to the
"official" quay.io repositories. These rules can be executed by the appropriate
github actions or by project maintainers.