Table of Contents

Samba on an LXC container with external USB storage

Goal

The wiki shows how to install a Samba server on an LXC container running under the Alpine OS. In addition, external storage is set up via the USB port for the container and made available for use by the Samba client.

Prerequisites

The wiki was tested with router software 5.0.0.101 and the LXC container with alpine armhf 3.23

1. Set up the LXC Contianer

Activate the LXC container on the router

In the second step the image of the LXC container in this case a alpine 3.23.

The easiest way to do this is to install the whole thing over the Internet. However, the router requires a mobile connection to the Internet.

From a Jenkins server you get the current image for the container

* Jenkins Server Page image-alpine tinycloud / Link

The “armhf” tab is important here

Here you can get a alpine image for 3.21, 3.22, 3.23 or newer.

The image is the “rootfs.tar.xz” which is required. With a right click you can copy the link.

It would be structured like this:

https://jenkins.linuxcontainers.org/view/Images/job/image-alpine/architecture=armhf,release=3.23,variant=default/3550/artifact/rootfs.tar.xz

When the “Apply” button is pressed, Debian will be installed.

Set up the LXC container further. A network interface is enabled here.

The container has now also been assigned an IP address.

USER
~ $ lxc-info guest0 Name: guest0 State: RUNNING PID: 2255 IP: 192.168.1.149 CPU use: 1.57 seconds BlkIO use: 4.00 KiB Memory use: 6.29 MiB KMem use: 1.18 MiB Link: virt0 TX bytes: 2.28 KiB RX bytes: 853 bytes Total bytes: 3.11 KiB ~ $

Always assign a fixed IP address for the LXC container via the DHCP server.

Log in to the LXC container and test whether it can access the Internet.

USER
~ $ lxc-attach guest0 root@LXCNAME:~# ping heise.de PING heise.de (193.99.144.80) 56(84) bytes of data. 64 bytes from redirector.heise.de (193.99.144.80): icmp_seq=1 ttl=244 time=42.4 ms 64 bytes from redirector.heise.de (193.99.144.80): icmp_seq=2 ttl=244 time=31.0 ms 64 bytes from redirector.heise.de (193.99.144.80): icmp_seq=3 ttl=244 time=27.1 ms — heise.de ping statistics — 3 packets transmitted, 3 received, 0% packet loss, time 2005ms rtt min/avg/max/mdev = 27.116/33.504/42.432/6.505 ms root@LXCNAME:~#

The container is installed and set up. Now you can set up further tools on the container.

2. Adjust the LXC config so that the USB port can be used in the container.

Enable USB administration on the router

When the USB device is plugged in, it is mounted by the router and stored in the system as device part “/dev/sda1“.

USER
Feb 12 09:13:38.515 NB2800 kern.info kernel: sda: sda1 Feb 12 09:13:38.515 NB2800 kern.notice kernel: sd 2:0:0:0: [sda] Attached SCSI removable disk Feb 12 09:13:38.585 NB2800 local1.notice NB2800: add event for usb device /dev/sda Feb 12 09:13:38.596 NB2800 user.notice event-manager[1831]: received event 'USB storage device has been added' Feb 12 09:13:38.667 NB2800 local1.notice NB2800: add event for usb device /dev/sda1 Feb 12 09:13:38.671 NB2800 local1.notice NB2800: device add - device = /dev/sda1 Feb 12 09:13:38.675 NB2800 local1.notice NB2800: device add - type = usb Feb 12 09:13:38.678 NB2800 local1.notice NB2800: device add - uid = 855A-2532 Feb 12 09:13:38.690 NB2800 user.debug : Add-event for (type=usb, device=/dev/sda1, id=855A-2532) Feb 12 09:13:38.692 NB2800 user.debug : storage-add: device (path=/dev/sda1, uid=855A-2532) appeared

In order to release the device in the container, I need to know what kind of device it is: “b” is a block device, major number “8” and minor number “1”.

With this information, we can adjust the LXC configuration so that we have access to the device from within the container.

This change is made directly in the router software. When updating the router software, this entry must be made again because it is not part of the official software.

USER
~ $ vi /etc/lxc/guest0/config

lxc.cgroup.devices.allow = b 8:1 rwm lxc.mount.entry = /dev/sda1 /dev/sda1 none bind,optional,create=file

Simply add these four entries to the LXC configuration file. Please ensure that you fill them in with your own parameters. Restart the router for these changes to take effect.

Now the USB device can be connected to the container and used. The “mkdir” command is used to set up an area in the file system for access.In the second step, change the permissions of the file.

USER
~ $ lxc-attach guest0

$ mkdir -p /mnt/home/data

$ chgrp -R users /mnt/home/ $ chmod -R 770 /mnt/home/

Check whether the rights have been set.

USER
/mnt/home $ ls -l total 4 drwxrwx— 2 root users 4096 Feb 16 10:19 daten /mnt/home $

Setting up a Samba server

In order to access data via a Windows system, a Samba server must now be installed and set up on the container. Several program packages are required for this. 

samba-common
samba
samba-client
cifs-utils
ntfs-3g
fuse-exfat

The missing functions can be installed using the command “apk add <program package>”.

USER
~ $ apk add samba-common (1/1) Installing samba-common (4.15.5-r0) OK: 12 MiB in 37 packages ~ $

The Samba configuration file now needs to be adjusted. To do this, the existing “smb.conf” file is backed up and a new one is created.

With this command, we can back up old configurations. 

$ mv /etc/samba/smb.conf /etc/samba/smb.conf.backup

Now set up the Samba configuration file with new parameters.

USER
$ vi /etc/samba/smb.conf [global] workgroup = feuerwehr_roding security = user encrypt passwords = yes client min protocol = SMB2 client max protocol = SMB3 [data] comment = Folder from the users group path = /mnt/home/data read only = no writeable = yes

Create a user in the LXC container, but without a home drive. In the second step, set the password in Linux. 

$ adduser -G users loidl --no-create-home
$ smbpasswd -a loidl

Configure the Samba server as a service in AlpineOS so that it starts automatically.

USER
/etc/samba $ rc-update add samba * service samba added to runlevel default /etc/samba $

Integrating external storage into the container system

The whole thing is integrated via a cron job, so that it is always available when the router is restarted.

Queries with which file system the external storage was formatted.

USER
~ $ blkid /dev/sda1 /dev/sda1: UUID=“3473-C3CA” TYPE=“vfat” ~ $

First, we create a script file called “$ vi samba_release.sh”.

The entry for the vfat file system: 

mknod /dev/sda1 b 8 1
mount -t vfat /dev/sda1 /mnt/home/data -o uid=1000,gid=1000,umask=000

The entry for the exfat file system: 

mknod /dev/sda1 b 8 1
mount -t exfat /dev/sda1 /mnt/home/data -o uid=1000,gid=1000,umask=000

For the NTFS file system, please use this mount point. 

mknod /dev/sda1 b 8 1
mount -t ntfs-3g /dev/sda1 /mnt/home/data -o uid=1000,gid=1000,umask=000

We still need to change the permissions for this file so that it is executable. “chmod a+x samba_release.sh”

To test it, you can now simply run this file. Now the whole thing has to be saved as a cron job. To do this, call up the command “crontab -e” and save this line there.

USER
@reboot /root/samba_release.sh * * * * * /root/samba_release.sh

The crond service must still be stored as a service in alpineOS so that it can be called up. “$ rc-update add crond”

After completing the setup, please reboot the router again so that all settings and changes are applied by the Linux system.

The device can first be tested directly under Linux to see whether access to the external memory is possible. 

mount -t cifs -o user=loidl,gid=1000,uid=1000 //192.168.1.100/data /mnt/home/exchange

If you can connect to the storage device, you can then integrate it into Windows in the second step.

The IP address of the LXC container and the Samba directory are stored under the “Folder” option. 

\\192.168.1.100\data

The stored Samba user was used again as the user and password.