smb support unavailable even from "full" image

[brainchild0]

I am seeking to launch a Docker container on an embedded target, in particular a NAS, with inclusion of an SMB/CIFS client, for external storage.

I am new to Docker, but have done my best to find appropriate background resources to resolve a path for provisioning the container. Among these resources is the examples documentation.

My approach has been the following steps:

1. On a desktop Linux system, of matching machine architecture, invoke the following commands:

$ docker build https://github.com/nextcloud/docker.git#:.examples/dockerfiles/full/apache
$ docker save nextcloud -o nextcloud-full-apache.tar

2. Import the image given in the resulting tarball, nextcloud-full-apache.tar, into the target system.
3. Launch a container from the image.

Unfortunately, after establishing the Nextcloud instance on the target system, the following message is shown in the External storage page:

"smbclient" is not installed. Mounting of "SMB/CIFS", "SMB/CIFS using OC login" is not possible. Please ask your system administrator to install it.

This message is the same as had appeared when running from the image distributed through the Docker hub.

The expectation had been that the image built from the repository, described as a "full" image, would contain the SMB client components.

Perhaps I am misunderstanding some essential attribute of the Docker workflow. In any case, I am grateful for any support available, and I would try to assist providing any further details that may help resolve whether my observations reflect any issues in the repository for the Nextcloud Docker image.

[foxhoundv]

For now you need to access your containers command line, run apt update and then apt install smbclient. This is until they make it standard in the dockerfile.

[brainchild0]

I suppose I could place the commands inside the Docker file, before building.

[foxhoundv]

I suppose I could place the commands inside the Docker file, before building.

True

[brainchild0]

As a personal comment, I have moved toward an alternative deployment solution, at least for now.

However, if the problem is as simple as the Aptitude package missing from the original build, then it would seem trivial to fix, in case someone has the wish to try it and to test, and then to submit a pull request.

[foxhoundv]

Which I tested and it works. It may just be from a standpoint of security to not have it installed from the get-go.

On Wed, Jan 19, 2022, 16:06 brainchild0 @.***> wrote:

As a personal comment, I have moved toward an alternative deployment solution, at least for now.

However, if the problem is as simple as the Aptitude package missing from the original build, then it would seem trivial to fix, in case someone has the wish to try it and to test, and then to submit a pull request.

— Reply to this email directly, view it on GitHub https://github.com/nextcloud/docker/issues/1638#issuecomment-1016952332, or unsubscribe https://github.com/notifications/unsubscribe-auth/AD57J6UC5QLRT2J5T6HH3N3UW47XNANCNFSM5INGAIMQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you commented.Message ID: @.***>

[brainchild0]

What is the security concern?

[foxhoundv]

I am by no means an expert, but my understanding is that when you install more packages, the more you have potential for areas where someone can hack in.

[brainchild0]

The documented behavior requires inclusion of the package. I don't imagine any security concern that would offset this benefit.

[foxhoundv]

Right but only if you need SMB capability. The stock docker image and regular install of nextloud does not automatically install SMB capability. So even on a fresh linux install you would still have to install smbclient package manually since it is more of an add-on. If this was a standard feature I could see it being included as a dependency package but it's not. Though another solution especially for those that are new, would be to have a separate docker-compose.yml file that points to a different Dockerfile that would include this. The only problem there would be that if the do that for this option, why not create more for other options.

[brainchild0]

Though another solution especially for those that are new, would be to have a separate docker-compose.yml file that points to a different Dockerfile that would include this.

Such is the current situation for this repository. Please review the documentation referenced in my original comments for this topic, and consider browsing the directories referenced in the target document.

[foxhoundv]

The expectation had been that the image built from the repository, described as a "full" image, would contain the SMB client components.

My understanding is that it is optional as an add-on. I am going to see if I can take this on as a side project. The only problem is that I only know ubuntu so even though I can do a pull request and fork it, I would only be able to try this with similar systems for the Dockerfile. If someone uses something I am not familiar with, it may be out of my capabilities.

[ckuethe]

Would very much like to see smb support in a "full" image; it seems entirely reasonable for a "full" image to include all the dependencies for all the features so that the container is ready to go. I hate having to drop into a shell and do manual stuff every time I pull the latest image to keep up with my security patches.

[brainchild0]

My understanding is that it is optional as an add-on.

You understand Samba support being "optional" with respect to what context? Please read the documentation. With respect to the broader Nextcloud project, Samba support may be optional, but with respect to the Full image, functionality is documented as a superset of the Samba image, which is documented to support Samba client access.

If someone uses something I am not familiar with, it may be out of my capabilities.

Docker containers have full isolation from any system details that vary by distribution. Any image targeting Linux for some processor architecture behaves entirely consistently irrespective of distribution.

[foxhoundv]

Please read the documentation.

Please do the same. If you navigate within the source files documentation, it points to the examples containing the full image. one such example is listed in the following path. .examples/dockerfiles/full/apache/Dockerfile , when you examine the file, it clearly lists installing smbclient on line 10. In the documentation you posted to, it states "full Dockerfile example." Which when you look in .examples/dockerfiles/full/apache/Dockerfile it has the smbclient portion listed.

You would then copy that Dockerfile and it would have the full install to include smbclient. If you go to .examples/dockerfiles/full and choose which one you need you should be fine.

[brainchild0]

@foxhoundv: The observation I documented is that the Nextcloud instance deployed from the Full image fails to establish connections with a Samba service, despite being documented as including such support.

[foxhoundv]

@brainchild0 Please bear with me in all this, I really want to help if I can. So to make sure I understand you correctly, you took the Full Dockerfile example and used that to create your instance, and the Samba service didn't work?

[brainchild0]

@foxhoundv: Yes.

[foxhoundv]

@brainchild0 Ok. I am going to try and spin one up and see what I get. Which version did you use: fpm-alpine, fp, or apache?

[brainchild0]

@foxhoundv: I included the exact steps in the original comments.

[foxhoundv]

@brainchild0 What options / compose file did you use to run the container?

[brainchild0]

@foxhoundv: I don't have a reproducible record of the procedure for provisioning the container from the image. I copied the image captured in the tarball to the target device, a Synology DiskStation running DSM, and launched the container. I used no Compose file (which is not supported by DSM), but did separately provision a MariaDB container and configure it against the Nextcloud image with container linking. I used specific environment settings to ensure that the proxy inside the container exposed the domain correctly and forwarded through the right secure versus insecure protocols. These steps worked the same for all Apache-based variations, and I would not expect them to affect Samba client access.

[foxhoundv]

@brainchild0 Ok, to replicate this I am going to use the docker-compose file located here, I am going to change some ports and see what comes up.

[brainchild0]

@foxhoundv: It seems close enough to my environment that I hope you would be able to replicate the problem.

[foxhoundv]

@brainchild0 Okay, so what I have done is:

1. On server, created directory called nextcloud-test
2. In folder created 2 files: db.env from here and docker-compose.yml from here.
3. docker build https://github.com/nextcloud/docker.git#:.examples/dockerfiles/full/apache and I tagged the image as nextcloud-test:latest
4. I changed the port listing in the docker-compose.yml file to match what I had available on the host as well as the mysql password in both files docker-compose.yml and db.env. Also I pointed the app image to nextcloud-test:latest.
5. I installed the app External Storage Support because this is where you add the smb connections.
6. I downloaded and enabled the app SMB Connection Test because this helps with testing things before making the connection.
7. I input my smb settings and directory to test it which gave me these results: Test Image
8. I opened the settings for the External Storage and input the information and it was successful. Here is that image: Successful Image. Be sure to choose external storage type SMB/CIFS.

[brainchild0]

@foxhoundv: Based on your description of the method, I would have expected that you would discover the same problems as in my attempts. I am unable to find any particular reason for the difference, as the essential core of the test was similar enough to my deployment.

The best ideas I have at the moment are a problem with the packages that were downloaded when I generated my image, which has since resolved from newer versions populating the repositories, or some peculiar quirk of my environment, which is an embedded target not a vanilla server.

It would be helpful for me to try again from scratch, but as this path is no longer a personal priority, and as the work is quite tedious to deploy on the target environment, having only a primitive and cumbersome user interface, and no support for Compose, I may not actually get to it any time soon.

[martadinata666]

just some suggestion, try build with --no-cache and --progress=plain, no-cache will force docker to build ignoring local cached build, sometimes messed up build, and --progress will give more detail log when building. 🤔

[maltewhiite]

""smbclient" is not installed. Mounting of "SMB/CIFS", "SMB/CIFS using OC login" is not possible. Please ask your system administrator to install it."

This is ridiculous. How am I supposed to install this inside the image?
Why is this not included in the nextcloud image? Is there a variant that has this included?
Having to set up my own Dockerfile and learn how NextCloud works to that extent, and then setting up a build pipeline to keep it updated and then pushing it to our local registry and then using that instead is just a lot of work for one single package, that seems like it should be part of the official nextcloud image, or at least a variant thereof.

[brainchild0]

You're not "supposed to install" anything "inside the image. The text you quoted is from a generic message generated by the software running inside the container, which is not specifically aware that it is in fact inside a container.

[maltewhiite]

You're not "supposed to install" anything "inside the image. The text you quoted is from a generic message generated by the software running inside the container, which is not specifically aware that it is in fact inside a container.

The container is running on the nextcloud image, as per my docker-compose.yml file

  app:
    image: <%=$docker_registry%>/nextcloud

So if I want to install "smbclient" which is required for "local" storage, then I need to somehow include something like "RUN apt install smbclient" in the nextcloud dockerfile, no?

Which I guess means I have to make my own Dockerfile a la

FROM nextcloud
RUN apt install smbclient
# A lot of other stuff, like remaking the entrypoint. I don't know enough about Docker to know what would be needed

Then I'd also need to make a CI pipeline that builds this image from the Dockerfile and uploads it to our Docker registry, so the docker-compose.yml file can use that image which now has "smbclient". And set up a scheduler so that image gets frequently rebuilt with new updates from nextcloud.

That is just a lot to me. For just one package, which seems to be absolutely necessary for a very important functionality like external storage.

Is there a "Full" nextcloud image somewhere I can use which has this smbclient package?

[brainchild0]

@foxhoundv has used the image without finding the same problem. Have you actually deployed the image yet?