From 1c61d953fd2afec1bd5069f0eecdc6f19b3b879c Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Tue, 31 Mar 2026 16:12:59 -0400
Subject: [PATCH] refactor: Switch to host-level SMB mounting (bind-mount
 approach)

- Remove container-level CIFS mounting (requires SYS_ADMIN capability)
- Use docker-compose.yml bind-mounts from host (/mnt/smb-ame/*)
- Simplify entrypoint.sh to just verify mount points exist
- Include mount command in comments for host setup
- More reliable and doesn't require Docker capability grants

To use:
1. Mount SMB on host: sudo mount -t cifs //172.18.210.5/ame /mnt/smb-ame \
   -o username=smb,password=Production2020!,uid=1000,gid=1000,file_mode=0755,dir_mode=0755,vers=3.0
2. Update /etc/fstab to persist mount across reboots
3. Start container: docker compose up -d

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
---
 docker-compose.yml | 18 ++++-------
 entrypoint.sh      | 76 +++++-----------------------------------------
 2 files changed, 14 insertions(+), 80 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 4c4492d..58c1ab4 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -31,19 +31,13 @@ services:
       - app_data:/data
       # Temporary upload storage
       - upload_tmp:/tmp/uploads
-      # Local volumes as fallback (used if SMB mount fails)
-      - watch_folder:/watch
-      - output_folder:/output
-      - ame_logs:/ame-logs
-    # Required capabilities for SMB mounting
-    cap_add:
-      - SYS_ADMIN
-    security_opt:
-      - apparmor=unconfined
+      # Mount SMB share from host — pre-mount at host level with:
+      # sudo mount -t cifs //172.18.210.5/ame /mnt/smb-ame \
+      #   -o username=smb,password=Production2020!,uid=1000,gid=1000,file_mode=0755,dir_mode=0755,vers=3.0
+      - /mnt/smb-ame/watch:/watch
+      - /mnt/smb-ame/output:/output
+      - /mnt/smb-ame/logs:/ame-logs
 
 volumes:
   app_data:
   upload_tmp:
-  watch_folder:
-  output_folder:
-  ame_logs:
diff --git a/entrypoint.sh b/entrypoint.sh
index bcc9203..c300f20 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -3,76 +3,16 @@ set -e
 
 echo "=== AME Remote Job Manager — Entrypoint ==="
 
-# Create mount directories
-mkdir -p /watch /output /ame-logs /mnt/smb-share
-
-# Settings file path
-SETTINGS_FILE="/data/settings.json"
-SMB_SHARE_PATH="//172.18.210.5/ame"
-
-# Function to get setting value from JSON
-get_setting() {
-  local key=$1
-  local default=$2
-  if [ -f "$SETTINGS_FILE" ]; then
-    value=$(grep -o "\"$key\":\"[^\"]*\"" "$SETTINGS_FILE" 2>/dev/null | cut -d'"' -f4)
-    if [ -n "$value" ]; then
-      echo "$value"
-      return
-    fi
-  fi
-  echo "$default"
-}
-
-# Read SMB credentials from settings.json, env vars, or use embedded defaults
-SMB_USERNAME=$(get_setting 'smbUsername' "${SMB_USERNAME:-smb}")
-SMB_PASSWORD=$(get_setting 'smbPassword' "${SMB_PASSWORD:-Production2020!}")
-SMB_DOMAIN=$(get_setting 'smbDomain' "${SMB_DOMAIN:-}")
-
-# Try to mount SMB share only if credentials are provided
-if [ -n "$SMB_USERNAME" ] && [ -n "$SMB_PASSWORD" ]; then
-  echo "Mounting SMB share with credentials..."
-
-  # Build mount options
-  MOUNT_OPTS="username=$SMB_USERNAME,password=$SMB_PASSWORD"
-
-  if [ -n "$SMB_DOMAIN" ]; then
-    MOUNT_OPTS="$MOUNT_OPTS,domain=$SMB_DOMAIN"
-  fi
-
-  # Add standard options for Linux mounts
-  MOUNT_OPTS="$MOUNT_OPTS,uid=1000,gid=1000,file_mode=0755,dir_mode=0755,vers=3.0"
-
-  if mount -t cifs "$SMB_SHARE_PATH" /mnt/smb-share -o "$MOUNT_OPTS" 2>&1; then
-    echo "✓ SMB share mounted at /mnt/smb-share"
+# Verify mount points are accessible (mounted by host via docker-compose.yml bind-mounts)
+echo "Checking mount points..."
+for mount_point in /watch /output /ame-logs; do
+  if [ -d "$mount_point" ]; then
+    echo "✓ $mount_point is accessible"
   else
-    echo "⚠ Failed to mount SMB share. Check credentials and network connectivity."
-    echo "   Will continue with local volumes. Mount SMB and restart container to use network share."
+    echo "⚠ $mount_point not found — ensure SMB share is mounted on host"
+    mkdir -p "$mount_point"
   fi
-else
-  echo "⚠ No SMB credentials found in settings. Skipping SMB mount."
-  echo "   Configure SMB credentials in the settings GUI and restart the container."
-fi
-
-# Bind mount the SMB directories to container paths (if mount succeeded)
-if mountpoint -q /mnt/smb-share; then
-  echo "Binding SMB subdirectories..."
-  mkdir -p /mnt/smb-share/watch /mnt/smb-share/output /mnt/smb-share/logs
-
-  mount --bind /mnt/smb-share/watch /watch 2>/dev/null || echo "⚠ Could not bind watch folder"
-  mount --bind /mnt/smb-share/output /output 2>/dev/null || echo "⚠ Could not bind output folder"
-  mount --bind /mnt/smb-share/logs /ame-logs 2>/dev/null || echo "⚠ Could not bind logs folder"
-
-  echo "✓ Mount points configured"
-else
-  echo "⚠ SMB share not mounted. Using local docker volumes as fallback."
-fi
-
-# Verify watch folder exists
-if [ ! -d "/watch" ]; then
-  mkdir -p /watch
-  echo "Created /watch directory"
-fi
+done
 
 echo "Starting Node.js application..."
 exec node server.js