refactor: Switch to host-level SMB mounting (bind-mount approach)

- Remove container-level CIFS mounting (requires SYS_ADMIN capability) - Use docker-compose.yml bind-mounts from host (/mnt/smb-ame/*) - Simplify entrypoint.sh to just verify mount points exist - Include mount command in comments for host setup - More reliable and doesn't require Docker capability grants To use: 1. Mount SMB on host: sudo mount -t cifs //172.18.210.5/ame /mnt/smb-ame \ -o username=smb,password=Production2020!,uid=1000,gid=1000,file_mode=0755,dir_mode=0755,vers=3.0 2. Update /etc/fstab to persist mount across reboots 3. Start container: docker compose up -d Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
2026-03-31 16:12:59 -04:00 · 2026-03-31 16:12:59 -04:00 · 1c61d953fd
commit 1c61d953fd
parent c40a2ddb89
2 changed files with 14 additions and 80 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -31,19 +31,13 @@ services:
      - app_data:/data
      # Temporary upload storage
      - upload_tmp:/tmp/uploads
-      # Local volumes as fallback (used if SMB mount fails)
-      - watch_folder:/watch
-      - output_folder:/output
-      - ame_logs:/ame-logs
-    # Required capabilities for SMB mounting
-    cap_add:
-      - SYS_ADMIN
-    security_opt:
-      - apparmor=unconfined
+      # Mount SMB share from host — pre-mount at host level with:
+      # sudo mount -t cifs //172.18.210.5/ame /mnt/smb-ame \
+      #   -o username=smb,password=Production2020!,uid=1000,gid=1000,file_mode=0755,dir_mode=0755,vers=3.0
+      - /mnt/smb-ame/watch:/watch
+      - /mnt/smb-ame/output:/output
+      - /mnt/smb-ame/logs:/ame-logs

 volumes:
  app_data:
  upload_tmp:
-  watch_folder:
-  output_folder:
-  ame_logs:
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -3,76 +3,16 @@ set -e

 echo "=== AME Remote Job Manager — Entrypoint ==="

-# Create mount directories
-mkdir -p /watch /output /ame-logs /mnt/smb-share
-
-# Settings file path
-SETTINGS_FILE="/data/settings.json"
-SMB_SHARE_PATH="//172.18.210.5/ame"
-
-# Function to get setting value from JSON
-get_setting() {
-  local key=$1
-  local default=$2
-  if [ -f "$SETTINGS_FILE" ]; then
-    value=$(grep -o "\"$key\":\"[^\"]*\"" "$SETTINGS_FILE" 2>/dev/null | cut -d'"' -f4)
-    if [ -n "$value" ]; then
-      echo "$value"
-      return
-    fi
-  fi
-  echo "$default"
-}
-
-# Read SMB credentials from settings.json, env vars, or use embedded defaults
-SMB_USERNAME=$(get_setting 'smbUsername' "${SMB_USERNAME:-smb}")
-SMB_PASSWORD=$(get_setting 'smbPassword' "${SMB_PASSWORD:-Production2020!}")
-SMB_DOMAIN=$(get_setting 'smbDomain' "${SMB_DOMAIN:-}")
-
-# Try to mount SMB share only if credentials are provided
-if [ -n "$SMB_USERNAME" ] && [ -n "$SMB_PASSWORD" ]; then
-  echo "Mounting SMB share with credentials..."
-
-  # Build mount options
-  MOUNT_OPTS="username=$SMB_USERNAME,password=$SMB_PASSWORD"
-
-  if [ -n "$SMB_DOMAIN" ]; then
-    MOUNT_OPTS="$MOUNT_OPTS,domain=$SMB_DOMAIN"
-  fi
-
-  # Add standard options for Linux mounts
-  MOUNT_OPTS="$MOUNT_OPTS,uid=1000,gid=1000,file_mode=0755,dir_mode=0755,vers=3.0"
-
-  if mount -t cifs "$SMB_SHARE_PATH" /mnt/smb-share -o "$MOUNT_OPTS" 2>&1; then
-    echo "✓ SMB share mounted at /mnt/smb-share"
+# Verify mount points are accessible (mounted by host via docker-compose.yml bind-mounts)
+echo "Checking mount points..."
+for mount_point in /watch /output /ame-logs; do
+  if [ -d "$mount_point" ]; then
+    echo "✓ $mount_point is accessible"
  else
-    echo "⚠ Failed to mount SMB share. Check credentials and network connectivity."
-    echo "   Will continue with local volumes. Mount SMB and restart container to use network share."
+    echo "⚠ $mount_point not found — ensure SMB share is mounted on host"
+    mkdir -p "$mount_point"
  fi
-else
-  echo "⚠ No SMB credentials found in settings. Skipping SMB mount."
-  echo "   Configure SMB credentials in the settings GUI and restart the container."
-fi
-
-# Bind mount the SMB directories to container paths (if mount succeeded)
-if mountpoint -q /mnt/smb-share; then
-  echo "Binding SMB subdirectories..."
-  mkdir -p /mnt/smb-share/watch /mnt/smb-share/output /mnt/smb-share/logs
-
-  mount --bind /mnt/smb-share/watch /watch 2>/dev/null || echo "⚠ Could not bind watch folder"
-  mount --bind /mnt/smb-share/output /output 2>/dev/null || echo "⚠ Could not bind output folder"
-  mount --bind /mnt/smb-share/logs /ame-logs 2>/dev/null || echo "⚠ Could not bind logs folder"
-
-  echo "✓ Mount points configured"
-else
-  echo "⚠ SMB share not mounted. Using local docker volumes as fallback."
-fi
-
-# Verify watch folder exists
-if [ ! -d "/watch" ]; then
-  mkdir -p /watch
-  echo "Created /watch directory"
-fi
+done

 echo "Starting Node.js application..."
 exec node server.js