zgaetano/ame-job-manager
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
ame-job-manager/CHANGES.md
Claude aef2b64d4e feat: Add SMB network share auto-mounting support 
- Create entrypoint.sh to handle SMB mount on container startup
- Read credentials from settings.json and mount //172.18.210.5/ame
- Bind-mount subdirectories (watch, output, logs) to container paths
- Update Dockerfile with cifs-utils and entrypoint script
- Update docker-compose.yml with SYS_ADMIN capability for mounting
- Add comprehensive SMB configuration section to README
- Include troubleshooting guide and alternative approaches
- Maintain backward compatibility with local volumes
- Never expose passwords to browser (server-side storage only)

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
2026-03-31 16:03:40 -04:00

5.1 KiB
Executable file
Raw Blame History

Changes — SMB Network Share Support

Overview

Updated the AME Remote Job Manager to support automatic SMB share mounting on container startup. The Docker container can now mount //172.18.210.5/ame using credentials configured through the Settings GUI.

Files Changed

1. entrypoint.sh (NEW)

Shell script that runs when the container starts. Responsibilities:

  • Read SMB credentials from /data/settings.json (populated by the Settings API)
  • Mount the SMB share at /mnt/smb-share using mount -t cifs
  • Create subdirectories on the SMB share: watch, output, logs
  • Bind-mount these to /watch, /output, /ame-logs inside the container
  • Fall back gracefully if SMB mount fails (uses Docker volumes as fallback)
  • Start the Node.js application

Key features:

  • Reads settings from the persistent /data volume
  • Handles missing credentials gracefully
  • Provides clear logging of mount success/failure
  • Automatically creates required subdirectories

2. Dockerfile (UPDATED)

Changes:

  • Added cifs-utils and util-linux packages for SMB mounting support
  • Added bash package for entrypoint script execution
  • Copy entrypoint.sh into the image and make it executable
  • Changed CMD to use ENTRYPOINT with the shell script

Before:

FROM node:20-alpine
WORKDIR /app
COPY package*.json ./
RUN npm install --production
COPY . .
EXPOSE 3100
CMD ["node", "server.js"]

After:

FROM node:20-alpine
RUN apk add --no-cache cifs-utils bash util-linux
WORKDIR /app
COPY package*.json ./
RUN npm install --production
COPY . .
COPY entrypoint.sh ./
RUN chmod +x ./entrypoint.sh
EXPOSE 3100
ENTRYPOINT ["./entrypoint.sh"]

3. docker-compose.yml (UPDATED)

Changes:

  • Added cap_add: [SYS_ADMIN] — required for mounting filesystems inside container
  • Added security_opt: [apparmor=unconfined] — allows mount operations
  • Changed volume setup to use Docker-managed volumes as fallback (entrypoint.sh will bind-mount SMB to these)
  • Added DATA_DIR=/data environment variable for settings persistence
  • Updated comments to clarify the SMB mounting flow

Key additions:

cap_add:
  - SYS_ADMIN
security_opt:
  - apparmor=unconfined

4. README.md (UPDATED)

Added comprehensive new section: "SMB Network Share Configuration"

New content includes:

  • How automatic SMB mounting works (3-step process)
  • Step-by-step configuration instructions (5 steps)
  • Instructions for creating subdirectories on the SMB share
  • Troubleshooting guide for common mount issues
  • Alternative approach for pre-mounted SMB shares
  • Updated Prerequisites section with SMB requirements

How It Works (User Flow)

  1. Container startsentrypoint.sh runs
  2. Script reads/data/settings.json for SMB credentials
  3. If credentials presentmount -t cifs //172.18.210.5/ame /mnt/smb-share with auth
  4. Creates subdirectorieswatch, output, logs on the mounted share
  5. Bind-mounts/mnt/smb-share/watch → /watch, etc.
  6. Node.js starts → sees /watch, /output, /ame-logs as local paths
  7. User configures SMB → through Settings GUI in web UI
  8. User restarts container → mounts SMB on next startup

Backward Compatibility

Fully backward compatible:

  • If no SMB credentials are configured, the entrypoint falls back to Docker-managed volumes
  • Existing deployments that bind-mount SMB at the host level continue to work
  • The entrypoint checks if [ -f "$SETTINGS_FILE" ] before reading — graceful on first boot

Security Notes

  • Passwords never exposed: SMB password stored server-side in /data/settings.json, never sent to browser
  • Settings API masks password: Returns smbPasswordSet: true/false indicator, never the actual password
  • Credentials at rest: Only stored in the /data volume (which should be on secure storage)
  • Network transmission: Use HTTPS/TLS in production to protect credentials in transit

Testing Checklist

  • Build Docker image: docker compose build
  • Start container: docker compose up -d
  • Check logs: docker logs ame-job-manager (look for mount messages)
  • Access UI: http://localhost:3100
  • Open Settings, enter SMB credentials
  • Save settings
  • Restart container: docker compose restart
  • Verify SMB mount: docker exec ame-job-manager mount | grep cifs
  • Verify bind-mounts: docker exec ame-job-manager ls -la /watch /output /ame-logs
  • Upload a .prproj file and verify it appears on the SMB share

Deployment Instructions

  1. Pull the latest code
  2. Update docker-compose.yml with any local customizations
  3. Ensure the SMB machine has subdirectories created:
    • \\172.18.210.5\ame\watch
    • \\172.18.210.5\ame\output
    • \\172.18.210.5\ame\logs
  4. Start/restart the container: docker compose up -d
  5. Configure SMB credentials in Settings → save → restart container

Rollback

If you need to revert to the previous version:

  1. Checkout the previous commit
  2. Comment out the cap_add and security_opt lines in docker-compose.yml
  3. Rebuild and restart

All changes are additive and don't break existing functionality.