zgaetano/ame-job-manager
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
ame-job-manager/CHANGES.md
Claude aef2b64d4e feat: Add SMB network share auto-mounting support 
- Create entrypoint.sh to handle SMB mount on container startup
- Read credentials from settings.json and mount //172.18.210.5/ame
- Bind-mount subdirectories (watch, output, logs) to container paths
- Update Dockerfile with cifs-utils and entrypoint script
- Update docker-compose.yml with SYS_ADMIN capability for mounting
- Add comprehensive SMB configuration section to README
- Include troubleshooting guide and alternative approaches
- Maintain backward compatibility with local volumes
- Never expose passwords to browser (server-side storage only)

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
2026-03-31 16:03:40 -04:00

138 lines
5.1 KiB
Markdown
Executable file
Raw Blame History

# Changes — SMB Network Share Support
## Overview
Updated the AME Remote Job Manager to support automatic SMB share mounting on container startup. The Docker container can now mount `//172.18.210.5/ame` using credentials configured through the Settings GUI.
## Files Changed
### 1. `entrypoint.sh` (NEW)
Shell script that runs when the container starts. Responsibilities:
- Read SMB credentials from `/data/settings.json` (populated by the Settings API)
- Mount the SMB share at `/mnt/smb-share` using `mount -t cifs`
- Create subdirectories on the SMB share: `watch`, `output`, `logs`
- Bind-mount these to `/watch`, `/output`, `/ame-logs` inside the container
- Fall back gracefully if SMB mount fails (uses Docker volumes as fallback)
- Start the Node.js application
**Key features:**
- Reads settings from the persistent `/data` volume
- Handles missing credentials gracefully
- Provides clear logging of mount success/failure
- Automatically creates required subdirectories
### 2. `Dockerfile` (UPDATED)
Changes:
- Added `cifs-utils` and `util-linux` packages for SMB mounting support
- Added `bash` package for entrypoint script execution
- Copy `entrypoint.sh` into the image and make it executable
- Changed `CMD` to use `ENTRYPOINT` with the shell script
**Before:**
```dockerfile
FROM node:20-alpine
WORKDIR /app
COPY package*.json ./
RUN npm install --production
COPY . .
EXPOSE 3100
CMD ["node", "server.js"]
```
**After:**
```dockerfile
FROM node:20-alpine
RUN apk add --no-cache cifs-utils bash util-linux
WORKDIR /app
COPY package*.json ./
RUN npm install --production
COPY . .
COPY entrypoint.sh ./
RUN chmod +x ./entrypoint.sh
EXPOSE 3100
ENTRYPOINT ["./entrypoint.sh"]
```
### 3. `docker-compose.yml` (UPDATED)
Changes:
- Added `cap_add: [SYS_ADMIN]` — required for mounting filesystems inside container
- Added `security_opt: [apparmor=unconfined]` — allows mount operations
- Changed volume setup to use Docker-managed volumes as fallback (entrypoint.sh will bind-mount SMB to these)
- Added `DATA_DIR=/data` environment variable for settings persistence
- Updated comments to clarify the SMB mounting flow
**Key additions:**
```yaml
cap_add:
- SYS_ADMIN
security_opt:
- apparmor=unconfined
```
### 4. `README.md` (UPDATED)
Added comprehensive new section: "SMB Network Share Configuration"
**New content includes:**
- How automatic SMB mounting works (3-step process)
- Step-by-step configuration instructions (5 steps)
- Instructions for creating subdirectories on the SMB share
- Troubleshooting guide for common mount issues
- Alternative approach for pre-mounted SMB shares
- Updated Prerequisites section with SMB requirements
## How It Works (User Flow)
1. **Container starts**`entrypoint.sh` runs
2. **Script reads**`/data/settings.json` for SMB credentials
3. **If credentials present**`mount -t cifs //172.18.210.5/ame /mnt/smb-share` with auth
4. **Creates subdirectories**`watch`, `output`, `logs` on the mounted share
5. **Bind-mounts**`/mnt/smb-share/watch → /watch`, etc.
6. **Node.js starts** → sees `/watch`, `/output`, `/ame-logs` as local paths
7. **User configures SMB** → through Settings GUI in web UI
8. **User restarts container** → mounts SMB on next startup
## Backward Compatibility
**Fully backward compatible:**
- If no SMB credentials are configured, the entrypoint falls back to Docker-managed volumes
- Existing deployments that bind-mount SMB at the host level continue to work
- The entrypoint checks `if [ -f "$SETTINGS_FILE" ]` before reading — graceful on first boot
## Security Notes
- **Passwords never exposed**: SMB password stored server-side in `/data/settings.json`, never sent to browser
- **Settings API masks password**: Returns `smbPasswordSet: true/false` indicator, never the actual password
- **Credentials at rest**: Only stored in the `/data` volume (which should be on secure storage)
- **Network transmission**: Use HTTPS/TLS in production to protect credentials in transit
## Testing Checklist
- [ ] Build Docker image: `docker compose build`
- [ ] Start container: `docker compose up -d`
- [ ] Check logs: `docker logs ame-job-manager` (look for mount messages)
- [ ] Access UI: `http://localhost:3100`
- [ ] Open Settings, enter SMB credentials
- [ ] Save settings
- [ ] Restart container: `docker compose restart`
- [ ] Verify SMB mount: `docker exec ame-job-manager mount | grep cifs`
- [ ] Verify bind-mounts: `docker exec ame-job-manager ls -la /watch /output /ame-logs`
- [ ] Upload a `.prproj` file and verify it appears on the SMB share
## Deployment Instructions
1. Pull the latest code
2. Update `docker-compose.yml` with any local customizations
3. Ensure the SMB machine has subdirectories created:
- `\\172.18.210.5\ame\watch`
- `\\172.18.210.5\ame\output`
- `\\172.18.210.5\ame\logs`
4. Start/restart the container: `docker compose up -d`
5. Configure SMB credentials in Settings → save → restart container
## Rollback
If you need to revert to the previous version:
1. Checkout the previous commit
2. Comment out the `cap_add` and `security_opt` lines in `docker-compose.yml`
3. Rebuild and restart
All changes are additive and don't break existing functionality.
Reference in a new issue View git blame Copy permalink