Sponsored by:

Opening windows
sambaXP 2020

SambaXP 2020 is an online event!

SambaXP is the yearly Samba team meeting and it's ecosystem of developers, users and vendors all around the globe since 2002. This year the event is not possible to be held in the usual Goettingen venue due to travel restrictions for many people caused by COVID-19.

Therefore, the organizing committee decided to organize a virtual event. The complete agenda took place in online rooms that could be visited from any place in the world with internet connection and the speakers gave their presentations from their home or work place. Participants could switch between tracks more easy than in real life or even tried to follow two talks at the same time!

The team would like to thank everyone who made this online event happen! The presentations as well as the video recordings will be published as soon as possible after getting the consent of the speakers and participants.

Do not hesitate to contact the organizers at loc@sambaXP.org or stay tuned for the updates at sambaXP.org - stay safe!

best regards - your sambaXP team at SerNet.

agenda     registration

 

Conference program 2020

CTDB

This year's tutorial will cover CTDB. In one day you will see how to set up GlusterFS with two nodes as an active-active cluster.

After setting up the Gluster cluster comes the main part of this year's tutorial: Setting up CTDB on two nodes. We will take a look at the new way of configuring CTDB since version 4.9 of Samba the CTDB configuration changed a lot.

Here are the topics of the one day tutorial:

  • Setting up a Gluster replicated volume with two nodes
  • Activating the new Samba settings in Gluster
  • See how you can mount the Gluster volume into a Samba CTDB file server
  • Joining the cluster into a Samba4 domain
  • Looking at the log-files
  • See how CTDB is managing the failover

At the end of the day you will have a CTDB cluster with GlusterFS as the storage. You will be able to replace or add a node from the CTDB cluster. We will not take a closer look at GlusterFS, we will just use it for the CTDB-cluster.

Welcome Note from SerNet

The one track session takes place in Track 1.

Chairman’s note

Also happening in Track 1!

Keynote

You are still in Track 1 :-)

CTDB Report 2020

This is a report in conference track 1 on the status of CTDB, similar to that presented at recent SambaXP conferences. The report will focus on 2 main areas: progress and plans. What is new upstream in CTDB? What do our plans look like compared to those presented in recent years? There is also the intersection of progress and plans: what useful things are sitting in development branches but are not merged?

Progress includes: Clustered Samba testing is now in Samba's test suite and autobuild, CTDB's inter-node TCP transport is now more resilient (with some pain along the way), database vacuuming has been simplified, the recovery lock has been enhanced, code is generally cleaner (largely due to csbuild showing issues) and there have been many improvements in testing.

Plans include: splitting CTDB into multiple daemons (as previously presented), a transport using datagram messaging and simple code for new developers to understand and embrace.

Break

You are entering the multi tracked conference right after the break. Use different browsers if you want to follow both sessions!

The Samba Files Server in IBM Spectrum Scale – Use cases and requirements of Enterprise customers

IBM has deployed Samba as part of file storage solutions for many years now. The current product of IBM is called Spectrum Scale and it delivers clustered Samba to a world-wide base of Enterprise customers on top of IBM's clustered file system known as gpfs.

The first part of the talk is supposed to describe selected requirements, use cases and enhancements this mission has been driving over the last years. This could include topics like file contention, access control lists, and Mac support.

The second part of the talk will address the new challenging requirements with respect to identity mapping like the server side group resolution for NFS clients and the increasing demand to add sssd to the clustered Samba server nodes.

FreeIPA Global Catalog challenges

At SambaXP 2017, we reported an initial progress into making Global Catalog service available as a part of FreeIPA deployment. Three years later, Global Catalog in FreeIPA is becoming a reality. In this talk we are going to demo a working Global Catalog service and dive into challenges we faced in mapping FreeIPA to Active Directory world without being an Active Directory domain controller. FreeIPA's use of Samba services continues to exercise Samba infrastructure from a perspective not commonly experienced and well tested. Finally, semantic differences we encountered across multiple protocols and their implementations in open source and proprietary products represent a good lesson in interoperability efforts.

Lessons learned from using Samba in IBM Spectrum Scale

IBM Spectrum Scale is a software defined storage offering of a clustered file system bundled together with other services. Samba is included as part of the product to provide a clustered SMB file server and integration into Active Directory. This talk discusses from a development point of view the integration of Samba into a storage product and what the development team has learned over the years. Topics will include the requirement for automated testing on multiple levels and the collaboration with the upstream Samba project. Examples will be used to illustrate problems encountered over time and how they have been solved. Further topics will be challenges that have been solved and gaps that have been seen with the usage of Samba.

A stage for Samba in the era of the container platform!?

In recent times, container application platforms, in particular kubernetes, have become extremely popular, have for instance overtaken the virtual machine centric cloud operating system OpenStack in popularity. In contrast to virtual machine environments which run a variety of operating systems and therefore also have natural use cases for Samba, container platforms are usually running one operating system (kernel) only, and thus don’t offer a very obvious space for Samba, whose main purpose is to act as an agent between different operating systems. Is there still a stage for Samba in container land?

This presentation will start with an introduction to the storage concepts of kubernetes and the container storage interface standard CSI, which generalizes these to other container platforms. It will explain the roles of file, block, and object storage in kubernetes and then shows how a distributed software defined storage system like ceph or gluster is brought into kubernetes, running alongside the consuming applications and managed by so called “operators”, providing storage self service for the applications. Time permitting, the presentation may include a demo of what is possibly the easiest installation of a ceph cluster so far.

From here on, the presentation will explore some very interesting and possibly surprising opportunities for Samba in this environment. Details are omitted in this abstract in order to keep up the suspense.

Break

The way to modern Kerberos features

  • Using S4U2Self in winbindd
  • The limitations of existing kerberos libraries
  • The challenges of adding new features to kerberos libraries
  • Kerberos testing with plain python

Report from the field: Samba clustering with GlusterFS

Samba supports building a clustered SMB storage solution using the Gluster filesystem for several years now. While Samba and it’s cluster component CTDB are well established components for SMB clustering, the Gluster filesystem itself needed to adapt in various areas to provide all necessary features.

The talk will cover the lessons learned during the process of maturing the Samba and GlusterFS setup and explore the architecture of Samba and GlusterFS in general. Based on support experiences we want to point out the importance of sometimes overseen prerequisites in the area of networking and DNS. Driven by customer demands several important performance improvements have been made in the past months. Users of the glusterfs fuse filesystem now can use a new Samba VFS module that provides enhanced guarantees for accessing files within the cluster. It also implements a mechanism to circumvent expensive case folding pathname operations. The older Samba VFS module which consumes Gluster’s gfapi library now uses Samba’s threadpool implementation based on pthreads which lead to significant performance improvements. The presentation will conclude with an outlook for the ongoing work related to SMB3 features such as multichannel and transparent failover.

Developers guide to smbd: SMB2 packet processing

From the network down to the filesystem and back. This talk will give an overview on Samba's SMB2 packet processing with the goal of giving novice smbd hackers a starting point to the most important source code subsystems involved when a client sends a "create a file" request to the server.

Testing, testing, one, two, one, two...

Testing is an extremely important part of the software development process. Luckily, a lot of the testing work is automated today. Continuous integration (CI) is a buzzword. In Samba, we have come a long way from manually running tests (sometimes) to our own autobuild system enforcing a full run of the test-suite as a push-gate to running various tests in parallel in the gitlab ci system for each merge request.

While testing server client systems like Samba in an automated way is demanding already, testing a cluster is even more complicated and resource hungry. CTDB itself has been tested in isolation with local processes since the beginning, and recently a test-environment has been added to Samba’s selftest that helps test the samba+ctdb stack entirely with local process and socket wrapper. But an automated, periodic test of a samba and ctdb setup on top of a real clustered file system is still missing. One aspect why this is not so easy to implement is the fact that it would usually require a couple of virtual machines to set up such a test cluster.

This presentation will introduce a project that we recently started to investigate and work on. It aims to create a periodic test run pulling the latest bits of Samba and Gluster, setting up a cluster and running test suites against it. Errors would be reported to both projects. As compute resources for the test runs, the centos-ci is used. This project provides jenkins-managed bare metal server resources for open source projects to integrate into their CI systems. These servers are powerful enough to run realistic cluster setups in virtual machines. The presentation will demonstrate how the centos-ci resources are integrated into this test system. Furthermore, possibilities will be explored, how to integrate centos-ci resources as additional runners for Samba’s gitlab CI runners.

Slides (PDF)

Break

Samba Active Directory tools for Windows Admins

This is a follow up to last years talk about managing AD via an ncurses gui. This talk will cover additional improvements to the ADUC and ADSI Edit modules, as well as covering a new DNS Manager. ADUC and ADSI Edit now communicate with AD via samba python bindings, and the DNS Manager interacts with samba-tool calls. The tools have also been wrapped in a redistributable AppImage, which can run on multiple distros. Automated testing has also been written.

Ceph Samba Gateway and transparent failover improvements

CephFS and Samba can be combined to provide a highly scalable filesystem which can be accessed from SMB clients such as Linux, Windows and macOS.

This talk will look at Samba clustering features under development, which aim to provide improved availability and performance, with a focus on:

  • New RADOS dbwrap backend as an alternative to CTDB
  • Fast Client failover with Witness Protocol as an alternative to tickles ACKs

Closing Remarks First Day

Welcome Note

The Psychology of Multifactor Authentication

Multi Factor Authentication is becoming more important in our infrastructure, with organisations starting to require it for sensitive accounts and more. So why does Multi Factor Authentication ... work? How does human behaviour influence our security and interact with threats that exist online? How can design and human interaction extend to making safer systems?

Come along and learn about human interaction and design, the psychology of how humans interact with systems. We'll extend this into security to understand why human error is really the fault of poor systems design. Finally we'll talk about different threats and how MFA works to protect us from them - at a psychological level.

Python has got better for Samba

Samba, particularly the AD part, is riddled with Python. The transition from Python 2 to Python 3 was painful. Now that is over and we have the sudden benefit from a decade of language and library development. Some of the changes are actually quite useful, including an improved debugging infrastructure and built-in asynchronous concepts.

smbcmp improvements from Google Summer of Code 2019

Smbcmp is a cli tool for making diffs between two pcap files containing SMB packets and rendering them using curses. For the first part of the project we had to make better diffs by using the pdml output of Tshark and for the second part we added a GUI and ported smbcmp to Windows.

Slides (PDF)

The Future of Accessing Files Remotely: Linux SMB3 update

The SMB3 kernel client has become the most active network/cluster file system on Linux over the past few years, and continues to add new features and optimizations at a rapid pace. These allow Linux to better access Samba server, as well as the Cloud (Azure), NAS appliances and Windows and Macs and an ever increasing number of embedded Linux devices.

Performance has dramatically improved, not just with the addition of GCM support, but also with continued improvements to compounding, and better parallelization, and also with the addition of multichannel support which allows Linux to spread I/O better across many network devices. New features continue to be added such as the ability to boot diskless systems from Samba, and even swap over SMB3 mounts. Sparse file support over SMB3 mounts is now much better. POSIX compatibility of the kernel client also has been improving with the SMB3 POSIX Extensions to the protocol and with improved testing (the "buildbot" automated testing framework has been invaluable and continues to improve quality). New security features like "modefromsid" allow Linux to better handle common scenarios over SMB3 mounts. In addition the new Linux Kernel server will enable even more use cases for SMB3 on Linux. This has been a very exciting year for SMB3 support in the Linux kernel!

This presentation will describe and demonstrate the progress that has been made over the past year in the Linux kernel SMB3 support in accessing Samba and also the Cloud (Azure) using Linux clients. In addition recommendations on common configuration choices, and troubleshooting techniques will be discussed. 

Break

Hardwired: A SMB2/SMB3 Hardware Offload Engine

SmartNICs -- programmable network offload cards -- are now very much "a thing", with several vendors in or entering the market. Storage acceleration is one of the most common use-cases cited by proponents, but what that actually means is not entirely clear. This talk addresses some of the ways in which the performance of the SMB2/SMB3 stack can be improved by SmartNICs, and the design criteria that needs to be considered in order to make SMB Offload viable. We will also cover the following questions:

  • Which SMB transports can be supported?
  • What state information, if any, should be maintained by the offload engine?
  • How can the engine be tested while it is being developed?
  • How will the upper levels of the stack connect to the offload layer?
  • Is this just a dream, or is there some skin in the game?

Slides (PDF)

Migration story of 515 server from AD to Samba

Turkish Government decided to move open source technology around 2013. After this decision Profelis work on desktop server migration project and developed OpenSuse based distribution called Gibux.

37.000+ desktop migrated in 3 years. After this migration, Ministry approved AD servers migration to Samba4. Today 515 servers on countrywide using Samba as Authentication. This is one of the biggest open source migration projects in Turkey. 

Slides (PDF)

Stretching WSP

Recently spotlight got support for elasticsearch, what about the experimental WSP support?

1. Can it do the same?

2. What's involved

3. How does it affect the existing implementation.

Optimizing Linux Access to Samba: POSIX Protocol Extensions for SMB3.1.1

Accessing files on Samba servers optimally from Linux clients is essential to a wide variety of workloads. Linux continues to evolve, with new file system features and syscalls being added every year. This presentation will provide an update on the status of the Linux/POSIX protocol extensions to the SMB3.1.1 protocol, what has been added to the specification, what the implementation status is for the Linux kernel client and for Samba server and client tools (like smbclient for example). We will show examples of what works today and why these extensions are so exciting and useful. Looking forward - we will also discuss any changes and suggestions for future versions to enable Linux to continue to improve its ability to access network storage.

Break

SMB3 Protocol Update

The SMB3 protocol has updated in the past year, with compression in 2019 and further updates in the Windows "20H1" Spring release. We'll review and recap the protocol since the last SambaXP, and also provide a look forward, including an update on recent developments in RDMA to enable "Push Mode" for ultra-low-latency remote access to persistent Storage Class Memory via SMB3 and SMB Direct.

Slides (PDF)

Panel Discussion

Program Committee

Chairman of the 19th samba eXPerience conference is Jeremy Allison – one of the founding members of the Samba Team.

The program of talks and other contributions is supervised by the program committee:

  • Jeremy Allison, Google
  • Stefan Kania, author
  • Karolin Seeger, SerNet


Local Organizing Committee

The local organizing committee (LOC) is responsible for all activities during the conference:

  • Ms. Nadine Dreymann, SerNet
  • Ms. Dr. Chen-Yu Lin, SerNet
  • Mr. Dr. Johannes Loxen, SerNet

Do not hesitate to contact them via loc@remove-this.sambaxp.org.

Contact

sambaXP is organised by SerNet:

SerNet GmbH
Bahnhofsallee 1b
37081 Goettingen
Germany

phone: +49 551 370000-0
email: contact@remove-this.sernet.de

Managing Directors: Dr. Johannes Loxen, Reinhild Jung

Datenschutzerklärungdata protection declaration

everything that matters sambaXP:

phone: +49 551 370000-0
e-mail: loc@remove-this.sambaxp.org