I'm aware that plugins like docker-volume-netshare
exist and I've used them in the past but for this project I am constrained to the local driver only.
I can successfully create and use a CIFS volume with the local driver in the traditional sense (passing it the username/password inline) but now I want to pass the credentials via a credentials file. The Docker documentation says it supports similar commands as mount so, to that end, I've been trying to pass the credentials like I would if I were mounting it via the mount
command.
I have a /root/.cifs
file.
username=myusername
password=mypassword
Then I tested it by mount manually
mount -t cifs \
-o credentials=/root/.cifs,vers=3.0 \
//192.168.76.20/docker_01 /mnt
It works successfully and I can read/write data. So now I try to create the docker volume using the same logic.
docker volume create \
--driver local \
--name persistent \
--opt type=cifs \
--opt device=//192.168.76.20/docker_01 \
--opt o=credentials=/root/.cifs,vers=3.0
However, when I try to use the volume I get CIFS VFS: No username specified
in the Docker log file.
I tried modifying the volume parameters by including the username (--opt o=credentials=/root/.cifs,username=docker01,vers=3.0
) but that just results in 0xc000006d STATUS_LOGON_FAILURE
Is there a way to create a CIFS volume without having to specify the credentials inline?
I just digged into this to find out why it does not work. It seems the issue here is that the credentials-file is a feature of the wrapper binary "mount.cifs" while docker uses the systemcall SYS_MOUNT itself for mounting the volume:
If you look into the linux kernel's cifs extension it says:
When using the mount helper mount.cifs, passwords may be specified via alternate mechanisms, instead of specifying it after -o using the normal "pass=" syntax on the command line:
You can trace this down to the source code of the mount.cifs executable where you find the code to read the credentials file.
From this I conclude that unless you change the docker source code to use the mount.cifs executable instead of the linux system call this will not work.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With