Roadrunner SMB

Roadrunner SMB — Admin Guide

Last Updated: 2026-04-15

This guide covers day-to-day administration of a deployed Roadrunner SMB cluster. It covers only features available in the current release.

Accessing the Admin UI

The Admin UI is accessible via the AdminUIUrl from your CloudFormation stack Outputs. In Marketplace (multi-AZ) deployments, this is the ALB DNS name on port 443 (HTTPS). Access it from a machine within the AdminCidr range you specified at deployment:

https://<AdminUIUrl>

Single-node / EasyButton mode: The Admin UI is served directly on port 8888 via the NLB without TLS termination.

The Admin UI requires authentication. Two account types are supported:

Account type When to use
Domain Admin Regular administration by Active Directory domain administrators
Appliance Owner Break-glass access (rrsmb-admin); use only if AD is unreachable

Dashboard

The Dashboard provides an at-a-glance view of cluster health:

  • Cluster status: overall health (Healthy / Degraded / Recovering)
  • Node count: number of active, healthy nodes
  • Storage status: EFS mount health across the cluster
  • Active shares: number of materialized shares
  • SMB service: whether SMB traffic is being served

Metrics shown on the Dashboard and Cluster page are cluster-wide aggregates collected across all active nodes. They reflect the state of the whole cluster, not a single node.

Shares

Creating a share

  1. Click SharesCreate Share
  2. Enter a share name (alphanumeric and hyphens; 1–64 characters)
  3. Configure permissions:
    • Preset: choose from common permission patterns (e.g. Domain Users: Read/Write)
    • Custom: add specific AD users and groups with Read or Read/Write access
  4. Click Create
  5. Wait for materialization to complete (15–60 seconds)

When materialization completes, the share is immediately accessible from all cluster nodes via the NLB.

Share access

Shares are accessed via the NLB DNS name:

\\<NlbDnsName>\<sharename>

All access is authenticated via Active Directory. Guest access is not supported.

Deleting a share

  1. Click Shares
  2. Find the share row and click the delete (trash) icon
  3. Confirm deletion

Share deletion removes the share configuration and ACLs. Share data on EFS is retained and must be manually cleaned up if desired.

Share permissions

Permissions are enforced using NT ACLs stored in DynamoDB. Changes take effect immediately on all nodes.

Supported permission entries:

  • AD users and security groups
  • Read (list files, open files for reading)
  • Read/Write (full access including create, modify, delete)

Setup (Active Directory)

The Setup page shows the current Active Directory join status and allows re-joining if needed.

Viewing AD status

The page shows:

  • Join status (Joined / Not Joined)
  • Domain FQDN
  • Computer name in AD
  • Status checks: DNS, Test Join, Secure Channel, Kerberos

Re-joining the domain

If the cluster loses its domain trust (rare), you can re-join from the Setup page:

  1. Provide the domain FQDN, a join account username and password
  2. Optionally specify a DC IP if DNS is not yet resolving
  3. Click Join Domain

Re-joining requires a domain account with permission to join computers (or re-join the existing computer account).

Changing domain membership is not supported from the Admin UI. To join a different domain, redeploy the appliance via CloudFormation.

Cluster

The Cluster page shows all nodes in the cluster:

  • Node IP address
  • ECS task start time
  • Health probe results (CTDB, SMB, identity, storage)
  • Cluster ID

Nodes are color-coded:

  • Green: healthy and serving SMB traffic
  • Yellow: temporarily ineligible (fencing); will recover automatically
  • Red/missing: node has been replaced or is starting

Cluster size is controlled by AWS infrastructure (ASG/ECS). There are no scaling controls in this page.

Logs

The Logs page provides access to structured logs from the current node. Use CloudWatch Logs for multi-node log aggregation:

  • Log group: /rrsmb/<environment> (shown in CloudFormation outputs as CloudWatchLogGroup)
  • Each task logs to its own log stream

Support

The Support page generates a support report bundle. The report includes:

  • Version and build information
  • Cluster state and node roster
  • Configuration snapshot
  • Last 72 hours of CloudWatch logs
  • Diagnostic data for common triage scenarios

Click Generate Report and download the bundle before contacting support.

Settings

The Settings page allows configuration of:

  • Admin group (Active Directory group with Admin UI access)
  • Domain Admins access to Admin UI

Some configuration is only available via environment variables at deployment time (see Known Limitations).

Maintenance Mode

The SMB service can be temporarily disabled per-node from the Layout toolbar (toggle switch next to the node status). This is intended for maintenance operations only and affects only the node you are currently connected to via the NLB.

Use case: temporarily drain a specific node for maintenance while others continue serving.

When SMB is disabled on a node:

  • The NLB health check for port 445 marks that node unhealthy
  • SMB clients are not routed to that node
  • The Admin UI remains accessible

To re-enable: toggle the switch back to enabled.

Version Information

The current software version and build are visible in the bottom of the left navigation sidebar. The version matches the container image tag deployed via CloudFormation.

References