Public Repository

Last pushed: a year ago
Short Description
FreeIPA in Docker on CentOS
Full Description

FreeIPA server in Docker

This repository contains the Dockerfile and associated assets for
building a FreeIPA server Docker image from the official yum repo.

Install docker 1.2+:

yum install -y docker       # on EL 7

Start the service:

systemctl start docker

To build the image, run in the root of the repository:

docker build -t freeipa-server .

To run the container:

docker run --name freeipa-server-container -ti -h ipa.example.test -e PASSWORD=Secret123 freeipa-server

The option --name assigns the container a name that can be used
later with docker start, docker stop and other commands.
Command ipa-server-install is invoked non-interactively the first
the container is run, and the PASSWORD environment variable
specifies the admin password.

The -ti parameters are optional and are used for get a terminal
(useful for experimenting in the container).

The container can the be started and stopped:

docker stop freeipa-server-container
docker start -ai freeipa-server-container

IPA-enrolled client in Docker

Checkout the fedora-20-client, fedora-rawhide-client, or
rhel-7-client branch, according to your needs. In the root of the
repository, run:

docker build -t freeipa-client .

To run the client, link it to the freeipa-server container:

docker run --privileged --link freeipa-server-container:ipa -e PASSWORD=Secret123 -ti freeipa-client

The first time this container runs, it invokes ipa-client-install
with the given admin password.

Copyright 2014 Jan Pazdziora

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
See the License for the specific language governing permissions and
limitations under the License.

Docker Pull Command

Comments (3)
3 years ago

The latest code in and images at don't require --privileged if your client containter has FQDN specified (possibly using -h).

3 years ago

When you register the container, it alters some things including /etc/hosts and some other things. It's quite likely that it doesn't need privileged, but I've not hunted down what would be needed for --add-cap

3 years ago

Why do we have to run the client in privileged mode as well!