FreeIPA server in Docker
This repository contains the Dockerfile and associated assets for
building a FreeIPA server Docker image from the official yum repo.
Install docker 1.2+:
yum install -y docker # on EL 7
Start the service:
systemctl start docker
To build the image, run in the root of the repository:
docker build -t freeipa-server .
To run the container:
docker run --name freeipa-server-container -ti -h ipa.example.test -e PASSWORD=Secret123 freeipa-server
--name assigns the container a name that can be used
docker stop and other commands.
ipa-server-install is invoked non-interactively the first
the container is run, and the
PASSWORD environment variable
specifies the admin password.
-ti parameters are optional and are used for get a terminal
(useful for experimenting in the container).
The container can the be started and stopped:
docker stop freeipa-server-container docker start -ai freeipa-server-container
IPA-enrolled client in Docker
rhel-7-client branch, according to your needs. In the root of the
docker build -t freeipa-client .
To run the client, link it to the freeipa-server container:
docker run --privileged --link freeipa-server-container:ipa -e PASSWORD=Secret123 -ti freeipa-client
The first time this container runs, it invokes
with the given admin password.
Copyright 2014 Jan Pazdziora
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
The latest code in https://github.com/adelton/docker-freeipa and images at https://registry.hub.docker.com/u/adelton/freeipa-client/ don't require --privileged if your client containter has FQDN specified (possibly using -h).
When you register the container, it alters some things including /etc/hosts and some other things. It's quite likely that it doesn't need privileged, but I've not hunted down what would be needed for --add-cap
Why do we have to run the client in privileged mode as well!