IPA-enrolled client in Docker
This repository contains the Dockerfile and associated assets for
building a Docker image from the official yum repo which can then be
easily IPA-enrolled to FreeIPA/IdM server, in another container or
on a host.
To build the image, run in the root of the repository:
docker build -t freeipa-client-32 .
To run the container and have it automatically enroll to an IPA
server, either link it to the freeipa-server container with alias
ipa, specify DNS nameservers explicitly with
--dns, or have
your whole setup for the container based on its hostname and
the existing host configuration.
If your host's resolv.conf will allow the client to find the IPA
server for its domain, merely running
docker run -h web.example.com -e PASSWORD=Secret123 -ti freeipa-client-32
will be enough. You can use
--dns to point it to the correct
DNS server (possibly IPA server running DNS service).
--link with alias
ipa to point the client
container to IPA server container:
docker run -h web.example.com --link freeipa-server-32-container:ipa -e PASSWORD=Secret123 -ti freeipa-client-32
The referenced server container must be running.
Since IPA-enrollment requires fully-qualified hostname and by
default docker run does not set FQDN, either specify it with
-h options or run the container as privileged when it will
be allowed to change its own hostname, using IPA server's domain:
docker run --privileged --link freeipa-server-32-container:ipa -e PASSWORD=Secret123 -ti freeipa-client-32
The first time this container runs, it invokes
with the given admin password and configures itself against
the IPA server.
You can pass environment variable IPA_CLIENT_INSTALL_OPTS with
additional options that will be passed to ipa-client-install.
-ti parameters are optional and are used for get a terminal
(useful for experimenting in the container).
The container can then be stopped and started:
docker stop <the-container-id> docker start -ai <the-container-id>