Public Repository

Last pushed: 2 years ago
Short Description
FreeIPA server in a container (for 32 bits docker) (
Full Description

FreeIPA server in Docker

Github link

This image is for building the FreeIPA server in a 32 bits Docker (using nickcis/fedora-32:23 as base image).

For more information about how to run docker in a 32bits machine:

This was tested under an Arch Linux 32bits machine.

This repository contains the Dockerfile and associated assets for
building a FreeIPA server Docker image from the official yum repo.

To build the image, run in the root of the repository:

docker build -t freeipa-server-32 .

Create directory which will hold the server data:

mkdir /var/lib/ipa-data

You can optionally put into this directory a file


with command line parameters to ipa-server-install command, one
parameter per line. You probably want at least


If you want to create a replica instead of master, put the GPG-encrypted
replica information file to this directory, plus file


to instruct the container to create a replica. That file should contain
command line parameters to the ipa-replica-install command, possibly at


You then run the container with

docker run --name freeipa-server-32-container -ti \
   -h ipa.example.test \
   -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
   -v /var/lib/ipa-data:/data:Z freeipa-server-32

If you do not specify the passwords in the ipa-server-install-options
file, use PASSWORD environment variable via the -e option:

docker run --name freeipa-server-32-container -ti \
   -h ipa.example.test -e PASSWORD=Secret123 \
   -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
   -v /var/lib/ipa-data:/data:Z freeipa-server

If the above fails with error about invalid value for flag -v
and bad format for volumes, run

chcon -t svirt_sandbox_file_t /var/lib/ipa-data

or use semanage fcontext and restorecon, and use -v option
without the :Z part.

The option --name assigns the container a name that can be used
later with docker start, docker stop and other commands.
Command ipa-server-install is invoked non-interactively the first
time the container is run.

You can pass environment variable IPA_SERVER_INSTALL_OPTS with
additional options that will be passed to ipa-server-install.

The -ti parameters are optional and are used for get a terminal
(useful for experimenting in the container).

The container can the be started and stopped:

docker stop freeipa-server-32-container
docker start -ai freeipa-server-32-container

If you want to use the FreeIPA server not just from the host
where it is running but from external machines as well, you
might want to use the -p options to make the services accessible
externally. You will then likely want to also specify the
IPA_SERVER_IP environment variable via the -e option to
define what IP address should the server put to DNS as its
address. Starting the server would then be

docker run -e IPA_SERVER_IP= -p 53:53/udp -p 53:53 \
    -p 80:80 -p 443:443 -p 389:389 -p 636:636 -p 88:88 -p 464:464 \
-p 88:88/udp -p 464:464/udp -p 123:123/udp -p 7389:7389 \
-p 9443:9443 -p 9444:9444 -p 9445:9445 ...

IPA-enrolled client in Docker

There are multiple *-client branches named after OS they are
based on. Check out the branch you prefer and in the root of the
repository, run:

docker build -t freeipa-client-32 .

To run the client container, run it with correctly set DNS
and hostname in the IPA domain, or you can link it to the
freeipa-server container directly:

docker run --privileged --link freeipa-server-32-container:ipa \
    -e PASSWORD=Secret123 -ti freeipa-client-32

The first time this container runs, it invokes ipa-client-install
with the given admin password.

Docker Pull Command