[Freeipa-users] FreeIPA server in Docker containers -- DNS-less, replicas, trusts
Jan Pazdziora
jpazdziora at redhat.com
Mon Aug 15 13:09:08 UTC 2016
Hello FreeIPA users interested in running the server in containers,
recently a couple of changes were pushed to
https://github.com/adelton/docker-freeipa
and to adelton/freeipa-server images on Docker hub that you might be
interested in:
1) Option --setup-dns is no longer forced by the container image, you
have to specify it yourself in the ipa-server-install-options
file, together with any --forwarder settings. This makes DNS-less
setups easier.
2) If your setup has Domain Level > 0, you can create replicas without
GPG-encrypted replica information file, just by specifying
ipa-replica-install-options file. Make sure bi-directional
communication is allowed for the containers for replication to work.
3) Package (free)ipa-server-trust-ad and its dependencies are now on
the image, making it possible to run ipa-adtrust-install and
ipa trust-add, typically via docker exec -ti.
As has been the case for some time, docker run needs to be invoked
with
-v /sys/fs/cgroup:/sys/fs/cgroup:ro
to make systemd in the container happy.
The automated build storage issues at Docker hub seem to have been
fixed and Fedora 23, 24, and CentOS 7 images are now up-to-date.
You can upgrade your setup by merely using new image and giving it the
existing directory used as the /data volume. The images will attempt
to do any configuration and data upgrades automatically. Only going
from older versions to newer ones works. Having backup of the directory
for cases when something fails during the upgrade process is useful.
For more information about running FreeIPA in containers, please check
http://www.freeipa.org/page/Docker
and README at
https://github.com/adelton/docker-freeipa
Sincerely,
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
More information about the Freeipa-users
mailing list