69 lines
1.8 KiB
Docker
69 lines
1.8 KiB
Docker
# FreeIPA server container image (Fedora / systemd-based)
|
|
#
|
|
# Build:
|
|
# docker build -t freeipa-server .
|
|
#
|
|
# Run (quick test):
|
|
# docker run --privileged --name freeipa \
|
|
# --tmpfs /run --tmpfs /tmp \
|
|
# -v /sys/fs/cgroup:/sys/fs/cgroup:rw \
|
|
# -v freeipa-data:/data \
|
|
# -h ipa.example.com \
|
|
# -e IPA_DOMAIN=example.com \
|
|
# -e IPA_ADMIN_PASSWORD=Secret123 \
|
|
# -e IPA_DM_PASSWORD=Secret456 \
|
|
# -p 443:443 -p 389:389 -p 636:636 -p 88:88 \
|
|
# freeipa-server
|
|
#
|
|
# For production use docker-compose.yml instead.
|
|
|
|
FROM fedora:41
|
|
|
|
ENV container=docker \
|
|
LANG=en_US.UTF-8 \
|
|
LC_ALL=en_US.UTF-8
|
|
|
|
RUN dnf install -y --setopt=install_weak_deps=False \
|
|
freeipa-server \
|
|
freeipa-server-dns \
|
|
freeipa-server-trust-ad \
|
|
freeipa-admintools \
|
|
ansible-core \
|
|
python3-netaddr \
|
|
openldap-clients \
|
|
krb5-workstation \
|
|
bind-utils \
|
|
procps-ng \
|
|
net-tools \
|
|
rsync \
|
|
hostname \
|
|
&& dnf clean all \
|
|
&& rm -rf /var/cache/dnf
|
|
|
|
# Mask units that either require host-level access or are irrelevant in containers
|
|
RUN systemctl mask \
|
|
systemd-remount-fs.service \
|
|
dev-hugepages.mount \
|
|
sys-fs-fuse-connections.mount \
|
|
systemd-logind.service \
|
|
getty.target \
|
|
console-getty.service \
|
|
dnf-makecache.timer \
|
|
plymouth-quit-wait.service \
|
|
plymouth-start.service \
|
|
network.service \
|
|
NetworkManager.service
|
|
|
|
COPY ipa-first-boot.sh /usr/local/sbin/ipa-first-boot.sh
|
|
COPY ipa-first-boot.service /etc/systemd/system/ipa-first-boot.service
|
|
RUN chmod +x /usr/local/sbin/ipa-first-boot.sh \
|
|
&& systemctl enable ipa-first-boot.service
|
|
|
|
VOLUME ["/data"]
|
|
|
|
# LDAP, LDAPS, Kerberos, kpasswd, HTTPS, DNS, NTP
|
|
EXPOSE 389 636 88/tcp 88/udp 464/tcp 464/udp 443 80 53/tcp 53/udp 123/udp
|
|
|
|
STOPSIGNAL SIGRTMIN+3
|
|
CMD ["/sbin/init"]
|