From ed39d8f5ab2bc7e4724602089fb71be01cd4f583 Mon Sep 17 00:00:00 2001 From: Jan Pazdziora Date: Sun, 15 Dec 2024 13:11:24 +0100 Subject: [PATCH] No longer update resolv.conf to point to our own DNS server, let users specify the --dns=127.0.0.1 explicitly. --- README | 7 ++----- ipa-server-configure-first | 9 --------- tests/run-master-and-replica.sh | 10 ++++++---- 3 files changed, 8 insertions(+), 18 deletions(-) diff --git a/README b/README index 02f542c9..61c629ee 100644 --- a/README +++ b/README @@ -259,11 +259,8 @@ If you receive error like you might need to use `ipa-server-install` option `--skip-mem-check`. -When running DNS server (the `--setup-dns` argument to -`ipa-server-install`) in a container with read-only root filesystem -(the `--read-only` option to `podman run` or `docker run`), the setup -code in the container won't be able to edit `/etc/resolv.conf` in the -container to point it to itself. Add `--dns=127.0.0.1` option to the +When running DNS server (the `--setup-dns` argument to `ipa-server-install`) +in the FreeIPA container, add `--dns=127.0.0.1` option to the `podman run` or `docker run` invocation to allow the FreeIPA server to reach its own DNS server. diff --git a/ipa-server-configure-first b/ipa-server-configure-first index 4bd34a9a..6ea687ae 100755 --- a/ipa-server-configure-first +++ b/ipa-server-configure-first @@ -136,14 +136,6 @@ if [ "$1" == upgrade ] ; then echo "The /data volume was created using incompatible image." >&2 exit 2 fi - if [ -f /data/etc/resolv.conf.ipa ] \ - && ! cmp /etc/resolv.conf /data/etc/resolv.conf.ipa \ - && ! grep '^nameserver 127\.0\.0\.1$' /etc/resolv.conf ; then - perl -pe 's/^(nameserver).*/$1 127.0.0.1/' /data/etc/resolv.conf.ipa > /etc/resolv.conf - if ! grep -q "\b$HOSTNAME\b" /etc/hosts ; then - echo "127.0.0.2 $HOSTNAME" >> /etc/hosts - fi - fi # Removing kdcinfo.* which is likely to hold old IP address rm -rf /var/lib/sss/pubconf/kdcinfo.* if cmp /data/build-id /data-template/build-id ; then @@ -232,7 +224,6 @@ else if [ "$IPA_SERVER_IP" == no-update ] ; then echo "FreeIPA server IP address update disabled, skipping update-self-ip-address." elif ( systemctl is-active -q named named-pkcs11 || [ -n "$IPA_SERVER_IP" ] ) ; then - cp -f /etc/resolv.conf /data/etc/resolv.conf.ipa if wait_for_dns 180; then update_server_ip_address else diff --git a/tests/run-master-and-replica.sh b/tests/run-master-and-replica.sh index 481d4dc6..53902cac 100755 --- a/tests/run-master-and-replica.sh +++ b/tests/run-master-and-replica.sh @@ -133,7 +133,7 @@ function run_ipa_container() { ( set -x umask 0 - $docker run $readonly_run -d --name "$N" $OPTS \ + $docker run -d --name "$N" $OPTS \ -v $VOLUME:/data:Z $DOCKER_RUN_OPTS \ -e PASSWORD=Secret123 "$IMAGE" "$@" ) @@ -142,9 +142,9 @@ function run_ipa_container() { IMAGE="$1" -readonly_run="$readonly" +DOCKER_RUN_OPTS="--dns=127.0.0.1" if [ "$readonly" == "--read-only" ] ; then - readonly_run="$readonly --dns=127.0.0.1" + DOCKER_RUN_OPTS="$DOCKER_RUN_OPTS --read-only" fi skip_opts= @@ -238,9 +238,11 @@ if [ "$replica" = 'none' ] ; then fi # Setup replica -readonly_run="$readonly" MASTER_IP=$( $docker inspect --format '{{ .NetworkSettings.IPAddress }}' freeipa-master ) DOCKER_RUN_OPTS="--dns=$MASTER_IP" +if [ "$readonly" == "--read-only" ] ; then + DOCKER_RUN_OPTS="$DOCKER_RUN_OPTS --read-only" +fi if [ "$docker" != "sudo podman" -a "$docker" != "podman" ] ; then DOCKER_RUN_OPTS="--link freeipa-master:ipa.example.test $DOCKER_RUN_OPTS" fi