Hello, in the past couple of week I've pushed multiple changes to the
https://github.com/freeipa/freeipa-container repository, fixing and enabling Fedora 28 and Fedora 29 Dockerfiles, adding Travis CI configuration where we currently test IPA master and replica setups in images of Fedoras from 23 to rawhide and on CentOS 7: https://travis-ci.org/freeipa/freeipa-container/branches Testing on Travis' Ubuntus allowed me to reproduce and fix some issues that people have observed on non-RHEL/CentOS/Fedora docker hosts. One of the results is that docker run's --privileged or --cap-add SYS_ADMIN options should not be needed anymore, making things more confined and more secure. In fact, it's quite likely that running the FreeIPA server containers as privileged will result in https://github.com/freeipa/freeipa-container/issues/254 ... so just don't do it. Another focus of the effort was to make it possible to run the containers as read-only (docker run --read-only), making all the changes that are done during the initial ipa-server-install or during runtime properly confined to the /data volume, or pointed to discardable /tmp. While things pass in my local read-only tests, in Travis CI the initial ipa-server-install phase runs fine but starting the read-only container afterwars seems to hang: https://travis-ci.org/adelton/freeipa-container/builds/459418370 Any help with investigating why this is happening would be appreciated. -- Jan Pazdziora Senior Principal Software Engineer, Security Engineering, Red Hat _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org