From 2dc1deeb8799db9ae41da19821f2033e532a216d Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: Tue, 19 Nov 2024 15:15:12 +0100 Subject: [PATCH] infra/image/dockerfile/c10s: Fix client part deployment for the server The client part deployment fails in the configuration of NIS. The command /usr/bin/nisdomainname is failing in a container in this task as the container is not privileged. The hostnamectl-wrapper is copied from the freeipa-container container project to replace /usr/bin/nisdomainname in the container. --- infra/image/dockerfile/c10s | 9 ++++++++- infra/image/utils/hostnamectl-wrapper | 12 ++++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 infra/image/utils/hostnamectl-wrapper diff --git a/infra/image/dockerfile/c10s b/infra/image/dockerfile/c10s index 3710cdc02..969e8f6dd 100644 --- a/infra/image/dockerfile/c10s +++ b/infra/image/dockerfile/c10s @@ -9,9 +9,16 @@ dnf --assumeyes install \ bash \ systemd \ procps-ng \ - iproute; \ + iproute \ + hostname; \ rm -rf /var/cache/dnf/; +# Prepare for basic ipa-server-install in container +# Address failing nis-domainname.service in the ipa-client-install step +RUN mv /usr/bin/nisdomainname /usr/bin/nisdomainname.orig +ADD utils/hostnamectl-wrapper /usr/bin/nisdomainname +RUN chmod a+rx /usr/bin/nisdomainname + RUN (cd /lib/systemd/system/; \ if [ -e dbus-broker.service ] && [ ! -e dbus.service ]; then \ ln -s dbus-broker.service dbus.service; \ diff --git a/infra/image/utils/hostnamectl-wrapper b/infra/image/utils/hostnamectl-wrapper new file mode 100644 index 000000000..19e6f8d95 --- /dev/null +++ b/infra/image/utils/hostnamectl-wrapper @@ -0,0 +1,12 @@ +#!/bin/bash -eu + +if setpriv --dump | grep -q sys_admin ; then + if [[ "$( basename $0 )" =~ "domainname" ]] ; then + /usr/bin/hostname -y "$@" + else + $0.orig "$@" + fi +else + echo "Skipping invocation of $0 $@ in unprivileged container." >&2 + exit +fi