diff --git a/containers/fedora-latest/00-ipv6.conf b/containers/fedora-latest/00-ipv6.conf new file mode 100644 index 0000000000..c79441818d --- /dev/null +++ b/containers/fedora-latest/00-ipv6.conf @@ -0,0 +1,3 @@ +net.ipv6.conf.all.disable_ipv6 = 0 +net.ipv6.conf.lo.disable_ipv6 = 0 +net.ipv6.conf.eth0.disable_ipv6 = 1 diff --git a/containers/fedora-latest/Dockerfile b/containers/fedora-latest/Dockerfile new file mode 100644 index 0000000000..2a250fcd21 --- /dev/null +++ b/containers/fedora-latest/Dockerfile @@ -0,0 +1,50 @@ +FROM fedora:latest +ENV container=docker + +RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -d / -s '/sbin/nologin' kdcproxy +RUN groupadd -g 289 ipaapi; useradd -u 289 -g 289 -c 'IPA Framework User' -r -d / -s '/sbin/nologin' ipaapi + +RUN ln -s /bin/false /usr/sbin/systemd-machine-id-setup + +RUN rm -fv /var/cache/dnf/metadata_lock.pid; \ +dnf makecache; \ +dnf --assumeyes install \ + /usr/bin/python3 \ + /usr/bin/python3-config \ + /usr/bin/dnf-3 \ + sudo \ + bash \ + systemd \ + procps-ng \ + iproute \ + sudo \ + nss \ + freeipa-server python3-libselinux freeipa-server-dns freeipa-server-trust-ad freeipa-client \ + firewalld \ + && \ +dnf clean all; + +ENTRYPOINT [ "/usr/sbin/init" ] +STOPSIGNAL RTMIN+3 + +RUN rm -f /etc/systemd/system/*.wants/*;\ + rm -f /lib/systemd/system/local-fs.target.wants/*; \ + rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ + rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ + rm -f /lib/systemd/system/basic.target.wants/*;\ + rm -f /lib/systemd/system/anaconda.target.wants/*; \ + rm -rf /var/cache/dnf/; + + +RUN rmdir -v /etc/systemd/system/multi-user.target.wants \ + && mkdir /etc/systemd/system/container-ipa.target.wants \ + && ln -s /etc/systemd/system/container-ipa.target.wants /etc/systemd/system/multi-user.target.wants +RUN systemd-tmpfiles --remove --create + +RUN mv /usr/bin/nisdomainname /usr/bin/nisdomainname.orig +ADD hostnamectl-wrapper /usr/bin/nisdomainname +ADD 00-ipv6.conf /etc/sysctl.d/00-ipv6.conf + +EXPOSE 53/udp 53 80 443 389 636 88 464 88/udp 464/udp 123/udp + +CMD ["/usr/sbin/init"] diff --git a/containers/fedora-latest/hostnamectl-wrapper b/containers/fedora-latest/hostnamectl-wrapper new file mode 100755 index 0000000000..b03ac8813a --- /dev/null +++ b/containers/fedora-latest/hostnamectl-wrapper @@ -0,0 +1,12 @@ +#!/bin/bash -eu + +if setpriv --dump | grep -q sys_admin ; then + if [[ "$( basename "$0" )" =~ "domainname" ]] ; then + /usr/bin/hostname -y "$@" + else + "$0.orig" "$@" + fi +else + echo "Skipping invocation of $0 $* in unprivileged container." >&2 + exit +fi diff --git a/tests/azure/build-containers.yml b/tests/azure/build-containers.yml index 0423dfd9c4..2201641396 100644 --- a/tests/azure/build-containers.yml +++ b/tests/azure/build-containers.yml @@ -59,3 +59,11 @@ stages: job_name_suffix: FedoraRawhide container_name: fedora-rawhide build_scenario_name: fedora-rawhide-build + +- stage: Fedora_Latest_No_IPA + dependsOn: [] + jobs: + - template: templates/build_raw_container.yml + parameters: + job_name_suffix: FedoraLatest + container_name: fedora-latest diff --git a/tests/azure/templates/build_raw_container.yml b/tests/azure/templates/build_raw_container.yml new file mode 100644 index 0000000000..9c247e8218 --- /dev/null +++ b/tests/azure/templates/build_raw_container.yml @@ -0,0 +1,25 @@ +--- +parameters: + - name: job_name_suffix + type: string + - name: container_name + type: string + +jobs: +- job: BuildTestImage${{ parameters.job_name_suffix }} + displayName: Build ${{ parameters.container_name }} test container + steps: + - script: | + docker build -t quay.io/ansible-freeipa/upstream-tests:raw-${{ parameters.container_name }} containers/${{ parameters.container_name }} + retryCountOnTaskFailure: 5 + displayName: Create test container + + - script: | + docker stop -i raw-${{ parameters.container_name }} + docker commit raw-${{ parameters.container_name }} quay.io/ansible-freeipa/upstream-tests:raw-${{ parameters.container_name }} + docker login -u="$QUAY_ROBOT_USERNAME" -p="$QUAY_ROBOT_TOKEN" quay.io + docker push quay.io/ansible-freeipa/upstream-tests:raw-${{ parameters.container_name }} + displayName: Save image and upload + env: + # Secrets needs to be mapped as env vars to work properly + QUAY_ROBOT_TOKEN: $(QUAY_ROBOT_TOKEN)