No longer update resolv.conf to point to our own DNS server, let user…

…s specify the --dns=127.0.0.1 explicitly.
freeipa · Dec 27, 2024 · ed39d8f · ed39d8f
1 parent b30c197
commit ed39d8f
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 18 deletions.
diff --git a/README b/README
@@ -259,11 +259,8 @@ If you receive error like
 
 you might need to use `ipa-server-install` option `--skip-mem-check`.
 
-When running DNS server (the `--setup-dns` argument to
-`ipa-server-install`) in a container with read-only root filesystem
-(the `--read-only` option to `podman run` or `docker run`), the setup
-code in the container won't be able to edit `/etc/resolv.conf` in the
-container to point it to itself. Add `--dns=127.0.0.1` option to the
+When running DNS server (the `--setup-dns` argument to `ipa-server-install`)
+in the FreeIPA container, add `--dns=127.0.0.1` option to the
 `podman run` or `docker run` invocation to allow the FreeIPA server
 to reach its own DNS server.
 

diff --git a/ipa-server-configure-first b/ipa-server-configure-first
@@ -136,14 +136,6 @@ if [ "$1" == upgrade ] ; then
 		echo "The /data volume was created using incompatible image." >&2
 		exit 2
 	fi
-	if [ -f /data/etc/resolv.conf.ipa ] \
-		&& ! cmp /etc/resolv.conf /data/etc/resolv.conf.ipa \
-		&& ! grep '^nameserver 127\.0\.0\.1$' /etc/resolv.conf ; then
-		perl -pe 's/^(nameserver).*/$1 127.0.0.1/' /data/etc/resolv.conf.ipa > /etc/resolv.conf
-		if ! grep -q "\b$HOSTNAME\b" /etc/hosts ; then
-			echo "127.0.0.2 $HOSTNAME" >> /etc/hosts
-		fi
-	fi
 	# Removing kdcinfo.* which is likely to hold old IP address
 	rm -rf /var/lib/sss/pubconf/kdcinfo.*
 	if cmp /data/build-id /data-template/build-id ; then
@@ -232,7 +224,6 @@ else
 		if [ "$IPA_SERVER_IP" == no-update ] ; then
 			echo "FreeIPA server IP address update disabled, skipping update-self-ip-address."
 		elif ( systemctl is-active -q named named-pkcs11 || [ -n "$IPA_SERVER_IP" ] ) ; then
-			cp -f /etc/resolv.conf /data/etc/resolv.conf.ipa
 			if wait_for_dns 180; then
 				update_server_ip_address
 			else

diff --git a/tests/run-master-and-replica.sh b/tests/run-master-and-replica.sh
@@ -133,7 +133,7 @@ function run_ipa_container() {
 	(
 	set -x
 	umask 0
-	$docker run $readonly_run -d --name "$N" $OPTS \
+	$docker run -d --name "$N" $OPTS \
 		-v $VOLUME:/data:Z $DOCKER_RUN_OPTS \
 		-e PASSWORD=Secret123 "$IMAGE" "$@"
 	)
@@ -142,9 +142,9 @@ function run_ipa_container() {
 
 IMAGE="$1"
 
-readonly_run="$readonly"
+DOCKER_RUN_OPTS="--dns=127.0.0.1"
 if [ "$readonly" == "--read-only" ] ; then
-	readonly_run="$readonly --dns=127.0.0.1"
+	DOCKER_RUN_OPTS="$DOCKER_RUN_OPTS --read-only"
 fi
 
 skip_opts=
@@ -238,9 +238,11 @@ if [ "$replica" = 'none' ] ; then
 fi
 
 # Setup replica
-readonly_run="$readonly"
 MASTER_IP=$( $docker inspect --format '{{ .NetworkSettings.IPAddress }}' freeipa-master )
 DOCKER_RUN_OPTS="--dns=$MASTER_IP"
+if [ "$readonly" == "--read-only" ] ; then
+	DOCKER_RUN_OPTS="$DOCKER_RUN_OPTS --read-only"
+fi
 if [ "$docker" != "sudo podman" -a "$docker" != "podman" ] ; then
 	DOCKER_RUN_OPTS="--link freeipa-master:ipa.example.test $DOCKER_RUN_OPTS"
 fi