freeipa/ipaplatform/README.md

IPA platform abstraction

The ipaplatform package provides an abstraction layer for supported Linux distributions and flavors. The package contains constants, paths to commands and config files, services, and tasks.

• base abstract base platform
• debian Debian- and Ubuntu-like
• redhat abstract base for Red Hat platforms
• fedora Fedora
• fedora_container freeipa-container on Fedora
• rhel RHEL and CentOS
• rhel_container freeipa-container on RHEL and CentOS
• suse OpenSUSE and SLES

[base]
  ├─ debian
  ├─[redhat]
  │   ├─ fedora
  │   │   └─ fedora_container
  │   └─ rhel
  │       └─ rhel_container
  └─ suse

(Note: Debian and SUSE use some definitions from Red Hat namespace.)

freeipa-container platform

The fedora_container and rhel_container platforms are flavors of the fedora and rhel platforms. These platform definitions are specifically designed for freeipa-container. The FreeIPA server container implements a read-only container. Paths like /etc, /usr, and /var are mounted read-only and cannot be modified. The image uses symlinks to store all variable data like config files and LDAP database in /data.

• Some commands don't write through dangling symlinks. The IPA platforms for containers prefix some paths with /data.
• ipa-server-upgrade verifies that the platform does not change between versions. To allow upgrades of old containers, sysupgrade maps $distro_container to $distro platform.
• The container images come with authselect pre-configured with sssd with-sudo option. The tasks modify_nsswitch_pam_stack and migrate_auth_configuration are no-ops. ipa-restore does not restore authselect settings. ipa-backup still stores authselect settings in backup data.
• The --mkhomedir option is not supported.