Hi all,
just wanted to let ppl know that running pi-hole in a rootless container
without any tricks works fine.
As rafael mentioned, this is only usefull for really small environments.
I tweaked the docker start script a bit so it would run with podman as a
rootless container using an ordinary user (see attachment)
Then configured the global forwarder to the ip of the ipa server with the
port 6053.
That's was it, now my ipa-server forwards all the queries to the local
rootless pi-hole container.
Rob
Op do 10 feb. 2022 om 09:50 schreef Rob Verduijn <rob.verduijn(a)gmail.com>:
Hi,
You are right, it is only usefull for a very small environment.
It is for home, at work I really don't care about adding one (or more)
systems to the environment. (ansible plays will keep them up2date and
configured properly)
But I think I have figured it out.
It is possible to specify a global forwarder with an alternative port,
hence I could configure a container on the ipa server system listening on a
different port and add that one as a forwarder.
If it starts complaining about the ip being its own I will use cni to
assign a different external ip to that container.
I will test this in the next few days.
Rob
Op wo 9 feb. 2022 om 22:39 schreef Rafael Jeffman <rjeffman(a)redhat.com>:
> Hi Rob,
>
> On Wed, Feb 9, 2022 at 9:32 AM Rob Verduijn via FreeIPA-users <
> freeipa-users(a)lists.fedorahosted.org> wrote:
>
>> Hi all,
>>
>> I'm trying to reduce the number of systems in my network.
>> Currently if I want to use a pi-hole in combination with freeipa one of
>> them is going to use the other as a forwarder.
>>
>> And without some firewall/router port redirection magic (also hopelessly
>> complicating things) this is not going to run on one system.
>>
>> Did anybody manage to integrate pi-hole into freeipa as a plugin or some
>> other nifty solution making it possible to run it all on one system ?
>>
>>
> This doesn't seem likely to be done soon, or ever, even if it is
> something I'd personally have use for.
>
> You could have a single pi-hole in your network, but you would
> like to have at least two IPA servers, a master and a replica.
>
> For very small setups, it would be a nice exercise, but apart
> from that I don't see much use in having both in the system
> (and sharing scarce resources).
>
> Rafael
>
>
> Rob
>>
>> _______________________________________________
>> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
>> To unsubscribe send an email to
>> freeipa-users-leave(a)lists.fedorahosted.org
>> Fedora Code of Conduct:
>>
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
>>
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
>> Do not reply to spam on the list, report it:
>>
https://pagure.io/fedora-infrastructure
>>
>
>
> --
> Rafael Guterres Jeffman
> Senior Software Engineer
> FreeIPA - Red Hat
>
>