Define LABELs for atomic install/run/stop/uninstall.

Author: adelton

Dockerfile.centos-7

@@ -15,7 +15,8 @@ RUN echo LANG=C > /etc/locale.conf
 RUN /sbin/ldconfig -X
 
 COPY init-data ipa-server-configure-first ipa-server-status-check exit-with-status ipa-volume-upgrade-* /usr/sbin/
-RUN chmod -v +x /usr/sbin/init-data /usr/sbin/ipa-server-configure-first /usr/sbin/ipa-server-status-check /usr/sbin/exit-with-status /usr/sbin/ipa-volume-upgrade-*
+COPY install.sh uninstall.sh /bin/
+RUN chmod -v +x /usr/sbin/init-data /usr/sbin/ipa-server-configure-first /usr/sbin/ipa-server-status-check /usr/sbin/exit-with-status /usr/sbin/ipa-volume-upgrade-* /bin/install.sh /bin/uninstall.sh
 COPY container-ipa.target ipa-server-configure-first.service ipa-server-upgrade.service ipa-server-update-self-ip-address.service kill-tail.service /usr/lib/systemd/system/
 RUN rmdir -v /etc/systemd/system/multi-user.target.wants \
 	&& mkdir /etc/systemd/system/container-ipa.target.wants \
@@ -52,5 +53,13 @@ STOPSIGNAL RTMIN+3
 ENTRYPOINT [ "/usr/sbin/init-data" ]
 RUN uuidgen > /data-template/build-id
 
-LABEL INSTALL "docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /opt/ipa-data:/data:Z -h ipa.example.test ${NAME} exit-on-finished"
-LABEL RUN "docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /opt/ipa-data:/data:Z -h ipa.example.test ${NAME}"
+# Invocation:
+# docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /opt/ipa-data:/data:Z -h ipa.example.test ${NAME} [ options ]
+
+# For atomic, we run INSTALL --privileged but install.sh will start another unprivileged container.
+# We do it this way to be able to set hostname for the unprivileged container.
+LABEL INSTALL 'docker run -ti --rm --privileged -v /:/host -e HOST=/host -e DATADIR=/var/lib/${NAME} -e NAME=${NAME} -e IMAGE=${IMAGE} ${IMAGE} /bin/install.sh'
+LABEL RUN 'docker run ${RUN_OPTS} --rm --name ${NAME} -v /var/lib/${NAME}:/data:Z -v /sys/fs/cgroup:/sys/fs/cgroup:ro --tmpfs /run --tmpfs /tmp ${IMAGE}'
+LABEL RUN_OPTS_FILE '/var/lib/${NAME}/docker-run-opts'
+LABEL STOP 'docker stop ${NAME}'
+LABEL UNINSTALL 'docker run --rm --privileged -v /:/host -e HOST=/host -e DATADIR=/var/lib/${NAME} ${IMAGE} /bin/uninstall.sh'

Dockerfile.centos-7-upstream

@@ -16,7 +16,8 @@ RUN echo LANG=C > /etc/locale.conf
 RUN /sbin/ldconfig -X
 
 COPY init-data ipa-server-configure-first ipa-server-status-check exit-with-status ipa-volume-upgrade-* /usr/sbin/
-RUN chmod -v +x /usr/sbin/init-data /usr/sbin/ipa-server-configure-first /usr/sbin/ipa-server-status-check /usr/sbin/exit-with-status /usr/sbin/ipa-volume-upgrade-*
+COPY install.sh uninstall.sh /bin/
+RUN chmod -v +x /usr/sbin/init-data /usr/sbin/ipa-server-configure-first /usr/sbin/ipa-server-status-check /usr/sbin/exit-with-status /usr/sbin/ipa-volume-upgrade-* /bin/install.sh /bin/uninstall.sh
 COPY container-ipa.target ipa-server-configure-first.service ipa-server-upgrade.service ipa-server-update-self-ip-address.service kill-tail.service /usr/lib/systemd/system/
 RUN rmdir -v /etc/systemd/system/multi-user.target.wants \
 	&& mkdir /etc/systemd/system/container-ipa.target.wants \
@@ -53,5 +54,13 @@ STOPSIGNAL RTMIN+3
 ENTRYPOINT [ "/usr/sbin/init-data" ]
 RUN uuidgen > /data-template/build-id
 
-LABEL INSTALL "docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /opt/ipa-data:/data:Z -h ipa.example.test ${NAME} exit-on-finished"
-LABEL RUN "docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /opt/ipa-data:/data:Z -h ipa.example.test ${NAME}"
+# Invocation:
+# docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /opt/ipa-data:/data:Z -h ipa.example.test ${NAME} [ options ]
+
+# For atomic, we run INSTALL --privileged but install.sh will start another unprivileged container.
+# We do it this way to be able to set hostname for the unprivileged container.
+LABEL INSTALL 'docker run -ti --rm --privileged -v /:/host -e HOST=/host -e DATADIR=/var/lib/${NAME} -e NAME=${NAME} -e IMAGE=${IMAGE} ${IMAGE} /bin/install.sh'
+LABEL RUN 'docker run ${RUN_OPTS} --rm --name ${NAME} -v /var/lib/${NAME}:/data:Z -v /sys/fs/cgroup:/sys/fs/cgroup:ro --tmpfs /run --tmpfs /tmp ${IMAGE}'
+LABEL RUN_OPTS_FILE '/var/lib/${NAME}/docker-run-opts'
+LABEL STOP 'docker stop ${NAME}'
+LABEL UNINSTALL 'docker run --rm --privileged -v /:/host -e HOST=/host -e DATADIR=/var/lib/${NAME} ${IMAGE} /bin/uninstall.sh'

Dockerfile.fedora-23

@@ -20,7 +20,8 @@ RUN echo LANG=C > /etc/locale.conf
 RUN /sbin/ldconfig -X
 
 COPY init-data ipa-server-configure-first ipa-server-status-check exit-with-status ipa-volume-upgrade-* /usr/sbin/
-RUN chmod -v +x /usr/sbin/init-data /usr/sbin/ipa-server-configure-first /usr/sbin/ipa-server-status-check /usr/sbin/exit-with-status /usr/sbin/ipa-volume-upgrade-*
+COPY install.sh uninstall.sh /bin/
+RUN chmod -v +x /usr/sbin/init-data /usr/sbin/ipa-server-configure-first /usr/sbin/ipa-server-status-check /usr/sbin/exit-with-status /usr/sbin/ipa-volume-upgrade-* /bin/install.sh /bin/uninstall.sh
 COPY container-ipa.target ipa-server-configure-first.service ipa-server-upgrade.service ipa-server-update-self-ip-address.service kill-tail.service /usr/lib/systemd/system/
 RUN rmdir -v /etc/systemd/system/multi-user.target.wants \
 	&& mkdir /etc/systemd/system/container-ipa.target.wants \
@@ -57,5 +58,13 @@ STOPSIGNAL RTMIN+3
 ENTRYPOINT [ "/usr/sbin/init-data" ]
 RUN uuidgen > /data-template/build-id
 
-LABEL INSTALL "docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /opt/ipa-data:/data:Z -h ipa.example.test ${NAME} exit-on-finished"
-LABEL RUN "docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /opt/ipa-data:/data:Z -h ipa.example.test ${NAME}"
+# Invocation:
+# docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /opt/ipa-data:/data:Z -h ipa.example.test ${NAME} [ options ]
+
+# For atomic, we run INSTALL --privileged but install.sh will start another unprivileged container.
+# We do it this way to be able to set hostname for the unprivileged container.
+LABEL INSTALL 'docker run -ti --rm --privileged -v /:/host -e HOST=/host -e DATADIR=/var/lib/${NAME} -e NAME=${NAME} -e IMAGE=${IMAGE} ${IMAGE} /bin/install.sh'
+LABEL RUN 'docker run ${RUN_OPTS} --rm --name ${NAME} -v /var/lib/${NAME}:/data:Z -v /sys/fs/cgroup:/sys/fs/cgroup:ro --tmpfs /run --tmpfs /tmp ${IMAGE}'
+LABEL RUN_OPTS_FILE '/var/lib/${NAME}/docker-run-opts'
+LABEL STOP 'docker stop ${NAME}'
+LABEL UNINSTALL 'docker run --rm --privileged -v /:/host -e HOST=/host -e DATADIR=/var/lib/${NAME} ${IMAGE} /bin/uninstall.sh'

Dockerfile.fedora-23-upstream

@@ -21,7 +21,8 @@ RUN echo LANG=C > /etc/locale.conf
 RUN /sbin/ldconfig -X
 
 COPY init-data ipa-server-configure-first ipa-server-status-check exit-with-status ipa-volume-upgrade-* /usr/sbin/
-RUN chmod -v +x /usr/sbin/init-data /usr/sbin/ipa-server-configure-first /usr/sbin/ipa-server-status-check /usr/sbin/exit-with-status /usr/sbin/ipa-volume-upgrade-*
+COPY install.sh uninstall.sh /bin/
+RUN chmod -v +x /usr/sbin/init-data /usr/sbin/ipa-server-configure-first /usr/sbin/ipa-server-status-check /usr/sbin/exit-with-status /usr/sbin/ipa-volume-upgrade-* /bin/install.sh /bin/uninstall.sh
 COPY container-ipa.target ipa-server-configure-first.service ipa-server-upgrade.service ipa-server-update-self-ip-address.service kill-tail.service /usr/lib/systemd/system/
 RUN rmdir -v /etc/systemd/system/multi-user.target.wants \
 	&& mkdir /etc/systemd/system/container-ipa.target.wants \
@@ -58,5 +59,13 @@ STOPSIGNAL RTMIN+3
 ENTRYPOINT [ "/usr/sbin/init-data" ]
 RUN uuidgen > /data-template/build-id
 
-LABEL INSTALL "docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /opt/ipa-data:/data:Z -h ipa.example.test ${NAME} exit-on-finished"
-LABEL RUN "docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /opt/ipa-data:/data:Z -h ipa.example.test ${NAME}"
+# Invocation:
+# docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /opt/ipa-data:/data:Z -h ipa.example.test ${NAME} [ options ]
+
+# For atomic, we run INSTALL --privileged but install.sh will start another unprivileged container.
+# We do it this way to be able to set hostname for the unprivileged container.
+LABEL INSTALL 'docker run -ti --rm --privileged -v /:/host -e HOST=/host -e DATADIR=/var/lib/${NAME} -e NAME=${NAME} -e IMAGE=${IMAGE} ${IMAGE} /bin/install.sh'
+LABEL RUN 'docker run ${RUN_OPTS} --rm --name ${NAME} -v /var/lib/${NAME}:/data:Z -v /sys/fs/cgroup:/sys/fs/cgroup:ro --tmpfs /run --tmpfs /tmp ${IMAGE}'
+LABEL RUN_OPTS_FILE '/var/lib/${NAME}/docker-run-opts'
+LABEL STOP 'docker stop ${NAME}'
+LABEL UNINSTALL 'docker run --rm --privileged -v /:/host -e HOST=/host -e DATADIR=/var/lib/${NAME} ${IMAGE} /bin/uninstall.sh'

Dockerfile.fedora-24

@@ -25,7 +25,8 @@ RUN echo LANG=C > /etc/locale.conf
 RUN /sbin/ldconfig -X
 
 COPY init-data ipa-server-configure-first ipa-server-status-check exit-with-status ipa-volume-upgrade-* /usr/sbin/
-RUN chmod -v +x /usr/sbin/init-data /usr/sbin/ipa-server-configure-first /usr/sbin/ipa-server-status-check /usr/sbin/exit-with-status /usr/sbin/ipa-volume-upgrade-*
+COPY install.sh uninstall.sh /bin/
+RUN chmod -v +x /usr/sbin/init-data /usr/sbin/ipa-server-configure-first /usr/sbin/ipa-server-status-check /usr/sbin/exit-with-status /usr/sbin/ipa-volume-upgrade-* /bin/install.sh /bin/uninstall.sh
 COPY container-ipa.target ipa-server-configure-first.service ipa-server-upgrade.service ipa-server-update-self-ip-address.service kill-tail.service /usr/lib/systemd/system/
 RUN rmdir -v /etc/systemd/system/multi-user.target.wants \
 	&& mkdir /etc/systemd/system/container-ipa.target.wants \
@@ -61,5 +62,13 @@ STOPSIGNAL RTMIN+3
 ENTRYPOINT [ "/usr/sbin/init-data" ]
 RUN uuidgen > /data-template/build-id
 
-LABEL INSTALL "docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /opt/ipa-data:/data:Z -h ipa.example.test ${NAME} exit-on-finished"
-LABEL RUN "docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /opt/ipa-data:/data:Z -h ipa.example.test ${NAME}"
+# Invocation:
+# docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /opt/ipa-data:/data:Z -h ipa.example.test ${NAME} [ options ]
+
+# For atomic, we run INSTALL --privileged but install.sh will start another unprivileged container.
+# We do it this way to be able to set hostname for the unprivileged container.
+LABEL INSTALL 'docker run -ti --rm --privileged -v /:/host -e HOST=/host -e DATADIR=/var/lib/${NAME} -e NAME=${NAME} -e IMAGE=${IMAGE} ${IMAGE} /bin/install.sh'
+LABEL RUN 'docker run ${RUN_OPTS} --rm --name ${NAME} -v /var/lib/${NAME}:/data:Z -v /sys/fs/cgroup:/sys/fs/cgroup:ro --tmpfs /run --tmpfs /tmp ${IMAGE}'
+LABEL RUN_OPTS_FILE '/var/lib/${NAME}/docker-run-opts'
+LABEL STOP 'docker stop ${NAME}'
+LABEL UNINSTALL 'docker run --rm --privileged -v /:/host -e HOST=/host -e DATADIR=/var/lib/${NAME} ${IMAGE} /bin/uninstall.sh'

Dockerfile.fedora-rawhide

@@ -21,7 +21,8 @@ RUN echo LANG=C > /etc/locale.conf
 RUN /sbin/ldconfig -X
 
 COPY init-data ipa-server-configure-first ipa-server-status-check exit-with-status ipa-volume-upgrade-* /usr/sbin/
-RUN chmod -v +x /usr/sbin/init-data /usr/sbin/ipa-server-configure-first /usr/sbin/ipa-server-status-check /usr/sbin/exit-with-status /usr/sbin/ipa-volume-upgrade-*
+COPY install.sh uninstall.sh /bin/
+RUN chmod -v +x /usr/sbin/init-data /usr/sbin/ipa-server-configure-first /usr/sbin/ipa-server-status-check /usr/sbin/exit-with-status /usr/sbin/ipa-volume-upgrade-* /bin/install.sh /bin/uninstall.sh
 COPY container-ipa.target ipa-server-configure-first.service ipa-server-upgrade.service ipa-server-update-self-ip-address.service kill-tail.service /usr/lib/systemd/system/
 RUN rmdir -v /etc/systemd/system/multi-user.target.wants \
 	&& mkdir /etc/systemd/system/container-ipa.target.wants \
@@ -57,5 +58,13 @@ STOPSIGNAL RTMIN+3
 ENTRYPOINT [ "/usr/sbin/init-data" ]
 RUN uuidgen > /data-template/build-id
 
-LABEL INSTALL "docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /opt/ipa-data:/data:Z -h ipa.example.test ${NAME} exit-on-finished"
-LABEL RUN "docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /opt/ipa-data:/data:Z -h ipa.example.test ${NAME}"
+# Invocation:
+# docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /opt/ipa-data:/data:Z -h ipa.example.test ${NAME} [ options ]
+
+# For atomic, we run INSTALL --privileged but install.sh will start another unprivileged container.
+# We do it this way to be able to set hostname for the unprivileged container.
+LABEL INSTALL 'docker run -ti --rm --privileged -v /:/host -e HOST=/host -e DATADIR=/var/lib/${NAME} -e NAME=${NAME} -e IMAGE=${IMAGE} ${IMAGE} /bin/install.sh'
+LABEL RUN 'docker run ${RUN_OPTS} --rm --name ${NAME} -v /var/lib/${NAME}:/data:Z -v /sys/fs/cgroup:/sys/fs/cgroup:ro --tmpfs /run --tmpfs /tmp ${IMAGE}'
+LABEL RUN_OPTS_FILE '/var/lib/${NAME}/docker-run-opts'
+LABEL STOP 'docker stop ${NAME}'
+LABEL UNINSTALL 'docker run --rm --privileged -v /:/host -e HOST=/host -e DATADIR=/var/lib/${NAME} ${IMAGE} /bin/uninstall.sh'

Dockerfile.rhel-7

@@ -15,7 +15,8 @@ RUN echo LANG=C > /etc/locale.conf
 RUN /sbin/ldconfig -X
 
 COPY init-data ipa-server-configure-first ipa-server-status-check exit-with-status ipa-volume-upgrade-* /usr/sbin/
-RUN chmod -v +x /usr/sbin/init-data /usr/sbin/ipa-server-configure-first /usr/sbin/ipa-server-status-check /usr/sbin/exit-with-status /usr/sbin/ipa-volume-upgrade-*
+COPY install.sh uninstall.sh /bin/
+RUN chmod -v +x /usr/sbin/init-data /usr/sbin/ipa-server-configure-first /usr/sbin/ipa-server-status-check /usr/sbin/exit-with-status /usr/sbin/ipa-volume-upgrade-* /bin/install.sh /bin/uninstall.sh
 COPY container-ipa.target ipa-server-configure-first.service ipa-server-upgrade.service ipa-server-update-self-ip-address.service kill-tail.service /usr/lib/systemd/system/
 RUN rmdir -v /etc/systemd/system/multi-user.target.wants \
 	&& mkdir /etc/systemd/system/container-ipa.target.wants \
@@ -50,5 +51,13 @@ STOPSIGNAL RTMIN+3
 ENTRYPOINT [ "/usr/sbin/init-data" ]
 RUN uuidgen > /data-template/build-id
 
-LABEL INSTALL "docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /opt/ipa-data:/data:Z -h ipa.example.test ${NAME} exit-on-finished"
-LABEL RUN "docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /opt/ipa-data:/data:Z -h ipa.example.test ${NAME}"
+# Invocation:
+# docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /opt/ipa-data:/data:Z -h ipa.example.test ${NAME} [ options ]
+
+# For atomic, we run INSTALL --privileged but install.sh will start another unprivileged container.
+# We do it this way to be able to set hostname for the unprivileged container.
+LABEL INSTALL 'docker run -ti --rm --privileged -v /:/host -e HOST=/host -e DATADIR=/var/lib/${NAME} -e NAME=${NAME} -e IMAGE=${IMAGE} ${IMAGE} /bin/install.sh'
+LABEL RUN 'docker run ${RUN_OPTS} --rm --name ${NAME} -v /var/lib/${NAME}:/data:Z -v /sys/fs/cgroup:/sys/fs/cgroup:ro --tmpfs /run --tmpfs /tmp ${IMAGE}'
+LABEL RUN_OPTS_FILE '/var/lib/${NAME}/docker-run-opts'
+LABEL STOP 'docker stop ${NAME}'
+LABEL UNINSTALL 'docker run --rm --privileged -v /:/host -e HOST=/host -e DATADIR=/var/lib/${NAME} ${IMAGE} /bin/uninstall.sh'

Dockerfile.rhel-7-upstream

@@ -16,7 +16,8 @@ RUN echo LANG=C > /etc/locale.conf
 RUN /sbin/ldconfig -X
 
 COPY init-data ipa-server-configure-first ipa-server-status-check exit-with-status ipa-volume-upgrade-* /usr/sbin/
-RUN chmod -v +x /usr/sbin/init-data /usr/sbin/ipa-server-configure-first /usr/sbin/ipa-server-status-check /usr/sbin/exit-with-status /usr/sbin/ipa-volume-upgrade-*
+COPY install.sh uninstall.sh /bin/
+RUN chmod -v +x /usr/sbin/init-data /usr/sbin/ipa-server-configure-first /usr/sbin/ipa-server-status-check /usr/sbin/exit-with-status /usr/sbin/ipa-volume-upgrade-* /bin/install.sh /bin/uninstall.sh
 COPY container-ipa.target ipa-server-configure-first.service ipa-server-upgrade.service ipa-server-update-self-ip-address.service kill-tail.service /usr/lib/systemd/system/
 RUN rmdir -v /etc/systemd/system/multi-user.target.wants \
 	&& mkdir /etc/systemd/system/container-ipa.target.wants \
@@ -51,5 +52,13 @@ STOPSIGNAL RTMIN+3
 ENTRYPOINT [ "/usr/sbin/init-data" ]
 RUN uuidgen > /data-template/build-id
 
-LABEL INSTALL "docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /opt/ipa-data:/data:Z -h ipa.example.test ${NAME} exit-on-finished"
-LABEL RUN "docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /opt/ipa-data:/data:Z -h ipa.example.test ${NAME}"
+# Invocation:
+# docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /opt/ipa-data:/data:Z -h ipa.example.test ${NAME} [ options ]
+
+# For atomic, we run INSTALL --privileged but install.sh will start another unprivileged container.
+# We do it this way to be able to set hostname for the unprivileged container.
+LABEL INSTALL 'docker run -ti --rm --privileged -v /:/host -e HOST=/host -e DATADIR=/var/lib/${NAME} -e NAME=${NAME} -e IMAGE=${IMAGE} ${IMAGE} /bin/install.sh'
+LABEL RUN 'docker run ${RUN_OPTS} --rm --name ${NAME} -v /var/lib/${NAME}:/data:Z -v /sys/fs/cgroup:/sys/fs/cgroup:ro --tmpfs /run --tmpfs /tmp ${IMAGE}'
+LABEL RUN_OPTS_FILE '/var/lib/${NAME}/docker-run-opts'
+LABEL STOP 'docker stop ${NAME}'
+LABEL UNINSTALL 'docker run --rm --privileged -v /:/host -e HOST=/host -e DATADIR=/var/lib/${NAME} ${IMAGE} /bin/uninstall.sh'

README

@@ -99,6 +99,19 @@ address. Starting the server would then be
 	-p 88:88/udp -p 464:464/udp -p 123:123/udp -p 7389:7389 \
 	-p 9443:9443 -p 9444:9444 -p 9445:9445 ...
 
+# Configuring and running with atomic
+
+On platforms with `atomic` command available, the container can be
+configured with
+
+    atomic install freeipa-server --hostname ipa.example.test [opts]
+
+It will use /var/lib/freeipa-server to store the configuration
+and data. The container then gets started with
+
+    atomic run freeipa-server
+
+Version 1.12 of atomic is needed.
 
 # IPA-enrolled client in Docker
 

init-data

@@ -21,6 +21,12 @@ set -e
 
 cd /
 
+case "$1" in
+	/bin/install.sh|/bin/uninstall.sh|/bin/bash|bash)
+		exec "$@"
+	;;
+esac
+
 if ls -dZ /sys/fs/cgroup | grep -q :svirt_sandbox_file_t: ; then
 	echo "Invocation error: use -v /sys/fs/cgroup:/sys/fs/cgroup:ro parameter to docker run." >&2
 	exit 9

install.sh

@@ -0,0 +1,48 @@
+#!/bin/bash
+
+set -e
+
+if [ -z "$DATADIR" -o -z "$HOST" ] ; then
+	echo "Not sure where FreeIPA data should be stored." >&2
+	exit 1
+fi
+
+if [ -f "$HOST$DATADIR"/etc/ipa/default.conf ] ; then
+	echo "FreeIPA seems already initialized in [$DATADIR]." >&2
+	exit 1
+fi
+
+mkdir -p "$HOST$DATADIR"
+
+HOSTNAME_PARAM=
+
+i=0
+while [[ $i -lt $# ]] ; do
+	case "${!i}" in
+		--hostname)
+			i=$(( i + 1 ))
+			HOSTNAME_PARAM="${!i}"
+			;;
+		--hostname=*)
+			HOSTNAME_PARAM="${!i%%--hostname=}"
+			;;
+	esac
+	i=$(( i + 1 ))
+done
+
+if [ -z "$HOSTNAME_PARAM" ] ; then
+	NAME_PARAM=''
+	if [ -n "$NAME" ] ; then
+		NAME_PARAM=" --name $NAME"
+	fi
+	echo "Please specify the hostname for the server with --hostname parameter." >&2
+	echo "Usage: atomic install$NAME_PARAM $IMAGE --hostname FQDN.of.the.IPA.server" >&2
+	exit 1
+fi
+
+echo "--hostname=$HOSTNAME_PARAM" > "$HOST$DATADIR"/docker-run-opts
+echo "$HOSTNAME_PARAM" > "$HOST$DATADIR"/hostname
+
+chroot "$HOST" /usr/bin/docker run -ti --rm \
+	-e NAME="$NAME" -e IMAGE="$IMAGE" \
+	-v "$DATADIR":/data:Z -v /sys/fs/cgroup:/sys/fs/cgroup:ro --tmpfs /run --tmpfs /tmp -h "$HOSTNAME_PARAM" "$IMAGE" exit-on-finished "$@"

ipa-server-configure-first

@@ -179,7 +179,7 @@ else
 	HOSTNAME_SHORT=${HOSTNAME%%.*}
 	DOMAIN=${HOSTNAME#*.}
 	if [ "$HOSTNAME_SHORT.$DOMAIN" != "$HOSTNAME" ] ; then
-		usage
+		usage "The container has to have fully-qualified hostname defined."
 	fi
 
 	STDIN=/dev/stdin

uninstall.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+
+# Copyright 2016 Jan Pazdziora
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Uninstallation for atomic uninstall.
+
+set -e
+
+if [ -z "$DATADIR" -o -z "$HOST" ] ; then
+	echo "Not sure where FreeIPA data is stored." >&2
+	exit 1
+fi
+
+TARGET=$( date '+%Y%m%d-%H%M%S' )
+mv "$HOST/$DATADIR" "$HOST/$DATADIR.backup.$TARGET"
+echo "Moved [$DATADIR] aside to [$DATADIR.backup.$TARGET]."
+
+exit 0