[Freeipa-users] Free IPA Client in Docker

Hosakote Nagesh, Pawan phosakotenagesh at ebay.com
Tue May 3 21:27:44 UTC 2016 

Our apps are running in a docker image based on Ubuntu 14.04 that cannot be changed to redhat. We want to install freeipa-clietn within this docker so that our app
Uses freeipa ldap as against default ldap.

The freeipa-client gets successfully installed in Ubuntu 14.04 plain machine, that why is why I am hoping making it run in a Ubun14.04 docker should also be very much possible.

As you can see the things get stuck in not starting bus process properly(this problem is not seen in ubuntu on plain machine). I cannot see much debug statements by enabling —debug option in ipa-client-install.
Its not clear why this process doesn’t get started and what is missing in container as against plain machine which is making this install fail.

I am on to this issue for 2 full days now. I am pasting whatever debug statements I got during install, here:

Command
—————
ipa-client-install —domain=<ourdoamin> —server= <ourserver> hostname=jupyterhub.com --no-ntp --no-dns-sshfp



Log (After Error starts to happen)
—————
Attached

My main suspect is dbus service unable to start in this container where it launches on a plain machine.

-
Best,
Pawan






On 5/3/16, 2:03 PM, "Lukas Slebodnik" <lslebodn at redhat.com> wrote:

>On (03/05/16 18:25), Hosakote Nagesh, Pawan wrote:
>>Currently this is the error I m stuck with. There isn’t enough material online to proceed further. Failure starts with bus error..
>>
>>Logs during ipa-client-install..
>>====================================
>>
>>Synchronizing time with KDC...
>>Password for service_ipa at EAZ.EBAYC3.COM: 
>>Successfully retrieved CA cert
>>    Subject:     CN=Certificate Authority,O=EAZ.EBAYC3.COM
>>    Issuer:      CN=Certificate Authority,O=EAZ.EBAYC3.COM
>>    Valid From:  Mon Dec 07 05:17:30 2015 UTC
>>    Valid Until: Fri Dec 07 05:17:30 2035 UTC
>>
>>
>>Enrolled in IPA realm EAZ.EBAYC3.COM
>>Created /etc/ipa/default.conf
>>New SSSD config will be created
>>Configured /etc/sssd/sssd.conf
>>Configured /etc/krb5.conf for IPA realm EAZ.EBAYC3.COM
>>dbus failed to start: Command '/usr/sbin/service dbus start ' returned non-zero exit status 1
>I think the error message is clear.
>There was a problem with starting dbus service within a container.
>
>>certmonger failed to stop: [Errno 2] No such file or directory: '/var/run/ipa/services.list'
>>certmonger request for host certificate failed
>>2016-05-02 22:11:53,099 CRIT reaped unknown pid 241)
>>.
>>
>>On 5/3/16, 1:45 AM, "Lukas Slebodnik" <lslebodn at redhat.com> wrote:
>>
>>>On (29/04/16 17:16), Hosakote Nagesh, Pawan wrote:
>>>>Thanks for your quick response. I am trying this on ubuntu.
>>>>
>>>>This is the bug I m facing right now: https://lists.launchpad.net/freeipa/msg00236.html 
>>>>They say its fixed in Trusty release of Ubuntu. But it doesn’t work for me. There is no other material also 
>>>>On how to fix this dbus error.
>>>>
>>>>root at jupyterhub:/#  lsb_release -rd
>>>>Description:    Ubuntu 14.04.4 LTS
>>>>Release:    14.04
>>>>root at jupyterhub:/#
>>>Do I understand it correctly that you want to build your own image
>>>based on ubuntu?
>>>
>>>If answer is yes then I would recommend to use ubuntu xenial (16.04).
>>>
>>>But the benefit of container technologies is that you can use
>>>image based on different distribution and therefore it would be the
>>>best if you could use https://hub.docker.com/r/fedora/sssd/
>>>(which was already mentioned.
>>>
>May I know why you do not want to use existing working contianer
>based on image fedora/sssd.
>
>You would save some time with troubleshooting things which were already solved.
>
>If you want a help then please provide more info.
>I assume you use docker and not lxd (based on subject)
>Please share details how did you build an image and how do you
>run container ...
>
>LS
-------------- next part --------------
A non-text attachment was scrubbed...
Name: FreeIPA_CLient_Logs.rtf
Type: text/rtf
Size: 23933 bytes
Desc: FreeIPA_CLient_Logs.rtf
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160503/cff0defb/attachment.bin>

More information about the Freeipa-users mailing list