[Freeipa-users] Free IPA Client in Docker

Rob Crittenden rcritten at redhat.com
Wed May 4 13:10:01 UTC 2016 

Hosakote Nagesh, Pawan wrote:
> Our apps are running in a docker image based on Ubuntu 14.04 that cannot be changed to redhat. We want to install freeipa-clietn within this docker so that our app
> Uses freeipa ldap as against default ldap.
>
> The freeipa-client gets successfully installed in Ubuntu 14.04 plain machine, that why is why I am hoping making it run in a Ubun14.04 docker should also be very much possible.
>
> As you can see the things get stuck in not starting bus process properly(this problem is not seen in ubuntu on plain machine). I cannot see much debug statements by enabling —debug option in ipa-client-install.
> Its not clear why this process doesn’t get started and what is missing in container as against plain machine which is making this install fail.
>
> I am on to this issue for 2 full days now. I am pasting whatever debug statements I got during install, here:
>
> Command
> —————
> ipa-client-install —domain=<ourdoamin> —server= <ourserver> hostname=jupyterhub.com --no-ntp --no-dns-sshfp
>
>
>
> Log (After Error starts to happen)
> —————
> Attached
>
> My main suspect is dbus service unable to start in this container where it launches on a plain machine.

The root of the problem appears to be:

dbus: unrecognized service

rob

>
> -
> Best,
> Pawan
>
>
>
>
>
>
> On 5/3/16, 2:03 PM, "Lukas Slebodnik" <lslebodn at redhat.com> wrote:
>
>> On (03/05/16 18:25), Hosakote Nagesh, Pawan wrote:
>>> Currently this is the error I m stuck with. There isn’t enough material online to proceed further. Failure starts with bus error..
>>>
>>> Logs during ipa-client-install..
>>> ====================================
>>>
>>> Synchronizing time with KDC...
>>> Password for service_ipa at EAZ.EBAYC3.COM:
>>> Successfully retrieved CA cert
>>>     Subject:     CN=Certificate Authority,O=EAZ.EBAYC3.COM
>>>     Issuer:      CN=Certificate Authority,O=EAZ.EBAYC3.COM
>>>     Valid From:  Mon Dec 07 05:17:30 2015 UTC
>>>     Valid Until: Fri Dec 07 05:17:30 2035 UTC
>>>
>>>
>>> Enrolled in IPA realm EAZ.EBAYC3.COM
>>> Created /etc/ipa/default.conf
>>> New SSSD config will be created
>>> Configured /etc/sssd/sssd.conf
>>> Configured /etc/krb5.conf for IPA realm EAZ.EBAYC3.COM
>>> dbus failed to start: Command '/usr/sbin/service dbus start ' returned non-zero exit status 1
>> I think the error message is clear.
>> There was a problem with starting dbus service within a container.
>>
>>> certmonger failed to stop: [Errno 2] No such file or directory: '/var/run/ipa/services.list'
>>> certmonger request for host certificate failed
>>> 2016-05-02 22:11:53,099 CRIT reaped unknown pid 241)
>>> .
>>>
>>> On 5/3/16, 1:45 AM, "Lukas Slebodnik" <lslebodn at redhat.com> wrote:
>>>
>>>> On (29/04/16 17:16), Hosakote Nagesh, Pawan wrote:
>>>>> Thanks for your quick response. I am trying this on ubuntu.
>>>>>
>>>>> This is the bug I m facing right now: https://lists.launchpad.net/freeipa/msg00236.html
>>>>> They say its fixed in Trusty release of Ubuntu. But it doesn’t work for me. There is no other material also
>>>>> On how to fix this dbus error.
>>>>>
>>>>> root at jupyterhub:/#  lsb_release -rd
>>>>> Description:    Ubuntu 14.04.4 LTS
>>>>> Release:    14.04
>>>>> root at jupyterhub:/#
>>>> Do I understand it correctly that you want to build your own image
>>>> based on ubuntu?
>>>>
>>>> If answer is yes then I would recommend to use ubuntu xenial (16.04).
>>>>
>>>> But the benefit of container technologies is that you can use
>>>> image based on different distribution and therefore it would be the
>>>> best if you could use https://hub.docker.com/r/fedora/sssd/
>>>> (which was already mentioned.
>>>>
>> May I know why you do not want to use existing working contianer
>> based on image fedora/sssd.
>>
>> You would save some time with troubleshooting things which were already solved.
>>
>> If you want a help then please provide more info.
>> I assume you use docker and not lxd (based on subject)
>> Please share details how did you build an image and how do you
>> run container ...
>>
>> LS
>>
>>

More information about the Freeipa-users mailing list