-
Notifications
You must be signed in to change notification settings - Fork 258
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FreeIPA Replica Server Container Exit #92
Comments
May we assume that you use
plus a series of |
I have hard time figuring out where that
message comes from. |
Yes you may. The docker run command on host 1 was
and on host 2:
|
Can you try without the |
Ok. Will do and let you know how it goes. Thank you |
Same issue for me...Any insight? |
Do you run |
Hi! i'm trying to setup an ipa replica on amazon AWS, but i'm having the following error:
This is an extract of the logfile:
i'm launching the container with the following docker command:
I've read that it's not suggested to run it with privileged mode, but if I remove that parameter, I can't launch it. Docker is running on a centos 7 host Any ideas? Thanks! |
|
|
I still was not able to reproduce the issue. |
I'm seeing it, too. |
I switched the install to a container with Internet access, and the problem disappeared. I'm not positive that restricted network was causing the problem, but there's something to look at. |
Thank you for the pointer to |
Just for the record, I ran into this one more time yesterday. However, after enabling PR #156 means to make it easy for others to turn on script tracing by adding It looks like @adelton has been working with upstream on the related BZ1377973 to get a fix into v. 4.5 for |
I'm having problems to create replica instance because it doesn't respect the host IP address which I define via
If I change the DNS record of the replica to the host IP as soon as the client registers it (change Here is how I run the replica container: # For the latest tag
docker run \
--name freeipa-master2 \
-e IPA_SERVER_IP=192.168.233.11 \
-tid \
-h ipa2.example.test \
--dns 192.168.233.10 \
-v /var/lib/freeipa-data:/data:Z \
-v /sys/fs/cgroup:/sys/fs/cgroup:ro \
--tmpfs /run --tmpfs /tmp \
-p 53:53/udp \
-p 53:53 \
-p 80:80 \
-p 88:88/udp \
-p 88:88 \
-p 123:123/udp \
-p 389:389 \
-p 443:443 \
-p 464:464/udp \
-p 464:464 \
-p 636:636 \
-p 7389:7389 \
-p 9443:9443 \
-p 9444:9444 \
-p 9445:9445 \
freeipa/freeipa-server \
ipa-replica-install \
--admin-password=password \
--setup-dns \
--ip-address 192.168.233.11 \
--forwarder 8.8.8.8 --forwarder 8.8.4.4 \
--setup-ca \
--server ipa1.example.test \
--domain example.test \
--no-host-dns
# For the centos-7 and the fedore-27 tags
docker run \
--name freeipa-master2 \
-e IPA_SERVER_IP=192.168.233.11 \
-tid \
-h ipa2.example.test \
--dns 192.168.233.10 \
--sysctl net.ipv6.conf.lo.disable_ipv6=0 \
-v /var/lib/freeipa-data:/data:Z \
-v /sys/fs/cgroup:/sys/fs/cgroup:ro \
--tmpfs /run --tmpfs /tmp \
-p 53:53/udp \
-p 53:53 \
-p 80:80 \
-p 88:88/udp \
-p 88:88 \
-p 123:123/udp \
-p 389:389 \
-p 443:443 \
-p 464:464/udp \
-p 464:464 \
-p 636:636 \
-p 7389:7389 \
-p 9443:9443 \
-p 9444:9444 \
-p 9445:9445 \
freeipa/freeipa-server:fedora-27 \
ipa-replica-install \
--admin-password=password \
--setup-dns \
--ip-address 192.168.233.11 \
--forwarder 8.8.8.8 --forwarder 8.8.4.4 \
--setup-ca \
--server ipa1.example.test \
--domain example.test \
--no-host-dns Here is how I run the container for the docker run \
--name freeipa-master1 \
-tid \
-e IPA_SERVER_IP=192.168.233.10 \
-h ipa1.example.test \
-v /var/lib/freeipa-data:/data:Z \
-v /sys/fs/cgroup:/sys/fs/cgroup:ro \
--tmpfs /run --tmpfs /tmp \
-p 53:53/udp \
-p 53:53 \
-p 80:80 \
-p 88:88/udp \
-p 88:88 \
-p 123:123/udp \
-p 389:389 \
-p 443:443 \
-p 464:464/udp \
-p 464:464 \
-p 636:636 \
-p 7389:7389 \
-p 9443:9443 \
-p 9444:9444 \
-p 9445:9445 \
freeipa/freeipa-server \
--setup-dns \
--forwarder 8.8.8.8 --forwarder 8.8.4.4 \
--realm=EXAMPLE.TEST \
--ds-password=password \
--admin-password=password \
--hostname=ipa1.example.test \
--domain example.test \
--auto-reverse \
--unattended |
@jtyr, sorry for late reply. |
@adelton The master is running in the container names |
I wonder -- can you create the DNS record for the replica on the master (to point to replica's host IP address) even before you start the replica container? |
That would work as well. It's the same like I change the DNS record of the replica to the host IP as soon as the client registers as I described above. |
The We'd need someone from the FreeIPA team to figure out if it's correct that the |
ohh.. for me its mystical problems: same issue
And finally, start container, run cmd Maybe problem not in DNS or ip-address.
Ubuntu 16.04.4 LTS |
I assume that by using manual DNS records, it is possible to setup the replica reasonably well. |
Hi,
I am currently playing with a multi-master deployment of FreeIPA version 4.3.1 (CentOS-7 upstream) on separate Docker hosts. The first master container spins up just fine (Host1) and using a OTP to spin up the replica master container (Host2), the process executes then exits while trying to restart named.
This is a snippet of the install process:
I noticed however that the docker container IP addresses on both hosts are the same but I still encountered the same issue with the replica container on a custom docker bridge network.
I manually started the exited container and checked the FreeIPA services. Snippet below:
I then restarted all the services and recalled the command and they were all running. Snippet below:
FreeIPA basic operations (login, replication, etc) worked fine but I am still struggling to figure out why the process exited. I would like to think it is docker specific due to this line:
Any help to shed more light on this would be very much appreciated.
Thanks
The text was updated successfully, but these errors were encountered: