Hello,
We have our NFS servers kerberized which requires a ticket to be able to access
the NFS share. We also have a GPU cluster where people get to launch docker
containers to complete work. Unfortunately, within the container users can’t
access the NFS share even though its mapped on the host machine and in the
container because they don’t have a ticket within the container.
So what are my options to deal with this? Would building a container and when
it starts up, automatically enroll itself into FreeIPA be the best solution? As
a test I tried to enroll the container in one of our test containers and
freeipa-client-install complained that pid 1 wasn’t being ran by systemd, not
quite sure how to get around that. However even if this was accomplished could
enrolling 100s or 1000s of containers cause an issue for freeIPA?Most of these
would be fairly short lived (few days to weeks). At that point I would need to
go manually cleanup all of the enrolled machines.
The other and less optimal solution would be to use a non kerberized NFS share,
pass through the uid/gid from the host, but with this solution users would know
their own UID/GID in the container but wouldn’t know who owns what in the
container because they would have nothing tell them in the container what
UID/GID is associated with what account so it might get confusing.
I’m really just looking for any suggestions on what other people have done. I’m
not even sure if what I’m doing is the right approach at all and I should be
doing something totally different. Are there any other solutions/suggestions
that people have used to operate with FreeIPA along with docker containers?
-Kevin
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
